diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs index 4e69001ddb..7e75a342a4 100644 --- a/.git-blame-ignore-revs +++ b/.git-blame-ignore-revs @@ -10,3 +10,9 @@ # # remove trailing whitespace 644a0b80c8e69ede97a083069c1a1f3c44e1c76e +# arithmetic expansion in system tests +6f07ba6b7d29b2980657156472e6c8d25efed6f4 +# arithmetic expansion in system tests +e577b1eca70856b816ffa36199f14078e4b76b58 +# subshell notation in system tests +59e5fa42179366049fb31265532d504208f0329f diff --git a/bin/tests/system/README b/bin/tests/system/README index e4f8778dd2..265a9ef213 100644 --- a/bin/tests/system/README +++ b/bin/tests/system/README @@ -488,14 +488,14 @@ This is the main test file and the contents depend on the test. The contents are completely up to the developer, although most test scripts have a form similar to the following for each sub-test: - 1. n=`expr $n + 1` + 1. n=$((n + 1)) 2. echo_i "prime cache nodata.example ($n)" 3. ret=0 4. $DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n 5. grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 6. grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1 7. if [ $ret != 0 ]; then echo_i "failed"; fi - 8. status=`expr $status + $ret` + 8. status=$((status + ret)) 1. Increment the test number "n" (initialized to zero at the start of the script). diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh index 1cba076d15..48536dafbc 100644 --- a/bin/tests/system/acl/tests.sh +++ b/bin/tests/system/acl/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" @@ -21,14 +23,14 @@ t=0 echo_i "testing basic ACL processing" # key "one" should fail -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # any other key should be fine -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } @@ -38,18 +40,18 @@ rndc_reload ns2 10.53.0.2 sleep 5 # prefix 10/8 should fail -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # any other address should work, as long as it sends key "one" -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } @@ -61,42 +63,42 @@ rndc_reload ns2 10.53.0.2 sleep 5 # should succeed -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # but only one or the other should fail -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.2 axfr > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1; } # and other values? right out -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:three:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } @@ -107,31 +109,31 @@ rndc_reload ns2 10.53.0.2 sleep 5 # should succeed -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should fail -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # should fail -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # should fail -t=`expr $t + 1` +t=$((t + 1)) $DIG $DIGOPTS tsigzone. \ @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } @@ -140,31 +142,31 @@ echo_i "testing allow-query-on ACL processing" copy_setports ns2/named5.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 sleep 5 -t=`expr $t + 1` +t=$((t + 1)) $DIG -p ${PORT} +tcp soa example. \ @10.53.0.2 -b 10.53.0.3 > dig.out.${t} grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } echo_i "testing blackhole ACL processing" -t=`expr $t + 1` +t=$((t + 1)) ret=0 $DIG -p ${PORT} +tcp soa example. \ @10.53.0.2 -b 10.53.0.3 > dig.out.1.${t} grep "status: NOERROR" dig.out.1.${t} > /dev/null 2>&1 || ret=1 $DIG -p ${PORT} +tcp soa example. \ - @10.53.0.2 -b 10.53.0.8 > dig.out.2.${t} + @10.53.0.2 -b 10.53.0.8 > dig.out.2.${t} && ret=1 grep "status: NOERROR" dig.out.2.${t} > /dev/null 2>&1 && ret=1 grep "communications error" dig.out.2.${t} > /dev/null 2>&1 || ret=1 $DIG -p ${PORT} soa example. \ @10.53.0.2 -b 10.53.0.3 > dig.out.3.${t} grep "status: NOERROR" dig.out.3.${t} > /dev/null 2>&1 || ret=1 $DIG -p ${PORT} soa example. \ - @10.53.0.2 -b 10.53.0.8 > dig.out.4.${t} + @10.53.0.2 -b 10.53.0.8 > dig.out.4.${t} && ret=1 grep "status: NOERROR" dig.out.4.${t} > /dev/null 2>&1 && ret=1 grep "timed out" dig.out.4.${t} > /dev/null 2>&1 || ret=1 grep ";; no servers could be reached" dig.out.4.${t} > /dev/null 2>&1 || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) # AXFR tests against ns3 @@ -174,26 +176,26 @@ echo_i "calling addzone example.com on ns3" $RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.db"; }; ' sleep 1 -t=`expr $t + 1` +t=$((t + 1)) ret=0 echo_i "checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})" $DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "calling rndc reconfig" rndc_reconfig ns3 10.53.0.3 sleep 1 -t=`expr $t + 1` +t=$((t + 1)) ret=0 echo_i "re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})" $DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) # AXFR tests against ns4 @@ -203,26 +205,26 @@ echo_i "calling addzone example.com on ns4" $RNDCCMD 10.53.0.4 addzone 'example.com {type primary; file "example.db"; }; ' sleep 1 -t=`expr $t + 1` +t=$((t + 1)) ret=0 echo_i "checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})" $DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "calling rndc reconfig" rndc_reconfig ns4 10.53.0.4 sleep 1 -t=`expr $t + 1` +t=$((t + 1)) ret=0 echo_i "re-checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})" $DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/additional/tests.sh b/bin/tests/system/additional/tests.sh index 6cede72372..a50004c5c8 100644 --- a/bin/tests/system/additional/tests.sh +++ b/bin/tests/system/additional/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -20,7 +22,7 @@ status=0 n=0 dotests() { - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with RT, single zone (+rec) ($n)" ret=0 $DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1 @@ -28,7 +30,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with RT, two zones (+rec) ($n)" ret=0 $DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1 @@ -36,7 +38,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NAPTR, single zone (+rec) ($n)" ret=0 $DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1 @@ -44,7 +46,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NAPTR, two zones (+rec) ($n)" ret=0 $DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1 @@ -52,7 +54,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with LP (+rec) ($n)" ret=0 $DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 @@ -82,7 +84,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NID (+rec) ($n)" ret=0 $DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1 @@ -98,7 +100,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NID + LP (+rec) ($n)" ret=0 $DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 @@ -116,7 +118,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with RT, single zone (+norec) ($n)" ret=0 $DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1 @@ -124,7 +126,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with RT, two zones (+norec) ($n)" ret=0 $DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1 @@ -132,7 +134,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NAPTR, single zone (+norec) ($n)" ret=0 $DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1 @@ -140,7 +142,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NAPTR, two zones (+norec) ($n)" ret=0 $DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1 @@ -148,7 +150,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with LP (+norec) ($n)" ret=0 $DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 @@ -178,7 +180,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NID (+norec) ($n)" ret=0 $DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1 @@ -194,7 +196,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NID + LP (+norec) ($n)" ret=0 $DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1 @@ -212,7 +214,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NS, root zone ($n)" ret=0 $DIG $DIGOPTS -t NS . @10.53.0.1 > dig.out.$n || ret=1 @@ -222,7 +224,7 @@ dotests() { echo_i "failed"; status=$((status+1)) fi - n=`expr $n + 1` + n=$((n + 1)) echo_i "test with NS, non-root zone ($n)" ret=0 $DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1 @@ -257,7 +259,7 @@ echo_i "testing with 'minimal-responses no;'" minimal=no dotests -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing with 'minimal-any no;' ($n)" ret=0 $DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 > dig.out.$n || ret=1 @@ -270,7 +272,7 @@ echo_i "reconfiguring server: minimal-any yes" copy_setports ns1/named3.conf.in ns1/named.conf rndc_reconfig ns1 10.53.0.1 -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing with 'minimal-any yes;' over UDP ($n)" ret=0 $DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1 @@ -278,7 +280,7 @@ grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1 if [ $ret -eq 1 ] ; then echo_i "failed"; status=$((status+1)) fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing with 'minimal-any yes;' over TCP ($n)" ret=0 @@ -288,7 +290,7 @@ if [ $ret -eq 1 ] ; then echo_i "failed"; status=$((status+1)) fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing with 'minimal-any yes;' over UDP ($n)" ret=0 $DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1 @@ -309,7 +311,7 @@ echo_i "testing with 'minimal-responses no-auth-recursive;'" minimal=no-auth-recursive dotests -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing returning TLSA records with MX query ($n)" ret=0 $DIG $DIGOPTS -t mx mx.example @10.53.0.1 > dig.out.$n || ret=1 @@ -320,7 +322,7 @@ if [ $ret -eq 1 ] ; then echo_i "failed"; status=$((status+1)) fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing returning TLSA records with SRV query ($n)" ret=0 $DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 > dig.out.$n || ret=1 @@ -335,7 +337,7 @@ echo_i "reconfiguring server: minimal-responses no" copy_setports ns1/named2.conf.in ns1/named.conf rndc_reconfig ns1 10.53.0.1 -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing NS handling in ANY responses (authoritative) ($n)" ret=0 $DIG $DIGOPTS -t ANY rt.example @10.53.0.1 > dig.out.$n || ret=1 @@ -345,7 +347,7 @@ if [ $ret -eq 1 ] ; then echo_i "failed"; status=$((status+1)) fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing NS handling in ANY responses (recursive) ($n)" ret=0 $DIG $DIGOPTS -t ANY rt.example @10.53.0.3 > dig.out.$n || ret=1 @@ -355,7 +357,7 @@ if [ $ret -eq 1 ] ; then echo_i "failed"; status=$((status+1)) fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing out-of-zone additional data from auth zones (authoritative) ($n)" ret=0 $DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1 @@ -364,7 +366,7 @@ if [ $ret -eq 1 ] ; then echo_i "failed"; status=$((status+1)) fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing out-of-zone additional data from auth zones (recursive) ($n)" ret=0 $DIG $DIGOPTS -t NS ex @10.53.0.3 > dig.out.$n || ret=1 diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh index 0f81eb761b..2937e79ea3 100755 --- a/bin/tests/system/addzone/tests.sh +++ b/bin/tests/system/addzone/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p ${PORT}" @@ -30,9 +32,9 @@ ret=0 $DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # When LMDB support is compiled in, this tests that migration from # NZF to NZD occurs during named startup @@ -41,16 +43,16 @@ ret=0 $DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) if $FEATURETEST --with-lmdb; then echo_i "checking that existing NZF file was renamed after migration ($n)" [ -e ns2/3bf305731dd26307.nzf~ ] || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "adding new zone ($n)" @@ -62,27 +64,27 @@ _check_adding_new_zone () ( grep '^a.added.example' dig.out.ns2.$n > /dev/null ) retry_quiet 10 _check_adding_new_zone || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) nextpart ns2/named.run >/dev/null echo_i "checking addzone errors are logged correctly" ret=0 $RNDCCMD 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1 wait_for_log_peek 20 "addzone: 'mister' unexpected" ns2/named.run || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) nextpart ns2/named.run >/dev/null echo_i "checking modzone errors are logged correctly" ret=0 $RNDCCMD 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1 wait_for_log_peek 20 "modzone: 'mister' unexpected" ns2/named.run || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "adding a zone that requires quotes ($n)" ret=0 @@ -94,9 +96,9 @@ _check_zone_that_requires_quotes() ( grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null ) retry_quiet 10 _check_zone_that_requires_quotes || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "adding a zone with a quote in the name ($n)" ret=0 @@ -107,48 +109,48 @@ _check_zone_with_a_quote() ( grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null ) retry_quiet 10 _check_zone_with_a_quote || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "adding new zone with missing file ($n)" ret=0 $DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1 grep "status: REFUSED" dig.out.ns2.pre.$n > /dev/null || ret=1 -$RNDCCMD 10.53.0.2 addzone 'missing.example { type primary; file "missing.db"; };' 2> rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 addzone 'missing.example { type primary; file "missing.db"; };' 2> rndc.out.ns2.$n && ret=1 grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1 $DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1 grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1 digcomp dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) if ! $FEATURETEST --with-lmdb; then echo_i "verifying no comments in NZF file ($n)" ret=0 - hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l` + hcount=$(grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l) [ $hcount -eq 0 ] || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "checking rndc showzone with previously added zone ($n)" ret=0 $RNDCCMD 10.53.0.2 showzone previous.example > rndc.out.ns2.$n expected='zone "previous.example" { type primary; file "previous.db"; };' -[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1 -n=`expr $n + 1` +[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1 +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) if $FEATURETEST --with-lmdb; then echo_i "checking zone is present in NZD ($n)" ret=0 $NZD2NZF ns2/_default.nzd | grep previous.example > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "deleting previously added zone ($n)" @@ -160,9 +162,9 @@ _check_deleting_previously_added_zone() ( ! grep '^a.previous.example' dig.out.ns2.$n > /dev/null ) retry_quiet 10 _check_deleting_previously_added_zone || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) check_nzd2nzf() ( $NZD2NZF ns2/_default.nzd > nzd2nzf.out.$n && @@ -173,17 +175,17 @@ if $FEATURETEST --with-lmdb; then echo_i "checking zone was deleted from NZD ($n)" retry_quiet 10 check_nzd2nzf || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi if ! $FEATURETEST --with-lmdb; then echo_i "checking NZF file now has comment ($n)" ret=0 - hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l` + hcount=$(grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l) [ $hcount -eq 1 ] || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "deleting newly added zone added.example ($n)" @@ -195,9 +197,9 @@ _check_deleting_newly_added_zone() ( ! grep '^a.added.example' dig.out.ns2.$n > /dev/null ) retry_quiet 10 _check_deleting_newly_added_zone || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "deleting newly added zone with escaped quote ($n)" ret=0 @@ -208,45 +210,45 @@ _check_deleting_newly_added_zone_quote() ( ! grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null ) retry_quiet 10 _check_deleting_newly_added_zone_quote || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking rndc showzone with a normally-loaded zone ($n)" ret=0 $RNDCCMD 10.53.0.2 showzone normal.example > rndc.out.ns2.$n expected='zone "normal.example" { type primary; file "normal.db"; };' -[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1 -n=`expr $n + 1` +[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1 +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking rndc showzone with a normally-loaded zone with trailing dot ($n)" ret=0 $RNDCCMD 10.53.0.2 showzone finaldot.example > rndc.out.ns2.$n expected='zone "finaldot.example." { type primary; file "normal.db"; };' -[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1 -n=`expr $n + 1` +[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1 +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking rndc showzone with a normally-loaded redirect zone ($n)" ret=0 $RNDCCMD 10.53.0.1 showzone -redirect > rndc.out.ns1.$n expected='zone "." { type redirect; file "redirect.db"; };' -[ "`cat rndc.out.ns1.$n`" = "$expected" ] || ret=1 -n=`expr $n + 1` +[ "$(cat rndc.out.ns1.$n)" = "$expected" ] || ret=1 +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking rndc zonestatus with a normally-loaded redirect zone ($n)" ret=0 $RNDCCMD 10.53.0.1 zonestatus -redirect > rndc.out.ns1.$n grep "type: redirect" rndc.out.ns1.$n > /dev/null || ret=1 grep "serial: 0" rndc.out.ns1.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking rndc reload with a normally-loaded redirect zone ($n)" ret=0 @@ -254,9 +256,9 @@ sleep 1 cp -f ns1/redirect.db.2 ns1/redirect.db $RNDCCMD 10.53.0.1 reload -redirect > rndc.out.ns1.$n retry_quiet 5 check_zonestatus 1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "delete a normally-loaded zone ($n)" ret=0 @@ -270,9 +272,9 @@ _check_delete_normally_loaded_zone() ( ) retry_quiet 5 _check_delete_normally_loaded_zone || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "attempting to add primary zone with inline signing ($n)" $RNDCCMD 10.53.0.2 addzone 'inline.example { type primary; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' @@ -282,17 +284,17 @@ _check_add_primary_zone_with_inline() ( grep '^a.inline.example' dig.out.ns2.$n > /dev/null ) retry_quiet 5 _check_add_primary_zone_with_inline || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "attempting to add primary zone with inline signing and missing file ($n)" ret=0 -$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n && ret=1 grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "attempting to add secondary zone with inline signing ($n)" $RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' @@ -302,9 +304,9 @@ _check_add_secondary_with_inline() ( grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null ) retry_quiet 5 _check_add_secondary_with_inline || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "attempting to delete secondary zone with inline signing ($n)" ret=0 @@ -318,8 +320,8 @@ test ! -f inlinesec.bk.signed || grep '^inlinesec.bk.signed$' rndc.out2.test$n > /dev/null || { echo_i "failed to report inlinesec.bk.signed"; ret=1; } -n=`expr $n + 1` -status=`expr $status + $ret` +n=$((n + 1)) +status=$((status + ret)) echo_i "restoring secondary zone with inline signing ($n)" $RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /' @@ -329,17 +331,17 @@ _check_restoring_secondary_with_inline() ( grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null ) retry_quiet 5 _check_restoring_secondary_with_inline || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "deleting secondary zone with automatic zone file removal ($n)" ret=0 retry_quiet 10 test -f ns2/inlinesec.bk.signed -a -f ns2/inlinesec.bk || ret=1 $RNDCCMD 10.53.0.2 delzone -clean inlinesec.example > /dev/null 2>&1 retry_quiet 10 test ! -f ns2/inlinesec.bk.signed -a ! -f ns2/inlinesec.bk -n=`expr $n + 1` -status=`expr $status + $ret` +n=$((n + 1)) +status=$((status + ret)) echo_i "modifying zone configuration ($n)" ret=0 @@ -349,23 +351,23 @@ grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1 $RNDCCMD 10.53.0.2 modzone 'mod.example { type primary; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/ns2 /' | cat_i $DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.2.$n || ret=1 $RNDCCMD 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that adding a 'stub' zone works ($n)" ret=0 $RNDCCMD 10.53.0.2 addzone 'stub.example { type stub; primaries { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that adding a 'static-stub' zone works ($n)" ret=0 $RNDCCMD 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that adding a 'primary redirect' zone works ($n)" ret=0 @@ -378,9 +380,9 @@ _check_add_primary_redirect() ( grep "serial: 0" zonestatus.out.ns2.$n > /dev/null ) retry_quiet 10 _check_add_primary_redirect || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that reloading a added 'primary redirect' zone works ($n)" ret=0 @@ -388,16 +390,16 @@ sleep 1 cp -f ns2/redirect.db.2 ns2/redirect.db $RNDCCMD 10.53.0.2 reload -redirect > rndc.out.ns2.$n retry_quiet 10 check_zonestatus 2 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that retransfer of a added 'primary redirect' zone fails ($n)" ret=0 $RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that deleting a 'primary redirect' zone works ($n)" ret=0 @@ -407,9 +409,9 @@ _check_deleting_primary_redirect() ( grep 'not found' showzone.out.ns2.$n > /dev/null ) retry_quiet 10 _check_deleting_primary_redirect || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that adding a 'secondary redirect' zone works ($n)" ret=0 @@ -422,9 +424,9 @@ _check_adding_secondary_redirect() ( grep "serial: 0" zonestatus.out.ns2.$n > /dev/null ) retry_quiet 10 _check_adding_secondary_redirect || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that retransfering a added 'secondary redirect' zone works ($n)" ret=0 @@ -437,9 +439,9 @@ _check_retransfering_secondary_redirect() ( grep "serial: 1" zonestatus.out.ns2.$n > /dev/null ) retry_quiet 10 _check_retransfering_secondary_redirect || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that deleting a 'secondary redirect' zone works ($n)" ret=0 @@ -449,41 +451,41 @@ _check_deleting_secondary_redirect() ( grep 'not found' showzone.out.ns2.$n > /dev/null ) retry_quiet 10 _check_deleting_secondary_redirect || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that zone type 'hint' is properly rejected ($n)" ret=0 $RNDCCMD 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that zone type 'forward' is properly rejected ($n)" ret=0 $RNDCCMD 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that zone type 'delegation-only' is properly rejected ($n)" ret=0 $RNDCCMD 10.53.0.2 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'in-view' zones are properly rejected ($n)" ret=0 $RNDCCMD 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "reconfiguring server with multiple views" rm -f ns2/named.conf @@ -508,27 +510,27 @@ grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) if ! $FEATURETEST --with-lmdb; then echo_i "checking new NZF file has comment ($n)" ret=0 - hcount=`grep "^# New zone file for view: external" ns2/external.nzf | wc -l` + hcount=$(grep "^# New zone file for view: external" ns2/external.nzf | wc -l) [ $hcount -eq 1 ] || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi if $FEATURETEST --with-lmdb; then echo_i "verifying added.example in external view created an external.nzd DB ($n)" ret=0 [ -e ns2/external.nzd ] || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "checking rndc reload causes named to reload the external view's new zone config ($n)" @@ -542,9 +544,9 @@ _check_rndc_reload_external_view_config() ( grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null ) retry_quiet 10 _check_rndc_reload_external_view_config || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking rndc showzone with newly added zone ($n)" _check_rndc_showzone_newly_added() ( @@ -554,12 +556,12 @@ _check_rndc_showzone_newly_added() ( expected='zone "added.example" { type primary; file "added.db"; };' fi $RNDCCMD 10.53.0.2 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null && - [ "`cat rndc.out.ns2.$n`" = "$expected" ] + [ "$(cat rndc.out.ns2.$n)" = "$expected" ] ) retry_quiet 10 _check_rndc_showzone_newly_added || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "deleting newly added zone ($n)" ret=0 @@ -570,31 +572,31 @@ _check_deleting_newly_added_zone() ( ! grep '^a.added.example' dig.out.ns2.$n > /dev/null ) retry_quiet 10 _check_deleting_newly_added_zone || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "attempting to add zone to internal view ($n)" ret=0 $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.pre.$n > /dev/null || ret=1 -$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type primary; file "added.db"; };' 2> rndc.out.ns2.$n +$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type primary; file "added.db"; };' 2> rndc.out.ns2.$n && ret=1 grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1 $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "attempting to delete a policy zone ($n)" ret=0 -$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1 +$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1 && ret=1 grep 'cannot be deleted' rndc.out.ns2.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "adding new zone again to external view ($n)" ret=0 @@ -607,9 +609,9 @@ _check_adding_new_zone_again_external() ( grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null ) retry_quiet 10 _check_adding_new_zone_again_external || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "reconfiguring server with multiple views and new-zones-directory" rm -f ns2/named.conf @@ -621,9 +623,9 @@ ret=0 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "deleting newly added zone from external ($n)" ret=0 @@ -631,9 +633,9 @@ $RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "adding new zone to directory view ($n)" ret=0 @@ -651,9 +653,9 @@ grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1 $DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dir.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.dir.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.dir.$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) if $FEATURETEST --with-lmdb; then echo_i "checking NZD file was created in new-zones-directory ($n)" @@ -665,9 +667,9 @@ fi $RNDCCMD 10.53.0.2 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /' sleep 2 [ -e "$expect" ] || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "deleting newly added zone from directory ($n)" ret=0 @@ -675,17 +677,17 @@ $RNDCCMD 10.53.0.2 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /' $DIG $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "ensure the configuration context is cleaned up correctly ($n)" ret=0 rndc_reconfig ns2 10.53.0.2 $RNDCCMD 10.53.0.2 status > /dev/null 2>&1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check delzone after reconfig failure ($n)" ret=0 @@ -693,9 +695,9 @@ $RNDCCMD 10.53.0.3 addzone 'inlinesec.example. IN { type secondary; file "inline copy_setports ns3/named2.conf.in ns3/named.conf rndc_reconfig ns3 10.53.0.3 $RNDCCMD 10.53.0.3 delzone inlinesec.example > /dev/null 2>&1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) if ! $FEATURETEST --with-lmdb then @@ -706,9 +708,9 @@ then $RNDCCMD 10.53.0.3 addzone "test3.baz" '{ type primary; file "e.db"; };' > /dev/null 2>&1 || ret=1 $RNDCCMD 10.53.0.3 delzone "test3.baz" > /dev/null 2>&1 || ret=1 grep test2.baz ns3/_default.nzf > /dev/null && ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi _check_version_bind() ( @@ -747,8 +749,8 @@ $DIG $DIGOPTS @10.53.0.3 SOA 'test\010.baz' > dig.out.6.test$n || ret=1 grep "status: NOERROR" dig.out.6.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.6.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh index 01a13cf7e0..3a1b8b45d2 100644 --- a/bin/tests/system/allow-query/tests.sh +++ b/bin/tests/system/allow-query/tests.sh @@ -52,6 +52,8 @@ # and querying as necessary. # +set -e + . ../conf.sh DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p ${PORT}" @@ -62,17 +64,17 @@ n=0 nextpart ns2/named.run > /dev/null # Test 1 - default, query allowed -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: default - query allowed" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 2 - explicit any, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named02.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -82,10 +84,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 3 - none, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named03.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -97,9 +99,9 @@ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 nextpart ns2/named.run | grep 'recursion not enabled for view' > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) DIGNOEDNS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +noedns -p ${PORT}" echo_i "test $n: none - query refused (no edns)" @@ -109,10 +111,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null && ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 4 - address allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named04.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -122,10 +124,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 5 - address not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named05.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -136,10 +138,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 6 - address disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named06.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -150,10 +152,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 7 - acl allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named07.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -163,10 +165,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 8 - acl not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named08.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -177,11 +179,11 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 9 - acl disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named09.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -192,10 +194,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 10 - key allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named10.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -205,10 +207,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > d grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 11 - key not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named11.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -219,10 +221,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 12 - key disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named12.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -233,13 +235,13 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # The next set of tests check if allow-query works in a view n=20 # Test 21 - views default, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named21.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -249,10 +251,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 22 - views explicit any, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named22.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -262,10 +264,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 23 - views none, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named23.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -276,10 +278,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 24 - views address allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named24.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -289,10 +291,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 25 - views address not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named25.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -303,10 +305,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 26 - views address disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named26.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -317,10 +319,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 27 - views acl allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named27.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -330,10 +332,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 28 - views acl not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named28.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -344,10 +346,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 29 - views acl disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named29.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -358,10 +360,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 30 - views key allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named30.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -371,10 +373,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > d grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 31 - views key not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named31.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -385,10 +387,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 32 - views key disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named32.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -399,10 +401,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 33 - views over options, views allow, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named33.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -412,10 +414,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 34 - views over options, views disallow, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named34.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -426,14 +428,14 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Tests for allow-query in the zone statements n=40 # Test 41 - zone default, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named40.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -443,20 +445,20 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 42 - zone explicit any, query allowed -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone explicit any - query allowed" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.any.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 43 - zone none, query refused -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone none - query refused" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1 @@ -464,20 +466,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.none.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 44 - zone address allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone address allowed - query allowed" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.addrallow.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 45 - zone address not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone address not allowed - query refused" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1 @@ -485,10 +487,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.addrnotallow.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 46 - zone address disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone address disallowed - query refused" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1 @@ -496,20 +498,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.addrdisallow.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 47 - zone acl allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone acl allowed - query allowed" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.aclallow.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 48 - zone acl not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone acl not allowed - query refused" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1 @@ -517,10 +519,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.aclnotallow.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 49 - zone acl disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone acl disallowed - query refused" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1 @@ -528,20 +530,20 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.acldisallow.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 50 - zone key allowed, query allowed -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone key allowed - query allowed" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 51 - zone key not allowed, query refused -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone key not allowed - query refused" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1 @@ -549,10 +551,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 52 - zone key disallowed, query refused -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: zone key disallowed - query refused" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1 @@ -560,10 +562,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 53 - zones over options, zones allow, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named53.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -573,10 +575,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 54 - zones over options, zones disallow, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named54.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -587,10 +589,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 55 - zones over views, zones allow, query allowed -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named55.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -600,10 +602,10 @@ $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 56 - zones over views, zones disallow, query refused -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named56.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -614,10 +616,10 @@ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 57 - zones over views, zones disallow, query refused (allow-query-on) -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns2/named57.conf.in ns2/named.conf rndc_reload ns2 10.53.0.2 @@ -631,10 +633,10 @@ grep 'status: REFUSED' dig.out.ns2.2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.2.$n > /dev/null || ret=1 grep '^a.aclnotallow.example' dig.out.ns2.2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 58 - allow-recursion default -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: default allow-recursion configuration" ret=0 nextpart ns3/named.run > /dev/null @@ -645,10 +647,10 @@ grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1 nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 59 - allow-query-cache default -n=`expr $n + 1` +n=$((n + 1)) echo_i "test $n: default allow-query-cache configuration" ret=0 $DIG -p ${PORT} @10.53.0.3 -b 127.0.0.1 ns . > dig.out.ns3.1.$n @@ -658,10 +660,10 @@ grep 'status: REFUSED' dig.out.ns3.2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns3.2.$n > /dev/null || ret=1 nextpart ns3/named.run | grep 'allow-recursion did not match' > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 60 - block recursion-on, allow query-cache-on -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns3/named2.conf.in ns3/named.conf rndc_reload ns3 10.53.0.3 @@ -677,10 +679,10 @@ grep 'recursion requested but not available' dig.out.ns3.2.$n > /dev/null || ret grep 'ANSWER: 0' dig.out.ns3.2.$n > /dev/null || ret=1 nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 61 - inheritance of allow-query-cache-on from allow-recursion-on -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns3/named3.conf.in ns3/named.conf rndc_reload ns3 10.53.0.3 @@ -704,10 +706,10 @@ grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1 nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 62 - inheritance of allow-recursion-on from allow-query-cache-on -n=`expr $n + 1` +n=$((n + 1)) copy_setports ns3/named4.conf.in ns3/named.conf rndc_reload ns3 10.53.0.3 @@ -731,7 +733,7 @@ grep 'status: REFUSED' dig.out.ns3.4.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns3.4.$n > /dev/null || ret=1 nextpart ns3/named.run | grep 'allow-recursion-on did not match' > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/auth/tests.sh b/bin/tests/system/auth/tests.sh index b67752279b..6cd4a272a1 100644 --- a/bin/tests/system/auth/tests.sh +++ b/bin/tests/system/auth/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp -p ${PORT}" @@ -18,7 +20,7 @@ DIGOPTS="+tcp -p ${PORT}" status=0 n=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "wait for zones to finish transferring to ns2 ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do @@ -32,13 +34,13 @@ do sleep 1 done [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) # # If recursion is unrequested or unavailable, then cross-zone CNAME records # should not be followed. If both requested and available, they should be. # -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=0) ($n)" ret=0 $DIG $DIGOPTS +norec @10.53.0.1 www.example.com > dig.out.test$n || ret=1 @@ -47,9 +49,9 @@ grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that cross-zone CNAME record does not return target data (rd=1/ra=0) ($n)" ret=0 $DIG $DIGOPTS +rec @10.53.0.1 www.example.com > dig.out.test$n || ret=1 @@ -58,9 +60,9 @@ grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that cross-zone CNAME record does not return target data (rd=0/ra=1) ($n)" ret=0 $DIG $DIGOPTS +norec @10.53.0.2 www.example.com > dig.out.test$n || ret=1 @@ -69,9 +71,9 @@ grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that cross-zone CNAME records return target data (rd=1/ra=1) ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 www.example.com > dig.out.test$n || ret=1 @@ -80,12 +82,12 @@ grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1 grep "www.example.com.*CNAME.*server.example.net" dig.out.test$n > /dev/null || ret=1 grep "server.example.net.*A.*10.53.0.100" dig.out.test$n > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) # # In-zone CNAME records should always be followed regardless of RD and RA. # -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that in-zone CNAME records return target data (rd=0/ra=0) ($n)" ret=0 $DIG $DIGOPTS +norec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1 @@ -94,9 +96,9 @@ grep "flags: qr aa;" dig.out.test$n > /dev/null || ret=1 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that in-zone CNAME records returns target data (rd=1/ra=0) ($n)" ret=0 $DIG $DIGOPTS +rec @10.53.0.1 inzone.example.com > dig.out.test$n || ret=1 @@ -105,9 +107,9 @@ grep "flags: qr aa rd;" dig.out.test$n > /dev/null || ret=1 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that in-zone CNAME records return target data (rd=0/ra=1) ($n)" ret=0 $DIG $DIGOPTS +norec @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1 @@ -116,9 +118,9 @@ grep "flags: qr aa ra;" dig.out.test$n > /dev/null || ret=1 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that in-zone CNAME records return target data (rd=1/ra=1) ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 inzone.example.com > dig.out.test$n || ret=1 @@ -127,9 +129,9 @@ grep "flags: qr aa rd ra;" dig.out.test$n > /dev/null || ret=1 grep "inzone.example.com.*CNAME.*a.example.com" dig.out.test$n > /dev/null || ret=1 grep "a.example.com.*A.*10.53.0.1" dig.out.test$n > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that in-zone CNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 -t cname inzone.example.com > dig.out.test$n || ret=1 @@ -138,9 +140,9 @@ grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1 grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null || ret=1 grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that in-zone CNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 -t any inzone.example.com > dig.out.test$n || ret=1 @@ -149,9 +151,9 @@ grep 'flags: qr aa rd ra;' dig.out.test$n > /dev/null || ret=1 grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null || ret=1 grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that in-zone DNAME records does not return target data when QTYPE is CNAME (rd=1/ra=1) ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 -t cname inzone.dname.example.com > dig.out.test$n || ret=1 @@ -162,9 +164,9 @@ grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$ grep 'inzone\.example\.com\..*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null && ret=1 grep 'a\.example\.com\..*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that in-zone DNAME records does not return target data when QTYPE is ANY (rd=1/ra=1) ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 -t any inzone.dname.example.com > dig.out.test$n || ret=1 @@ -175,16 +177,16 @@ grep 'inzone\.dname\.example\.com\..*CNAME.inzone\.example\.com\.' dig.out.test$ grep 'inzone\.example\.com.*CNAME.a\.example\.com\.' dig.out.test$n > /dev/null && ret=1 grep 'a\.example\.com.*A.10\.53\.0\.1' dig.out.test$n > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that CHAOS addresses are compared correctly ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 +noall +answer ch test.example.chaos > dig.out.test$n -lines=`wc -l < dig.out.test$n` +lines=$(wc -l < dig.out.test$n) [ ${lines:-0} -eq 2 ] || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh index 455008a784..ad23c22652 100755 --- a/bin/tests/system/autosign/tests.sh +++ b/bin/tests/system/autosign/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -320,12 +322,15 @@ then # try to convert nsec-only.example; this should fail due to # non-NSEC3 compatible keys echo_i "preset nsec3param in unsigned zone via nsupdate ($n)" - $NSUPDATE > nsupdate.out 2>&1 < nsupdate.out 2>&1 < int(interval)) exit (1); } - END { if (int(x) > int(interval) || int(x) < int(interval-10)) exit(1) }' interval=$2 - return $? + END { if (int(x) > int(interval) || int(x) < int(interval-10)) exit(1) }' interval=$2 || return $? + return 0 } echo_i "checking automatic key reloading interval ($n)" @@ -1584,11 +1589,11 @@ $RNDCCMD 10.53.0.3 signing -nsec3param 1 1 10 12345678 delzsk.example. > signing for i in 0 1 2 3 4 5 6 7 8 9; do _ret=1 $DIG $DIGOPTS delzsk.example NSEC3PARAM @10.53.0.3 > dig.out.ns3.1.test$n 2>&1 || ret=1 - grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1 - if [ $? -eq 0 ]; then + { grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1; rc=$?; } || true + if [ $rc -eq 0 ]; then $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1 - grep "Creating NSEC3 chain " signing.out.2.test$n > /dev/null 2>&1 - if [ $? -ne 0 ]; then + { grep "Creating NSEC3 chain " signing.out.2.test$n > /dev/null 2>&1; rc=$?; } || true + if [ $rc -ne 0 ]; then _ret=0 break fi @@ -1607,8 +1612,8 @@ $SETTIME -D now-1h $file > settime.out.test$n || ret=1 for i in 0 1 2 3 4 5 6 7 8 9; do _ret=1 $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.3.test$n 2>&1 - grep "Signing " signing.out.3.test$n > /dev/null 2>&1 - if [ $? -ne 0 ]; then + { grep "Signing " signing.out.3.test$n > /dev/null 2>&1; rc=$?; } || true + if [ $rc -ne 0 ]; then if [ $(grep "Done signing " signing.out.3.test$n | wc -l) -eq 2 ]; then _ret=0 break diff --git a/bin/tests/system/builtin/tests.sh b/bin/tests/system/builtin/tests.sh index 898fd522e9..21213dedd7 100644 --- a/bin/tests/system/builtin/tests.sh +++ b/bin/tests/system/builtin/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -120,7 +122,7 @@ B.E.F.IP6.ARPA EMPTY.AS112.ARPA HOME.ARPA" -n=`expr $n + 1` +n=$((n + 1)) ret=0 count=0 echo_i "Checking expected empty zones were configured ($n)" @@ -130,15 +132,15 @@ do echo_i "failed (empty zone $zone missing)" ret=1 } - count=`expr $count + 1` + count=$((count + 1)) done -lines=`grep "automatic empty zone: " ns1/named.run | wc -l` +lines=$(grep "automatic empty zone: " ns1/named.run | wc -l) test $count -eq $lines -a $count -eq 99 || { ret=1; echo_i "failed (count mismatch)"; } -if [ $ret != 0 ] ; then status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "Checking that reconfiguring empty zones is silent ($n)" $RNDCCMD 10.53.0.1 reconfig ret=0 @@ -147,9 +149,9 @@ grep "received control channel command 'reconfig'" ns1/named.run > /dev/null || grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1 sleep 1 grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "Checking that reloading empty zones is silent ($n)" rndc_reload ns1 10.53.0.1 ret=0 @@ -158,89 +160,89 @@ grep "received control channel command 'reload'" ns1/named.run > /dev/null || re grep "reloading configuration succeeded" ns1/named.run > /dev/null || ret=1 sleep 1 grep "zone serial (0) unchanged." ns1/named.run > /dev/null && ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -HOST_NAME=`$FEATURETEST --gethostname` +HOST_NAME=$($FEATURETEST --gethostname) BIND_VERSION_STRING=$($NAMED -V | head -1) BIND_VERSION=$($NAMED -V | sed -ne 's/^BIND \([^ ]*\).*/\1/p') -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that default version works for rndc ($n)" $RNDCCMD 10.53.0.1 status > rndc.status.ns1.$n 2>&1 grep -F "version: $BIND_VERSION_STRING" rndc.status.ns1.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that custom version works for rndc ($n)" $RNDCCMD 10.53.0.3 status > rndc.status.ns3.$n 2>&1 grep -F "version: $BIND_VERSION_STRING (this is a test of version)" rndc.status.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that default version works for query ($n)" $DIG $DIGOPTS +short version.bind txt ch @10.53.0.1 > dig.out.ns1.$n grep "^\"$BIND_VERSION\"$" dig.out.ns1.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that custom version works for query ($n)" $DIG $DIGOPTS +short version.bind txt ch @10.53.0.3 > dig.out.ns3.$n grep "^\"this is a test of version\"$" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that default hostname works for query ($n)" $DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.1 > dig.out.ns1.$n grep "^\"$HOST_NAME\"$" dig.out.ns1.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that custom hostname works for query ($n)" $DIG $DIGOPTS +short hostname.bind txt ch @10.53.0.3 > dig.out.ns3.$n grep "^\"this.is.a.test.of.hostname\"$" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that default server-id is none for query ($n)" $DIG $DIGOPTS id.server txt ch @10.53.0.1 > dig.out.ns1.$n grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns1.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that server-id hostname works for query ($n)" $DIG $DIGOPTS +short id.server txt ch @10.53.0.2 > dig.out.ns2.$n grep "^\"$HOST_NAME\"$" dig.out.ns2.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that server-id hostname works for EDNS name server ID request ($n)" $DIG $DIGOPTS +norec +nsid foo @10.53.0.2 > dig.out.ns2.$n grep "^; NSID: .* (\"$HOST_NAME\")$" dig.out.ns2.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that custom server-id works for query ($n)" $DIG $DIGOPTS +short id.server txt ch @10.53.0.3 > dig.out.ns3.$n grep "^\"this.is.a.test.of.server-id\"$" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "Checking that custom server-id works for EDNS name server ID request ($n)" $DIG $DIGOPTS +norec +nsid foo @10.53.0.3 > dig.out.ns3.$n grep "^; NSID: .* (\"this.is.a.test.of.server-id\")$" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/cacheclean/tests.sh b/bin/tests/system/cacheclean/tests.sh index 3669bba816..8dc8b0de31 100755 --- a/bin/tests/system/cacheclean/tests.sh +++ b/bin/tests/system/cacheclean/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -66,9 +68,9 @@ clear_cache () { } in_cache () { - ttl=`$DIG $DIGOPTS "$@" | awk '{print $2}'` + ttl=$($DIG $DIGOPTS "$@" | awk '{print $2}') [ -z "$ttl" ] && { - ttl=`$DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}'` + ttl=$($DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}') [ "$ttl" -ge 3599 ] && return 1 return 0 } @@ -91,39 +93,39 @@ filter_tree () { ' "$file" } -n=`expr $n + 1` +n=$((n + 1)) echo_i "check correctness of routine cache cleaning ($n)" $DIG $DIGOPTS +tcp +keepopen -b 10.53.0.7 -f dig.batch > dig.out.ns2 || status=1 digcomp --lc dig.out.ns2 knowngood.dig.out || status=1 -n=`expr $n + 1` +n=$((n + 1)) echo_i "only one tcp socket was used ($n)" -tcpclients=`awk '$3 == "client" && $5 ~ /10.53.0.7#[0-9]*:/ {print $5}' ns2/named.run | sort | uniq -c | wc -l` +tcpclients=$(awk '$3 == "client" && $5 ~ /10.53.0.7#[0-9]*:/ {print $5}' ns2/named.run | sort | uniq -c | wc -l) test $tcpclients -eq 1 || { status=1; echo_i "failed"; } -n=`expr $n + 1` +n=$((n + 1)) echo_i "reset and check that records are correctly cached initially ($n)" ret=0 load_cache dump_cache -nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l` +nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l) [ $nrecords -eq 18 ] || { ret=1; echo_i "found $nrecords records expected 18"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check flushing of the full cache ($n)" ret=0 clear_cache dump_cache -nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | wc -l` +nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | wc -l) [ $nrecords -eq 0 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check flushing of individual nodes (interior node) ($n)" ret=0 clear_cache @@ -133,9 +135,9 @@ in_cache txt top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushname top1.flushtest.example in_cache txt top1.flushtest.example && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check flushing of individual nodes (leaf node, under the interior node) ($n)" ret=0 # leaf node, under the interior node (should still exist) @@ -143,9 +145,9 @@ in_cache txt third2.second1.top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushname third2.second1.top1.flushtest.example in_cache txt third2.second1.top1.flushtest.example && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check flushing of individual nodes (another leaf node, with both positive and negative cache entries) ($n)" ret=0 # another leaf node, with both positive and negative cache entries @@ -155,16 +157,16 @@ $RNDC $RNDCOPTS flushname third1.second1.top1.flushtest.example in_cache a third1.second1.top1.flushtest.example && ret=1 in_cache txt third1.second1.top1.flushtest.example && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check flushing a nonexistent name ($n)" ret=0 $RNDC $RNDCOPTS flushname fake.flushtest.example || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check flushing of namespaces ($n)" ret=0 clear_cache @@ -189,43 +191,43 @@ in_cache txt second1.top2.flushtest.example && ret=1 in_cache txt second2.top2.flushtest.example && ret=1 in_cache txt second3.top2.flushtest.example && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check flushing a nonexistent namespace ($n)" ret=0 $RNDC $RNDCOPTS flushtree fake.flushtest.example || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check the number of cached records remaining ($n)" ret=0 dump_cache -nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -v '^;' | grep -E '(TXT|ANY)' | wc -l` +nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -v '^;' | grep -E '(TXT|ANY)' | wc -l) [ $nrecords -eq 17 ] || { ret=1; echo_i "found $nrecords records expected 17"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check the check that flushname of a partial match works ($n)" ret=0 in_cache txt second2.top1.flushtest.example || ret=1 $RNDC $RNDCOPTS flushtree example in_cache txt second2.top1.flushtest.example && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check the number of cached records remaining ($n)" ret=0 dump_cache -nrecords=`filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l` +nrecords=$(filter_tree flushtest.example ns2/named_dump.db.test$n | grep -E '(TXT|ANY)' | wc -l) [ $nrecords -eq 1 ] || { ret=1; echo_i "found $nrecords records expected 1"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check flushtree clears adb correctly ($n)" ret=0 load_cache @@ -245,23 +247,23 @@ grep 'plain success/timeout' sed.out.$n.b > /dev/null 2>&1 || ret=1 grep 'Unassociated entries' sed.out.$n.b > /dev/null 2>&1 || ret=1 grep 'ns.flushtest.example' sed.out.$n.b > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check expire option returned from primary zone ($n)" ret=0 $DIG @10.53.0.1 -p ${PORT} +expire soa expire-test > dig.out.expire grep EXPIRE: dig.out.expire > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check expire option returned from secondary zone ($n)" ret=0 $DIG @10.53.0.2 -p ${PORT} +expire soa expire-test > dig.out.expire grep EXPIRE: dig.out.expire > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/case/tests.sh b/bin/tests/system/case/tests.sh index 2e9dc7d729..041dcba121 100644 --- a/bin/tests/system/case/tests.sh +++ b/bin/tests/system/case/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" @@ -24,7 +26,7 @@ wait_for_serial() ( status=0 n=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "waiting for zone transfer to complete ($n)" ret=0 for i in 1 2 3 4 5 6 7 8 9 @@ -40,16 +42,16 @@ do sleep 1 done -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing case preserving responses - no acl ($n)" ret=0 $DIG $DIGOPTS mx example. @10.53.0.1 > dig.ns1.test$n grep "0.mail.eXaMpLe" dig.ns1.test$n > /dev/null || ret=1 grep "mAiL.example" dig.ns1.test$n > /dev/null || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing no-case-compress acl '{ 10.53.0.2; }' ($n)" ret=0 @@ -64,27 +66,27 @@ grep "0.mail.example" dig.ns2.test$n > /dev/null || ret=1 grep "mail.example" dig.ns2.test$n > /dev/null || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "testing load of dynamic zone with various \$ORIGIN values ($n)" ret=0 $DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n digcomp dig.ns1.test$n dynamic.good || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "transfer of dynamic zone with various \$ORIGIN values ($n)" ret=0 $DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n digcomp dig.ns2.test$n dynamic.good || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "change SOA owner case via update ($n)" $NSUPDATE << EOF server 10.53.0.1 ${PORT} @@ -96,27 +98,27 @@ $DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n digcomp dig.ns1.test$n postupdate.good || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "wait for zone to transfer ($n)" retry_quiet 20 wait_for_serial 10.53.0.2 dynamic 2000042408 dig.ns2.test$n || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check SOA owner case is transferred to secondary ($n)" ret=0 $DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n digcomp dig.ns2.test$n postupdate.good || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) #update delete Ns1.DyNaMIC. 300 IN A 10.53.0.1 -n=`expr $n + 1` +n=$((n + 1)) echo_i "change A record owner case via update ($n)" $NSUPDATE << EOF server 10.53.0.1 ${PORT} @@ -128,22 +130,22 @@ $DIG $DIGOPTS axfr dynamic @10.53.0.1 > dig.ns1.test$n digcomp dig.ns1.test$n postns1.good || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) ret=0 echo_i "wait for zone to transfer ($n)" retry_quiet 20 wait_for_serial 10.53.0.2 dynamic 2000042409 dig.ns2.test$n || ret=1 test $ret -eq 0 || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check A owner case is transferred to secondary ($n)" ret=0 $DIG $DIGOPTS axfr dynamic @10.53.0.2 > dig.ns2.test$n digcomp dig.ns2.test$n postns1.good || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/cds/tests.sh b/bin/tests/system/cds/tests.sh index 49a428b8db..2eb092f4b4 100644 --- a/bin/tests/system/cds/tests.sh +++ b/bin/tests/system/cds/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -21,8 +23,7 @@ fail() { } runcmd() { - "$@" 1> out.$n 2> err.$n - echo $? + ("$@" 1> out.$n 2> err.$n; echo $?) || true } testcase() { diff --git a/bin/tests/system/chain/tests.sh b/bin/tests/system/chain/tests.sh index bbfb3ea3c5..3ad8e31233 100644 --- a/bin/tests/system/chain/tests.sh +++ b/bin/tests/system/chain/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -23,49 +25,49 @@ sendcmd() { status=0 n=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking short DNAME from authoritative ($n)" ret=0 $DIG $DIGOPTS a.short-dname.example @10.53.0.2 a > dig.out.ns2.short || ret=1 grep "status: NOERROR" dig.out.ns2.short > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking short DNAME from recursive ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i $DIG $DIGOPTS a.short-dname.example @10.53.0.7 a > dig.out.ns4.short || ret=1 grep "status: NOERROR" dig.out.ns4.short > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking long DNAME from authoritative ($n)" ret=0 $DIG $DIGOPTS a.long-dname.example @10.53.0.2 a > dig.out.ns2.long || ret=1 grep "status: NOERROR" dig.out.ns2.long > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking long DNAME from recursive ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i $DIG $DIGOPTS a.long-dname.example @10.53.0.7 a > dig.out.ns4.long || ret=1 grep "status: NOERROR" dig.out.ns4.long > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking (too) long DNAME from authoritative ($n)" ret=0 $DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.longlonglonglonglonglonglonglonglonglonglonglonglonglonglong.long-dname.example @10.53.0.2 a > dig.out.ns2.toolong || ret=1 grep "status: YXDOMAIN" dig.out.ns2.toolong > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking (too) long DNAME from recursive with cached DNAME ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -73,9 +75,9 @@ $DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglon grep "status: YXDOMAIN" dig.out.ns4.cachedtoolong > /dev/null || ret=1 grep '^long-dname\.example\..*DNAME.*long' dig.out.ns4.cachedtoolong > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking (too) long DNAME from recursive without cached DNAME ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -83,7 +85,7 @@ $DIG $DIGOPTS 01234567890123456789012345678901234567890123456789.longlonglonglon grep "status: YXDOMAIN" dig.out.ns4.uncachedtoolong > /dev/null || ret=1 grep '^toolong-dname\.example\..*DNAME.*long' dig.out.ns4.uncachedtoolong > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) find_records() { owner_name="$1" @@ -125,7 +127,7 @@ ensure_no_ds_in_bitmap() { find_records "$owner_name" "$rr_type" "$file" | awk '{ for (i='"$start_index"'; i<=NF; i++) if ($i == "DS") exit 1 }' } -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking secure delegation prepared using CNAME chaining ($n)" ret=0 # QNAME exists, so the AUTHORITY section should only contain an NS RRset and a @@ -135,9 +137,9 @@ $DIG $DIGOPTS @10.53.0.2 cname.wildcard-secure.example A +norec +dnssec > dig.ou exactly_one_record_exists_for "delegation.wildcard-secure.example." NS dig.out.2.$n || ret=1 exactly_one_record_exists_for "delegation.wildcard-secure.example." DS dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking secure delegation prepared using wildcard expansion + CNAME chaining ($n)" ret=0 # QNAME does not exist, so the AUTHORITY section should contain an NS RRset, an @@ -152,9 +154,9 @@ exactly_one_record_exists_for "*.wildcard-secure.example." NSEC dig.out.2.$n || no_records_exist_for "cname.wildcard-secure.example." NSEC dig.out.2.$n || ret=1 no_records_exist_for "delegation.wildcard-secure.example." NSEC dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using CNAME chaining, NSEC ($n)" ret=0 # QNAME exists, so the AUTHORITY section should only contain an NS RRset and a @@ -173,9 +175,9 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2 # type bit map. ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC, QNAME #1 ($n)" ret=0 # QNAME does not exist, so the AUTHORITY section should contain an NS RRset and @@ -195,9 +197,9 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2 # type bit map. ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC, QNAME #2 ($n)" ret=0 # QNAME does not exist, so the AUTHORITY section should contain an NS RRset and @@ -218,7 +220,7 @@ exactly_one_record_exists_for "delegation.wildcard-nsec.example." NSEC dig.out.2 # type bit map. ensure_no_ds_in_bitmap "delegation.wildcard-nsec.example." NSEC dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Relevant NSEC3 hashes: # @@ -240,7 +242,7 @@ status=`expr $status + $ret` # $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3.example. # SG2DEHEAOGCKP7FTNQAUVC3I3TIPJH0J (salt=-, hash=1, iterations=0) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 ($n)" ret=0 # QNAME exists, so the AUTHORITY section should only contain an NS RRset and a @@ -259,9 +261,9 @@ no_records_exist_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.example." # the type bit map. ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3, QNAME #1 ($n)" ret=0 # QNAME does not exist, so the AUTHORITY section should contain an NS RRset and @@ -281,9 +283,9 @@ exactly_one_record_exists_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.e # the type bit map. ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3, QNAME #2 ($n)" ret=0 # QNAME does not exist, so the AUTHORITY section should contain an NS RRset and @@ -304,7 +306,7 @@ no_records_exist_for "Q64D8L8HLSB3L98S59PM8OSSMI7SMQA2.wildcard-nsec3.example." # the type bit map. ensure_no_ds_in_bitmap "AVKOGGGVJHFSLQA68TILKFKJ94AV4MNC.wildcard-nsec3.example." NSEC3 dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Relevant NSEC3 hashes: # @@ -329,7 +331,7 @@ status=`expr $status + $ret` # $ nsec3hash - 1 0 z-nonexistent-name.wildcard-nsec3-optout.example. # V7OTS4791T9SU0HKVL93EVNAJ9JH2CH3 (salt=-, hash=1, iterations=0) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using CNAME chaining, NSEC3 with opt-out ($n)" ret=0 # QNAME exists, so the AUTHORITY section should only contain an NS RRset and a @@ -347,9 +349,9 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o # the type bit map. ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3 with opt-out, QNAME #1 ($n)" ret=0 # QNAME does not exist, so the AUTHORITY section should contain an NS RRset and @@ -368,9 +370,9 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o # the type bit map. ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking insecure delegation prepared using wildcard expansion + CNAME chaining, NSEC3 with opt-out, QNAME #2 ($n)" ret=0 # QNAME does not exist, so the AUTHORITY section should contain an NS RRset and @@ -390,17 +392,17 @@ exactly_one_record_exists_for "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-o # the type bit map. ensure_no_ds_in_bitmap "SS5M1RUBSGMANEQ1VLRDDEC6SOAT7HNI.wildcard-nsec3-optout.example." NSEC3 dig.out.2.$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking CNAME to DNAME from authoritative ($n)" ret=0 $DIG $DIGOPTS cname.example @10.53.0.2 a > dig.out.ns2.cname grep "status: NOERROR" dig.out.ns2.cname > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking CNAME to DNAME from recursive" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -411,9 +413,9 @@ grep '^cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1 grep '^a.cnamedname.example.' dig.out.ns4.cname > /dev/null || ret=1 grep '^a.target.example.' dig.out.ns4.cname > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking DNAME is returned with synthesized CNAME before DNAME ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -422,9 +424,9 @@ grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1 grep '^name.synth-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1 grep '^synth-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking DNAME is returned with CNAME to synthesized CNAME before DNAME ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -434,9 +436,9 @@ grep '^cname-to-synth2-then-dname\.example\.broken\..*CNAME.*name\.synth2-then-d grep '^name\.synth2-then-dname\.example\.broken\..*CNAME.*name.$' dig.out.test$n > /dev/null || ret=1 grep '^synth2-then-dname\.example\.broken\..*DNAME.*\.$' dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking CNAME loops are detected ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -444,9 +446,9 @@ $DIG $DIGOPTS @10.53.0.7 loop.example > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 grep "ANSWER: 17" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking CNAME to external delegated zones is handled ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -454,9 +456,9 @@ $DIG $DIGOPTS @10.53.0.7 a.example > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking CNAME to internal delegated zones is handled ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -464,27 +466,27 @@ $DIG $DIGOPTS @10.53.0.7 b.example > dig.out.test$n grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 grep "ANSWER: 2" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking CNAME to signed external delegation is handled ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i $DIG $DIGOPTS @10.53.0.7 c.example > dig.out.$n grep "status: NOERROR" dig.out.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking CNAME to signed internal delegation is handled ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i $DIG $DIGOPTS @10.53.0.7 d.example > dig.out.$n grep "status: NOERROR" dig.out.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking CNAME chains in various orders ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -523,9 +525,9 @@ $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.6.$n 2>&1 grep 'status: NOERROR' dig.out.6.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 2' dig.out.6.$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that only the initial CNAME is cached ($n)" ret=0 $RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i @@ -534,12 +536,12 @@ $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.1.$n 2>&1 sleep 1 $DIG $DIGOPTS +noall +answer @10.53.0.7 cname1.domain.nil > dig.out.2.$n 2>&1 -ttl=`awk '{print $2}' dig.out.2.$n` +ttl=$(awk '{print $2}' dig.out.2.$n) [ "$ttl" -eq 86400 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking DNAME chains in various orders ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -562,9 +564,9 @@ grep 'status: NOERROR' dig.out.3.$n > /dev/null 2>&1 || ret=1 grep 'ANSWER: 3' dig.out.3.$n > /dev/null 2>&1 || ret=1 $RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking external CNAME/DNAME chains in various orders ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n - step 1 --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -585,18 +587,18 @@ $DIG $DIGOPTS @10.53.0.7 test.domain.nil > dig.out.3.$n 2>&1 grep 'status: SERVFAIL' dig.out.3.$n > /dev/null 2>&1 || ret=1 $RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking explicit DNAME query ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i $DIG $DIGOPTS @10.53.0.7 dname short-dname.example > dig.out.7.$n 2>&1 grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking DNAME via ANY query ($n)" ret=0 $RNDCCMD 10.53.0.7 null --- start test$n --- 2>&1 | sed 's/^/ns7 /' | cat_i @@ -604,25 +606,25 @@ $RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i $DIG $DIGOPTS @10.53.0.7 any short-dname.example > dig.out.7.$n 2>&1 grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Regression test for CVE-2021-25215 (authoritative server). -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking DNAME resolution via itself (authoritative) ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 DNAME self.domain0.self.domain0.nil. > dig.out.2.$n 2>&1 grep 'status: NOERROR' dig.out.2.$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Regression test for CVE-2021-25215 (recursive resolver). -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking DNAME resolution via itself (recursive) ($n)" ret=0 $DIG $DIGOPTS @10.53.0.7 DNAME self.example.self.example.dname. > dig.out.7.$n 2>&1 grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 76a9330efc..c848136a05 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -18,14 +20,14 @@ n=0 mkdir keys -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf handles a known good config ($n)" ret=0 $CHECKCONF good.conf > checkconf.out$n 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf prints a known good config ($n)" ret=0 awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in @@ -34,9 +36,9 @@ $CHECKCONF -p good.conf.in > checkconf.out$n || ret=1 grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1 cmp good.conf.in good.conf.out || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -x removes secrets ($n)" ret=0 # ensure there is a secret and that it is not the check string. @@ -46,15 +48,15 @@ $CHECKCONF -p -x good.conf.in > checkconf.out$n || ret=1 grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1 grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) for bad in bad-*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that named-checkconf detects error in $bad ($n)" ret=0 - $CHECKCONF $bad > checkconf.out$n 2>&1 - if [ $? -ne 1 ]; then ret=1; fi + { $CHECKCONF $bad > checkconf.out$n 2>&1; rc=$?; } || true + if [ $rc -ne 1 ]; then ret=1; fi grep "^$bad:[0-9]*: " < checkconf.out$n > /dev/null || ret=1 case $bad in bad-update-policy[123].conf) @@ -71,12 +73,12 @@ do ;; esac if [ $ret -ne 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done for good in good-*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that named-checkconf detects no error in $good ($n)" ret=0 if ! $FEATURETEST --with-libnghttp2 @@ -86,79 +88,78 @@ do good-dot-*.conf) continue;; esac fi - $CHECKCONF $good > checkconf.out$n 2>&1 - if [ $? -ne 0 ]; then echo_i "failed"; ret=1; fi - status=`expr $status + $ret` + { $CHECKCONF $good > checkconf.out$n 2>&1; rc=$?; } || true + if [ $rc -ne 0 ]; then echo_i "failed"; ret=1; fi + status=$((status + ret)) done for lmdb in lmdb-*.conf do - n=`expr $n + 1` + n=$((n + 1)) ret=0 - $FEATURETEST --with-lmdb - if [ $? -eq 0 ]; then + if $FEATURETEST --with-lmdb; then echo_i "checking that named-checkconf detects no error in $lmdb ($n)" - $CHECKCONF $lmdb > checkconf.out$n 2>&1 - if [ $? -ne 0 ]; then echo_i "failed"; ret=1; fi + { $CHECKCONF $lmdb > checkconf.out$n 2>&1; rc=$?; } || true + if [ $rc -ne 0 ]; then echo_i "failed"; ret=1; fi else echo_i "checking that named-checkconf detects error in $lmdb ($n)" - $CHECKCONF $lmdb > checkconf.out$n 2>&1 - if [ $? -eq 0 ]; then echo_i "failed"; ret=1; fi + { $CHECKCONF $lmdb > checkconf.out$n 2>&1; rc=$?; } || true + if [ $rc -eq 0 ]; then echo_i "failed"; ret=1; fi fi - status=`expr $status + $ret` + status=$((status + ret)) done -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that ancient options report a fatal error ($n)" ret=0 $CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1 grep "no longer exists" ancient.out > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z catches missing hint file ($n)" ret=0 $CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1 grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf catches range errors ($n)" ret=0 $CHECKCONF range.conf > checkconf.out$n 2>&1 && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf warns of notify inconsistencies ($n)" ret=0 $CHECKCONF notify.conf > checkconf.out$n 2>&1 -warnings=`grep "'notify' is disabled" < checkconf.out$n | wc -l` +warnings=$(grep "'notify' is disabled" < checkconf.out$n | wc -l) [ $warnings -eq 3 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf dnssec warnings ($n)" ret=0 # dnssec.1: auto-dnssec warning -$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1 +$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1 && ret=1 grep 'auto-dnssec may only be ' < checkconf.out$n.1 > /dev/null || ret=1 # dnssec.2: should have no warnings (other than deprecation warning) -$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1 +$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1 || ret=1 grep "option 'auto-dnssec' is deprecated" < checkconf.out$n.2 > /dev/null || ret=1 lines=$(wc -l < "checkconf.out$n.2") if [ $lines != 1 ]; then ret=1; fi # dnssec.3: should have specific deprecation warning -$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1 +$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1 && ret=1 grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" < checkconf.out$n.3 > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf deprecate warnings ($n)" ret=0 $CHECKCONF deprecated.conf > checkconf.out$n.1 2>&1 @@ -174,27 +175,27 @@ grep "option 'root-delegation-only' is deprecated" < checkconf.out$n.1 > /dev/nu grep "'type delegation-only' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1 grep "token 'port' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # set -i to ignore deprecate warnings $CHECKCONF -i deprecated.conf > checkconf.out$n.2 2>&1 grep '.*' < checkconf.out$n.2 > /dev/null && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf servestale warnings ($n)" ret=0 $CHECKCONF servestale.stale-refresh-time.0.conf > checkconf.out$n.1 2>&1 grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) ret=0 $CHECKCONF servestale.stale-refresh-time.29.conf > checkconf.out$n.1 2>&1 grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "range checking fields that do not allow zero ($n)" ret=0 for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do @@ -203,15 +204,15 @@ options { $field 0; }; EOF - $CHECKCONF badzero.conf > checkconf.out$n.1 2>&1 - [ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; } + { $CHECKCONF badzero.conf > checkconf.out$n.1 2>&1; rc=$?; } || true + [ $rc -eq 1 ] || { echo_i "options $field failed" ; ret=1; } cat > badzero.conf << EOF view dummy { $field 0; }; EOF - $CHECKCONF badzero.conf > checkconf.out$n.2 2>&1 - [ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; } + { $CHECKCONF badzero.conf > checkconf.out$n.2 2>&1; rc=$?; } || true + [ $rc -eq 1 ] || { echo_i "view $field failed" ; ret=1; } cat > badzero.conf << EOF options { $field 0; @@ -219,8 +220,8 @@ options { view dummy { }; EOF - $CHECKCONF badzero.conf > checkconf.out$n.3 2>&1 - [ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; } + { $CHECKCONF badzero.conf > checkconf.out$n.3 2>&1; rc=$?; } || true + [ $rc -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; } cat > badzero.conf << EOF zone dummy { type secondary; @@ -228,213 +229,213 @@ zone dummy { $field 0; }; EOF - $CHECKCONF badzero.conf > checkconf.out$n.4 2>&1 - [ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; } + { $CHECKCONF badzero.conf > checkconf.out$n.4 2>&1; rc=$?; } || true + [ $rc -eq 1 ] || { echo_i "zone $field failed" ; ret=1; } done if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking options allowed in inline-signing secondaries ($n)" ret=0 -$CHECKCONF bad-dnssec.conf > checkconf.out$n.1 2>&1 -l=`grep "dnssec-dnskey-kskonly.*requires inline" < checkconf.out$n.1 | wc -l` +$CHECKCONF bad-dnssec.conf > checkconf.out$n.1 2>&1 && ret=1 +l=$(grep "dnssec-dnskey-kskonly.*requires inline" < checkconf.out$n.1 | wc -l) [ $l -eq 1 ] || ret=1 -$CHECKCONF bad-dnssec.conf > checkconf.out$n.2 2>&1 -l=`grep "dnssec-loadkeys-interval.*requires inline" < checkconf.out$n.2 | wc -l` +$CHECKCONF bad-dnssec.conf > checkconf.out$n.2 2>&1 && ret=1 +l=$(grep "dnssec-loadkeys-interval.*requires inline" < checkconf.out$n.2 | wc -l) [ $l -eq 1 ] || ret=1 -$CHECKCONF bad-dnssec.conf > checkconf.out$n.3 2>&1 -l=`grep "update-check-ksk.*requires inline" < checkconf.out$n.3 | wc -l` +$CHECKCONF bad-dnssec.conf > checkconf.out$n.3 2>&1 && ret=1 +l=$(grep "update-check-ksk.*requires inline" < checkconf.out$n.3 | wc -l) [ $l -eq 1 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check file + inline-signing for secondary zones ($n)" -$CHECKCONF inline-no.conf > checkconf.out$n.1 2>&1 -l=`grep "missing 'file' entry" < checkconf.out$n.1 | wc -l` +$CHECKCONF inline-no.conf > checkconf.out$n.1 2>&1 && ret=1 +l=$(grep "missing 'file' entry" < checkconf.out$n.1 | wc -l) [ $l -eq 0 ] || ret=1 -$CHECKCONF inline-good.conf > checkconf.out$n.2 2>&1 -l=`grep "missing 'file' entry" < checkconf.out$n.2 | wc -l` +$CHECKCONF inline-good.conf > checkconf.out$n.2 2>&1 || ret=1 +l=$(grep "missing 'file' entry" < checkconf.out$n.2 | wc -l) [ $l -eq 0 ] || ret=1 -$CHECKCONF inline-bad.conf > checkconf.out$n.3 2>&1 -l=`grep "missing 'file' entry" < checkconf.out$n.3 | wc -l` +$CHECKCONF inline-bad.conf > checkconf.out$n.3 2>&1 && ret=1 +l=$(grep "missing 'file' entry" < checkconf.out$n.3 | wc -l) [ $l -eq 1 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf DLZ warnings ($n)" ret=0 -$CHECKCONF dlz-bad.conf > checkconf.out$n 2>&1 +$CHECKCONF dlz-bad.conf > checkconf.out$n 2>&1 && ret=1 grep "'dlz' and 'database'" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking for missing key directory warning ($n)" ret=0 rm -rf test.keydir $CHECKCONF warn-keydir.conf > checkconf.out$n.1 2>&1 -l=`grep "'test.keydir' does not exist" < checkconf.out$n.1 | wc -l` +l=$(grep "'test.keydir' does not exist" < checkconf.out$n.1 | wc -l) [ $l -eq 1 ] || ret=1 touch test.keydir $CHECKCONF warn-keydir.conf > checkconf.out$n.2 2>&1 -l=`grep "'test.keydir' is not a directory" < checkconf.out$n.2 | wc -l` +l=$(grep "'test.keydir' is not a directory" < checkconf.out$n.2 | wc -l) [ $l -eq 1 ] || ret=1 rm -f test.keydir mkdir test.keydir $CHECKCONF warn-keydir.conf > checkconf.out$n.3 2>&1 -l=`grep "key-directory" < checkconf.out$n.3 | wc -l` +l=$(grep "key-directory" < checkconf.out$n.3 | wc -l) [ $l -eq 0 ] || ret=1 rm -rf test.keydir if [ $ret -ne 0 ]; then echo_i "failed"; fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)" ret=0 -$CHECKCONF -z max-ttl.conf > check.out 2>&1 +$CHECKCONF -z max-ttl.conf > check.out 2>&1 && ret=1 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)" ret=0 $CHECKCONF -z max-ttl-bad.conf > checkconf.out$n 2>&1 && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)" ret=0 $CHECKCONF -z altdb.conf > checkconf.out$n 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)" ret=0 $CHECKCONF -z altdlz.conf > checkconf.out$n 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z fails on view with ANY class ($n)" ret=0 $CHECKCONF -z view-class-any1.conf > checkconf.out$n 2>&1 && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)" ret=0 $CHECKCONF -z view-class-any2.conf > checkconf.out$n 2>&1 && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z passes on view with IN class ($n)" ret=0 $CHECKCONF -z view-class-in1.conf > checkconf.out$n 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)" ret=0 $CHECKCONF -z view-class-in2.conf > checkconf.out$n 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that check-names fails as configured ($n)" ret=0 $CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "near '_underscore': bad name (check-names)" < checkconf.out$n > /dev/null || ret=1 grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that check-mx fails as configured ($n)" ret=0 $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "near '10.0.0.1': MX is an address" < checkconf.out$n > /dev/null || ret=1 grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that check-dup-records fails as configured ($n)" ret=0 $CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "has semantically identical records" < checkconf.out$n > /dev/null || ret=1 grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that check-mx fails as configured ($n)" ret=0 $CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "failed: MX is an address" < checkconf.out$n > /dev/null || ret=1 grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that check-mx-cname fails as configured ($n)" ret=0 $CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "MX.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that check-srv-cname fails as configured ($n)" ret=0 $CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1 grep "SRV.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1 grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that named-checkconf -p properly print a port range ($n)" ret=0 $CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1 grep "range 8610 8614;" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that named-checkconf -z handles in-view ($n)" ret=0 $CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1 grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that named-checkconf -z returns error when a later view is okay ($n)" ret=0 $CHECKCONF -z check-missing-zone.conf > checkconf.out$n 2>&1 && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that named-checkconf prints max-cache-size correctly ($n)" ret=0 $CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1 grep "max-cache-size 60%;" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that named-checkconf -l prints out the zone list ($n)" ret=0 $CHECKCONF -l good.conf | @@ -445,66 +446,66 @@ grep -v "no longer exists" | grep -v "is obsolete" > checkconf.out$n || ret=1 diff good.zonelist checkconf.out$n > diff.out$n || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" ret=0 $CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1 [ -s checkconf.out$n ] || ret=1 grep "key without the updated" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not generate a warning ($n)" ret=0 $CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1 [ -s checkconf.out$n ] && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that the 2017 ICANN ROOT KSK alone does not generate a warning ($n)" ret=0 $CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1 [ -s checkconf.out$n ] && ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that a static root key generates a warning ($n)" ret=0 $CHECKCONF check-root-static-key.conf > checkconf.out$n 2>/dev/null || ret=1 grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that a static root DS trust anchor generates a warning ($n)" ret=0 $CHECKCONF check-root-static-ds.conf > checkconf.out$n 2>/dev/null || ret=1 grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that a trusted-keys entry for root generates a warning ($n)" ret=0 $CHECKCONF check-root-trusted-key.conf > checkconf.out$n 2>/dev/null || ret=1 grep "trusted-keys entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that using trust-anchors and managed-keys generates an error ($n)" ret=0 $CHECKCONF check-mixed-keys.conf > checkconf.out$n 2>/dev/null && ret=1 grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf kasp errors ($n)" ret=0 $CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1 @@ -517,9 +518,9 @@ grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < c grep "sig-validity-interval: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 grep "update-check-ksk: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf kasp nsec3 iterations errors ($n)" ret=0 $CHECKCONF kasp-bad-nsec3-iter.conf > checkconf.out$n 2>&1 && ret=1 @@ -527,25 +528,25 @@ grep "dnssec-policy: nsec3 iterations value 151 out of range" < checkconf.out$n lines=$(wc -l < "checkconf.out$n") if [ $lines -ne 3 ]; then ret=1; fi if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf kasp nsec3 algorithm errors ($n)" ret=0 $CHECKCONF kasp-bad-nsec3-alg.conf > checkconf.out$n 2>&1 && ret=1 grep "dnssec-policy: cannot use nsec3 with algorithm 'RSASHA1'" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf kasp key errors ($n)" ret=0 $CHECKCONF kasp-bad-keylen.conf > checkconf.out$n 2>&1 && ret=1 grep "dnssec-policy: key with algorithm rsasha1 has invalid key length 511" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf kasp signatures refresh errors ($n)" ret=0 $CHECKCONF kasp-bad-signatures-refresh.conf > checkconf.out$n 2>&1 && ret=1 @@ -554,26 +555,26 @@ grep "dnssec-policy: policy 'bad-sigrefresh-dnskey' signatures-refresh must be a lines=$(wc -l < "checkconf.out$n") if [ $lines -ne 2 ]; then ret=1; fi if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf kasp key lifetime errors ($n)" ret=0 $CHECKCONF kasp-bad-lifetime.conf > checkconf.out$n 2>&1 && ret=1 lines=$(grep "dnssec-policy: key lifetime is shorter than the time it takes to do a rollover" < checkconf.out$n | wc -l) || ret=1 if [ $lines -ne 3 ]; then ret=1; fi if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf kasp predefined key length ($n)" ret=0 $CHECKCONF kasp-ignore-keylen.conf > checkconf.out$n 2>&1 || ret=1 grep "dnssec-policy: key algorithm ecdsa256 has predefined length; ignoring length value 2048" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf kasp warns about weird policies ($n)" ret=0 $CHECKCONF kasp-warning.conf > checkconf.out$n 2>&1 || ret=1 @@ -585,16 +586,16 @@ grep "dnssec-policy: key lifetime is shorter than 30 days" < checkconf.out$n > / lines=$(wc -l < "checkconf.out$n") if [ $lines -ne 5 ]; then ret=1; fi if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that a good 'kasp' configuration is accepted ($n)" ret=0 $CHECKCONF good-kasp.conf > checkconf.out$n 2>/dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that named-checkconf prints a known good kasp config ($n)" ret=0 awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-kasp.conf > good-kasp.conf.in @@ -602,17 +603,17 @@ awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-ka $CHECKCONF -p good-kasp.conf.in | grep -v '^good-kasp.conf.in:' > good-kasp.conf.out 2>&1 || ret=1 cmp good-kasp.conf.in good-kasp.conf.out || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that max-ixfr-ratio 100% generates a warning ($n)" ret=0 $CHECKCONF warn-maxratio1.conf > checkconf.out$n 2>/dev/null || ret=1 grep "exceeds 100%" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that *-source options with specified port generate warnings ($n)" ret=0 $CHECKCONF warn-transfer-source.conf > checkconf.out$n 2>/dev/null || ret=1 @@ -622,39 +623,39 @@ grep "not recommended" < checkconf.out$n > /dev/null || ret=1 $CHECKCONF warn-parental-source.conf > checkconf.out$n 2>/dev/null || ret=1 grep "not recommended" < checkconf.out$n > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that using both max-zone-ttl and dnssec-policy generates a warning ($n)" ret=0 $CHECKCONF warn-kasp-max-zone-ttl.conf > checkconf.out$n 2>/dev/null || ret=1 grep "option 'max-zone-ttl' is ignored when used together with 'dnssec-policy'" < checkconf.out$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check obsolete options generate warnings ($n)" ret=0 $CHECKCONF warn-random-device.conf > checkconf.out$n 2>/dev/null || ret=1 grep "option 'random-device' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that 'check-wildcard no;' succeeds as configured ($n)" ret=0 $CHECKCONF -z check-wildcard-no.conf > checkconf.out$n 2>&1 || ret=1 grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that 'check-wildcard yes;' warns as configured ($n)" ret=0 $CHECKCONF -z check-wildcard.conf > checkconf.out$n 2>&1 || ret=1 grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi -status=`expr $status + $ret` +status=$((status + ret)) rmdir keys diff --git a/bin/tests/system/checknames/tests.sh b/bin/tests/system/checknames/tests.sh index 085e228b9e..47ba8013fe 100644 --- a/bin/tests/system/checknames/tests.sh +++ b/bin/tests/system/checknames/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -31,24 +33,24 @@ $DIG $DIGOPTS fail.example. @10.53.0.1 a > dig.out.ns1.test$n || ret=1 grep SERVFAIL dig.out.ns1.test$n > /dev/null || ret=1 grep 'xx_xx.fail.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) # Entry should exist. echo_i "check for warnings from on zone load for 'check-names warn;' ($n)" ret=0 grep 'xx_xx.warn.example: bad owner name (check-names)' ns1/named.run > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) # Entry should not exist. echo_i "check for warnings from on zone load for 'check-names ignore;' ($n)" ret=1 grep 'yy_yy.ignore.example: bad owner name (check-names)' ns1/named.run || ret=0 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) # Entry should exist echo_i "check that 'check-names response warn;' works ($n)" @@ -58,8 +60,8 @@ $DIG $DIGOPTS +noauth yy_yy.ignore.example. @10.53.0.2 a > dig.out.ns2.test$n || digcomp dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 grep "check-names warning yy_yy.ignore.example/A/IN" ns2/named.run > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) # Entry should exist echo_i "check that 'check-names response (owner) fails;' works ($n)" @@ -70,8 +72,8 @@ grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1 grep REFUSED dig.out.ns3.test$n > /dev/null || ret=1 grep "check-names failure yy_yy.ignore.example/A/IN" ns3/named.run > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) # Entry should exist echo_i "check that 'check-names response (rdata) fails;' works ($n)" @@ -82,8 +84,8 @@ grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1 grep SERVFAIL dig.out.ns3.test$n > /dev/null || ret=1 grep "check-names failure mx.ignore.example/MX/IN" ns3/named.run > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "check that updates to 'check-names fail;' are rejected ($n)" ret=0 @@ -99,8 +101,8 @@ $DIG $DIGOPTS xxx_xxx.fail.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1 grep "xxx_xxx.fail.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1 grep NXDOMAIN dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "check that updates to 'check-names warn;' succeed and are logged ($n)" ret=0 @@ -114,8 +116,8 @@ $DIG $DIGOPTS xxx_xxx.warn.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1 grep "xxx_xxx.warn.update/A: bad owner name (check-names)" ns1/named.run > /dev/null || ret=1 grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "check that updates to 'check-names ignore;' succeed and are not logged ($n)" ret=0 @@ -131,8 +133,8 @@ if [ $not != 0 ]; then ret=1; fi $DIG $DIGOPTS xxx_xxx.ignore.update @10.53.0.1 A > dig.out.ns1.test$n || ret=1 grep NOERROR dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)" ret=0 @@ -148,8 +150,8 @@ if [ $not != 0 ]; then ret=1; fi $DIG $DIGOPTS xxx_xxx.primary-ignore.update @10.53.0.4 A > dig.out.ns4.test$n || ret=1 grep NOERROR dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)" ret=0 @@ -175,8 +177,8 @@ ret=0 retry_quiet 35 wait_for_record xxx_xxx.master-ignore.update @10.53.0.4 A dig.out.ns4.test$n || ret=1 grep "xxx_xxx.master-ignore.update/A.*(check-names)" ns4/named.run > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)" ret=0 diff --git a/bin/tests/system/checkzone/tests.sh b/bin/tests/system/checkzone/tests.sh index 9d575ee6d9..169e411c9e 100644 --- a/bin/tests/system/checkzone/tests.sh +++ b/bin/tests/system/checkzone/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 diff --git a/bin/tests/system/ckdnsrps.sh b/bin/tests/system/ckdnsrps.sh index 3063adb00f..afc405d317 100644 --- a/bin/tests/system/ckdnsrps.sh +++ b/bin/tests/system/ckdnsrps.sh @@ -38,7 +38,7 @@ while getopts "xADM:S:" c; do *) echo "$USAGE" 1>&2; exit 1;; esac done -shift `expr $OPTIND - 1 || true` +shift $(expr $OPTIND - 1 || true) if [ "$#" -ne 0 ]; then echo "$USAGE" 1>&2 exit 1 diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index 1499de6f34..56bcde648d 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -246,8 +246,7 @@ cat_d() { } digcomp() { - output=`$PERL $TOP_SRCDIR/bin/tests/system/digcomp.pl "$@"` - result=$? + { output=`$PERL $TOP_SRCDIR/bin/tests/system/digcomp.pl "$@"`; result=$?; } || true [ -n "$output" ] && { echo "digcomp failed:"; echo "$output"; } | cat_i return $result } diff --git a/bin/tests/system/cookie/tests.sh b/bin/tests/system/cookie/tests.sh index ac3bd087cd..fad73d71a0 100755 --- a/bin/tests/system/cookie/tests.sh +++ b/bin/tests/system/cookie/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -37,139 +39,139 @@ havetc() { for bad in bad*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that named-checkconf detects error in $bad ($n)" ret=0 $CHECKCONF $bad > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done for good in good*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that named-checkconf detects accepts $good ($n)" ret=0 $CHECKCONF $good > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RCODE=FORMERR to query without question section and without COOKIE option ($n)" ret=0 $DIG $DIGOPTS +qr +header-only +nocookie version.bind txt ch @10.53.0.1 > dig.out.test$n grep COOKIE: dig.out.test$n > /dev/null && ret=1 grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RCODE=NOERROR to query without question section and with COOKIE option ($n)" ret=0 $DIG $DIGOPTS +qr +header-only +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n grep COOKIE: dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking COOKIE token is returned to empty COOKIE option ($n)" ret=0 $DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n grep COOKIE: dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking COOKIE is not returned when answer-cookie is false ($n)" ret=0 $DIG $DIGOPTS +cookie version.bind txt ch @10.53.0.7 > dig.out.test$n grep COOKIE: dig.out.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking response size without COOKIE ($n)" ret=0 $DIG $DIGOPTS large.example txt @10.53.0.1 +ignore > dig.out.test$n havetc dig.out.test$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking response size without valid COOKIE ($n)" ret=0 $DIG $DIGOPTS +cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n havetc dig.out.test$n || ret=1 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking response size with COOKIE ($n)" ret=0 $DIG $DIGOPTS +cookie large.example txt @10.53.0.1 > dig.out.test$n.l -cookie=`getcookie dig.out.test$n.l` +cookie=$(getcookie dig.out.test$n.l) $DIG $DIGOPTS +qr +cookie=$cookie large.example txt @10.53.0.1 +ignore > dig.out.test$n havetc dig.out.test$n && ret=1 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking response size with COOKIE recursive ($n)" ret=0 $DIG $DIGOPTS +qr +cookie=$cookie large.xxx txt @10.53.0.1 +ignore > dig.out.test$n havetc dig.out.test$n && ret=1 grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking COOKIE is learnt for TCP retry ($n)" ret=0 $DIG $DIGOPTS +qr +cookie large.example txt @10.53.0.1 > dig.out.test$n -linecount=`getcookie dig.out.test$n | wc -l` +linecount=$(getcookie dig.out.test$n | wc -l) if [ $linecount != 3 ]; then ret=1; fi -checkfull=`getcookie dig.out.test$n | fullcookie` +checkfull=$(getcookie dig.out.test$n | fullcookie) if [ $checkfull != 1 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking for COOKIE value in adb ($n)" ret=0 rndc_dumpdb ns1 grep "10.53.0.2.*\[cookie=" ns1/named_dump.db.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking require-server-cookie default (no) ($n)" ret=0 $DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.1 > dig.out.test$n grep BADCOOKIE dig.out.test$n > /dev/null && ret=1 -linecount=`getcookie dig.out.test$n | wc -l` +linecount=$(getcookie dig.out.test$n | wc -l) if [ $linecount != 2 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking require-server-cookie yes ($n)" ret=0 $DIG $DIGOPTS +qr +cookie +nobadcookie soa @10.53.0.3 > dig.out.test$n grep "flags: qr[^;]* aa[ ;]" dig.out.test$n > /dev/null && ret=1 grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 grep BADCOOKIE dig.out.test$n > /dev/null || ret=1 -linecount=`getcookie dig.out.test$n | wc -l` +linecount=$(getcookie dig.out.test$n | wc -l) if [ $linecount != 2 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking +qr +showbadcookie ($n)" ret=0 $DIG $DIGOPTS +qr +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n @@ -177,16 +179,16 @@ noerror=$(grep "status: NOERROR" dig.out.test$n | wc -l) badcookie=$(grep "status: BADCOOKIE" dig.out.test$n | wc -l) server=$(grep "COOKIE: ................................................" dig.out.test$n | wc -l) good=$(grep "COOKIE: ................................................ (good)" dig.out.test$n | wc -l) -linecount=`getcookie dig.out.test$n | wc -l` +linecount=$(getcookie dig.out.test$n | wc -l) if [ $noerror != 3 ]; then ret=1; fi if [ $badcookie != 1 ]; then ret=1; fi if [ $server != 3 ]; then ret=1; fi if [ $good != 2 ]; then ret=1; fi if [ $linecount != 4 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "checking +showbadcookie ($n)" ret=0 $DIG $DIGOPTS +cookie +showbadcookie soa @10.53.0.3 > dig.out.test$n @@ -194,49 +196,49 @@ noerror=$(grep "status: NOERROR" dig.out.test$n | wc -l) badcookie=$(grep "status: BADCOOKIE" dig.out.test$n | wc -l) server=$(grep "COOKIE: ................................................" dig.out.test$n | wc -l) good=$(grep "COOKIE: ................................................ (good)" dig.out.test$n | wc -l) -linecount=`getcookie dig.out.test$n | wc -l` +linecount=$(getcookie dig.out.test$n | wc -l) if [ $noerror != 1 ]; then ret=1; fi if [ $badcookie != 1 ]; then ret=1; fi if [ $server != 2 ]; then ret=1; fi if [ $good != 2 ]; then ret=1; fi if [ $linecount != 2 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking require-server-cookie yes with rate-limit ($n)" ret=0 $DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 grep BADCOOKIE dig.out.test$n > /dev/null || ret=1 -linecount=`getcookie dig.out.test$n | wc -l` +linecount=$(getcookie dig.out.test$n | wc -l) if [ $linecount != 2 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "send undersized cookie ($n)" ret=0 $DIG $DIGOPTS +qr +cookie=000000 soa @10.53.0.1 > dig.out.test$n || ret=1 grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "send oversized for named cookie ($n)" ret=0 $DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.1 > dig.out.test$n || ret=1 grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "send oversized for named cookie with server requiring a good cookie ($n)" ret=0 $DIG $DIGOPTS +qr +cookie=${cookie}00 soa @10.53.0.3 > dig.out.test$n || ret=1 grep "COOKIE: [a-f0-9]* (good)" dig.out.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # # Test shared cookie-secret support. @@ -255,90 +257,90 @@ status=`expr $status + $ret` # Force local address so that the client's address is the same to all servers. # -n=`expr $n + 1` +n=$((n + 1)) echo_i "get NS4 cookie for cross server checking ($n)" ret=0 $DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.4 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 -ns4cookie=`getcookie dig.out.test$n` +ns4cookie=$(getcookie dig.out.test$n) test -n "$ns4cookie" || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "get NS5 cookie for cross server checking ($n)" ret=0 $DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.5 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 -ns5cookie=`getcookie dig.out.test$n` +ns5cookie=$(getcookie dig.out.test$n) test -n "$ns5cookie" || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "get NS6 cookie for cross server checking ($n)" ret=0 $DIG $DIGOPTS +cookie -b 10.53.0.4 soa . @10.53.0.6 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 -ns6cookie=`getcookie dig.out.test$n` +ns6cookie=$(getcookie dig.out.test$n) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "test NS4 cookie on NS5 (expect success) ($n)" ret=0 $DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "test NS4 cookie on NS6 (expect badcookie) ($n)" ret=0 $DIG $DIGOPTS +cookie=$ns4cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "test NS5 cookie on NS4 (expect success) ($n)" ret=0 $DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "test NS5 cookie on NS6 (expect badcookie) ($n)" ret=0 $DIG $DIGOPTS +cookie=$ns5cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.6 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "test NS6 cookie on NS4 (expect badcookie) ($n)" ret=0 $DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.4 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: BADCOOKIE," dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "test NS6 cookie on NS5 (expect success) ($n)" ret=0 $DIG $DIGOPTS +cookie=$ns6cookie -b 10.53.0.4 +nobadcookie soa . @10.53.0.5 > dig.out.test$n grep "; COOKIE:.*(good)" dig.out.test$n > /dev/null || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that test server is correctly configured ($n)" ret=0 pat="; COOKIE: ................................ (good)" @@ -401,9 +403,9 @@ grep 'A.10\.53\.0\.10' dig.out.test$n.8 > /dev/null && ret=1 grep ";; TSIG PSEUDOSECTION:" dig.out.test$n.8 > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that spoofed response is dropped when we have a server cookie ($n)" ret=0 msg="missing expected cookie from" @@ -421,9 +423,9 @@ grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1 grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1 grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that gracefully handle server disabling DNS COOKIE we have a server cookie ($n)" ret=0 msg="missing expected cookie from" @@ -441,9 +443,9 @@ grep "status: NOERROR" dig.out.test$n.2 > /dev/null || ret=1 grep 'A.10\.53\.0\.9' dig.out.test$n.2 > /dev/null || ret=1 grep 'A.10\.53\.0\.10' dig.out.test$n.2 > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that spoofed response with a TSIG is dropped when we have a server cookie ($n)" ret=0 pat='10\.53\.0\.9 .*\[cookie=................................\] \[ttl' @@ -462,7 +464,7 @@ nextpart ns1/named.run > named.run.test$n count=$(grep -c ') [0-9][0-9]* NOERROR 0' named.run.test$n) test $count -eq 1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) if $PYTHON -c ' import dns.version, sys; @@ -470,7 +472,7 @@ if dns.version.MAJOR > 1: sys.exit(0); if dns.version.MAJOR == 1 and dns.version.MINOR >= 16: sys.exit(0); sys.exit(1)' then - n=`expr $n + 1` + n=$((n + 1)) echo_i "check that TSIG test server is correctly configured ($n)" ret=0 pat="; COOKIE: ................................ (good)" @@ -520,9 +522,9 @@ then grep 'TSIG.*NOERROR' dig.out.test$n.1 > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) - n=`expr $n + 1` + n=$((n + 1)) echo_i "check that missing COOKIE with a valid TSIG signed response does not trigger TCP fallback ($n)" ret=0 pat='10\.53\.0\.10 .*\[cookie=................................\] \[ttl' @@ -541,7 +543,7 @@ then count=$(grep -c ') [0-9][0-9]* NOERROR 0' named.run.test$n) test $count -eq 2 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "exit status: $status" diff --git a/bin/tests/system/database/tests.sh b/bin/tests/system/database/tests.sh index bb77de7329..408b094be0 100644 --- a/bin/tests/system/database/tests.sh +++ b/bin/tests/system/database/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -27,9 +29,9 @@ echo_i "checking pre reload zone ($n)" ret=0 $DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "hostmaster\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) copy_setports ns1/named2.conf.in ns1/named.conf $RNDCCMD reload 2>&1 >/dev/null @@ -43,12 +45,12 @@ do ret=0 $DIG $DIGOPTS soa database. @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "marka\.isc\.org" dig.out.ns1.test$n > /dev/null || ret=1 - try=`expr $try + 1` + try=$((try + 1)) test $ret -eq 0 && break done -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dialup/tests.sh b/bin/tests/system/dialup/tests.sh index 3a8f5e8980..b68c71e049 100644 --- a/bin/tests/system/dialup/tests.sh +++ b/bin/tests/system/dialup/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -30,7 +32,7 @@ do $DIG $DIGOPTS example. @10.53.0.2 soa > dig.out.ns2.test || ret=1 if grep SERVFAIL dig.out.ns2.test > /dev/null then - try=`expr $try + 1` + try=$((try + 1)) sleep 1 else digcomp dig.out.ns1.test dig.out.ns2.test || ret=1 @@ -39,7 +41,7 @@ do done echo_i "try $try" if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that second zone transfer worked" ret=0 @@ -49,7 +51,7 @@ do $DIG $DIGOPTS example. @10.53.0.3 soa > dig.out.ns3.test || ret=1 if grep SERVFAIL dig.out.ns3.test > /dev/null then - try=`expr $try + 1` + try=$((try + 1)) sleep 1 else digcomp dig.out.ns1.test dig.out.ns3.test || ret=1 @@ -58,7 +60,7 @@ do done echo_i "try $try" if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh index 3debad3da8..dceced6c93 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh @@ -11,11 +11,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh -set -e - status=0 n=0 @@ -42,14 +42,13 @@ check_ttl_range() { case "$pos" in "3") - awk -v rrtype="$2" -v ttl="$3" '($4 == "IN" || $4 == "CLASS1" ) && $5 == rrtype { if ($3 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file + { awk -v rrtype="$2" -v ttl="$3" '($4 == "IN" || $4 == "CLASS1" ) && $5 == rrtype { if ($3 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file; result=$?; } || true ;; *) - awk -v rrtype="$2" -v ttl="$3" '($3 == "IN" || $3 == "CLASS1" ) && $4 == rrtype { if ($2 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file + { awk -v rrtype="$2" -v ttl="$3" '($3 == "IN" || $3 == "CLASS1" ) && $4 == rrtype { if ($2 <= ttl) { ok=1 } } END { exit(ok?0:1) }' < $file; result=$?; } || true ;; esac - result=$? [ $result -eq 0 ] || echo_i "ttl check failed" return $result } @@ -799,7 +798,7 @@ if [ -x "$DIG" ] ; then echo "no_response no_response" | sendcmd 10.53.0.5 dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 && ret=1 # Sanity check: ensure ans5 behaves as expected. - [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1 + [ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 2 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -809,7 +808,7 @@ if [ -x "$DIG" ] ; then echo "partial_axfr partial_axfr" | sendcmd 10.53.0.5 dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 && ret=1 # Sanity check: ensure ans5 behaves as expected. - [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1 + [ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 2 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -819,7 +818,7 @@ if [ -x "$DIG" ] ; then echo "no_response partial_axfr" | sendcmd 10.53.0.5 dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 && ret=1 # Sanity check: ensure ans5 behaves as expected. - [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1 + [ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 2 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -829,7 +828,7 @@ if [ -x "$DIG" ] ; then echo "partial_axfr no_response" | sendcmd 10.53.0.5 dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 && ret=1 # Sanity check: ensure ans5 behaves as expected. - [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 2 ] || ret=1 + [ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 2 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -839,7 +838,7 @@ if [ -x "$DIG" ] ; then echo "no_response complete_axfr" | sendcmd 10.53.0.5 dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 || ret=1 # Sanity check: ensure ans5 behaves as expected. - [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1 + [ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 1 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -849,7 +848,7 @@ if [ -x "$DIG" ] ; then echo "partial_axfr complete_axfr" | sendcmd 10.53.0.5 dig_with_opts @10.53.0.5 example AXFR +tries=2 > dig.out.test$n 2>&1 || ret=1 # Sanity check: ensure ans5 behaves as expected. - [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1 + [ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 1 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -859,7 +858,7 @@ if [ -x "$DIG" ] ; then echo "no_response no_response" | sendcmd 10.53.0.5 dig_with_opts @10.53.0.5 example AXFR +tries=1 > dig.out.test$n 2>&1 && ret=1 # Sanity check: ensure ans5 behaves as expected. - [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1 + [ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 1 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -868,7 +867,7 @@ if [ -x "$DIG" ] ; then ret=0 dig_with_opts @10.53.0.5 example AXFR +retry=0 > dig.out.test$n 2>&1 && ret=1 # Sanity check: ensure ans5 behaves as expected. - [ `grep "communications error.*end of file" dig.out.test$n | wc -l` -eq 1 ] || ret=1 + [ $(grep "communications error.*end of file" dig.out.test$n | wc -l) -eq 1 ] || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -946,8 +945,8 @@ if [ -x "$DIG" ] ; then echo_i "check that dig +bufsize restores default bufsize ($n)" ret=0 dig_with_opts @10.53.0.3 a.example +bufsize=0 +bufsize +qr > dig.out.test$n 2>&1 || ret=1 - lines=`grep "EDNS:.* udp:" dig.out.test$n | wc -l` - lines1232=`grep "EDNS:.* udp: 1232" dig.out.test$n | wc -l` + lines=$(grep "EDNS:.* udp:" dig.out.test$n | wc -l) + lines1232=$(grep "EDNS:.* udp: 1232" dig.out.test$n | wc -l) test $lines -eq 2 || ret=1 test $lines1232 -eq 2 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi diff --git a/bin/tests/system/dlzexternal/tests.sh b/bin/tests/system/dlzexternal/tests.sh index 9fd1ebe179..cbab5094e0 100644 --- a/bin/tests/system/dlzexternal/tests.sh +++ b/bin/tests/system/dlzexternal/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -20,7 +22,7 @@ DIGOPTS="@10.53.0.1 -p ${PORT} +nocookie" RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" newtest() { - n=`expr $n + 1` + n=$((n + 1)) echo_i "${1} (${n})" ret=0 } @@ -45,8 +47,8 @@ EOF return 1 } - out=`$DIG $DIGOPTS -t $type -q $host | grep -E "^$host"` - lines=`echo "$out" | grep "$digout" | wc -l` + out=$($DIG $DIGOPTS -t $type -q $host | grep -E "^$host") + lines=$(echo "$out" | grep "$digout" | wc -l) [ $lines -eq 1 ] || { [ "$should_fail" ] || \ echo_i "dig output incorrect for $host $type $cmd: $out" @@ -56,22 +58,22 @@ EOF } test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_update testdc3.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_update deny.example.nil. TXT "86400 TXT helloworld" "helloworld" should_fail && ret=1 -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing nxrrset" $DIG $DIGOPTS testdc1.example.nil AAAA > dig.out.$n grep "status: NOERROR" dig.out.$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.$n > /dev/null || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing prerequisites are checked correctly" cat > ns1/update.txt << EOF @@ -81,17 +83,17 @@ update add testdc3.example.nil 86500 in a 10.53.0.12 send EOF $NSUPDATE -k ns1/ddns.key ns1/update.txt > /dev/null 2>&1 && ret=1 -out=`$DIG $DIGOPTS +short a testdc3.example.nil` +out=$($DIG $DIGOPTS +short a testdc3.example.nil) [ "$out" = "10.53.0.12" ] && ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing passing client info into DLZ driver" -out=`$DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;'` -addr=`eval echo "$out" | cut -f1 -d'#'` +out=$($DIG $DIGOPTS +short -t txt -q source-addr.example.nil | grep -v '^;') +addr=$(eval echo "$out" | cut -f1 -d'#') [ "$addr" = "10.53.0.1" ] || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing DLZ driver is cleaned up on reload" rndc_reload ns1 10.53.0.1 @@ -102,21 +104,21 @@ for i in 0 1 2 3 4 5 6 7 8 9; do sleep 1 done [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing multiple DLZ drivers" test_update testdc1.alternate.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing AXFR from DLZ drivers" $DIG $DIGOPTS +noall +answer axfr example.nil > dig.out.example.ns1.test$n -lines=`cat dig.out.example.ns1.test$n | wc -l` +lines=$(cat dig.out.example.ns1.test$n | wc -l) [ ${lines:-0} -eq 4 ] || ret=1 $DIG $DIGOPTS +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n -lines=`cat dig.out.alternate.ns1.test$n | wc -l` +lines=$(cat dig.out.alternate.ns1.test$n | wc -l) [ ${lines:-0} -eq 5 ] || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing AXFR denied from DLZ drivers" $DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr example.nil > dig.out.example.ns1.test$n @@ -124,7 +126,7 @@ grep "; Transfer failed" dig.out.example.ns1.test$n > /dev/null || ret=1 $DIG $DIGOPTS -b 10.53.0.5 +noall +answer axfr alternate.nil > dig.out.alternate.ns1.test$n grep "; Transfer failed" dig.out.alternate.ns1.test$n > /dev/null || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing AXFR denied based on view ACL" # 10.53.0.1 should be disallowed @@ -134,63 +136,63 @@ grep "; Transfer failed" dig.out.example.ns1.test$n.1 > /dev/null || ret=1 $DIG $DIGOPTS -b 10.53.0.2 +noall +answer axfr example.org > dig.out.example.ns1.test$n.2 grep "; Transfer failed" dig.out.example.ns1.test$n.2 > /dev/null && ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing unsearched/unregistered DLZ zone is not found" $DIG $DIGOPTS +noall +answer ns other.nil > dig.out.ns1.test$n grep "3600.IN.NS.other.nil." dig.out.ns1.test$n > /dev/null && ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing unsearched/registered DLZ zone is found" $DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing unsearched/registered DLZ zone is found" $DIG $DIGOPTS +noall +answer ns zone.nil > dig.out.ns1.test$n grep "3600.IN.NS.zone.nil." dig.out.ns1.test$n > /dev/null || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing correct behavior with findzone returning ISC_R_NOMORE" $DIG $DIGOPTS +noall a test.example.com > /dev/null 2>&1 || ret=1 # we should only find one logged lookup per searched DLZ database -lines=`grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l` +lines=$(grep "dlz_findzonedb.*test\.example\.com.*example.nil" ns1/named.run | wc -l) [ $lines -eq 1 ] || ret=1 -lines=`grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l` +lines=$(grep "dlz_findzonedb.*test\.example\.com.*alternate.nil" ns1/named.run | wc -l) [ $lines -eq 1 ] || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing findzone can return different results per client" $DIG $DIGOPTS -b 10.53.0.1 +noall a test.example.net > /dev/null 2>&1 || ret=1 # we should only find one logged lookup per searched DLZ database -lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` +lines=$(grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l) [ $lines -eq 1 ] || ret=1 -lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` +lines=$(grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l) [ $lines -eq 1 ] || ret=1 $DIG $DIGOPTS -b 10.53.0.2 +noall a test.example.net > /dev/null 2>&1 || ret=1 # we should find several logged lookups this time -lines=`grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l` +lines=$(grep "dlz_findzonedb.*example\.net.*example.nil" ns1/named.run | wc -l) [ $lines -gt 2 ] || ret=1 -lines=`grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l` +lines=$(grep "dlz_findzonedb.*example\.net.*alternate.nil" ns1/named.run | wc -l) [ $lines -gt 2 ] || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing zone returning oversized data" $DIG $DIGOPTS txt too-long.example.nil > dig.out.ns1.test$n 2>&1 || ret=1 grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "testing zone returning oversized data at zone origin" $DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.test$n 2>&1 || ret=1 grep "status: SERVFAIL" dig.out.ns1.test$n > /dev/null || ret=1 [ "$ret" -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) newtest "checking redirected lookup for nonexistent name" $DIG $DIGOPTS @10.53.0.1 unexists a > dig.out.ns1.test$n || ret=1 @@ -198,24 +200,24 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "^unexists.*A.*100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "checking no redirected lookup for nonexistent type" $DIG $DIGOPTS @10.53.0.1 exists aaaa > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "checking redirected lookup for a long nonexistent name" $DIG $DIGOPTS @10.53.0.1 long.name.is.not.there a > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "^long.name.*A.*100.100.100.3" dig.out.ns1.test$n > /dev/null || ret=1 grep "flags:[^;]* aa[ ;]" dig.out.ns1.test$n > /dev/null || ret=1 -lookups=`grep "lookup #.*\.not\.there" ns1/named.run | wc -l` +lookups=$(grep "lookup #.*\.not\.there" ns1/named.run | wc -l) [ "$lookups" -eq 1 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "checking ECS data is passed to driver in clientinfo" $DIG $DIGOPTS +short +subnet=192.0/16 source-addr.example.nil txt > dig.out.ns1.test$n.1 || ret=1 @@ -223,7 +225,7 @@ grep "192.0.0.0/16/0" dig.out.ns1.test$n.1 > /dev/null || ret=1 $DIG $DIGOPTS +short source-addr.example.nil txt > dig.out.ns1.test$n.2 || ret=1 grep "not.*present" dig.out.ns1.test$n.2 > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dns64/tests.sh b/bin/tests/system/dns64/tests.sh index e878c77ea5..4ee42dce4c 100644 --- a/bin/tests/system/dns64/tests.sh +++ b/bin/tests/system/dns64/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -25,9 +27,9 @@ do echo_i "checking that $conf is accepted ($n)" ret=0 $CHECKCONF "$conf" || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done for conf in conf/bad*.conf @@ -35,9 +37,9 @@ do echo_i "checking that $conf is rejected ($n)" ret=0 $CHECKCONF "$conf" >/dev/null && ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done # Check the example. domain @@ -47,45 +49,45 @@ ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::1.2.3.4" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking default exclude acl ignores mapped A records (all mapped) ($n)" ret=0 $DIG $DIGOPTS a-and-mapped.example. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::1.2.3.5" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking default exclude acl ignores mapped A records (some mapped) ($n)" ret=0 @@ -94,27 +96,27 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::4" dig.out.ns2.test$n > /dev/null || ret=1 grep "::ffff:1.2.3.4" dig.out.ns2.test$n > /dev/null && ret=1 grep "::ffff:1.2.3.5" dig.out.ns2.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking default exclude acl works with AAAA only ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking default exclude acl A only lookup works ($n)" ret=0 $DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::102:305" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially excluded only AAAA lookup works ($n)" ret=0 @@ -122,9 +124,9 @@ $DIG $DIGOPTS partially-excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > di grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially-excluded AAAA and non-mapped A lookup works ($n)" ret=0 @@ -132,9 +134,9 @@ $DIG $DIGOPTS partially-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > d grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially-excluded only AAAA and mapped A lookup works ($n)" ret=0 @@ -142,125 +144,125 @@ $DIG $DIGOPTS partially-excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only lookup works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only lookup works ($n)" ret=0 $DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A lookup works ($n)" ret=0 $DIG $DIGOPTS a-not-mapped.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS mx-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA lookup works ($n)" ret=0 $DIG $DIGOPTS non-existent.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-excluded AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::1.2.3.4" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A via CNAME lookup works ($n)" ret=0 @@ -268,9 +270,9 @@ $DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA via CNAME lookup works ($n)" ret=0 @@ -278,18 +280,18 @@ $DIG $DIGOPTS cname-mx-only.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2. grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA via CNAME lookup works ($n)" ret=0 $DIG $DIGOPTS cname-non-existent.example. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Check the example. domain recursive only @@ -298,36 +300,36 @@ ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::1.2.3.4" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially excluded only AAAA lookup works, recursive only ($n)" ret=0 @@ -335,9 +337,9 @@ $DIG $DIGOPTS partially-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > di grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially-excluded AAAA and non-mapped A lookup works, recursive only ($n)" ret=0 @@ -345,9 +347,9 @@ $DIG $DIGOPTS partially-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > d grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially-excluded only AAAA and mapped A lookup works, recursive only ($n)" ret=0 @@ -355,89 +357,89 @@ $DIG $DIGOPTS partially-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::102:305" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-excluded AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A via CNAME lookup works, recursive only ($n)" ret=0 @@ -445,36 +447,36 @@ $DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig. grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::102:304" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:bbbb::102:305" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A via CNAME lookup works, recursive only ($n)" ret=0 @@ -482,9 +484,9 @@ $DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA via CNAME lookup works, recursive only ($n)" ret=0 @@ -492,18 +494,18 @@ $DIG $DIGOPTS cname-mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2. grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA via CNAME lookup works, recursive only ($n)" ret=0 $DIG $DIGOPTS cname-non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Check the example. domain recursive only w/o recursion @@ -512,9 +514,9 @@ ret=0 $DIG $DIGOPTS +norec aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA lookup works, recursive only +norec ($n)" ret=0 @@ -522,9 +524,9 @@ $DIG $DIGOPTS +norec excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.o grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A lookup works, recursive only +norec ($n)" ret=0 @@ -532,18 +534,18 @@ $DIG $DIGOPTS +norec excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig. grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially excluded only AAAA lookup works, recursive only +norec ($n)" ret=0 @@ -552,9 +554,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee:" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially-excluded AAAA and non-mapped A lookup works, recursive only +norec ($n)" ret=0 @@ -563,9 +565,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee:" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking partially-excluded only AAAA and mapped A lookup works, recursive only +norec ($n)" ret=0 @@ -574,71 +576,71 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee:" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-excluded AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 @@ -646,9 +648,9 @@ $DIG $DIGOPTS +norec cname-excluded-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A via CNAME lookup works, recursive only +norec ($n)" ret=0 @@ -656,9 +658,9 @@ $DIG $DIGOPTS +norec cname-excluded-bad-a.example. @10.53.0.1 -b 10.53.0.1 aaaa grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A via CNAME lookup works, recursive only +norec ($n)" ret=0 @@ -666,18 +668,18 @@ $DIG $DIGOPTS +norec cname-excluded-good-a.example. @10.53.0.1 -b 10.53.0.1 aaaa grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-aaaa-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only via CNAME lookup works, recursive only +norec ($n)" ret=0 @@ -685,18 +687,18 @@ $DIG $DIGOPTS +norec cname-a-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.ou grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-only.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-a-and-aaaa.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A via CNAME lookup works, recursive only +norec ($n)" ret=0 @@ -704,9 +706,9 @@ $DIG $DIGOPTS +norec cname-a-not-mapped.example. @10.53.0.1 -b 10.53.0.1 aaaa > grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 @@ -714,18 +716,18 @@ $DIG $DIGOPTS +norec cname-mx-only.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.o grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA via CNAME lookup works, recursive only +norec ($n)" ret=0 $DIG $DIGOPTS +norec cname-non-existent.example. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Check the example. domain from non client @@ -734,152 +736,152 @@ ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-bad-a.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS excluded-good-a.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS a-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS a-not-mapped.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS mx-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS non-existent.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-excluded AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-bad-a.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-good-a.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-a-and-aaaa.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A via CNAME from non-client lookup works ($n)" ret=0 @@ -887,9 +889,9 @@ $DIG $DIGOPTS cname-a-not-mapped.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA via CNAME from non-client lookup works ($n)" ret=0 @@ -897,18 +899,18 @@ $DIG $DIGOPTS cname-mx-only.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2. grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.example." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA via CNAME from non-client lookup works ($n)" ret=0 $DIG $DIGOPTS cname-non-existent.example. @10.53.0.2 -b 10.53.0.3 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Check the signed. domain @@ -917,152 +919,152 @@ ret=0 $DIG $DIGOPTS aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:304" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-excluded AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:304" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A via CNAME lookup is signed zone works ($n)" ret=0 @@ -1070,9 +1072,9 @@ $DIG $DIGOPTS cname-a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out. grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.signed." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA via CNAME lookup is signed zone works ($n)" ret=0 @@ -1080,18 +1082,18 @@ $DIG $DIGOPTS cname-mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.t grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.signed." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA via CNAME lookup is signed zone works ($n)" ret=0 $DIG $DIGOPTS cname-non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Check the signed. domain echo_i "checking non-excluded AAAA lookup is signed zone works with +dnssec ($n)" @@ -1099,134 +1101,134 @@ ret=0 $DIG $DIGOPTS +dnssec aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-excluded AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-excluded-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded AAAA and non-mapped A via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-excluded-bad-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking excluded only AAAA and mapped A via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-excluded-good-a.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:eeee::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA only via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-aaaa-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::2" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A only via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 @@ -1234,18 +1236,18 @@ $DIG $DIGOPTS +dnssec cname-a-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.ou grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:aaaa::102:305" dig.out.ns2.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A and AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-a-and-aaaa.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001::1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-mapped A via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 @@ -1253,9 +1255,9 @@ $DIG $DIGOPTS +dnssec cname-a-not-mapped.signed. @10.53.0.2 -b 10.53.0.2 aaaa > grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2" dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME a-not-mapped.signed." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking NODATA AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 @@ -1263,43 +1265,43 @@ $DIG $DIGOPTS +dnssec cname-mx-only.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.o grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 grep "CNAME mx-only.signed." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking non-existent AAAA via CNAME lookup is signed zone works with +dnssec ($n)" ret=0 $DIG $DIGOPTS +dnssec cname-non-existent.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking reverse mapping ($n)" ret=0 $DIG $DIGOPTS -x 2001:aaaa::10.0.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "CNAME.1.0.0.10.IN-ADDR.ARPA.$" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -list=`$DIG $DIGOPTS -b 10.53.0.6 @10.53.0.2 +short aaaa a-only.example | sort` +list=$($DIG $DIGOPTS -b 10.53.0.6 @10.53.0.2 +short aaaa a-only.example | sort) for a in $list do ret=0 echo_i "checking reverse mapping of $a ($n)" $DIG $DIGOPTS -x $a @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "CNAME.5.3.2.1.IN-ADDR.ARPA." dig.out.ns2.test$n > /dev/null || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done -rev=`$ARPANAME 2001:aaaa::10.0.0.1` +rev=$($ARPANAME 2001:aaaa::10.0.0.1) regex='..\(.*.IP6.ARPA\)' -rev=`expr "${rev}" : "${regex}"` -fin=`expr "${rev}" : "............${regex}"` +rev=$(expr "${rev}" : "${regex}") +fin=$(expr "${rev}" : "............${regex}") while test "${rev}" != "${fin}" do ret=0 @@ -1307,107 +1309,107 @@ do $DIG $DIGOPTS $rev ptr @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep -i "ANSWER: 0," dig.out.ns2.test$n > /dev/null || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` - rev=`expr "${rev}" : "${regex}"` + status=$((status + ret)) + rev=$(expr "${rev}" : "${regex}") done echo_i "checking dns64-server and dns64-contact ($n)" ret=0 $DIG $DIGOPTS soa 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.a.a.a.1.0.0.2.ip6.arpa @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "SOA.dns64.example.net..hostmaster.example.net." dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TTL less than 600 from zone ($n)" ret=0 #expect 500 $DIG $DIGOPTS aaaa ttl-less-than-600.example +rec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i "ttl-less-than-600.example..500.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TTL more than 600 from zone ($n)" ret=0 #expect 700 $DIG $DIGOPTS aaaa ttl-more-than-600.example +rec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i "ttl-more-than-600.example..700.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TTL less than minimum from zone ($n)" ret=0 #expect 1100 $DIG $DIGOPTS aaaa ttl-less-than-minimum.example +rec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i "ttl-less-than-minimum.example..1100.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TTL limited to minimum from zone ($n)" ret=0 #expect 1200 $DIG $DIGOPTS aaaa ttl-more-than-minimum.example +rec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i "ttl-more-than-minimum.example..1200.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TTL less than 600 via cache ($n)" ret=0 #expect 500 $DIG $DIGOPTS aaaa ttl-less-than-600.example +rec -b 10.53.0.2 @10.53.0.2 > dig.out.ns1.test$n || ret=1 grep -i "ttl-less-than-600.example..500.IN.AAAA" dig.out.ns1.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TTL more than 600 via cache ($n)" ret=0 #expect 700 $DIG $DIGOPTS aaaa ttl-more-than-600.example +rec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "ttl-more-than-600.example..700.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TTL less than minimum via cache ($n)" ret=0 #expect 1100 $DIG $DIGOPTS aaaa ttl-less-than-minimum.example +rec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "ttl-less-than-minimum.example..1100.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TTL limited to minimum via cache ($n)" ret=0 #expect 1200 $DIG $DIGOPTS aaaa ttl-more-than-minimum.example +rec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i "ttl-more-than-minimum.example..1200.IN.AAAA" dig.out.ns2.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking synthesis of AAAA from RPZ-remapped A ($n)" ret=0 $DIG $DIGOPTS aaaa rpz.example +rec -b 10.53.0.7 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i 'rpz.example.*IN.AAAA.2001:96::a0a:a0a' dig.out.ns2.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking 'dig +dns64prefix' ($n)" $DIG $DIGOPTS +dns64prefix @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '^2001:bbbb::/96$' dig.out.ns1.test$n > /dev/null || ret=1 test $(wc -l < dig.out.ns1.test$n) -eq 1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) copy_setports ns1/named.conf2.in ns1/named.conf rndc_reload ns1 10.53.0.1 @@ -1417,9 +1419,9 @@ $DIG $DIGOPTS +dns64prefix @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '^2001:bbbb::/96$' dig.out.ns1.test$n > /dev/null || ret=1 grep '2001:aaaa::/64' dig.out.ns1.test$n > /dev/null || ret=1 test $(wc -l < dig.out.ns1.test$n) -eq 2 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) copy_setports ns1/named.conf3.in ns1/named.conf rndc_reload ns1 10.53.0.1 @@ -1427,18 +1429,18 @@ rndc_reload ns1 10.53.0.1 echo_i "checking 'dig +dns64prefix' with no prefixes ($n)" $DIG $DIGOPTS +dns64prefix @10.53.0.1 > dig.out.ns1.test$n || ret=1 test $(wc -l < dig.out.ns1.test$n) -eq 0 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking synthesis of AAAA from builtin ipv4only.arpa ($n)" ret=0 $DIG $DIGOPTS aaaa ipv4only.arpa -b 10.53.0.7 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i 'ipv4only.arpa.*IN.AAAA.2001:96::c000:aa' dig.out.ns2.test$n >/dev/null || ret=1 grep -i 'ipv4only.arpa.*IN.AAAA.2001:96::c000:ab' dig.out.ns2.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking reverse of dns64 mapped ipv4only.arpa addresses returns ipv4only.arpa ($n)" ret=0 @@ -1446,9 +1448,9 @@ $DIG $DIGOPTS ptr -x 2001:96::192.0.0.170 -b 10.53.0.7 @10.53.0.2 > dig.out.170. $DIG $DIGOPTS ptr -x 2001:96::192.0.0.171 -b 10.53.0.7 @10.53.0.2 > dig.out.171.ns2.test$n || ret=1 grep "ip6\.arpa\..*PTR.*ipv4only\.arpa\." dig.out.170.ns2.test$n >/dev/null || ret=1 grep "ip6\.arpa\..*PTR.*ipv4only\.arpa\." dig.out.171.ns2.test$n >/dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 18d0d7577b..72c116fbc7 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -11,11 +11,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh -set -e - status=0 n=1 @@ -83,8 +83,7 @@ israw0 () { < "$1" $PERL -e 'binmode STDIN; read(STDIN, $input, 8); ($style, $version) = unpack("NN", $input); - exit 1 if ($style != 2 || $version != 0);' - return $? + exit 1 if ($style != 2 || $version != 0);' || return $? } # check that a zone file is raw format, version 1 @@ -93,8 +92,7 @@ israw1 () { < "$1" $PERL -e 'binmode STDIN; read(STDIN, $input, 8); ($style, $version) = unpack("NN", $input); - exit 1 if ($style != 2 || $version != 1);' - return $? + exit 1 if ($style != 2 || $version != 1);' || return $? } # strip NS and RRSIG NS from input @@ -113,8 +111,7 @@ check_secroots_layout () { /Start view/ { if (!empty) exit(1) } /Secure roots:/ { if (empty) exit(1) } /Negative trust anchors:/ { if (!empty) exit(1) } - { empty=0 }' $1 - return $? + { empty=0 }' $1 || return $? } # Check that for a query against a validating resolver where the @@ -2428,8 +2425,8 @@ if $PERL -e 'use Net::DNS;' 2>/dev/null then echo_i "running DNSSEC update test" ret=0 - output=$($PERL dnssec_update_test.pl -s 10.53.0.3 -p "$PORT" dynamic.example.) - test "$?" -eq 0 || ret=1 + { output=$($PERL dnssec_update_test.pl -s 10.53.0.3 -p "$PORT" dynamic.example.); rc=$?; } || true + test "$rc" -eq 0 || ret=1 echo "$output" | cat_i [ $ret -eq 1 ] && status=1 else diff --git a/bin/tests/system/dnstap/tests.sh b/bin/tests/system/dnstap/tests.sh index e9f9067699..a4ba30264c 100644 --- a/bin/tests/system/dnstap/tests.sh +++ b/bin/tests/system/dnstap/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+short -p ${PORT}" @@ -29,7 +31,7 @@ dnstap_data_ready() { min_size_expected=$3 kill -HUP $fstrm_capture_pid - file_size=`wc -c < "$capture_file" | tr -d ' '` + file_size=$(wc -c < "$capture_file" | tr -d ' ') if [ $file_size -lt $min_size_expected ]; then return 1 fi @@ -40,18 +42,18 @@ for bad in bad-*.conf do ret=0 echo_i "checking that named-checkconf detects error in $bad" - $CHECKCONF $bad > /dev/null 2>&1 - if [ $? != 1 ]; then echo_i "failed"; ret=1; fi - status=`expr $status + $ret` + { $CHECKCONF $bad > /dev/null 2>&1; rc=$?; } || true + if [ $rc != 1 ]; then echo_i "failed"; ret=1; fi + status=$((status + ret)) done for good in good-*.conf do ret=0 echo_i "checking that named-checkconf detects no error in $good" - $CHECKCONF $good > /dev/null 2>&1 - if [ $? != 0 ]; then echo_i "failed"; ret=1; fi - status=`expr $status + $ret` + { $CHECKCONF $good > /dev/null 2>&1; rc=$?; } || true + if [ $rc != 0 ]; then echo_i "failed"; ret=1; fi + status=$((status + ret)) done echo_i "wait for servers to finish loading" @@ -61,7 +63,7 @@ wait_for_log 20 "all zones loaded" ns2/named.run || ret=1 wait_for_log 20 "all zones loaded" ns3/named.run || ret=1 wait_for_log 20 "all zones loaded" ns4/named.run || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # both the 'a.example/A' lookup and the './NS' lookup to ns1 # need to complete before reopening/rolling for the counts to @@ -109,39 +111,39 @@ sleep 1 echo_i "checking initial message counts" -udp1=`$DNSTAPREAD ns1/dnstap.out.save | grep "UDP " | wc -l` -tcp1=`$DNSTAPREAD ns1/dnstap.out.save | grep "TCP " | wc -l` -aq1=`$DNSTAPREAD ns1/dnstap.out.save | grep "AQ " | wc -l` -ar1=`$DNSTAPREAD ns1/dnstap.out.save | grep "AR " | wc -l` -cq1=`$DNSTAPREAD ns1/dnstap.out.save | grep "CQ " | wc -l` -cr1=`$DNSTAPREAD ns1/dnstap.out.save | grep "CR " | wc -l` -rq1=`$DNSTAPREAD ns1/dnstap.out.save | grep "RQ " | wc -l` -rr1=`$DNSTAPREAD ns1/dnstap.out.save | grep "RR " | wc -l` -uq1=`$DNSTAPREAD ns1/dnstap.out.save | grep "UQ " | wc -l` -ur1=`$DNSTAPREAD ns1/dnstap.out.save | grep "UR " | wc -l` +udp1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UDP " | wc -l) +tcp1=$($DNSTAPREAD ns1/dnstap.out.save | grep "TCP " | wc -l) +aq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "AQ " | wc -l) +ar1=$($DNSTAPREAD ns1/dnstap.out.save | grep "AR " | wc -l) +cq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "CQ " | wc -l) +cr1=$($DNSTAPREAD ns1/dnstap.out.save | grep "CR " | wc -l) +rq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "RQ " | wc -l) +rr1=$($DNSTAPREAD ns1/dnstap.out.save | grep "RR " | wc -l) +uq1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UQ " | wc -l) +ur1=$($DNSTAPREAD ns1/dnstap.out.save | grep "UR " | wc -l) -udp2=`$DNSTAPREAD ns2/dnstap.out.save | grep "UDP " | wc -l` -tcp2=`$DNSTAPREAD ns2/dnstap.out.save | grep "TCP " | wc -l` -aq2=`$DNSTAPREAD ns2/dnstap.out.save | grep "AQ " | wc -l` -ar2=`$DNSTAPREAD ns2/dnstap.out.save | grep "AR " | wc -l` -cq2=`$DNSTAPREAD ns2/dnstap.out.save | grep "CQ " | wc -l` -cr2=`$DNSTAPREAD ns2/dnstap.out.save | grep "CR " | wc -l` -rq2=`$DNSTAPREAD ns2/dnstap.out.save | grep "RQ " | wc -l` -rr2=`$DNSTAPREAD ns2/dnstap.out.save | grep "RR " | wc -l` -uq2=`$DNSTAPREAD ns2/dnstap.out.save | grep "UQ " | wc -l` -ur2=`$DNSTAPREAD ns2/dnstap.out.save | grep "UR " | wc -l` +udp2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UDP " | wc -l) +tcp2=$($DNSTAPREAD ns2/dnstap.out.save | grep "TCP " | wc -l) +aq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "AQ " | wc -l) +ar2=$($DNSTAPREAD ns2/dnstap.out.save | grep "AR " | wc -l) +cq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "CQ " | wc -l) +cr2=$($DNSTAPREAD ns2/dnstap.out.save | grep "CR " | wc -l) +rq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "RQ " | wc -l) +rr2=$($DNSTAPREAD ns2/dnstap.out.save | grep "RR " | wc -l) +uq2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UQ " | wc -l) +ur2=$($DNSTAPREAD ns2/dnstap.out.save | grep "UR " | wc -l) mv ns3/dnstap.out.0 ns3/dnstap.out.save -udp3=`$DNSTAPREAD ns3/dnstap.out.save | grep "UDP " | wc -l` -tcp3=`$DNSTAPREAD ns3/dnstap.out.save | grep "TCP " | wc -l` -aq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "AQ " | wc -l` -ar3=`$DNSTAPREAD ns3/dnstap.out.save | grep "AR " | wc -l` -cq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "CQ " | wc -l` -cr3=`$DNSTAPREAD ns3/dnstap.out.save | grep "CR " | wc -l` -rq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "RQ " | wc -l` -rr3=`$DNSTAPREAD ns3/dnstap.out.save | grep "RR " | wc -l` -uq3=`$DNSTAPREAD ns3/dnstap.out.save | grep "UQ " | wc -l` -ur3=`$DNSTAPREAD ns3/dnstap.out.save | grep "UR " | wc -l` +udp3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UDP " | wc -l) +tcp3=$($DNSTAPREAD ns3/dnstap.out.save | grep "TCP " | wc -l) +aq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "AQ " | wc -l) +ar3=$($DNSTAPREAD ns3/dnstap.out.save | grep "AR " | wc -l) +cq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "CQ " | wc -l) +cr3=$($DNSTAPREAD ns3/dnstap.out.save | grep "CR " | wc -l) +rq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "RQ " | wc -l) +rr3=$($DNSTAPREAD ns3/dnstap.out.save | grep "RR " | wc -l) +uq3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UQ " | wc -l) +ur3=$($DNSTAPREAD ns3/dnstap.out.save | grep "UR " | wc -l) echo_i "checking UDP message counts" ret=0 @@ -158,7 +160,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TCP message counts" ret=0 @@ -175,7 +177,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AUTH_QUERY message counts" ret=0 @@ -192,7 +194,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AUTH_RESPONSE message counts" ret=0 @@ -209,7 +211,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking CLIENT_QUERY message counts" ret=0 @@ -226,7 +228,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking CLIENT_RESPONSE message counts" ret=0 @@ -243,7 +245,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking RESOLVER_QUERY message counts" ret=0 @@ -260,7 +262,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking RESOLVER_RESPONSE message counts" ret=0 @@ -277,7 +279,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking UPDATE_QUERY message counts" ret=0 @@ -294,7 +296,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking UPDATE_RESPONSE message counts" ret=0 @@ -311,42 +313,42 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking reopened message counts" -udp1=`$DNSTAPREAD ns1/dnstap.out | grep "UDP " | wc -l` -tcp1=`$DNSTAPREAD ns1/dnstap.out | grep "TCP " | wc -l` -aq1=`$DNSTAPREAD ns1/dnstap.out | grep "AQ " | wc -l` -ar1=`$DNSTAPREAD ns1/dnstap.out | grep "AR " | wc -l` -cq1=`$DNSTAPREAD ns1/dnstap.out | grep "CQ " | wc -l` -cr1=`$DNSTAPREAD ns1/dnstap.out | grep "CR " | wc -l` -rq1=`$DNSTAPREAD ns1/dnstap.out | grep "RQ " | wc -l` -rr1=`$DNSTAPREAD ns1/dnstap.out | grep "RR " | wc -l` -uq1=`$DNSTAPREAD ns1/dnstap.out | grep "UQ " | wc -l` -ur1=`$DNSTAPREAD ns1/dnstap.out | grep "UR " | wc -l` +udp1=$($DNSTAPREAD ns1/dnstap.out | grep "UDP " | wc -l) +tcp1=$($DNSTAPREAD ns1/dnstap.out | grep "TCP " | wc -l) +aq1=$($DNSTAPREAD ns1/dnstap.out | grep "AQ " | wc -l) +ar1=$($DNSTAPREAD ns1/dnstap.out | grep "AR " | wc -l) +cq1=$($DNSTAPREAD ns1/dnstap.out | grep "CQ " | wc -l) +cr1=$($DNSTAPREAD ns1/dnstap.out | grep "CR " | wc -l) +rq1=$($DNSTAPREAD ns1/dnstap.out | grep "RQ " | wc -l) +rr1=$($DNSTAPREAD ns1/dnstap.out | grep "RR " | wc -l) +uq1=$($DNSTAPREAD ns1/dnstap.out | grep "UQ " | wc -l) +ur1=$($DNSTAPREAD ns1/dnstap.out | grep "UR " | wc -l) -udp2=`$DNSTAPREAD ns2/dnstap.out | grep "UDP " | wc -l` -tcp2=`$DNSTAPREAD ns2/dnstap.out | grep "TCP " | wc -l` -aq2=`$DNSTAPREAD ns2/dnstap.out | grep "AQ " | wc -l` -ar2=`$DNSTAPREAD ns2/dnstap.out | grep "AR " | wc -l` -cq2=`$DNSTAPREAD ns2/dnstap.out | grep "CQ " | wc -l` -cr2=`$DNSTAPREAD ns2/dnstap.out | grep "CR " | wc -l` -rq2=`$DNSTAPREAD ns2/dnstap.out | grep "RQ " | wc -l` -rr2=`$DNSTAPREAD ns2/dnstap.out | grep "RR " | wc -l` -uq2=`$DNSTAPREAD ns2/dnstap.out | grep "UQ " | wc -l` -ur2=`$DNSTAPREAD ns2/dnstap.out | grep "UR " | wc -l` +udp2=$($DNSTAPREAD ns2/dnstap.out | grep "UDP " | wc -l) +tcp2=$($DNSTAPREAD ns2/dnstap.out | grep "TCP " | wc -l) +aq2=$($DNSTAPREAD ns2/dnstap.out | grep "AQ " | wc -l) +ar2=$($DNSTAPREAD ns2/dnstap.out | grep "AR " | wc -l) +cq2=$($DNSTAPREAD ns2/dnstap.out | grep "CQ " | wc -l) +cr2=$($DNSTAPREAD ns2/dnstap.out | grep "CR " | wc -l) +rq2=$($DNSTAPREAD ns2/dnstap.out | grep "RQ " | wc -l) +rr2=$($DNSTAPREAD ns2/dnstap.out | grep "RR " | wc -l) +uq2=$($DNSTAPREAD ns2/dnstap.out | grep "UQ " | wc -l) +ur2=$($DNSTAPREAD ns2/dnstap.out | grep "UR " | wc -l) -udp3=`$DNSTAPREAD ns3/dnstap.out | grep "UDP " | wc -l` -tcp3=`$DNSTAPREAD ns3/dnstap.out | grep "TCP " | wc -l` -aq3=`$DNSTAPREAD ns3/dnstap.out | grep "AQ " | wc -l` -ar3=`$DNSTAPREAD ns3/dnstap.out | grep "AR " | wc -l` -cq3=`$DNSTAPREAD ns3/dnstap.out | grep "CQ " | wc -l` -cr3=`$DNSTAPREAD ns3/dnstap.out | grep "CR " | wc -l` -rq3=`$DNSTAPREAD ns3/dnstap.out | grep "RQ " | wc -l` -rr3=`$DNSTAPREAD ns3/dnstap.out | grep "RR " | wc -l` -uq3=`$DNSTAPREAD ns3/dnstap.out | grep "UQ " | wc -l` -ur3=`$DNSTAPREAD ns3/dnstap.out | grep "UR " | wc -l` +udp3=$($DNSTAPREAD ns3/dnstap.out | grep "UDP " | wc -l) +tcp3=$($DNSTAPREAD ns3/dnstap.out | grep "TCP " | wc -l) +aq3=$($DNSTAPREAD ns3/dnstap.out | grep "AQ " | wc -l) +ar3=$($DNSTAPREAD ns3/dnstap.out | grep "AR " | wc -l) +cq3=$($DNSTAPREAD ns3/dnstap.out | grep "CQ " | wc -l) +cr3=$($DNSTAPREAD ns3/dnstap.out | grep "CR " | wc -l) +rq3=$($DNSTAPREAD ns3/dnstap.out | grep "RQ " | wc -l) +rr3=$($DNSTAPREAD ns3/dnstap.out | grep "RR " | wc -l) +uq3=$($DNSTAPREAD ns3/dnstap.out | grep "UQ " | wc -l) +ur3=$($DNSTAPREAD ns3/dnstap.out | grep "UR " | wc -l) echo_i "checking UDP message counts" ret=0 @@ -363,7 +365,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking TCP message counts" ret=0 @@ -380,7 +382,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AUTH_QUERY message counts" ret=0 @@ -397,7 +399,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AUTH_RESPONSE message counts" ret=0 @@ -414,7 +416,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking CLIENT_QUERY message counts" ret=0 @@ -431,7 +433,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking CLIENT_RESPONSE message counts" ret=0 @@ -448,7 +450,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking RESOLVER_QUERY message counts" ret=0 @@ -465,7 +467,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking RESOLVER_RESPONSE message counts" ret=0 @@ -482,7 +484,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking UPDATE_QUERY message counts" ret=0 @@ -499,7 +501,7 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking UPDATE_RESPONSE message counts" ret=0 @@ -516,13 +518,13 @@ ret=0 ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking whether destination UDP port is logged for client queries" ret=0 $DNSTAPREAD ns3/dnstap.out.save | grep -Eq "CQ [0-9:.]+ -> 10.53.0.3:${PORT} UDP" || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) HAS_PYYAML=0 if [ -x "$PYTHON" ] ; then @@ -536,23 +538,23 @@ if [ $HAS_PYYAML -ne 0 ] ; then $PYTHON ydump.py "$DNSTAPREAD" "ns3/dnstap.out.save" > ydump.out || ret=1 } | cat_i if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "checking dnstap-read hex output" ret=0 -hex=`$DNSTAPREAD -x ns3/dnstap.out | tail -1` +hex=$($DNSTAPREAD -x ns3/dnstap.out | tail -1) echo $hex | $WIRETEST > dnstap.hex grep 'status: NOERROR' dnstap.hex > /dev/null 2>&1 || ret=1 grep 'ANSWER: 3, AUTHORITY: 1' dnstap.hex > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) if [ -n "$FSTRM_CAPTURE" ] ; then $DIG $DIGOPTS @10.53.0.4 a.example > dig.out # send an UPDATE to ns4 - $NSUPDATE <<- EOF > nsupdate.out 2>&1 + $NSUPDATE <<- EOF > nsupdate.out 2>&1 && ret=1 server 10.53.0.4 ${PORT} zone example update add b.example 3600 in a 10.10.10.10 @@ -570,16 +572,16 @@ EOF status=$((status + ret)) kill $fstrm_capture_pid wait - udp4=`$DNSTAPREAD dnstap.out | grep "UDP " | wc -l` - tcp4=`$DNSTAPREAD dnstap.out | grep "TCP " | wc -l` - aq4=`$DNSTAPREAD dnstap.out | grep "AQ " | wc -l` - ar4=`$DNSTAPREAD dnstap.out | grep "AR " | wc -l` - cq4=`$DNSTAPREAD dnstap.out | grep "CQ " | wc -l` - cr4=`$DNSTAPREAD dnstap.out | grep "CR " | wc -l` - rq4=`$DNSTAPREAD dnstap.out | grep "RQ " | wc -l` - rr4=`$DNSTAPREAD dnstap.out | grep "RR " | wc -l` - uq4=`$DNSTAPREAD dnstap.out | grep "UQ " | wc -l` - ur4=`$DNSTAPREAD dnstap.out | grep "UR " | wc -l` + udp4=$($DNSTAPREAD dnstap.out | grep "UDP " | wc -l) + tcp4=$($DNSTAPREAD dnstap.out | grep "TCP " | wc -l) + aq4=$($DNSTAPREAD dnstap.out | grep "AQ " | wc -l) + ar4=$($DNSTAPREAD dnstap.out | grep "AR " | wc -l) + cq4=$($DNSTAPREAD dnstap.out | grep "CQ " | wc -l) + cr4=$($DNSTAPREAD dnstap.out | grep "CR " | wc -l) + rq4=$($DNSTAPREAD dnstap.out | grep "RQ " | wc -l) + rr4=$($DNSTAPREAD dnstap.out | grep "RR " | wc -l) + uq4=$($DNSTAPREAD dnstap.out | grep "UQ " | wc -l) + ur4=$($DNSTAPREAD dnstap.out | grep "UR " | wc -l) echo_i "checking UDP message counts" ret=0 @@ -588,7 +590,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking TCP message counts" ret=0 @@ -597,7 +599,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking AUTH_QUERY message counts" ret=0 @@ -606,7 +608,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking AUTH_RESPONSE message counts" ret=0 @@ -615,7 +617,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking CLIENT_QUERY message counts" ret=0 @@ -624,7 +626,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking CLIENT_RESPONSE message counts" ret=0 @@ -633,7 +635,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking RESOLVER_QUERY message counts" ret=0 @@ -642,7 +644,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking RESOLVER_RESPONSE message counts" ret=0 @@ -658,7 +660,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking UPDATE_RESPONSE message counts" ret=0 @@ -667,7 +669,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) mv dnstap.out dnstap.out.save @@ -688,16 +690,16 @@ EOF status=$((status + ret)) kill $fstrm_capture_pid wait - udp4=`$DNSTAPREAD dnstap.out | grep "UDP " | wc -l` - tcp4=`$DNSTAPREAD dnstap.out | grep "TCP " | wc -l` - aq4=`$DNSTAPREAD dnstap.out | grep "AQ " | wc -l` - ar4=`$DNSTAPREAD dnstap.out | grep "AR " | wc -l` - cq4=`$DNSTAPREAD dnstap.out | grep "CQ " | wc -l` - cr4=`$DNSTAPREAD dnstap.out | grep "CR " | wc -l` - rq4=`$DNSTAPREAD dnstap.out | grep "RQ " | wc -l` - rr4=`$DNSTAPREAD dnstap.out | grep "RR " | wc -l` - uq4=`$DNSTAPREAD dnstap.out | grep "UQ " | wc -l` - ur4=`$DNSTAPREAD dnstap.out | grep "UR " | wc -l` + udp4=$($DNSTAPREAD dnstap.out | grep "UDP " | wc -l) + tcp4=$($DNSTAPREAD dnstap.out | grep "TCP " | wc -l) + aq4=$($DNSTAPREAD dnstap.out | grep "AQ " | wc -l) + ar4=$($DNSTAPREAD dnstap.out | grep "AR " | wc -l) + cq4=$($DNSTAPREAD dnstap.out | grep "CQ " | wc -l) + cr4=$($DNSTAPREAD dnstap.out | grep "CR " | wc -l) + rq4=$($DNSTAPREAD dnstap.out | grep "RQ " | wc -l) + rr4=$($DNSTAPREAD dnstap.out | grep "RR " | wc -l) + uq4=$($DNSTAPREAD dnstap.out | grep "UQ " | wc -l) + ur4=$($DNSTAPREAD dnstap.out | grep "UR " | wc -l) echo_i "checking UDP message counts" ret=0 @@ -706,7 +708,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking TCP message counts" ret=0 @@ -715,7 +717,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking AUTH_QUERY message counts" ret=0 @@ -724,7 +726,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking AUTH_RESPONSE message counts" ret=0 @@ -733,7 +735,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking CLIENT_QUERY message counts" ret=0 @@ -742,7 +744,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking CLIENT_RESPONSE message counts" ret=0 @@ -751,7 +753,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking RESOLVER_QUERY message counts" ret=0 @@ -760,7 +762,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking RESOLVER_RESPONSE message counts" ret=0 @@ -776,7 +778,7 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) echo_i "checking UPDATE_RESPONSE message counts" ret=0 @@ -785,17 +787,17 @@ EOF ret=1 } if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "checking large packet printing" ret=0 # Expect one occurrence of "opcode: QUERY" below "reponse_message_data" and # another one below "response_message". -lines=`$DNSTAPREAD -y large-answer.fstrm | grep -c "opcode: QUERY"` +lines=$($DNSTAPREAD -y large-answer.fstrm | grep -c "opcode: QUERY") [ $lines -eq 2 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) _test_dnstap_roll() ( ip="$1" @@ -804,7 +806,7 @@ _test_dnstap_roll() ( $RNDCCMD -s "${ip}" dnstap -roll "${n}" | sed "s/^/${ns} /" | cat_i && files=$(find "$ns" -name "dnstap.out.[0-9]" | wc -l) && - test "$files" -eq "${n}" && test "$files" -ge "1" + test "$files" -eq "${n}" && test "$files" -ge "1" || return 1 ) @@ -816,7 +818,7 @@ test_dnstap_roll() { while test $try -lt 12 do touch "$3/dnstap.out.$try" - try=`expr $try + 1` + try=$((try + 1)) done _repeat 10 _test_dnstap_roll $2 $3 $4 || ret=1 diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh index eb631319c9..2c5c75f1db 100644 --- a/bin/tests/system/doth/tests.sh +++ b/bin/tests/system/doth/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck disable=SC1091 . ../conf.sh @@ -330,7 +332,7 @@ n=$((n + 1)) echo_i "checking DoH query when ALPN is expected to fail (dot, failure expected) ($n)" ret=0 # shellcheck disable=SC2086 -"$DIG" +https $common_dig_options -p "${TLSPORT}" "$@" @10.53.0.1 . SOA > dig.out.test$n +"$DIG" +https $common_dig_options -p "${TLSPORT}" "$@" @10.53.0.1 . SOA > dig.out.test$n && ret=1 grep "ALPN for HTTP/2 failed." dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -388,7 +390,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query (POST, undefined endpoint, failure expected) ($n)" ret=0 -dig_with_https_opts +tries=1 +time=1 +https=/fake @10.53.0.1 . SOA > dig.out.test$n +dig_with_https_opts +tries=1 +time=1 +https=/fake @10.53.0.1 . SOA > dig.out.test$n && ret=1 grep "communications error" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -396,7 +398,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query via IPv6 (POST, undefined endpoint, failure expected) ($n)" ret=0 -dig_with_https_opts -6 +tries=1 +time=1 +https=/fake @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n +dig_with_https_opts -6 +tries=1 +time=1 +https=/fake @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n && ret=1 grep "communications error" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -462,7 +464,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query (GET, undefined endpoint, failure expected) ($n)" ret=0 -dig_with_https_opts +tries=1 +time=1 +https-get=/fake @10.53.0.1 . SOA > dig.out.test$n +dig_with_https_opts +tries=1 +time=1 +https-get=/fake @10.53.0.1 . SOA > dig.out.test$n && ret=1 grep "communications error" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -470,7 +472,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query via IPv6 (GET, undefined endpoint, failure expected) ($n)" ret=0 -dig_with_https_opts -6 +tries=1 +time=1 +https-get=/fake @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n +dig_with_https_opts -6 +tries=1 +time=1 +https-get=/fake @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n && ret=1 grep "communications error" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -756,7 +758,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking DoH query (client certificate required, failure expected) ($n)" ret=0 -dig_with_https_opts +tls-ca="$ca_file" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA > dig.out.test$n +dig_with_https_opts +tls-ca="$ca_file" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA > dig.out.test$n && ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -843,8 +845,7 @@ n=$((n + 1)) echo_i "checking server quotas for both encrypted and unencrypted HTTP ($n)" ret=0 if [ -x "$PYTHON" ]; then - BINDHOST="10.53.0.1" "$PYTHON" "$TOP_SRCDIR/bin/tests/system/doth/stress_http_quota.py" - ret=$? + BINDHOST="10.53.0.1" "$PYTHON" "$TOP_SRCDIR/bin/tests/system/doth/stress_http_quota.py" || ret=$? else echo_i "Python is not available. Skipping the test..." fi @@ -853,7 +854,7 @@ status=$((status + ret)) # check whether we can use curl for sending test queries. if [ -x "${CURL}" ] ; then - CURL_HTTP2="$(${CURL} --version | grep -E '^Features:.* HTTP2( |$)')" + CURL_HTTP2="$(${CURL} --version | grep -E '^Features:.* HTTP2( |$)' || true)" if [ -n "$CURL_HTTP2" ]; then testcurl=1 @@ -869,7 +870,7 @@ if [ -n "$testcurl" ]; then echo_i "checking max-age for positive answer ($n)" ret=0 # use curl to query for 'example/SOA' - $CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAAB2V4YW1wbGUAAAYAAQ" > /dev/null 2>&1 + $CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAAB2V4YW1wbGUAAAYAAQ" > /dev/null 2>&1 || ret=1 grep "cache-control: max-age=86400" headers.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -878,7 +879,7 @@ if [ -n "$testcurl" ]; then echo_i "checking max-age for negative answer ($n)" ret=0 # use curl to query for 'fake.example/TXT' - $CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAABGZha2UHZXhhbXBsZQAAEAAB" > /dev/null 2>&1 + $CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAABGZha2UHZXhhbXBsZQAAEAAB" > /dev/null 2>&1 || ret=1 grep "cache-control: max-age=3600" headers.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) diff --git a/bin/tests/system/dsdigest/tests.sh b/bin/tests/system/dsdigest/tests.sh index bcf8491f08..3650f4aacd 100644 --- a/bin/tests/system/dsdigest/tests.sh +++ b/bin/tests/system/dsdigest/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -27,7 +29,7 @@ $DIG $DIGOPTS a.good. @10.53.0.3 a > dig.out.good || ret=1 grep "status: NOERROR" dig.out.good > /dev/null || ret=1 grep "flags:[^;]* ad[ ;]" dig.out.good > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Check the bad. domain @@ -36,7 +38,7 @@ ret=0 $DIG $DIGOPTS a.bad. @10.53.0.3 a > dig.out.bad || ret=1 grep "SERVFAIL" dig.out.bad > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that validation with no supported digest algorithms results in insecure" ret=0 @@ -47,7 +49,7 @@ $DIG $DIGOPTS a.bad. @10.53.0.4 a > dig.out.insecure || ret=1 grep "NOERROR" dig.out.insecure > /dev/null || ret=1 grep "flags:[^;]* ad[ ;]" dig.out.insecure > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dupsigs/ns1/reset_keys.sh b/bin/tests/system/dupsigs/ns1/reset_keys.sh index cc9bef78f5..6f96c6af2d 100644 --- a/bin/tests/system/dupsigs/ns1/reset_keys.sh +++ b/bin/tests/system/dupsigs/ns1/reset_keys.sh @@ -23,18 +23,18 @@ timetodnssec() { } KEYDIR=keys/signing.test -KSK=`$KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone` +KSK=$($KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone) -ZSK0=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK1=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK2=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK3=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK4=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK5=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK6=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK7=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK8=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK9=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK0=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK1=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK2=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK3=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK4=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK5=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK6=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK7=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK8=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK9=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) # clear all times on all keys for FILEN in keys/signing.test/*.key @@ -42,8 +42,8 @@ do $SETTIME -P none -A none -R none -I none -D none $FILEN done -BASE=`date +%s` -BASET=`timetodnssec $BASE` +BASE=$(date +%s) +BASET=$(timetodnssec $BASE) # reset the publish and activation time on the KSK $SETTIME -P $BASET -A $BASET $KEYDIR/$KSK @@ -52,25 +52,25 @@ $SETTIME -P $BASET -A $BASET $KEYDIR/$KSK $SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0 # schedule the first roll -R1=`expr $BASE + 50` -R1T=`timetodnssec $R1` +R1=$((BASE + 50)) +R1T=$(timetodnssec $R1) $SETTIME -I $R1T $KEYDIR/$ZSK0 $SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1 # schedule the second roll (which includes the delete of the first key) -R2=`expr $R1 + 50` -R2T=`timetodnssec $R2` +R2=$((R1 + 50)) +R2T=$(timetodnssec $R2) DT=$R2 -DTT=`timetodnssec $DT` +DTT=$(timetodnssec $DT) $SETTIME -D $DTT $KEYDIR/$ZSK0 $SETTIME -I $R2T $KEYDIR/$ZSK1 $SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2 # schedule the third roll -R3=`expr $R2 + 25` -R3T=`timetodnssec $R3` +R3=$((R2 + 25)) +R3T=$(timetodnssec $R3) $SETTIME -D $R3T $KEYDIR/$ZSK1 $SETTIME -I $R3T $KEYDIR/$ZSK2 @@ -91,8 +91,8 @@ exit # this isn't long enough for the signing to complete and would result in # duplicate signatures, see # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597 -R4=`expr $R3 + 10` -R4T=`timetodnssec $R4` +R4=$((R3 + 10)) +R4T=$(timetodnssec $R4) $SETTIME -D $R4T $KEYDIR/$ZSK2 $SETTIME -I $R4T $KEYDIR/$ZSK3 diff --git a/bin/tests/system/dupsigs/tests.sh b/bin/tests/system/dupsigs/tests.sh index 29d2ab7d33..4ab3a732e2 100644 --- a/bin/tests/system/dupsigs/tests.sh +++ b/bin/tests/system/dupsigs/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -45,7 +47,7 @@ retry_quiet 60 _wait_for_last_nsec_signed retry_quiet 10 fully_signed || status=1 if [ $status != 0 ]; then echo_i "failed"; fi -start=`date +%s` +start=$(date +%s) now=$start end=$((start + 140)) @@ -55,14 +57,14 @@ while [ $now -lt $end ] && [ $status -eq 0 ]; do $JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl | cat_i $DIG axfr signing.test -p ${PORT} @10.53.0.1 > dig.out.at$et awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c | cat_i - lines=`awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l` + lines=$(awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l) if [ ${et} -ne 0 -a ${lines} -ne 1008 ] then echo_i "failed" status=$((status + 1)) fi sleep 5 - now=`date +%s` + now=$(date +%s) done echo_i "exit status: $status" diff --git a/bin/tests/system/dyndb/tests.sh b/bin/tests/system/dyndb/tests.sh index 31bb220782..ef02dea8f5 100644 --- a/bin/tests/system/dyndb/tests.sh +++ b/bin/tests/system/dyndb/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -20,7 +22,7 @@ DIGOPTS="@10.53.0.1 -p ${PORT}" RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" newtest() { - n=`expr $n + 1` + n=$((n + 1)) echo_i "${1} (${n})" ret=0 } @@ -44,9 +46,9 @@ EOF return 1 } - out=`$DIG $DIGOPTS +noall +answer -t $type -q $host` + out=$($DIG $DIGOPTS +noall +answer -t $type -q $host) echo $out > added.a.out.$n - lines=`echo "$out" | grep "$ip" | wc -l` + lines=$(echo "$out" | grep "$ip" | wc -l) [ $lines -eq 1 ] || { [ "$should_fail" ] || \ echo_i "dig output incorrect for $host $type $cmd: $out" @@ -55,9 +57,9 @@ EOF for i in 1 2 3 4 5 6 7 8 9 10 do - out=`$DIG $DIGOPTS +noall +answer -x $ip` + out=$($DIG $DIGOPTS +noall +answer -x $ip) echo $out > added.ptr.out.$n - lines=`echo "$out" | grep "$host" | wc -l` + lines=$(echo "$out" | grep "$host" | wc -l) [ $lines -eq 1 ] && break; $PERL -e 'select(undef, undef, undef, 0.1);' done @@ -74,7 +76,7 @@ test_del() { host="$1" type="$2" - ip=`$DIG $DIGOPTS +short $host $type` + ip=$($DIG $DIGOPTS +short $host $type) cat < ns1/update.txt server 10.53.0.1 ${PORT} @@ -89,9 +91,9 @@ EOF return 1 } - out=`$DIG $DIGOPTS +noall +answer -t $type -q $host` + out=$($DIG $DIGOPTS +noall +answer -t $type -q $host) echo $out > deleted.a.out.$n - lines=`echo "$out" | grep "$ip" | wc -l` + lines=$(echo "$out" | grep "$ip" | wc -l) [ $lines -eq 0 ] || { [ "$should_fail" ] || \ echo_i "dig output incorrect for $host $type $cmd: $out" @@ -100,9 +102,9 @@ EOF for i in 1 2 3 4 5 6 7 8 9 10 do - out=`$DIG $DIGOPTS +noall +answer -x $ip` + out=$($DIG $DIGOPTS +noall +answer -x $ip) echo $out > deleted.ptr.out.$n - lines=`echo "$out" | grep "$host" | wc -l` + lines=$(echo "$out" | grep "$host" | wc -l) [ $lines -eq 0 ] && break $PERL -e 'select(undef, undef, undef, 0.1);' done @@ -116,49 +118,49 @@ EOF } test_add test1.ipv4.example.nil. A "10.53.0.10" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_add test2.ipv4.example.nil. A "10.53.0.11" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_add test3.ipv4.example.nil. A "10.53.0.12" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_add test4.ipv6.example.nil. AAAA "2001:db8::1" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_del test1.ipv4.example.nil. A || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_del test2.ipv4.example.nil. A || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_del test3.ipv4.example.nil. A || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_del test4.ipv6.example.nil. AAAA || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) newtest "checking parameter logging" grep "loading params for dyndb 'sample' from .*named.conf:" ns1/named.run > /dev/null || ret=1 grep "loading params for dyndb 'sample2' from .*named.conf:" ns1/named.run > /dev/null || ret=1 [ $ret -eq 1 ] && echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking dyndb still works after reload" rndc_reload ns1 10.53.0.1 test_add test5.ipv4.example.nil. A "10.53.0.10" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_add test6.ipv6.example.nil. AAAA "2001:db8::1" || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_del test5.ipv4.example.nil. A || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) test_del test6.ipv6.example.nil. AAAA || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/ednscompliance/tests.sh b/bin/tests/system/ednscompliance/tests.sh index 6bd7dafcda..00360869ad 100644 --- a/bin/tests/system/ednscompliance/tests.sh +++ b/bin/tests/system/ednscompliance/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+norec -p ${PORT}" @@ -19,31 +21,31 @@ status=0 n=0 zone=. -n=`expr $n + 1` +n=$((n + 1)) echo_i "check +edns=100 sets version 100 ($n)" ret=0 reason= $DIG $DIGOPTS @10.53.0.1 +qr +edns=100 soa $zone > dig.out$n grep "EDNS: version: 100," dig.out$n > /dev/null || { ret=1; reason="version"; } if [ $ret != 0 ]; then echo_i "failed $reason"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) ret=0 reason= echo_i "check +ednsopt=100 adds option 100 ($n)" $DIG $DIGOPTS @10.53.0.1 +qr +ednsopt=100 soa $zone > dig.out$n grep "; OPT=100" dig.out$n > /dev/null || { ret=1; reason="option"; } if [ $ret != 0 ]; then echo_i "failed $reason"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check +ednsflags=0x80 sets flags to 0x0080 ($n)" ret=0 reason= $DIG $DIGOPTS @10.53.0.1 +qr +ednsflags=0x80 soa $zone > dig.out$n grep "MBZ: 0x0080," dig.out$n > /dev/null || { ret=1; reason="flags"; } if [ $ret != 0 ]; then echo_i "failed $reason"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "Unknown EDNS version ($n)" ret=0 reason= $DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsnegotiation soa $zone > dig.out$n @@ -51,9 +53,9 @@ grep "status: BADVERS," dig.out$n > /dev/null || { ret=1; reason="status"; } grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; } if [ $ret != 0 ]; then echo_i "failed $reason"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "Unknown EDNS option ($n)" ret=0 reason= $DIG $DIGOPTS @10.53.0.1 +ednsopt=100 soa $zone > dig.out$n @@ -62,9 +64,9 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; } grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="nosoa"; } if [ $ret != 0 ]; then echo_i "failed $reason"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "Unknown EDNS version + option ($n)" ret=0 reason= $DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsneg +ednsopt=100 soa $zone > dig.out$n @@ -73,8 +75,8 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "; OPT=100" dig.out$n > /dev/null && { ret=1; reason="option"; } grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; } if [ $ret != 0 ]; then echo_i "failed: $reason"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "Unknown EDNS flag ($n)" ret=0 reason= @@ -84,9 +86,9 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; } grep ".IN.SOA." dig.out$n > /dev/null || { ret=1; reason="nosoa"; } if [ $ret != 0 ]; then echo_i "failed $reason"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "Unknown EDNS version + flag ($n)" ret=0 reason= $DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsneg +ednsflags=0x80 soa $zone > dig.out$n @@ -95,8 +97,8 @@ grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "EDNS:.*MBZ" dig.out$n > /dev/null > /dev/null && { ret=1; reason="mbz"; } grep "IN.SOA." dig.out$n > /dev/null && { ret=1; reason="soa"; } if [ $ret != 0 ]; then echo_i "failed $reason"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "DiG's EDNS negotiation ($n)" ret=0 reason= @@ -105,8 +107,8 @@ grep "status: NOERROR," dig.out$n > /dev/null || { ret=1; reason="status"; } grep "EDNS: version: 0," dig.out$n > /dev/null || { ret=1; reason="version"; } grep "IN.SOA." dig.out$n > /dev/null || { ret=1; reason="soa"; } if [ $ret != 0 ]; then echo_i "failed $reason"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/emptyzones/tests.sh b/bin/tests/system/emptyzones/tests.sh index bda0bf87fc..c968d515c1 100644 --- a/bin/tests/system/emptyzones/tests.sh +++ b/bin/tests/system/emptyzones/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -19,7 +21,7 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" status=0 n=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that switching to automatic empty zones works ($n)" ret=0 rndc_reload ns1 10.53.0.1 @@ -30,15 +32,15 @@ sleep 5 $DIG $DIGOPTS +vc version.bind txt ch @10.53.0.1 > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that allow-transfer { none; } works ($n)" ret=0 $DIG $DIGOPTS axfr 10.in-addr.arpa @10.53.0.1 +all > dig.out.test$n || ret=1 grep "status: REFUSED" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/enginepkcs11/tests.sh b/bin/tests/system/enginepkcs11/tests.sh index 256ae2eef3..f8f0317d9b 100644 --- a/bin/tests/system/enginepkcs11/tests.sh +++ b/bin/tests/system/enginepkcs11/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh diff --git a/bin/tests/system/fetchlimit/tests.sh b/bin/tests/system/fetchlimit/tests.sh index f77008b3f7..a16659dbc4 100644 --- a/bin/tests/system/fetchlimit/tests.sh +++ b/bin/tests/system/fetchlimit/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGCMD="$DIG @10.53.0.3 -p ${PORT} +tcp +tries=1 +time=1" @@ -38,8 +40,8 @@ burst() { } stat() { - clients=`rndccmd ${1} status | grep "recursive clients" | - sed 's;.*: \([^/][^/]*\)/.*;\1;'` + clients=$(rndccmd ${1} status | grep "recursive clients" | + sed 's;.*: \([^/][^/]*\)/.*;\1;') echo_i "clients: $clients" [ "$clients" = "" ] && return 1 [ "$clients" -ge $2 ] || return 1 @@ -82,7 +84,7 @@ n=$((n + 1)) echo_i "dumping ADB data ($n)" ret=0 rndccmd 10.53.0.3 dumpdb -adb -info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'` +info=$(grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/') echo_i $info set -- $info quota=$4 @@ -99,9 +101,9 @@ for try in 1 2 3 4 5; do [ -f ns3/named.stats ] && break sleep 1 done -sspill=`grep 'spilled due to server' ns3/named.stats | sed 's/\([0-9][0-9]*\) spilled.*/\1/'` +sspill=$(grep 'spilled due to server' ns3/named.stats | sed 's/\([0-9][0-9]*\) spilled.*/\1/') [ -z "$sspill" ] && sspill=0 -fails=`grep 'queries resulted in SERVFAIL' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/'` +fails=$(grep 'queries resulted in SERVFAIL' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/') [ -z "$fails" ] && fails=0 [ "$fails" -ge "$sspill" ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -124,7 +126,7 @@ n=$((n + 1)) echo_i "dumping ADB data ($n)" ret=0 rndccmd 10.53.0.3 dumpdb -adb -info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'` +info=$(grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/') echo_i $info set -- $info [ ${4:-${quota}} -lt $quota ] || ret=1 @@ -148,7 +150,7 @@ n=$((n + 1)) echo_i "dumping ADB data ($n)" ret=0 rndccmd 10.53.0.3 dumpdb -adb -info=`grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/'` +info=$(grep '10.53.0.4' ns3/named_dump.db | sed 's/.*\(atr [.0-9]*\).*\(quota [0-9]*\).*/\1 \2/') echo_i $info set -- $info [ ${4:-${quota}} -gt $quota ] || ret=1 @@ -190,9 +192,9 @@ for try in 1 2 3 4 5; do [ -f ns3/named.stats ] && break sleep 1 done -zspill=`grep 'spilled due to zone' ns3/named.stats | sed 's/\([0-9][0-9]*\) spilled.*/\1/'` +zspill=$(grep 'spilled due to zone' ns3/named.stats | sed 's/\([0-9][0-9]*\) spilled.*/\1/') [ -z "$zspill" ] && zspill=0 -drops=`grep 'queries dropped' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/'` +drops=$(grep 'queries dropped' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/') [ -z "$drops" ] && drops=0 [ "$drops" -ge "$zspill" ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -234,7 +236,7 @@ rm -f ns3/named.stats touch ns3/named.stats rndccmd 10.53.0.3 stats wait_for_log 5 "queries dropped due to recursive client limit" ns3/named.stats || ret=1 -drops=`grep 'queries dropped due to recursive client limit' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/'` +drops=$(grep 'queries dropped due to recursive client limit' ns3/named.stats | sed 's/\([0-9][0-9]*\) queries.*/\1/') [ "${drops:-0}" -ne 0 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -262,7 +264,7 @@ for try in 1 2 3 4 5; do [ -f ns5/named.stats ] && break sleep 1 done -zspill=`grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/'` +zspill=$(grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/') [ -z "$zspill" ] && zspill=0 # ns5 configuration: # clients-per-query 5 @@ -305,7 +307,7 @@ for try in 1 2 3 4 5; do [ -f ns5/named.stats ] && break sleep 1 done -zspill=`grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/'` +zspill=$(grep 'spilled due to clients per query' ns5/named.stats | sed 's/ *\([0-9][0-9]*\) spilled.*/\1/') [ -z "$zspill" ] && zspill=0 # ns5 configuration: # clients-per-query 5 diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh index b5cb86bf41..bf6f458162 100755 --- a/bin/tests/system/filter-aaaa/ns1/sign.sh +++ b/bin/tests/system/filter-aaaa/ns1/sign.sh @@ -22,7 +22,7 @@ outfile=signed.db.signed $KEYGEN -a $DEFAULT_ALGORITHM $zone 2>&1 > /dev/null | cat_i $KEYGEN -f KSK -a $DEFAULT_ALGORITHM $zone 2>&1 > keygen.out | cat_i -keyname=`cat keygen.out` +keyname=$(cat keygen.out) rm -f keygen.out keyfile_to_static_ds $keyname > trusted.conf diff --git a/bin/tests/system/filter-aaaa/tests.sh b/bin/tests/system/filter-aaaa/tests.sh index 93e4ad9b50..5ed97eb237 100644 --- a/bin/tests/system/filter-aaaa/tests.sh +++ b/bin/tests/system/filter-aaaa/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -23,22 +25,22 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" for conf in conf/good*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that $conf is accepted ($n)" ret=0 $CHECKCONF "$conf" || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done for conf in conf/bad*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that $conf is rejected ($n)" ret=0 $CHECKCONF "$conf" >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done # @@ -46,25 +48,25 @@ done # filter-aaaa-on-v4 yes; # filter-aaaa { 10.53.0.1; }; # -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, signed ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep ::2 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, unsigned ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep ::5 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -72,9 +74,9 @@ grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -82,18 +84,18 @@ grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1 grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -101,9 +103,9 @@ grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 0," dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -111,9 +113,9 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -121,9 +123,9 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 grep "::3" dig.out.ns1.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -131,9 +133,9 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -142,9 +144,9 @@ grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1 grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -152,9 +154,9 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -163,9 +165,9 @@ grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns1.test$n > /dev/null || ret=1 grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 ($n)" if testsock6 fd92:7065:b8e:ffff::1 then @@ -174,12 +176,12 @@ $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 grep 2001:db8::6 dig.out.ns1.test$n > /dev/null || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) else echo_i "skipped." fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=NS ($n)" ret=0 $DIG $DIGOPTS +add ns unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 @@ -187,26 +189,26 @@ grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1 grep "ADDITIONAL: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, signed ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" if testsock6 fd92:7065:b8e:ffff::1 then @@ -215,7 +217,7 @@ $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:f grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 grep "AUTHORITY: 1," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) else echo_i "skipped." fi @@ -225,25 +227,25 @@ fi # filter-aaaa-on-v4 break-dnssec; # filter-aaaa { 10.53.0.4; }; # -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "AUTHORITY: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep ::2 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "AUTHORITY: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep ::5 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 @@ -251,45 +253,45 @@ grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "AUTHORITY: 0," dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 @@ -297,9 +299,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 grep "::3" dig.out.ns4.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 @@ -307,9 +309,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 @@ -317,9 +319,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 grep ::3 dig.out.ns4.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 @@ -327,9 +329,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.4 > dig.out.ns4.test$n || ret=1 @@ -337,9 +339,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns4.test$n > /dev/null || ret=1 grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 with break-dnssec ($n)" if testsock6 fd92:7065:b8e:ffff::4 then @@ -347,37 +349,37 @@ ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep 2001:db8::6 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) else echo_i "skipped." fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add ns unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, with break-dnssec ($n)" if testsock6 fd92:7065:b8e:ffff::4 then @@ -385,7 +387,7 @@ ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) else echo_i "skipped." fi @@ -396,24 +398,24 @@ fi # filter-aaaa-on-v4 yes; # filter-aaaa { 10.53.0.2; }; # -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 grep ::2 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep ::5 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 @@ -421,9 +423,9 @@ grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 @@ -431,18 +433,18 @@ grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 @@ -450,18 +452,18 @@ grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 @@ -469,9 +471,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 grep "::3" dig.out.ns2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 @@ -479,9 +481,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 @@ -490,9 +492,9 @@ grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 @@ -500,9 +502,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 @@ -510,9 +512,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns2.test$n > /dev/null || ret=1 grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive ($n)" if testsock6 fd92:7065:b8e:ffff::2 then @@ -520,29 +522,29 @@ ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep 2001:db8::6 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) else echo_i "skipped." fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=NS ($n)" ret=0 $DIG $DIGOPTS +add ns unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, signed, recursive ($n)" ret=0 # we need to prime the cache with addresses for the MX, since additional @@ -554,9 +556,9 @@ $DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$ grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, recursive, over IPv6 ($n)" if testsock6 fd92:7065:b8e:ffff::2 then @@ -564,7 +566,7 @@ ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) else echo_i "skipped." fi @@ -574,24 +576,24 @@ fi # filter-aaaa-on-v4 break-dnssec; # filter-aaaa { 10.53.0.3; }; # -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null || ret=1 grep ::2 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep ::5 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -599,9 +601,9 @@ grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -609,18 +611,18 @@ grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -628,18 +630,18 @@ grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -647,9 +649,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 grep "::3" dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -657,9 +659,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -667,9 +669,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 grep ::3 dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -677,9 +679,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.3 > dig.out.ns3.test$n || ret=1 @@ -687,9 +689,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns3.test$n > /dev/null || ret=1 grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive with break-dnssec ($n)" if testsock6 fd92:7065:b8e:ffff::3 then @@ -697,38 +699,38 @@ ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep 2001:db8::6 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) else echo_i "skipped." fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add ns unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep AAAA dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, recursive with break-dnssec ($n)" if testsock6 fd92:7065:b8e:ffff::3 then @@ -736,7 +738,7 @@ ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) else echo_i "skipped." fi @@ -766,67 +768,67 @@ rndc_reconfig ns4 10.53.0.4 # filter-aaaa-on-v6 yes; # filter-aaaa { fd92:7065:b8e:ffff::1; }; # -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, signed ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep ::2 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, unsigned ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep ::5 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 @@ -834,9 +836,9 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 grep "::3" dig.out.ns1.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 @@ -844,9 +846,9 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 @@ -854,9 +856,9 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 @@ -864,9 +866,9 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 @@ -874,48 +876,48 @@ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns1.test$n > /dev/null || ret=1 grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 2001:db8::6 dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=NS ($n)" ret=0 $DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, signed ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # @@ -923,68 +925,68 @@ status=`expr $status + $ret` # filter-aaaa-on-v6 break-dnssec; # filter-aaaa { fd92:7065:b8e:ffff::4; }; # -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep ::2 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep ::5 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 @@ -992,9 +994,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 grep "::3" dig.out.ns4.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 @@ -1002,9 +1004,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 @@ -1012,9 +1014,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 grep ::3 dig.out.ns4.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 @@ -1022,9 +1024,9 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 @@ -1032,48 +1034,48 @@ grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns4.test$n > /dev/null || ret=1 grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep 2001:db8::6 dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # @@ -1081,24 +1083,24 @@ status=`expr $status + $ret` # filter-aaaa-on-v6 yes; # filter-aaaa { fd92:7065:b8e:ffff::2; }; # -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 grep ::2 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep ::5 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 @@ -1106,9 +1108,9 @@ grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 @@ -1116,18 +1118,18 @@ grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 @@ -1135,18 +1137,18 @@ grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 @@ -1154,9 +1156,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 grep "::3" dig.out.ns2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 @@ -1164,9 +1166,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 @@ -1175,9 +1177,9 @@ grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 @@ -1185,9 +1187,9 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 @@ -1195,49 +1197,49 @@ grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns2.test$n > /dev/null || ret=1 grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep 2001:db8::6 dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=NS ($n)" ret=0 $DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, signed ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # @@ -1245,24 +1247,24 @@ status=`expr $status + $ret` # filter-aaaa-on-v6 yes; # filter-aaaa { fd92:7065:b8e:ffff::3; }; # -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null || ret=1 grep ::2 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep ::5 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 @@ -1270,9 +1272,9 @@ grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 @@ -1280,18 +1282,18 @@ grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 @@ -1299,18 +1301,18 @@ grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null && ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 @@ -1318,9 +1320,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 grep "::3" dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 @@ -1328,9 +1330,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 @@ -1338,9 +1340,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 grep ::3 dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 @@ -1348,9 +1350,9 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 @@ -1358,61 +1360,61 @@ grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep 1.0.0.6 dig.out.ns3.test$n > /dev/null || ret=1 grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep 2001:db8::6 dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep AAAA dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 grep "ADDITIONAL: 2" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null || ret=1 grep "^mx.signed.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, recursive with break-dnssec ($n)" ret=0 $DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # We don't check for the AAAA record here as configuration in ns5 does # not make sense. The AAAA record is wanted by filter-aaaa but discarded # by the dns64 configuration. We just want to ensure the server stays # running. -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking filter-aaaa with dns64 ($n)" ret=0 $DIG $DIGOPTS aaaa aaaa-only.unsigned @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/formerr/tests.sh b/bin/tests/system/formerr/tests.sh index 870594b69c..75f4cc0b64 100644 --- a/bin/tests/system/formerr/tests.sh +++ b/bin/tests/system/formerr/tests.sh @@ -11,34 +11,36 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 echo_i "test name too long" $PERL formerr.pl -a 10.53.0.1 -p ${PORT} nametoolong > nametoolong.out -ans=`grep got: nametoolong.out` +ans=$(grep got: nametoolong.out) if [ "${ans}" != "got: 000080010000000000000000" ]; then - echo_i "failed"; status=`expr $status + 1`; + echo_i "failed"; status=$((status + 1)); fi echo_i "two questions" $PERL formerr.pl -a 10.53.0.1 -p ${PORT} twoquestions > twoquestions.out -ans=`grep got: twoquestions.out` +ans=$(grep got: twoquestions.out) if [ "${ans}" != "got: 000080010000000000000000" ]; then - echo_i "failed"; status=`expr $status + 1`; + echo_i "failed"; status=$((status + 1)); fi # this would be NOERROR if it included a COOKIE option, # but is a FORMERR without one. echo_i "empty question section (and no COOKIE option)" $PERL formerr.pl -a 10.53.0.1 -p ${PORT} noquestions > noquestions.out -ans=`grep got: noquestions.out` +ans=$(grep got: noquestions.out) if [ "${ans}" != "got: 000080010000000000000000" ]; then - echo_i "failed"; status=`expr $status + 1`; + echo_i "failed"; status=$((status + 1)); fi echo_i "exit status: $status" diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh index 914b30c65f..4037f221da 100644 --- a/bin/tests/system/forward/tests.sh +++ b/bin/tests/system/forward/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + #shellcheck source=conf.sh . ../conf.sh @@ -210,9 +212,9 @@ received_pattern="received packet from 10\.53\.0\.1" start_pattern="sending packet to 10\.53\.0\.1" retry_quiet 5 wait_for_log ns7/named.run "$received_pattern" || ret=1 check_sent 1 ns7/named.run "$start_pattern" ";\.[[:space:]]*IN[[:space:]]*NS$" || ret=1 -sent=$(grep -c "10.53.0.7#.* (.): query '\./NS/IN' approved" ns4/named.run) +sent=$(grep -c "10.53.0.7#.* (.): query '\./NS/IN' approved" ns4/named.run || true) [ "$sent" -eq 0 ] || ret=1 -sent=$(grep -c "10.53.0.7#.* (.): query '\./NS/IN' approved" ns1/named.run) +sent=$(grep -c "10.53.0.7#.* (.): query '\./NS/IN' approved" ns1/named.run || true) [ "$sent" -eq 1 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) diff --git a/bin/tests/system/geoip2/tests.sh b/bin/tests/system/geoip2/tests.sh index 516f9bbf24..b72a870714 100644 --- a/bin/tests/system/geoip2/tests.sh +++ b/bin/tests/system/geoip2/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -24,53 +26,53 @@ RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" for conf in conf/good*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that $conf is accepted ($n)" ret=0 $CHECKCONF "$conf" || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done for conf in conf/bad*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that $conf is rejected ($n)" ret=0 $CHECKCONF "$conf" >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking Country database by code using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking Country database by code using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 country code test" fi @@ -81,35 +83,35 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking Country database with nested ACLs using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking Country database with nested ACLs using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 country nested ACL test" fi @@ -120,35 +122,35 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking Country database by name using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking Country database by name using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 country name test" fi @@ -159,37 +161,37 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking Country database by continent code using IPv4 ($n)" ret=0 lret=0 # deliberately skipping 4 and 6 as they have duplicate continents for i in 1 2 3 5 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking Country database by continent code using IPv6 ($n)" ret=0 lret=0 # deliberately skipping 4 and 6 as they have duplicate continents for i in 1 2 3 5 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 continent code test" fi @@ -200,77 +202,77 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking City database by region code using IPv4 ($n)" ret=0 lret=0 # skipping 2 on purpose here; it has the same region code as 1 for i in 1 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking City database by region code using IPv6 ($n)" ret=0 lret=0 # skipping 2 on purpose here; it has the same region code as 1 for i in 1 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 region code test" fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "reloading server" copy_setports ns2/named6.conf.in ns2/named.conf $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking City database by city name using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking City database by city name using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 city test" fi @@ -281,35 +283,35 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking ISP database using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking ISP database using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 ISP test" fi @@ -320,35 +322,35 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking ASN database by org name using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking ASN database by org name using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 ASN test" fi @@ -359,35 +361,35 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking GeoIP6 ASN database, ASNNNN only, using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking ASN database, ASNNNN only, using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 ASN test" fi @@ -398,35 +400,35 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking GeoIP6 ASN database, NNNN only, using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking ASN database, NNNN only, using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 ASN test" fi @@ -437,35 +439,35 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking Domain database using IPv4 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS txt example -b 10.53.0.$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) if testsock6 fd92:7065:b8e:ffff::3 then - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking Domain database using IPv6 ($n)" ret=0 lret=0 for i in 1 2 3 4 5 6 7; do $DIG $DIGOPTS6 txt example -b fd92:7065:b8e:ffff::$i > dig.out.ns2.test$n.$i || lret=1 - j=`cat dig.out.ns2.test$n.$i | tr -d '"'` + j=$(cat dig.out.ns2.test$n.$i | tr -d '"') [ "$i" = "$j" ] || lret=1 [ $lret -eq 1 ] && break done [ $lret -eq 1 ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "IPv6 unavailable; skipping IPv6 Domain test" fi @@ -476,13 +478,13 @@ $CHECKCONF ns2/named.conf | cat_i rndc_reload ns2 10.53.0.2 sleep 3 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking geoip blackhole ACL ($n)" ret=0 $DIG $DIGOPTS txt example -b 10.53.0.7 > dig.out.ns2.test$n || ret=1 $RNDCCMD 10.53.0.2 status 2>&1 > rndc.out.ns2.test$n || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/glue/tests.sh b/bin/tests/system/glue/tests.sh index 9ecf39b6a8..2dcacbf940 100644 --- a/bin/tests/system/glue/tests.sh +++ b/bin/tests/system/glue/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh # diff --git a/bin/tests/system/idna/tests.sh b/bin/tests/system/idna/tests.sh index e48992a676..5f525d68de 100644 --- a/bin/tests/system/idna/tests.sh +++ b/bin/tests/system/idna/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh # Set known locale for the tests @@ -102,12 +104,12 @@ idna_test() { echo_i "$description ($n)" ret=0 - $DIGCMD $2 $3 > dig.out.$n 2>&1 - if [ $? -ne 0 ]; then + { $DIGCMD $2 $3 > dig.out.$n 2>&1; rc=$?; } || true + if [ $rc -ne 0 ]; then echo_i "failed: dig command returned non-zero status" ret=1 else - actual=`qname dig.out.$n` + actual=$(qname dig.out.$n) if [ "$4" != "$actual" ]; then echo_i "failed: expected answer $4, actual result $actual" ret=1 @@ -131,8 +133,8 @@ idna_fail() { echo_i "$description ($n)" ret=0 - $DIGCMD $2 $3 > dig.out.$n 2>&1 - if [ $? -eq 0 ]; then + { $DIGCMD $2 $3 > dig.out.$n 2>&1; rc=$?; } || true + if [ $rc -eq 0 ]; then echo_i "failed: dig command unexpectedly succeeded" ret=1 fi @@ -382,8 +384,7 @@ idna_disabled_test() { # Main test begins here -$FEATURETEST --with-libidn2 -if [ $? -eq 0 ]; then +if $FEATURETEST --with-libidn2; then idna_enabled_test else idna_disabled_test diff --git a/bin/tests/system/include-multiplecfg/tests.sh b/bin/tests/system/include-multiplecfg/tests.sh index 34d3785766..65b40012f9 100644 --- a/bin/tests/system/include-multiplecfg/tests.sh +++ b/bin/tests/system/include-multiplecfg/tests.sh @@ -13,6 +13,7 @@ # Test of include statement with glob expression. +set -e . ../conf.sh @@ -22,42 +23,42 @@ status=0 n=0 # Test 1 - check if zone1 was loaded. -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking glob include of zone1 config ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 zone1.com. a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^zone1.com.' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 2 - check if zone2 was loaded. -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking glob include of zone2 config ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 zone2.com. a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^zone2.com.' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 3 - check if standard file path (no magic chars) works. -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking include of standard file path config ($n)" ret=0 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 mars.com. a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^mars.com.' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # Test 4: named-checkconf correctly parses glob includes. -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking named-checkconf with glob include ($n)" ret=0 (cd ns2; $CHECKCONF named.conf) || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh index 32436b0b5e..e9c455472a 100755 --- a/bin/tests/system/inline/tests.sh +++ b/bin/tests/system/inline/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +dnssec -p ${PORT}" @@ -32,16 +34,19 @@ wait_for_serial() ( status=0 n=0 +ret=0 -$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - nsec3 > /dev/null 2>&1 || ret=1 for i in 1 2 3 4 5 6 7 8 9 0 do - nsec3param=$($DIG $DIGOPTS +nodnssec +short @10.53.0.3 nsec3param nsec3.) + nsec3param=$($DIG $DIGOPTS +nodnssec +short @10.53.0.3 nsec3param nsec3.) || ret=1 test "$nsec3param" = "1 0 0 -" && break sleep 1 done +if [ $ret != 0 ]; then echo_i "pre-condition failed, test aborted"; exit 1; fi + n=$((n + 1)) echo_i "checking that an unsupported algorithm is not used for signing ($n)" ret=0 @@ -63,7 +68,7 @@ ret=0 for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 do ret=0 - $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 || ret=1 keys=$(grep '^Done signing' signing.out.test$n | wc -l) [ $keys = 2 ] || ret=1 if [ $ret = 0 ]; then break; fi @@ -75,7 +80,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking expired signatures are updated on load ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 +noall +answer +dnssec expired SOA > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 +noall +answer +dnssec expired SOA > dig.out.ns3.test$n || ret=1 expiry=$(awk '$4 == "RRSIG" { print $9 }' dig.out.ns3.test$n) [ "$expiry" = "20110101000000" ] && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -84,7 +89,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking removal of private type record via 'rndc signing -clear' ($n)" ret=0 -$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 +$RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 || ret=1 keys=$(sed -n -e 's/Done signing with key \(.*\)$/\1/p' signing.out.test$n) for key in $keys; do $RNDCCMD 10.53.0.3 signing -clear ${key} bits > /dev/null || ret=1 @@ -94,7 +99,7 @@ done 2>&1 |sed 's/^/ns3 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 10 do ans=0 - $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 || ret=1 num=$(grep "Done signing with" signing.out.test$n | wc -l) [ $num = 1 ] && break sleep 1 @@ -107,7 +112,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking private type was properly signed ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n +$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n || ret=1 grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1 @@ -122,7 +127,7 @@ $RNDCCMD 10.53.0.3 signing -clear all bits > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 10 do ans=0 - $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list bits > signing.out.test$n 2>&1 || ret=1 grep "No signing records found" signing.out.test$n > /dev/null || ans=1 [ $ans = 1 ] || break sleep 1 @@ -136,7 +141,7 @@ n=$((n + 1)) echo_i "checking negative private type response was properly signed ($n)" ret=0 sleep 1 -$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n +$DIG $DIGOPTS @10.53.0.6 bits TYPE65534 > dig.out.ns6.test$n || ret=1 grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns6.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1 @@ -144,17 +149,18 @@ grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking that the record is added on the hidden primary ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone bits server 10.53.0.2 ${PORT} update add added.bits 0 A 1.2.3.4 send EOF -n=$((n + 1)) -echo_i "checking that the record is added on the hidden primary ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.2 added.bits A > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 added.bits A > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -166,7 +172,7 @@ ret=0 for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 added.bits A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 added.bits A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi @@ -175,17 +181,18 @@ done if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking YYYYMMDDVV (2011072400) serial on hidden primary ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone bits server 10.53.0.2 ${PORT} update add bits 0 SOA ns2.bits. . 2011072400 20 20 1814400 3600 send EOF -n=$((n + 1)) -echo_i "checking YYYYMMDDVV (2011072400) serial on hidden primary ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2011072400" dig.out.ns2.test$n > /dev/null || ret=1 @@ -197,7 +204,7 @@ echo_i "checking YYYYMMDDVV (2011072400) serial in signed zone ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072400" dig.out.ns3.test$n > /dev/null || ret=1 @@ -213,7 +220,7 @@ ret=0 for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 do ret=0 - $RNDCCMD 10.53.0.3 signing -list noixfr > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list noixfr > signing.out.test$n 2>&1 || ret=1 keys=$(grep '^Done signing' signing.out.test$n | wc -l) [ $keys = 2 ] || ret=1 if [ $ret = 0 ]; then break; fi @@ -222,17 +229,18 @@ done if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking that the record is added on the hidden primary, noixfr ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone noixfr server 10.53.0.4 ${PORT} update add added.noixfr 0 A 1.2.3.4 send EOF -n=$((n + 1)) -echo_i "checking that the record is added on the hidden primary, noixfr ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.4 added.noixfr A > dig.out.ns4.test$n +$DIG $DIGOPTS @10.53.0.4 added.noixfr A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -244,7 +252,7 @@ ret=0 for i in 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 added.noixfr A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 added.noixfr A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi @@ -253,17 +261,18 @@ done if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking YYYYMMDDVV (2011072400) serial on hidden primary, noixfr ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone noixfr server 10.53.0.4 ${PORT} update add noixfr 0 SOA ns4.noixfr. . 2011072400 20 20 1814400 3600 send EOF -n=$((n + 1)) -echo_i "checking YYYYMMDDVV (2011072400) serial on hidden primary, noixfr ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n +$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep "2011072400" dig.out.ns4.test$n > /dev/null || ret=1 @@ -275,7 +284,7 @@ echo_i "checking YYYYMMDDVV (2011072400) serial in signed zone, noixfr ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072400" dig.out.ns3.test$n > /dev/null || ret=1 @@ -291,7 +300,7 @@ ret=0 for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 || ret=1 keys=$(grep '^Done signing' signing.out.test$n | wc -l) [ $keys = 2 ] || ret=1 if [ $ret = 0 ]; then break; fi @@ -303,7 +312,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking removal of private type record via 'rndc signing -clear' (primary) ($n)" ret=0 -$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 +$RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 || ret=1 keys=$(sed -n -e 's/Done signing with key \(.*\)$/\1/p' signing.out.test$n) for key in $keys; do $RNDCCMD 10.53.0.3 signing -clear ${key} primary > /dev/null || ret=1 @@ -313,7 +322,7 @@ done 2>&1 |sed 's/^/ns3 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 do ans=0 - $RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 || ret=1 num=$(grep "Done signing with" signing.out.test$n | wc -l) [ $num = 1 ] && break sleep 1 @@ -326,7 +335,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking private type was properly signed (primary) ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.6 primary TYPE65534 > dig.out.ns6.test$n +$DIG $DIGOPTS @10.53.0.6 primary TYPE65534 > dig.out.ns6.test$n || ret=1 grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ret=1 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ret=1 @@ -340,7 +349,7 @@ $RNDCCMD 10.53.0.3 signing -clear all primary > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 10 do ans=0 - $RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list primary > signing.out.test$n 2>&1 || ret=1 grep "No signing records found" signing.out.test$n > /dev/null || ans=1 [ $ans = 1 ] || break sleep 1 @@ -358,7 +367,7 @@ rndc_reload ns3 10.53.0.3 primary for i in 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 e.primary A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 e.primary A > dig.out.ns3.test$n || ret=1 grep "10.0.0.5" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 1 ] || break @@ -374,7 +383,7 @@ ret=0 echo "c A 10.0.0.3" >> ns3/primary.db rndc_reload ns3 10.53.0.3 sleep 1 -$DIG $DIGOPTS @10.53.0.3 c.primary A > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 c.primary A > dig.out.ns3.test$n || ret=1 grep "NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -387,7 +396,7 @@ $RNDCCMD 10.53.0.3 reload primary 2>&1 | sed 's/^/ns3 /' | cat_i for i in 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 c.primary A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 c.primary A > dig.out.ns3.test$n || ret=1 grep "10.0.0.3" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 1 ] || break @@ -400,7 +409,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "check the added record was properly signed ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 e.primary A > dig.out.ns6.test$n +$DIG $DIGOPTS @10.53.0.3 e.primary A > dig.out.ns6.test$n || ret=1 grep "10.0.0.5" dig.out.ns6.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns6.test$n > /dev/null || ans=1 grep "flags:.* ad[ ;]" dig.out.ns6.test$n > /dev/null || ans=1 @@ -413,7 +422,7 @@ ret=0 for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $RNDCCMD 10.53.0.3 signing -list dynamic > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list dynamic > signing.out.test$n 2>&1 || ret=1 keys=$(grep '^Done signing' signing.out.test$n | wc -l) [ $keys = 2 ] || ret=1 if [ $ret = 0 ]; then break; fi @@ -425,19 +434,19 @@ status=$((status + ret)) n=$((n + 1)) echo_i "checking primary zone that was updated while offline is correct ($n)" ret=0 -$DIG $DIGOPTS +nodnssec +short @10.53.0.3 updated SOA >dig.out.ns2.soa.test$n +$DIG $DIGOPTS +nodnssec +short @10.53.0.3 updated SOA >dig.out.ns2.soa.test$n || ret=1 serial=$(awk '{print $3}' dig.out.ns2.soa.test$n) # serial should have changed [ "$serial" = "2000042407" ] && ret=1 # e.updated should exist and should be signed -$DIG $DIGOPTS @10.53.0.3 e.updated A > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 e.updated A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 # updated.db.signed.jnl should exist, should have the source serial # of primary2.db, and should show a minimal diff: no more than 8 added # records (SOA/RRSIG, 2 x NSEC/RRSIG, A/RRSIG), and 4 removed records # (SOA/RRSIG, NSEC/RRSIG). -$JOURNALPRINT ns3/updated.db.signed.jnl >journalprint.out.test$n +$JOURNALPRINT ns3/updated.db.signed.jnl >journalprint.out.test$n || ret=1 serial=$(awk '/Source serial =/ {print $4}' journalprint.out.test$n) [ "$serial" = "2000042408" ] || ret=1 diffsize=$(wc -l < journalprint.out.test$n) @@ -451,7 +460,7 @@ ret=0 [ -f ns3/dynamic.db.jnl ] && { ret=1 ; echo_i "journal exists (pretest)" ; } -$NSUPDATE << EOF +$NSUPDATE << EOF || ret=1 zone dynamic server 10.53.0.3 ${PORT} update add e.dynamic 0 A 1.2.3.4 @@ -463,7 +472,7 @@ EOF for i in 1 2 3 4 5 6 7 8 9 10 do ans=0 - $DIG $DIGOPTS @10.53.0.3 e.dynamic > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 e.dynamic > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 grep "1.2.3.4" dig.out.ns3.test$n > /dev/null || ans=1 @@ -489,17 +498,18 @@ start_server --noclean --restart --port ${PORT} ns3 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking YYYYMMDDVV (2011072450) serial on hidden primary ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone bits server 10.53.0.2 ${PORT} update add bits 0 SOA ns2.bits. . 2011072450 20 20 1814400 3600 send EOF -n=$((n + 1)) -echo_i "checking YYYYMMDDVV (2011072450) serial on hidden primary ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2011072450" dig.out.ns2.test$n > /dev/null || ret=1 @@ -511,7 +521,7 @@ echo_i "checking YYYYMMDDVV (2011072450) serial in signed zone ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072450" dig.out.ns3.test$n > /dev/null || ret=1 @@ -521,17 +531,18 @@ done if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking YYYYMMDDVV (2011072450) serial on hidden primary, noixfr ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone noixfr server 10.53.0.4 ${PORT} update add noixfr 0 SOA ns4.noixfr. . 2011072450 20 20 1814400 3600 send EOF -n=$((n + 1)) -echo_i "checking YYYYMMDDVV (2011072450) serial on hidden primary, noixfr ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n +$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep "2011072450" dig.out.ns4.test$n > /dev/null || ret=1 @@ -543,7 +554,7 @@ echo_i "checking YYYYMMDDVV (2011072450) serial in signed zone, noixfr ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072450" dig.out.ns3.test$n > /dev/null || ret=1 @@ -553,17 +564,18 @@ done if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking forwarded update on hidden primary ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone bits server 10.53.0.3 ${PORT} update add bits 0 SOA ns2.bits. . 2011072460 20 20 1814400 3600 send EOF -n=$((n + 1)) -echo_i "checking forwarded update on hidden primary ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 bits SOA > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 grep "2011072460" dig.out.ns2.test$n > /dev/null || ret=1 @@ -575,7 +587,7 @@ echo_i "checking forwarded update on signed zone ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 bits SOA > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072460" dig.out.ns3.test$n > /dev/null || ret=1 @@ -585,17 +597,18 @@ done if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking forwarded update on hidden primary, noixfr ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone noixfr server 10.53.0.3 ${PORT} update add noixfr 0 SOA ns4.noixfr. . 2011072460 20 20 1814400 3600 send EOF -n=$((n + 1)) -echo_i "checking forwarded update on hidden primary, noixfr ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n +$DIG $DIGOPTS @10.53.0.4 noixfr SOA > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns4.test$n > /dev/null || ret=1 grep "2011072460" dig.out.ns4.test$n > /dev/null || ret=1 @@ -607,7 +620,7 @@ echo_i "checking forwarded update on signed zone, noixfr ($n)" for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 noixfr SOA > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 grep "2011072460" dig.out.ns3.test$n > /dev/null || ret=1 @@ -620,7 +633,7 @@ status=$((status + ret)) ret=0 n=$((n + 1)) echo_i "checking turning on of inline signing in a secondary zone via reload ($n)" -$DIG $DIGOPTS @10.53.0.5 +dnssec bits SOA > dig.out.ns5.test$n +$DIG $DIGOPTS @10.53.0.5 +dnssec bits SOA > dig.out.ns5.test$n || ret=1 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns5.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "setup broken"; fi @@ -632,7 +645,7 @@ rndc_reload ns5 10.53.0.5 for i in 1 2 3 4 5 6 7 8 9 10 do ret=0 - $DIG $DIGOPTS @10.53.0.5 bits SOA > dig.out.ns5.test$n + $DIG $DIGOPTS @10.53.0.5 bits SOA > dig.out.ns5.test$n || ret=1 grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns5.test$n > /dev/null || ret=1 if [ $ret = 0 ]; then break; fi @@ -671,7 +684,7 @@ echo_i "check added record freeze1.dynamic ($n)" for i in 1 2 3 4 5 6 7 8 9 do ret=0 - $DIG $DIGOPTS @10.53.0.3 freeze1.dynamic TXT > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 freeze1.dynamic TXT > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 test $ret = 0 && break @@ -701,7 +714,7 @@ echo_i "check added record freeze2.dynamic ($n)" for i in 1 2 3 4 5 6 7 8 9 do ret=0 - $DIG $DIGOPTS @10.53.0.3 freeze2.dynamic TXT > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 freeze2.dynamic TXT > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ret=1 test $ret = 0 && break @@ -729,7 +742,11 @@ $RNDCCMD 10.53.0.3 sync -clean dynamic 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -$NSUPDATE << EOF +n=$((n + 1)) +echo_i "checking that the retransfer record is added on the hidden primary ($n)" +ret=0 + +$NSUPDATE << EOF || ret=1 zone retransfer server 10.53.0.2 ${PORT} update add added.retransfer 0 A 1.2.3.4 @@ -737,10 +754,7 @@ send EOF -n=$((n + 1)) -echo_i "checking that the retransfer record is added on the hidden primary ($n)" -ret=0 -$DIG $DIGOPTS @10.53.0.2 added.retransfer A > dig.out.ns2.test$n +$DIG $DIGOPTS @10.53.0.2 added.retransfer A > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -752,7 +766,7 @@ ret=0 for i in 0 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 0 ] && break sleep 1 @@ -767,7 +781,7 @@ $RNDCCMD 10.53.0.3 retransfer retransfer 2>&1 || ret=1 for i in 0 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 added.retransfer A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 0 ] && break @@ -782,7 +796,7 @@ echo_i "check 'rndc signing -nsec3param' requests are queued for zones which are ret=0 # The "retransfer3" zone is configured with "allow-transfer { none; };" on ns2, # which means it should not yet be available on ns3. -$DIG $DIGOPTS @10.53.0.3 retransfer3 SOA > dig.out.ns3.pre.test$n +$DIG $DIGOPTS @10.53.0.3 retransfer3 SOA > dig.out.ns3.pre.test$n || ret=1 grep "status: SERVFAIL" dig.out.ns3.pre.test$n > /dev/null || ret=1 # Switch the zone to NSEC3. An "NSEC3 -> NSEC -> NSEC3" sequence is used purely # to test that multiple queued "rndc signing -nsec3param" requests are handled @@ -800,7 +814,7 @@ $RNDCCMD 10.53.0.3 retransfer retransfer3 || ret=1 for i in 0 1 2 3 4 5 6 7 8 9 do ret=0 - $DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n.$i + $DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n.$i || ret=1 grep "status: NXDOMAIN" dig.out.ns3.post.test$n.$i > /dev/null || ret=1 grep "NSEC3" dig.out.ns3.post.test$n.$i > /dev/null || ret=1 test $ret -eq 0 && break @@ -816,7 +830,7 @@ $RNDCCMD 10.53.0.3 signing -nsec3param 1 0 0 - retransfer3 > /dev/null 2>&1 || r for i in 0 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.pre.test$n + $DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.pre.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.pre.test$n > /dev/null || ans=1 grep "NSEC3" dig.out.ns3.pre.test$n > /dev/null || ans=1 [ $ans = 0 ] && break @@ -826,7 +840,7 @@ $RNDCCMD 10.53.0.3 retransfer retransfer3 2>&1 || ret=1 for i in 0 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n + $DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.post.test$n > /dev/null || ans=1 grep "NSEC3" dig.out.ns3.post.test$n > /dev/null || ans=1 [ $ans = 0 ] && break @@ -844,28 +858,28 @@ ret=0 zone=nsec3-loop # Add secondary zone using rndc $RNDCCMD 10.53.0.7 addzone $zone \ - '{ type secondary; primaries { 10.53.0.2; }; file "'$zone'.db"; inline-signing yes; auto-dnssec maintain; };' + '{ type secondary; primaries { 10.53.0.2; }; file "'$zone'.db"; inline-signing yes; auto-dnssec maintain; };' || ret=1 # Wait until secondary zone is fully signed using NSEC for i in 1 2 3 4 5 6 7 8 9 0 do ret=1 - $RNDCCMD 10.53.0.7 signing -list $zone > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.7 signing -list $zone > signing.out.test$n 2>&1 || ret=1 keys=$(grep '^Done signing' signing.out.test$n | wc -l) [ $keys -eq 3 ] && ret=0 && break sleep 1 done # Switch secondary zone to NSEC3 -$RNDCCMD 10.53.0.7 signing -nsec3param 1 0 2 12345678 $zone > /dev/null 2>&1 +$RNDCCMD 10.53.0.7 signing -nsec3param 1 0 2 12345678 $zone > /dev/null 2>&1 || ret=1 # Wait until secondary zone is fully signed using NSEC3 for i in 1 2 3 4 5 6 7 8 9 0 do ret=1 - nsec3param=$($DIG $DIGOPTS +nodnssec +short @10.53.0.7 nsec3param $zone) + nsec3param=$($DIG $DIGOPTS +nodnssec +short @10.53.0.7 nsec3param $zone) || ret=1 test "$nsec3param" = "1 0 2 12345678" && ret=0 && break sleep 1 done # Attempt to retransfer the secondary zone from primary -$RNDCCMD 10.53.0.7 retransfer $zone +$RNDCCMD 10.53.0.7 retransfer $zone || ret=1 # Check whether the signer managed to fully sign the retransferred zone by # waiting for a specific SOA serial number to appear in the logs; if this # specific SOA serial number does not appear in the logs, it means the signer @@ -876,8 +890,8 @@ $RNDCCMD 10.53.0.7 retransfer $zone for i in 1 2 3 4 5 6 7 8 9 0 do ret=1 - grep "ns2.$zone. . 10 20 20 1814400 3600" ns7/named.run > /dev/null 2>&1 - [ $? -eq 0 ] && ret=0 && break + { grep "ns2.$zone. . 10 20 20 1814400 3600" ns7/named.run > /dev/null 2>&1; rc=$?; } || true + [ $rc -eq 0 ] && ret=0 && break sleep 1 done if [ $ret != 0 ]; then echo_i "failed"; fi @@ -892,7 +906,7 @@ status=$((status + ret)) echo_i "update SOA record while stopped" cp ns3/primary4.db.in ns3/primary.db -rm ns3/primary.db.jnl +rm -f ns3/primary.db.jnl n=$((n + 1)) echo_i "restart bump in the wire signer server ($n)" @@ -907,7 +921,7 @@ ret=0 for i in 1 2 3 4 5 6 7 8 9 do ans=0 - $DIG $DIGOPTS @10.53.0.3 primary SOA > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 primary SOA > dig.out.ns3.test$n || ret=1 grep "hostmaster" dig.out.ns3.test$n > /dev/null || ans=1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || ans=1 [ $ans = 1 ] || break @@ -976,7 +990,7 @@ nextpart ns3/named.run > /dev/null cp ns3/primary7.db.in ns3/primary.db rndc_reload ns3 10.53.0.3 _includefile_loaded() { - $DIG $DIGOPTS @10.53.0.3 f.primary A > dig.out.ns3.test$n + $DIG $DIGOPTS @10.53.0.3 f.primary A > dig.out.ns3.test$n || return 1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || return 1 grep "ANSWER: 2," dig.out.ns3.test$n > /dev/null || return 1 grep "10\.0\.0\.7" dig.out.ns3.test$n > /dev/null || return 1 @@ -995,12 +1009,12 @@ ret=0 for zone in a b c d e f g h i j k l m n o p q r s t u v w x y z do $RNDCCMD 10.53.0.2 addzone test-$zone \ - '{ type primary; file "bits.db.in"; allow-transfer { any; }; };' -$DIG $DIGOPTS @10.53.0.2 test-$zone SOA > dig.out.ns2.$zone.test$n + '{ type primary; file "bits.db.in"; allow-transfer { any; }; };' || ret=1 +$DIG $DIGOPTS @10.53.0.2 test-$zone SOA > dig.out.ns2.$zone.test$n || ret=1 grep "status: NOERROR," dig.out.ns2.$zone.test$n > /dev/null || { ret=1; cat dig.out.ns2.$zone.test$n; } $RNDCCMD 10.53.0.3 addzone test-$zone \ - '{ type secondary; primaries { 10.53.0.2; }; file "'test-$zone.bk'"; inline-signing yes; auto-dnssec maintain; allow-transfer { any; }; };' -$RNDCCMD 10.53.0.3 delzone test-$zone > /dev/null 2>&1 + '{ type secondary; primaries { 10.53.0.2; }; file "'test-$zone.bk'"; inline-signing yes; auto-dnssec maintain; allow-transfer { any; }; };' || ret=1 +$RNDCCMD 10.53.0.3 delzone test-$zone > /dev/null 2>&1 || ret=1 done if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -1008,7 +1022,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "testing adding external keys to a inline zone ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 dnskey externalkey > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 dnskey externalkey > dig.out.ns3.test$n || ret=1 for alg in ${DEFAULT_ALGORITHM_NUMBER} ${ALTERNATIVE_ALGORITHM_NUMBER} do [ $alg = 13 -a ! -f checkecdsa ] && continue; @@ -1046,9 +1060,9 @@ status=$((status + ret)) n=$((n + 1)) echo_i "testing updating inline secure serial via 'rndc signing -serial' ($n)" ret=0 -$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n || ret=1 newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n) -$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 || ret=1 retry_quiet 5 wait_for_serial 10.53.0.3 nsec3. "${newserial:-0}" dig.out.ns3.post.test$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -1056,12 +1070,12 @@ status=$((status + ret)) n=$((n + 1)) echo_i "testing updating inline secure serial via 'rndc signing -serial' with negative change ($n)" ret=0 -$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n || ret=1 oldserial=$(awk '$4 == "SOA" { print $7 }' dig.out.n3.pre.test$n) newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] - 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n) -$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 || ret=1 sleep 1 -$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.ns3.post.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.ns3.post.test$n || ret=1 serial=$(awk '$4 == "SOA" { print $7 }' dig.out.ns3.post.test$n) [ ${oldserial:-0} -eq ${serial:-1} ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1073,12 +1087,12 @@ status=$((status + ret)) n=$((n + 1)) echo_i "testing updating inline secure serial via 'rndc signing -serial' when frozen ($n)" ret=0 -$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n +$DIG $DIGOPTS nsec3. SOA @10.53.0.3 > dig.out.n3.pre.test$n || ret=1 oldserial=$(awk '$4 == "SOA" { print $7 }' dig.out.n3.pre.test$n) newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.n3.pre.test$n) -$RNDCCMD 10.53.0.3 freeze nsec3 > /dev/null 2>&1 -$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 -$RNDCCMD 10.53.0.3 thaw nsec3 > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 freeze nsec3 > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 signing -serial ${newserial:-0} nsec3 > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.3 thaw nsec3 > /dev/null 2>&1 || ret=1 retry_quiet 5 wait_for_serial 10.53.0.3 nsec3. "${newserial:-0}" dig.out.ns3.post1.test$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -1086,9 +1100,9 @@ status=$((status + ret)) n=$((n + 1)) echo_i "testing updating dynamic serial via 'rndc signing -serial' ($n)" ret=0 -$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n || ret=1 newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n) -$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 +$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 || ret=1 retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${newserial:-0}" dig.out.ns2.post.test$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -1096,10 +1110,10 @@ status=$((status + ret)) n=$((n + 1)) echo_i "testing updating dynamic serial via 'rndc signing -serial' with negative change ($n)" ret=0 -$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n || ret=1 oldserial=$(awk '$4 == "SOA" { print $7 }' dig.out.ns2.pre.test$n) newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] - 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n) -$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 +$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 || ret=1 retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${newserial:-1}" dig.out.ns2.post1.test$n && ret=1 retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${oldserial:-1}" dig.out.ns2.post2.test$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1108,12 +1122,12 @@ status=$((status + ret)) n=$((n + 1)) echo_i "testing updating dynamic serial via 'rndc signing -serial' when frozen ($n)" ret=0 -$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n +$DIG $DIGOPTS bits. SOA @10.53.0.2 > dig.out.ns2.pre.test$n || ret=1 oldserial=$(awk '$4 == "SOA" { print $7 }' dig.out.ns2.pre.test$n) newserial=$($PERL -e 'while (<>) { chomp; my @field = split /\s+/; printf("%u\n", $field[6] + 10) if ($field[3] eq "SOA"); }' < dig.out.ns2.pre.test$n) -$RNDCCMD 10.53.0.2 freeze bits > /dev/null 2>&1 -$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 -$RNDCCMD 10.53.0.2 thaw bits > /dev/null 2>&1 +$RNDCCMD 10.53.0.2 freeze bits > /dev/null 2>&1 || ret=1 +$RNDCCMD 10.53.0.2 signing -serial ${newserial:-0} bits > /dev/null 2>&1 && ret=1 +$RNDCCMD 10.53.0.2 thaw bits > /dev/null 2>&1 || ret=1 retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${newserial:-1}" dig.out.ns2.post1.test$n && ret=1 retry_quiet 5 wait_for_serial 10.53.0.2 bits. "${oldserial:-1}" dig.out.ns2.post2.test$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1126,7 +1140,7 @@ ret=0 $DIG $DIGOPTS @10.53.0.3 soa inactivezsk > dig.out.ns3.pre.test$n || ret=1 soa1=$(awk '$4 == "SOA" { print $7 }' dig.out.ns3.pre.test$n) -$NSUPDATE << EOF +$NSUPDATE << EOF || ret=1 server 10.53.0.2 ${PORT} update add added.inactivezsk 0 IN TXT added record send @@ -1154,7 +1168,7 @@ n=$((n + 1)) echo_i "testing that inline signing works with inactive KSK and active ZSK ($n)" ret=0 -$DIG $DIGOPTS @10.53.0.3 axfr inactiveksk > dig.out.ns3.test$n +$DIG $DIGOPTS @10.53.0.3 axfr inactiveksk > dig.out.ns3.test$n || ret=1 # # check that DNSKEY is signed with ZSK for default algorithm @@ -1222,7 +1236,7 @@ EOF wait_until_raw_zone_update_is_processed "nokeys" # Query for bar.nokeys/A again and ensure the signer now returns a positive, # yet still unsigned response. -$DIG $DIGOPTS @10.53.0.3 bar.nokeys. A > dig.out.ns3.post.test$n 2>&1 +$DIG $DIGOPTS @10.53.0.3 bar.nokeys. A > dig.out.ns3.post.test$n 2>&1 || ret=1 grep "status: NOERROR" dig.out.ns3.post.test$n > /dev/null || ret=1 grep "RRSIG" dig.out.ns3.pre.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1251,7 +1265,7 @@ EOF wait_until_raw_zone_update_is_processed "removedkeys-primary" # Query for bar.removedkeys-primary/A again and ensure the signer still returns # a negative, signed response. -$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-primary. A > dig.out.ns3.post.test$n 2>&1 +$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-primary. A > dig.out.ns3.post.test$n 2>&1 || ret=1 grep "status: NOERROR" dig.out.ns3.post.test$n > /dev/null && ret=1 grep "RRSIG" dig.out.ns3.pre.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1262,7 +1276,7 @@ echo_i "checking that backlogged changes to raw zone are applied after keys beco ret=0 # Restore the signing keys for this zone. mv ns3/removedkeys/Kremovedkeys-primary* ns3 -$RNDCCMD 10.53.0.3 loadkeys removedkeys-primary > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 loadkeys removedkeys-primary > /dev/null 2>&1 || ret=1 # Determine what a SOA record with a bumped serial number should look like. BUMPED_SOA=$(sed -n 's/.*\(add removedkeys-primary.*IN.*SOA\)/\1/p;' ns3/named.run | tail -1 | awk '{$8 += 1; print $0}') # Ensure the wait_until_raw_zone_update_is_processed() call below will ignore @@ -1279,7 +1293,7 @@ EOF wait_until_raw_zone_update_is_processed "removedkeys-primary" # Query for bar.removedkeys-primary/A again and ensure the signer now returns a # positive, signed response. -$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-primary. A > dig.out.ns3.test$n 2>&1 +$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-primary. A > dig.out.ns3.test$n 2>&1 || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "RRSIG" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1308,7 +1322,7 @@ EOF wait_until_raw_zone_update_is_processed "removedkeys-secondary" # Query for bar.removedkeys-secondary/A again and ensure the signer still returns a # negative, signed response. -$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-secondary. A > dig.out.ns3.post.test$n 2>&1 +$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-secondary. A > dig.out.ns3.post.test$n 2>&1 || ret=1 grep "status: NOERROR" dig.out.ns3.post.test$n > /dev/null && ret=1 grep "RRSIG" dig.out.ns3.pre.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1319,7 +1333,7 @@ echo_i "checking that backlogged changes to raw zone are applied after keys beco ret=0 # Restore the signing keys for this zone. mv ns3/removedkeys/Kremovedkeys-secondary* ns3 -$RNDCCMD 10.53.0.3 loadkeys removedkeys-secondary > /dev/null 2>&1 +$RNDCCMD 10.53.0.3 loadkeys removedkeys-secondary > /dev/null 2>&1 || ret=1 # Determine what a SOA record with a bumped serial number should look like. BUMPED_SOA=$(sed -n 's/.*\(add removedkeys-secondary.*IN.*SOA\)/\1/p;' ns2/named.run | tail -1 | awk '{$8 += 1; print $0}') # Ensure the wait_until_raw_zone_update_is_processed() call below will ignore @@ -1336,7 +1350,7 @@ EOF wait_until_raw_zone_update_is_processed "removedkeys-secondary" # Query for bar.removedkeys-secondary/A again and ensure the signer now returns # a positive, signed response. -$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-secondary. A > dig.out.ns3.test$n 2>&1 +$DIG $DIGOPTS @10.53.0.3 bar.removedkeys-secondary. A > dig.out.ns3.test$n 2>&1 || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "RRSIG" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1362,26 +1376,26 @@ mv Kdelayedkeys* ns3/ $RNDCCMD 10.53.0.3 loadkeys delayedkeys > rndc.out.ns3.pre.test$n 2>&1 || ret=1 # Wait until the zone is signed. check_done_signing () ( - $RNDCCMD 10.53.0.3 signing -list delayedkeys > signing.out.test$n 2>&1 + $RNDCCMD 10.53.0.3 signing -list delayedkeys > signing.out.test$n 2>&1 || true num=$(grep "Done signing with" signing.out.test$n | wc -l) [ $num -eq 2 ] ) retry_quiet 10 check_done_signing || ret=1 # Halt rather than stopping the server to prevent the file from being # flushed upon shutdown since we specifically want to avoid it. -stop_server --use-rndc --halt --port ${CONTROLPORT} ns3 +stop_server --use-rndc --halt --port ${CONTROLPORT} ns3 || ret=1 ensure_sigs_only_in_journal delayedkeys ns3/delayedkeys.db.signed -start_server --noclean --restart --port ${PORT} ns3 +start_server --noclean --restart --port ${PORT} ns3 || ret=1 # At this point, the raw zone journal will not have a source serial set. Upon # server startup, receive_secure_serial() will rectify that, update SOA, resign # it, and schedule its future resign. This will cause "rndc zonestatus" to # return delayedkeys/SOA as the next node to resign, so we restart the server # once again; with the raw zone journal now having a source serial set, # receive_secure_serial() should refrain from introducing any zone changes. -stop_server --use-rndc --halt --port ${CONTROLPORT} ns3 +stop_server --use-rndc --halt --port ${CONTROLPORT} ns3 || ret=1 ensure_sigs_only_in_journal delayedkeys ns3/delayedkeys.db.signed nextpart ns3/named.run > /dev/null -start_server --noclean --restart --port ${PORT} ns3 +start_server --noclean --restart --port ${PORT} ns3 || ret=1 # We can now test whether the secure zone journal was correctly processed: # unless the records contained in it were scheduled for resigning, no resigning # event will be scheduled at all since the secure zone file contains no @@ -1395,7 +1409,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "check that zonestatus reports 'type: primary' for an inline primary zone ($n)" ret=0 -$RNDCCMD 10.53.0.3 zonestatus primary > rndc.out.ns3.test$n +$RNDCCMD 10.53.0.3 zonestatus primary > rndc.out.ns3.test$n || ret=1 grep "type: primary" rndc.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -1403,7 +1417,7 @@ status=$((status + ret)) n=$((n + 1)) echo_i "check that zonestatus reports 'type: secondary' for an inline secondary zone ($n)" ret=0 -$RNDCCMD 10.53.0.3 zonestatus bits > rndc.out.ns3.test$n +$RNDCCMD 10.53.0.3 zonestatus bits > rndc.out.ns3.test$n || ret=1 grep "type: secondary" rndc.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) @@ -1464,12 +1478,12 @@ echo_i "Check that restart with zone changes and deleted journal works ($n)" TSIG= ret=0 dig_with_opts @10.53.0.8 example SOA > dig.out.ns8.test$n.soa1 || ret=1 -stop_server --use-rndc --port ${CONTROLPORT} ns8 +stop_server --use-rndc --port ${CONTROLPORT} ns8 || ret=1 # TTL of all records change from 300 to 400 cp ns8/example3.db.in ns8/example.db || ret=1 -rm ns8/example.db.jnl +rm -f ns8/example.db.jnl nextpart ns8/named.run > /dev/null -start_server --noclean --restart --port ${PORT} ns8 +start_server --noclean --restart --port ${PORT} ns8 || ret=1 wait_for_log 3 "all zones loaded" ns8/named.run sleep 1 dig_with_opts @10.53.0.8 example SOA > dig.out.ns8.test$n.soa2 || ret=1 diff --git a/bin/tests/system/integrity/tests.sh b/bin/tests/system/integrity/tests.sh index 6754dd00f0..65648b495b 100644 --- a/bin/tests/system/integrity/tests.sh +++ b/bin/tests/system/integrity/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -23,108 +25,108 @@ ret=0 $DIG $DIGOPTS @10.53.0.1 mx mx-cname-fail > dig.out.test$n || ret=1 grep "status: SERVFAIL," dig.out.test$n > /dev/null || ret=1 grep "zone mx-cname-fail/IN: mx-cname-fail/MX 'cname.mx-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity yes; check-mx-cname warn;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 mx mx-cname-warn > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone mx-cname-warn/IN: mx-cname-warn/MX 'cname.mx-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity yes; check-mx-cname ignore;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 mx mx-cname-ignore > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone mx-cname-ignore/IN: mx-cname-ignore/MX 'cname.mx-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity no; check-mx-cname fail;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-fail > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-mx-cname-fail/IN: no-mx-cname-fail/MX 'cname.no-mx-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity no; check-mx-cname warn;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-warn > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-mx-cname-warn/IN: no-mx-cname-warn/MX 'cname.no-mx-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity no; check-mx-cname ignore;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 mx no-mx-cname-ignore > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-mx-cname-ignore/IN: no-mx-cname-ignore/MX 'cname.no-mx-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity yes; check-srv-cname fail;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 srv srv-cname-fail > dig.out.test$n || ret=1 grep "status: SERVFAIL," dig.out.test$n > /dev/null || ret=1 grep "zone srv-cname-fail/IN: srv-cname-fail/SRV 'cname.srv-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity yes; check-srv-cname warn;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 srv srv-cname-warn > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone srv-cname-warn/IN: srv-cname-warn/SRV 'cname.srv-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity yes; check-srv-cname ignore;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 srv srv-cname-ignore > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone srv-cname-ignore/IN: srv-cname-ignore/SRV 'cname.srv-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity no; check-srv-cname fail;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-fail > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-srv-cname-fail/IN: no-srv-cname-fail/SRV 'cname.no-srv-cname-fail' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity no; check-srv-cname warn;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-warn > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-srv-cname-warn/IN: no-srv-cname-warn/SRV 'cname.no-srv-cname-warn' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check that 'check-integrity no; check-srv-cname ignore;' works ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 srv no-srv-cname-ignore > dig.out.test$n || ret=1 grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 grep "zone no-srv-cname-ignore/IN: no-srv-cname-ignore/SRV 'cname.no-srv-cname-ignore' is a CNAME (illegal)" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" test $status -eq 0 || exit 1 diff --git a/bin/tests/system/ixfr/tests.sh b/bin/tests/system/ixfr/tests.sh index 65d5a48465..a2ac4256e4 100644 --- a/bin/tests/system/ixfr/tests.sh +++ b/bin/tests/system/ixfr/tests.sh @@ -16,6 +16,8 @@ # in the log file - need a better approach - until then, # if you add any tests above that point, you will break the test. +set -e + . ../conf.sh wait_for_serial() ( @@ -206,8 +208,8 @@ status=$((status+ret)) n=$((n+1)) echo_i "testing ixfr-from-differences option ($n)" # ns3 is primary; ns4 is secondary -$CHECKZONE test. ns3/mytest.db > /dev/null 2>&1 -if [ $? -ne 0 ] +{ $CHECKZONE test. ns3/mytest.db > /dev/null 2>&1; rc=$?; } || true +if [ $rc -ne 0 ] then echo_i "named-checkzone returned failure on ns3/mytest.db" fi @@ -299,9 +301,9 @@ sub=$! $DIG -p ${PORT} ixfr=0 large @10.53.0.3 > dig.out.test$n kill $sub ) -lines=`grep hostmaster.large dig.out.test$n | wc -l` +lines=$(grep hostmaster.large dig.out.test$n | wc -l) test ${lines:-0} -eq 2 || ret=1 -messages=`sed -n 's/^;;.*messages \([0-9]*\),.*/\1/p' dig.out.test$n` +messages=$(sed -n 's/^;;.*messages \([0-9]*\),.*/\1/p' dig.out.test$n) test ${messages:-0} -gt 1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) diff --git a/bin/tests/system/journal/tests.sh b/bin/tests/system/journal/tests.sh index f6e0f4d809..5dbceb8feb 100644 --- a/bin/tests/system/journal/tests.sh +++ b/bin/tests/system/journal/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh dig_with_opts() { @@ -24,7 +26,7 @@ rndc_with_opts() { status=0 n=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "check outdated journal rolled forward (dynamic) ($n)" ret=0 dig_with_opts changed soa > dig.out.test$n @@ -32,33 +34,33 @@ grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1 grep '2012010902' dig.out.test$n > /dev/null || ret=1 grep 'zone changed/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check outdated empty journal did not cause an error (dynamic) ($n)" ret=0 dig_with_opts unchanged soa > dig.out.test$n grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1 grep '2012010901' dig.out.test$n > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check outdated journals were updated or removed (dynamic) ($n)" ret=0 cat -v ns1/changed.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1 [ -f ns1/unchanged.db.jnl ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check updated journal has correct RR count (dynamic) ($n)" ret=0 $JOURNALPRINT -x ns1/changed.db.jnl | grep "rrcount 3 " > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check new-format journal rolled forward (dynamic) ($n)" ret=0 dig_with_opts changed2 soa > dig.out.test$n @@ -67,9 +69,9 @@ grep '2012010902' dig.out.test$n > /dev/null || ret=1 grep 'zone changed2/IN: journal rollforward completed successfully: success' ns1/named.run > /dev/null || ret=1 grep 'zone changed2/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check new-format empty journal did not cause error (dynamic) ($n)" ret=0 dig_with_opts unchanged2 soa > dig.out.test$n @@ -78,17 +80,17 @@ grep '2012010901' dig.out.test$n > /dev/null || ret=1 grep 'zone unchanged2/IN: journal rollforward completed successfully' ns1/named.run > /dev/null && ret=1 grep 'zone unchanged2/IN: journal rollforward completed successfully using old journal format' ns1/named.run > /dev/null && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check new-format journals were updated or removed (dynamic) ($n)" ret=0 cat -v ns1/changed2.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1 [ -f ns1/unchanged2.db.jnl ] && ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check outdated up-to-date journal succeeded (ixfr-from-differences) ($n)" ret=0 dig_with_opts -t soa ixfr > dig.out.test$n @@ -96,16 +98,16 @@ grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1 grep '2012010902' dig.out.test$n > /dev/null || ret=1 grep 'zone ixfr/IN: journal rollforward completed successfully using old journal format: up to date' ns1/named.run > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check outdated journal was updated (ixfr-from-differences) ($n)" ret=0 cat -v ns1/ixfr.db.jnl | grep "BIND LOG V9.2" > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check journal with mixed headers succeeded (version 1,2,1,2) ($n)" ret=0 dig_with_opts -t soa hdr1d1d2d1d2 > dig.out.test$n @@ -115,9 +117,9 @@ grep 'zone hdr1d1d2d1d2/IN: journal rollforward completed successfully using old grep 'zone_journal_compact: zone hdr1d1d2d1d2/IN: repair full journal' ns1/named.run > /dev/null || ret=1 grep 'hdr1d1d2d1d2/IN: dns_journal_compact: success' ns1/named.run > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check journal with mixed headers was updated (version 1,2,1,2) ($n)" ret=0 [ $($JOURNALPRINT -x ns1/d1212.jnl.saved | grep -c "version 1") -eq 2 ] || ret=1 @@ -125,9 +127,9 @@ ret=0 [ $($JOURNALPRINT -x ns1/d1212.db.jnl | grep -c "version 1") -eq 0 ] || ret=1 [ $($JOURNALPRINT -x ns1/d1212.db.jnl | grep -c "version 2") -eq 4 ] || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check journal with mixed headers succeeded (version 2,1,2,1) ($n)" ret=0 dig_with_opts -t soa hdr1d2d1d2d1 > dig.out.test$n @@ -137,9 +139,9 @@ grep 'zone hdr1d2d1d2d1/IN: journal rollforward completed successfully using old grep 'zone_journal_compact: zone hdr1d2d1d2d1/IN: repair full journal' ns1/named.run > /dev/null || ret=1 grep 'zone hdr1d2d1d2d1/IN: dns_journal_compact: success' ns1/named.run > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check journal with mixed headers was updated (version 2,1,2,1) ($n)" ret=0 [ $($JOURNALPRINT -x ns1/d2121.jnl.saved | grep -c "version 1") -eq 2 ] || ret=1 @@ -147,18 +149,18 @@ ret=0 [ $($JOURNALPRINT -x ns1/d2121.db.jnl | grep -c "version 1") -eq 0 ] || ret=1 [ $($JOURNALPRINT -x ns1/d2121.db.jnl | grep -c "version 2") -eq 4 ] || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check there are no journals left un-updated ($n)" ret=0 c1=$(cat -v ns1/*.jnl | grep -c "BIND LOG V9") c2=$(cat -v ns1/*.jnl | grep -c "BIND LOG V9.2") [ ${c1} -eq ${c2} ] || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "Check that journal with mixed headers can be compacted (version 1,2,1,2) ($n)" ret=0 journal=ns1/d1212.jnl.saved @@ -169,9 +171,9 @@ do $JOURNALPRINT -c $serial tmp.jnl || ret=1 done [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "Check that journal with mixed headers can be compacted (version 2,1,2,1) ($n)" ret=0 journal=ns1/d2121.jnl.saved @@ -182,18 +184,18 @@ do $JOURNALPRINT -c $serial tmp.jnl || ret=1 done [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check upgrade of managed-keys.bind.jnl succeeded($n)" ret=0 $JOURNALPRINT ns1/managed-keys.bind.jnl > journalprint.out.test$n lines=$(awk '$1 == "add" && $5 == "SOA" && $8 == "3297" { print }' journalprint.out.test$n | wc -l) test $lines -eq 1 || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check journal downgrade/upgrade ($n)" ret=0 cp ns1/changed.db.jnl ns1/temp.jnl @@ -204,9 +206,9 @@ $JOURNALPRINT -u ns1/temp.jnl $JOURNALPRINT -x ns1/temp.jnl | grep -q "Header version = 2" || ret=1 [ $($JOURNALPRINT -x ns1/temp.jnl | grep -c "version 2") -eq 1 ] || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check max-journal-size works after journal update ($n)" ret=0 # journal was repaired, it should still be big @@ -219,9 +221,9 @@ check_size() ( ) retry_quiet 10 check_size || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check max-journal-size works with non-updated journals ($n)" ret=0 # journal was not repaired, so it should still be big @@ -234,18 +236,18 @@ check_size() ( ) retry_quiet 10 check_size || ret=1 [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check journal index consistency ($n)" ret=0 for jnl in ns1/*.jnl; do $JOURNALPRINT -x $jnl 2>&1 | grep -q "Offset mismatch" && ret=1 done [ $ret -eq 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check that journal is applied to zone with keydata placeholder record" ret=0 grep 'managed-keys-zone: journal rollforward completed successfully: up to date' ns2/named.run > /dev/null 2>&1 || ret=1 diff --git a/bin/tests/system/kasp.sh b/bin/tests/system/kasp.sh index d49baa3047..4c44ac9571 100644 --- a/bin/tests/system/kasp.sh +++ b/bin/tests/system/kasp.sh @@ -242,6 +242,8 @@ set_keyrole() { test "$2" = "csk" && key_set "$1" "KSK" "yes" test "$2" = "csk" && key_set "$1" "ZSK" "yes" test "$2" = "csk" && key_set "$1" "FLAGS" "257" + + return 0 } set_keylifetime() { key_set "$1" "EXPECT" "yes" @@ -379,7 +381,7 @@ check_key() { [ -s "$STATE_FILE" ] || ret=1 fi [ "$ret" -eq 0 ] || _log_error "${BASE_FILE} files missing" - [ "$ret" -eq 0 ] || return + [ "$ret" -eq 0 ] || return 0 # Retrieve creation date. grep "; Created:" "$KEY_FILE" > "${ZONE}.${KEY_ID}.${_alg_num}.created" || _log_error "mismatch created comment in $KEY_FILE" @@ -454,6 +456,8 @@ check_key() { grep "DSChange: " "$STATE_FILE" > /dev/null || _log_error "mismatch ds change in $STATE_FILE" fi fi + + return 0 } # Check the key timing metadata for key $1. @@ -656,7 +660,7 @@ key_unused() { [ -s "$KEY_FILE" ] || ret=1 [ -s "$PRIVATE_FILE" ] || ret=1 [ -s "$STATE_FILE" ] || ret=1 - [ "$ret" -eq 0 ] || return + [ "$ret" -eq 0 ] || return 0 # Treat keys that have been removed from the zone as unused. _check_removed=1 @@ -686,6 +690,8 @@ key_unused() { grep "Retired: " "$STATE_FILE" > /dev/null && _log_error "unexpected retired in $STATE_FILE" grep "Revoked: " "$STATE_FILE" > /dev/null && _log_error "unexpected revoked in $STATE_FILE" grep "Removed: " "$STATE_FILE" > /dev/null && _log_error "unexpected removed in $STATE_FILE" + + return 0 } # Test: dnssec-verify zone $1. diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index b97cbd0ee4..ddbbd322c5 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh # shellcheck source=kasp.sh @@ -2164,7 +2166,7 @@ dnssec_verify n=$((n+1)) echo_i "check that rndc dnssec -rollover fails if key is inactive ($n)" ret=0 -rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n +rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n || ret=1 grep "key is not actively signing" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) diff --git a/bin/tests/system/keepalive/tests.sh b/bin/tests/system/keepalive/tests.sh index 124ca24acd..7314a9e1c3 100644 --- a/bin/tests/system/keepalive/tests.sh +++ b/bin/tests/system/keepalive/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -21,77 +23,77 @@ status=0 echo_i "checking that dig handles TCP keepalive ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +qr +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that dig added TCP keepalive ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $RNDCCMD stats grep "EDNS TCP keepalive option received" ns2/named.stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that TCP keepalive is added for TCP responses ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that TCP keepalive requires TCP ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE" dig.out.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking default value ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.3 > dig.out.test$n grep "; TCP KEEPALIVE: 30.0 secs" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking configured value ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE: 15.0 secs" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking re-configured value ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $RNDCCMD tcp-timeouts 300 300 300 200 > output diff -b output expected || ret=1 $DIG $DIGOPTS +vc +keepalive foo.example @10.53.0.2 > dig.out.test$n grep "; TCP KEEPALIVE: 20.0 secs" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking server config entry ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $RNDCCMD stats -oka=`grep "EDNS TCP keepalive option received" ns2/named.stats | \ - tail -1 | awk '{ print $1}'` +oka=$(grep "EDNS TCP keepalive option received" ns2/named.stats | \ + tail -1 | awk '{ print $1}') $DIG $DIGOPTS bar.example @10.53.0.3 > dig.out.test$n $RNDCCMD stats -nka=`grep "EDNS TCP keepalive option received" ns2/named.stats | \ - tail -1 | awk '{ print $1}'` +nka=$(grep "EDNS TCP keepalive option received" ns2/named.stats | \ + tail -1 | awk '{ print $1}') #echo oka ':' $oka #echo nka ':' $nka if [ "$oka" -eq "$nka" ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/keyfromlabel/tests.sh b/bin/tests/system/keyfromlabel/tests.sh index c0a3c0aeba..5cedbf93d1 100644 --- a/bin/tests/system/keyfromlabel/tests.sh +++ b/bin/tests/system/keyfromlabel/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh diff --git a/bin/tests/system/keymgr2kasp/tests.sh b/bin/tests/system/keymgr2kasp/tests.sh index 574347e14a..6f9caae564 100644 --- a/bin/tests/system/keymgr2kasp/tests.sh +++ b/bin/tests/system/keymgr2kasp/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh # shellcheck source=kasp.sh diff --git a/bin/tests/system/legacy/ns6/sign.sh b/bin/tests/system/legacy/ns6/sign.sh index 9baecad2cd..f76b3c23c1 100755 --- a/bin/tests/system/legacy/ns6/sign.sh +++ b/bin/tests/system/legacy/ns6/sign.sh @@ -22,8 +22,8 @@ infile=edns512.db.in zonefile=edns512.db outfile=edns512.db.signed -keyname1=`$KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null` +keyname1=$($KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null) +keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null) cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/legacy/ns7/sign.sh b/bin/tests/system/legacy/ns7/sign.sh index 6356fa485a..c2153f9309 100755 --- a/bin/tests/system/legacy/ns7/sign.sh +++ b/bin/tests/system/legacy/ns7/sign.sh @@ -22,8 +22,8 @@ infile=edns512-notcp.db.in zonefile=edns512-notcp.db outfile=edns512-notcp.db.signed -keyname1=`$KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null` +keyname1=$($KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null) +keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null) cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 0bddac8a75..44d3b1196f 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT} +tries=1 +time=2" @@ -45,7 +47,7 @@ resolution_fails() { status=0 n=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking formerr edns server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.8 ednsformerr soa > dig.out.1.test$n || ret=1 @@ -55,16 +57,16 @@ $DIG $DIGOPTS +noedns @10.53.0.8 ednsformerr soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to formerr edns server succeeds ($n)" ret=0 resolution_succeeds ednsformerr. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking notimp edns server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.9 ednsnotimp soa > dig.out.1.test$n || ret=1 @@ -74,16 +76,16 @@ $DIG $DIGOPTS +noedns @10.53.0.9 ednsnotimp soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to notimp edns server fails ($n)" ret=0 resolution_fails ednsnotimp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking refused edns server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.10 ednsrefused soa > dig.out.1.test$n || ret=1 @@ -93,16 +95,16 @@ $DIG $DIGOPTS +noedns @10.53.0.10 ednsrefused soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to refused edns server fails ($n)" ret=0 resolution_fails ednsrefused. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking drop edns server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.2 dropedns soa > dig.out.1.test$n && ret=1 @@ -118,16 +120,16 @@ $DIG $DIGOPTS +edns +tcp @10.53.0.2 dropedns soa > dig.out.4.test$n && ret=1 grep "timed out" dig.out.4.test$n > /dev/null || ret=1 grep ";; no servers could be reached" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to drop edns server fails ($n)" ret=0 resolution_fails dropedns. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking drop edns + no tcp server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.3 dropedns-notcp soa > dig.out.1.test$n && ret=1 @@ -139,16 +141,16 @@ $DIG $DIGOPTS +noedns @10.53.0.3 dropedns-notcp soa > dig.out.3.test$n || ret=1 grep "status: NOERROR" dig.out.3.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to drop edns + no tcp server fails ($n)" ret=0 resolution_fails dropedns-notcp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking plain dns server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.4 plain soa > dig.out.1.test$n || ret=1 @@ -158,33 +160,33 @@ $DIG $DIGOPTS +edns +tcp @10.53.0.4 plain soa > dig.out.2.test$n grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to plain dns server succeeds ($n)" ret=0 resolution_succeeds plain. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking plain dns + no tcp server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.5 plain-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.1.test$n > /dev/null && ret=1 -$DIG $DIGOPTS +edns +tcp @10.53.0.5 plain-notcp soa > dig.out.2.test$n +$DIG $DIGOPTS +edns +tcp @10.53.0.5 plain-notcp soa > dig.out.2.test$n && ret=1 grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to plain dns + no tcp server succeeds ($n)" ret=0 resolution_succeeds plain-notcp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "checking edns 512 server setup ($n)" ret=0 @@ -202,16 +204,16 @@ grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.4.test$n > /dev/null || ret=1 grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to edns 512 server succeeds ($n)" ret=0 retry_quiet 3 resolution_succeeds edns512. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking edns 512 + no tcp server setup ($n)" ret=0 $DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 @@ -227,31 +229,31 @@ grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 grep "EDNS: version:" dig.out.4.test$n > /dev/null || ret=1 grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to edns 512 + no tcp server fails ($n)" ret=0 resolution_fails edns512-notcp. || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to edns 512 + no tcp server does not cause query loops ($n)" ret=0 -sent=`grep -c -F "sending packet to 10.53.0.7" ns1/named.run` +sent=$(grep -c -F "sending packet to 10.53.0.7" ns1/named.run) if [ $sent -ge 10 ]; then echo_i "ns1 sent $sent queries to ns7, expected less than 10" ret=1 fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) stop_server --use-rndc --port ${CONTROLPORT} ns1 copy_setports ns1/named2.conf.in ns1/named.conf start_server --noclean --restart --port ${PORT} ns1 -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)" # retry loop in case the server restart above causes transient failure for try in 0 1 2 3 4 5 6 7 8 9; do @@ -261,7 +263,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do sleep 1 done if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/limits/tests.sh b/bin/tests/system/limits/tests.sh index f4149fcb57..f2cf0fb5bb 100644 --- a/bin/tests/system/limits/tests.sh +++ b/bin/tests/system/limits/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" diff --git a/bin/tests/system/logfileconfig/tests.sh b/bin/tests/system/logfileconfig/tests.sh index 3abf17540a..d12fd06cf2 100644 --- a/bin/tests/system/logfileconfig/tests.sh +++ b/bin/tests/system/logfileconfig/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh # Test given condition. If true, test again after a second. Used for testing @@ -216,7 +218,7 @@ try=0 while test $try -lt 12 do touch ns1/named_inc.$try - try=`expr $try + 1` + try=$((try + 1)) done rndc_reconfig ns1 10.53.0.1 > rndc.out.test$n _found2() ( @@ -227,7 +229,7 @@ _found2() ( while test $try -lt 12 do [ -f ns1/named_inc.$try ] && return 1 - try=`expr $try + 1` + try=$((try + 1)) done set -- ns1/named_inc.* [ "$#" -eq 1 ] || return 1 @@ -244,7 +246,7 @@ try=0 while test $try -lt 12 do touch $TMPDIR/example.log.$try - try=`expr $try + 1` + try=$((try + 1)) done rndc_reconfig ns1 10.53.0.1 > rndc.out.test$n _found2() ( @@ -255,7 +257,7 @@ _found2() ( while test $try -lt 12 do [ -f $TMPDIR/example.log.$try ] && return 1 - try=`expr $try + 1` + try=$((try + 1)) done set -- $TMPDIR/example.log.* [ "$#" -eq 1 ] || return 1 diff --git a/bin/tests/system/masterfile/tests.sh b/bin/tests/system/masterfile/tests.sh index 6ca4ea5b0a..5755088ed7 100644 --- a/bin/tests/system/masterfile/tests.sh +++ b/bin/tests/system/masterfile/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -19,7 +21,7 @@ status=0 n=0 ret=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "test master file \$INCLUDE semantics ($n)" $DIG $DIGOPTS +nostats +nocmd include. axfr @10.53.0.1 >dig.out.$n @@ -31,31 +33,31 @@ $DIG $DIGOPTS +nostats +nocmd ttl2. axfr @10.53.0.1 >>dig.out.$n diff dig.out.$n knowngood.dig.out || status=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) ret=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "test that the nameserver is running with a missing master file ($n)" $DIG $DIGOPTS +tcp +noall +answer example soa @10.53.0.2 > dig.out.$n grep SOA dig.out.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) ret=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "test that the nameserver returns SERVFAIL for a missing master file ($n)" $DIG $DIGOPTS +tcp +all missing soa @10.53.0.2 > dig.out.$n grep "status: SERVFAIL" dig.out.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) ret=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "test owner inheritance after "'$INCLUDE'" ($n)" $CHECKZONE -Dq example zone/inheritownerafterinclude.db > checkzone.out$n diff checkzone.out$n zone/inheritownerafterinclude.good || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/masterformat/tests.sh b/bin/tests/system/masterformat/tests.sh index 7c52bd4c66..da9ec87ebf 100755 --- a/bin/tests/system/masterformat/tests.sh +++ b/bin/tests/system/masterformat/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh @@ -22,8 +24,7 @@ israw () { $PERL -e 'binmode STDIN; read(STDIN, $input, 8); ($style, $version) = unpack("NN", $input); - exit 1 if ($style != 2 || $version > 1);' < "$1" - return $? + exit 1 if ($style != 2 || $version > 1);' < "$1" || return $? } isfull () { diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh index e8d442366a..38141b27a1 100644 --- a/bin/tests/system/metadata/tests.sh +++ b/bin/tests/system/metadata/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh pzone=parent.nil pfile=parent.db diff --git a/bin/tests/system/mirror/tests.sh b/bin/tests/system/mirror/tests.sh index d5d0b92681..dc6cffa7fc 100644 --- a/bin/tests/system/mirror/tests.sh +++ b/bin/tests/system/mirror/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT} -b 10.53.0.1 +dnssec +time=2 +tries=1 +multi" diff --git a/bin/tests/system/names/tests.sh b/bin/tests/system/names/tests.sh index d6495707a7..9546298451 100644 --- a/bin/tests/system/names/tests.sh +++ b/bin/tests/system/names/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+nosea +stat +noquest +nocomm +nocmd -p ${PORT}" @@ -19,28 +21,27 @@ status=0 echo_i "Getting message size with compression enabled" $DIG $DIGOPTS -b 10.53.0.1 @10.53.0.1 mx example > dig.compen.test -COMPEN=`grep ';; MSG SIZE' dig.compen.test |sed -e "s/.*: //g"` +COMPEN=$(grep ';; MSG SIZE' dig.compen.test |sed -e "s/.*: //g") cat dig.compen.test |grep -v ';;' |sort > dig.compen.sorted.test echo_i "Getting message size with compression disabled" $DIG $DIGOPTS -b 10.53.0.2 @10.53.0.1 mx example > dig.compdis.test -COMPDIS=`grep ';; MSG SIZE' dig.compdis.test |sed -e "s/.*: //g"` +COMPDIS=$(grep ';; MSG SIZE' dig.compdis.test |sed -e "s/.*: //g") cat dig.compdis.test |grep -v ';;' |sort > dig.compdis.sorted.test # the compression disabled message should be at least twice as large as with # compression disabled, but the content should be the same echo_i "Checking if responses are identical other than in message size" -diff dig.compdis.sorted.test dig.compen.sorted.test >/dev/null -ret=$? +{ diff dig.compdis.sorted.test dig.compen.sorted.test >/dev/null; ret=$?; } || true if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Checking if message with compression disabled is significantly larger" echo_i "Disabled $COMPDIS vs enabled $COMPEN" -val=`expr \( $COMPDIS \* 3 / 2 \) / $COMPEN` +val=$(( (COMPDIS * 3 / 2) / COMPEN)) if [ $val -le 1 ]; then echo_i "failed" - status=`expr $status + 1` + status=$((status + 1)) fi; echo_i "exit status: $status" diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh index 950f7854d0..ba9dfe3a86 100644 --- a/bin/tests/system/notify/tests.sh +++ b/bin/tests/system/notify/tests.sh @@ -11,8 +11,9 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -# shellcheck disable=SC2034 +set -e +# shellcheck disable=SC2034 . ../conf.sh dig_plus_opts() { diff --git a/bin/tests/system/nsec3/tests.sh b/bin/tests/system/nsec3/tests.sh index 3ebf247182..117bf636a7 100644 --- a/bin/tests/system/nsec3/tests.sh +++ b/bin/tests/system/nsec3/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh # shellcheck source=kasp.sh @@ -184,7 +186,7 @@ _check_nsec3_nsec3param() { grep "${ZONE}.*0.*IN.*NSEC3PARAM.*1.*0.*${ITERATIONS}.*${SALT}" "dig.out.test$n.nsec3param.$ZONE" > /dev/null || return 1 if [ -z "$SALT" ]; then - SALT=`awk '$4 == "NSEC3PARAM" { print $8 }' dig.out.test$n.nsec3param.$ZONE` + SALT=$(awk '$4 == "NSEC3PARAM" { print $8 }' dig.out.test$n.nsec3param.$ZONE) fi return 0 } diff --git a/bin/tests/system/nslookup/tests.sh b/bin/tests/system/nslookup/tests.sh index abde65c98f..e985f1952a 100644 --- a/bin/tests/system/nslookup/tests.sh +++ b/bin/tests/system/nslookup/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck disable=SC2086 . ../conf.sh diff --git a/bin/tests/system/nsupdate/krb/setup.sh b/bin/tests/system/nsupdate/krb/setup.sh index 5ac116c41d..3d254a84e0 100644 --- a/bin/tests/system/nsupdate/krb/setup.sh +++ b/bin/tests/system/nsupdate/krb/setup.sh @@ -13,7 +13,7 @@ set -x -PWD=`pwd` +PWD=$(pwd) KRB5_CONFIG="${PWD}/krb5.conf" export KRB5_CONFIG @@ -21,9 +21,9 @@ export KRB5_CONFIG KRB5_KDC_PROFILE=${PWD}/krb5kdc export KRB5_KDC_PROFILE -now=`date +%s` -lifetime=`expr 2147483647 - $now` -lifetime=`expr $lifetime / 3600 / 24 - 30` +now=$(date +%s) +lifetime=$((2147483647 - now)) +lifetime=$((lifetime / 3600 / 24 - 30)) cat << EOF > "${KRB5_CONFIG}" [libdefaults] diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index 4df7ad8f1c..6e257ae914 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -579,7 +581,7 @@ done ret=0 echo_i "check that 'nsupdate -l' with a missing keyfile reports the missing file" -$NSUPDATE -4 -p ${PORT} -l -k ns1/nonexistent.key 2> nsupdate.out < /dev/null +$NSUPDATE -4 -p ${PORT} -l -k ns1/nonexistent.key 2> nsupdate.out < /dev/null && ret=1 grep ns1/nonexistent.key nsupdate.out > /dev/null || ret=1 if test $ret -ne 0 then @@ -629,7 +631,7 @@ fi n=$((n + 1)) ret=0 echo_i "check that 'update-policy tcp-self' refuses update of records via UDP ($n)" -$NSUPDATE > nsupdate.out.$n 2>&1 << END +$NSUPDATE > nsupdate.out.$n 2>&1 << END && ret=1 server 10.53.0.6 ${PORT} local 127.0.0.1 update add 1.0.0.127.in-addr.arpa. 600 PTR localhost. @@ -667,7 +669,7 @@ fi n=$((n + 1)) ret=0 echo_i "check that 'update-policy tcp-self' refuses update of records for a different address from the client's own address via TCP ($n)" -$NSUPDATE -v > nsupdate.out.$n 2>&1 << END +$NSUPDATE -v > nsupdate.out.$n 2>&1 << END && ret=1 server 10.53.0.6 ${PORT} local 127.0.0.1 update add 1.0.168.192.in-addr.arpa. 600 PTR localhost. @@ -821,13 +823,13 @@ echo_i "check command list ($n)" ( while read cmd do - echo "$cmd" | $NSUPDATE > /dev/null 2>&1 - if test $? -gt 1 ; then + { echo "$cmd" | $NSUPDATE > /dev/null 2>&1; rc=$?; } || true + if test $rc -gt 1 ; then echo_i "failed ($cmd)" ret=1 fi - echo "$cmd " | $NSUPDATE > /dev/null 2>&1 - if test $? -gt 1 ; then + { echo "$cmd " | $NSUPDATE > /dev/null 2>&1; rc=$?; } || true + if test $rc -gt 1 ; then echo_i "failed ($cmd)" ret=1 fi @@ -1037,23 +1039,23 @@ retry_quiet 20 check_size_lt_5000 || ret=1 n=$((n + 1)) echo_i "check check-names processing ($n)" ret=0 -$NSUPDATE << EOF > nsupdate.out1-$n 2>&1 +$NSUPDATE << EOF > nsupdate.out1-$n 2>&1 && ret=1 update add # 0 in a 1.2.3.4 EOF grep "bad owner" nsupdate.out1-$n > /dev/null || ret=1 -$NSUPDATE << EOF > nsupdate.out2-$n 2>&1 +$NSUPDATE << EOF > nsupdate.out2-$n 2>&1 || ret=1 check-names off update add # 0 in a 1.2.3.4 EOF grep "bad owner" nsupdate.out2-$n > /dev/null && ret=1 -$NSUPDATE << EOF > nsupdate.out3-$n 2>&1 +$NSUPDATE << EOF > nsupdate.out3-$n 2>&1 && ret=1 update add . 0 in mx 0 # EOF grep "bad name" nsupdate.out3-$n > /dev/null || ret=1 -$NSUPDATE << EOF > nsupdate.out4-$n 2>&1 +$NSUPDATE << EOF > nsupdate.out4-$n 2>&1 || ret=1 check-names off update add . 0 in mx 0 # EOF @@ -1115,7 +1117,7 @@ zone unreachable. update add unreachable. 600 A 192.0.2.1 send END -t2=`$PERL -e 'print time()'` +t2=$($PERL -e 'print time()') grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 elapsed=$((t2 - t1)) @@ -1134,7 +1136,7 @@ zone unreachable. update add unreachable. 600 A 192.0.2.1 send END -t2=`$PERL -e 'print time()'` +t2=$($PERL -e 'print time()') grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 elapsed=$((t2 - t1)) @@ -1153,7 +1155,7 @@ zone unreachable. update add unreachable. 600 A 192.0.2.1 send END -t2=`$PERL -e 'print time()'` +t2=$($PERL -e 'print time()') grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 elapsed=$((t2 - t1)) @@ -1172,7 +1174,7 @@ zone unreachable. update add unreachable. 600 A 192.0.2.1 send END -t2=`$PERL -e 'print time()'` +t2=$($PERL -e 'print time()') grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 elapsed=$((t2 - t1)) @@ -1191,7 +1193,7 @@ zone unreachable. update add unreachable. 600 A 192.0.2.1 send END -t2=`$PERL -e 'print time()'` +t2=$($PERL -e 'print time()') grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1 grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1 elapsed=$((t2 - t1)) @@ -1477,7 +1479,7 @@ n=$((n + 1)) ret=0 echo_i "check that update is rejected if query is not allowed ($n)" { - $NSUPDATE -d < dig.out.test$n grep "; PAD" dig.out.test$n > /dev/null || ret=1 grep "; QUERY SIZE: 128" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that dig added padding ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) nextpart ns2/named.stats > /dev/null $RNDCCMD 10.53.0.2 stats wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1 nextpart ns2/named.stats | grep "EDNS padding option received" > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that padding is added for TCP responses ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +vc +padding=128 foo.example @10.53.0.2 > dig.out.test$n grep "; PAD" dig.out.test$n > /dev/null || ret=1 grep "rcvd: 128" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that padding is added to valid cookie responses ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +cookie foo.example @10.53.0.2 > dig.out.testc -cookie=`getcookie dig.out.testc` +cookie=$(getcookie dig.out.testc) $DIG $DIGOPTS +cookie=$cookie +padding=128 foo.example @10.53.0.2 > dig.out.test$n grep "; PAD" dig.out.test$n > /dev/null || ret=1 grep "rcvd: 128" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that padding must be requested (TCP) ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +vc foo.example @10.53.0.2 > dig.out.test$n grep "; PAD" dig.out.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that padding must be requested (valid cookie) ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +cookie=$cookie foo.example @10.53.0.2 > dig.out.test$n grep "; PAD" dig.out.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that padding can be filtered out ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +vc +padding=128 -b 10.53.0.8 foo.example @10.53.0.2 > dig.out.test$n grep "; PAD" dig.out.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that a TCP and padding server config enables padding ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) nextpart ns2/named.stats > /dev/null $RNDCCMD 10.53.0.2 stats wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1 -opad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'` +opad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}') $DIG $DIGOPTS foo.example @10.53.0.3 > dig.out.test$n $RNDCCMD 10.53.0.2 stats wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1 -npad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'` +npad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}') if [ "$opad" -eq "$npad" ]; then echo_i "error: opad ($opad) == npad ($npad)"; ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that a padding server config should enforce TCP ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) nextpart ns2/named.stats > /dev/null $RNDCCMD 10.53.0.2 stats wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1 -opad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'` +opad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}') $DIG $DIGOPTS foo.example @10.53.0.4 > dig.out.test$n $RNDCCMD 10.53.0.2 stats wait_for_log_peek 5 "--- Statistics Dump ---" ns2/named.stats || ret=1 -npad=`nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}'` +npad=$(nextpart ns2/named.stats | awk '/EDNS padding option received/ { print $1}') if [ "$opad" -ne "$npad" ]; then echo_i "error: opad ($opad) != npad ($npad)"; ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that zero-length padding option has no effect ($n)" ret=0 -n=`expr $n + 1` +n=$((n + 1)) $DIG $DIGOPTS +qr +ednsopt=12 foo.example @10.53.0.2 > dig.out.test$n.1 grep "; PAD" dig.out.test$n.1 > /dev/null || ret=1 $DIG $DIGOPTS +qr +ednsopt=12:00 foo.example @10.53.0.2 > dig.out.test$n.2 grep "; PAD" dig.out.test$n.2 > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/pending/tests.sh b/bin/tests/system/pending/tests.sh index baaacd4d79..362cef3ef8 100644 --- a/bin/tests/system/pending/tests.sh +++ b/bin/tests/system/pending/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh # replace_data dname RR old_data new_data @@ -51,18 +53,18 @@ DIGOPTS_CD="$DIGOPTS +cd" echo_i "Priming cache." ret=0 expect="10 mail.example." -ans=`$DIG $DIGOPTS_CD @10.53.0.4 hostile MX` || ret=1 +ans=$($DIG $DIGOPTS_CD @10.53.0.4 hostile MX) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Checking that bogus additional is not returned with +CD." ret=0 expect="10.0.0.2" -ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example A` || ret=1 +ans=$($DIG $DIGOPTS_CD @10.53.0.4 mail.example A) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) # # Prime cache with pending additional records. These should not be promoted @@ -71,36 +73,36 @@ status=`expr $status + $ret` echo_i "Priming cache (pending additional A and AAAA)" ret=0 expect="10 mail.example.com." -ans=`$DIG $DIGOPTS @10.53.0.4 example.com MX` || ret=1 +ans=$($DIG $DIGOPTS @10.53.0.4 example.com MX) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Replacing pending A" ret=0 replace_data mail.example.com. A 192.0.2.2 192.0.2.3 || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Replacing pending AAAA" ret=0 replace_data mail.example.com. AAAA 2001:db8::2 2001:db8::3 || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Checking updated data to be returned (without CD)" ret=0 expect="192.0.2.3" -ans=`$DIG $DIGOPTS @10.53.0.4 mail.example.com A` || ret=1 +ans=$($DIG $DIGOPTS @10.53.0.4 mail.example.com A) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Checking updated data to be returned (with CD)" ret=0 expect="2001:db8::3" -ans=`$DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA` || ret=1 +ans=$($DIG $DIGOPTS_CD @10.53.0.4 mail.example.com AAAA) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) # # Prime cache with a pending answer record. It can be returned (without @@ -109,23 +111,23 @@ status=`expr $status + $ret` echo_i "Priming cache (pending answer)" ret=0 expect="192.0.2.2" -ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1 +ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Replacing pending data" ret=0 replace_data pending-ok.example.com. A 192.0.2.2 192.0.2.3 || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Confirming cached pending data to be returned with CD" ret=0 expect="192.0.2.2" -ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A` || ret=1 +ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ok.example.com A) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) # # Prime cache with a pending answer record. It should not be returned @@ -134,23 +136,23 @@ status=`expr $status + $ret` echo_i "Priming cache (pending answer)" ret=0 expect="192.0.2.102" -ans=`$DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A` || ret=1 +ans=$($DIG $DIGOPTS_CD @10.53.0.4 pending-ng.example.com A) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Replacing pending data" ret=0 replace_data pending-ng.example.com. A 192.0.2.102 192.0.2.103 || ret=1 -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Confirming updated data returned, not the cached one, without CD" ret=0 expect="192.0.2.103" -ans=`$DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A` || ret=1 +ans=$($DIG $DIGOPTS @10.53.0.4 pending-ng.example.com A) || ret=1 test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) # # Try to fool the resolver with an out-of-bailiwick CNAME @@ -158,20 +160,20 @@ status=`expr $status + $ret` echo_i "Trying to Prime out-of-bailiwick pending answer with CD" ret=0 expect="10.10.10.10" -ans=`$DIG $DIGOPTS_CD @10.53.0.4 bad.example. A` || ret=1 -ans=`echo $ans | awk '{print $NF}'` +ans=$($DIG $DIGOPTS_CD @10.53.0.4 bad.example. A) || ret=1 +ans=$(echo $ans | awk '{print $NF}') test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Confirming the out-of-bailiwick answer is not cached or reused with CD" ret=0 expect="10.10.10.10" -ans=`$DIG $DIGOPTS_CD @10.53.0.4 nice.good. A` || ret=1 -ans=`echo $ans | awk '{print $NF}'` +ans=$($DIG $DIGOPTS_CD @10.53.0.4 nice.good. A) || ret=1 +ans=$(echo $ans | awk '{print $NF}') test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) # # Make sure the resolver doesn't cache bogus NXDOMAIN @@ -179,20 +181,20 @@ status=`expr $status + $ret` echo_i "Trying to Prime bogus NXDOMAIN" ret=0 expect="SERVFAIL" -ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1 -ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'` +ans=$($DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A) || ret=1 +ans=$(echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/') test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "Confirming the bogus NXDOMAIN was not cached" ret=0 expect="SERVFAIL" -ans=`$DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A` || ret=1 -ans=`echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/'` +ans=$($DIG +tcp -p ${PORT} @10.53.0.4 removed.example.com. A) || ret=1 +ans=$(echo $ans | sed 's/^.*status: \([A-Z][A-Z]*\).*$/\1/') test "$ans" = "$expect" || ret=1 test $ret = 0 || echo_i "failed, got '$ans', expected '$expect'" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/pipelined/tests.sh b/bin/tests/system/pipelined/tests.sh index 34a105f5f7..26c0d31990 100644 --- a/bin/tests/system/pipelined/tests.sh +++ b/bin/tests/system/pipelined/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh MDIGOPTS="-p ${PORT}" @@ -26,7 +28,7 @@ sort < output > output-sorted diff ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; } diff ref output > /dev/null && { ret=1 ; echo_i "diff out of order failed"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check pipelined TCP queries using mdig" ret=0 @@ -38,7 +40,7 @@ sort < output.mdig > output-sorted.mdig diff ref output-sorted.mdig || { ret=1 ; echo_i "diff sorted failed"; } diff ref output.mdig > /dev/null && { ret=1 ; echo_i "diff out of order failed"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check keep-response-order" ret=0 @@ -48,7 +50,7 @@ $PIPEQUERIES -p ${PORT} ++ < inputb > rawb || ret=1 awk '{ print $1 " " $5 }' < rawb > outputb diff refb outputb || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check keep-response-order using mdig" ret=0 @@ -58,7 +60,7 @@ $MDIG $MDIGOPTS +noall +answer +vc -f inputb -b 10.53.0.7 @10.53.0.4 > rawb.mdig awk '{ print $1 " " $5 }' < rawb.mdig > outputb.mdig diff refb outputb.mdig || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check mdig -4 -6" ret=0 @@ -67,14 +69,14 @@ sleep 1 $MDIG $MDIGOPTS -4 -6 -f input @10.53.0.4 > output46.mdig 2>&1 && ret=1 grep "only one of -4 and -6 allowed" output46.mdig > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "check mdig -4 with an IPv6 server address" ret=0 $MDIG $MDIGOPTS -4 -f input @fd92:7065:b8e:ffff::2 > output4.mdig 2>&1 && ret=1 grep "address family not supported" output4.mdig > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/qmin/tests.sh b/bin/tests/system/qmin/tests.sh index 12d74518fc..b8d31285c0 100755 --- a/bin/tests/system/qmin/tests.sh +++ b/bin/tests/system/qmin/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" diff --git a/bin/tests/system/reclimit/tests.sh b/bin/tests/system/reclimit/tests.sh index de1dacb242..7e80d2248b 100644 --- a/bin/tests/system/reclimit/tests.sh +++ b/bin/tests/system/reclimit/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -38,9 +40,9 @@ ns3_sends_aaaa_queries() { # - if ns3 sends AAAA queries, the query count should equal $2, # - if ns3 does not send AAAA queries, the query count should equal $3. check_query_count() { - count1=`sed 's/[^0-9]//g;' $1` - count2=`sed 's/[^0-9]//g;' $2` - count=`expr $count1 + $count2` + count1=$(sed 's/[^0-9]//g;' $1) + count2=$(sed 's/[^0-9]//g;' $2) + count=$((count1 + count2)) #echo_i "count1=$count1 count2=$count2 count=$count" expected_count_with_aaaa=$3 expected_count_without_aaaa=$4 @@ -59,7 +61,7 @@ check_query_count() { echo_i "set max-recursion-depth=12" -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempt excessive-depth lookup ($n)" ret=0 echo "1000" > ans2/ans.limit @@ -72,9 +74,9 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 $DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 check_query_count dig.out.2.test$n dig.out.4.test$n 27 14 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempt permissible lookup ($n)" ret=0 echo "12" > ans2/ans.limit @@ -88,11 +90,11 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 $DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 check_query_count dig.out.2.test$n dig.out.4.test$n 50 26 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "set max-recursion-depth=5" -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempt excessive-depth lookup ($n)" ret=0 echo "12" > ans2/ans.limit @@ -105,9 +107,9 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 $DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 check_query_count dig.out.2.test$n dig.out.4.test$n 13 7 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempt permissible lookup ($n)" ret=0 echo "5" > ans2/ans.limit @@ -121,11 +123,11 @@ $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 $DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 check_query_count dig.out.2.test$n dig.out.4.test$n 22 12 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "set max-recursion-depth=100, max-recursion-queries=50" -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempt excessive-queries lookup ($n)" ret=0 echo "13" > ans2/ans.limit @@ -139,12 +141,12 @@ if ns3_sends_aaaa_queries; then fi $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 $DIG $DIGOPTS +short @10.53.0.4 count txt > dig.out.4.test$n || ret=1 -eval count=`cat dig.out.2.test$n` +eval count=$(cat dig.out.2.test$n) [ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempt permissible lookup ($n)" ret=0 echo "12" > ans2/ans.limit @@ -153,14 +155,14 @@ $DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 $DIG $DIGOPTS @10.53.0.3 indirect6.example.org > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 -eval count=`cat dig.out.2.test$n` +eval count=$(cat dig.out.2.test$n) [ $count -le 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "set max-recursion-depth=100, max-recursion-queries=40" -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempt excessive-queries lookup ($n)" ret=0 echo "11" > ans2/ans.limit @@ -171,12 +173,12 @@ if ns3_sends_aaaa_queries; then grep "status: SERVFAIL" dig.out.1.test$n > /dev/null || ret=1 fi $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 -eval count=`cat dig.out.2.test$n` +eval count=$(cat dig.out.2.test$n) [ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempt permissible lookup ($n)" ret=0 echo "9" > ans2/ans.limit @@ -185,25 +187,25 @@ $DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 $DIG $DIGOPTS @10.53.0.3 indirect8.example.org > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 -eval count=`cat dig.out.2.test$n` +eval count=$(cat dig.out.2.test$n) [ $count -le 40 ] || { ret=1; echo_i "count ($count) !<= 40"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "attempting NS explosion ($n)" ret=0 ns3_reset ns3/named4.conf.in $DIG $DIGOPTS @10.53.0.2 reset > /dev/null || ret=1 $DIG $DIGOPTS +short @10.53.0.3 ns1.1.example.net > dig.out.1.test$n || ret=1 $DIG $DIGOPTS +short @10.53.0.2 count txt > dig.out.2.test$n || ret=1 -eval count=`cat dig.out.2.test$n` +eval count=$(cat dig.out.2.test$n) [ $count -lt 50 ] || ret=1 $DIG $DIGOPTS +short @10.53.0.7 count txt > dig.out.3.test$n || ret=1 -eval count=`cat dig.out.3.test$n` +eval count=$(cat dig.out.3.test$n) [ $count -lt 50 ] || { ret=1; echo_i "count ($count) !<= 50"; } if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) #grep "duplicate query" ns3/named.run echo_i "exit status: $status" diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh index 7201ff2399..83b90ad485 100644 --- a/bin/tests/system/redirect/tests.sh +++ b/bin/tests/system/redirect/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -26,9 +28,9 @@ do echo_i "checking that $conf is accepted ($n)" ret=0 $CHECKCONF "$conf" || ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done for conf in conf/bad*.conf @@ -36,9 +38,9 @@ do echo_i "checking that $conf is rejected ($n)" ret=0 $CHECKCONF "$conf" >/dev/null && ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done echo_i "checking A zone redirect works for nonexist ($n)" @@ -46,32 +48,32 @@ ret=0 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect updates statistics ($n)" ret=0 -rm ns2/named.stats 2>/dev/null +rm -f ns2/named.stats 2>/dev/null $RNDCCMD 10.53.0.2 stats || ret=1 -PRE=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats` +PRE=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats) $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 -rm ns2/named.stats 2>/dev/null +rm -f ns2/named.stats 2>/dev/null $RNDCCMD 10.53.0.2 stats || ret=1 -POST=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats` -if [ `expr $POST - $PRE` != 1 ]; then ret=1; fi -n=`expr $n + 1` +POST=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns2/named.stats) +if [ $((POST - PRE)) != 1 ]; then ret=1; fi +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect works for nonexist ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect works for nonexist ($n)" ret=0 @@ -79,27 +81,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret= grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect doesn't work for acl miss ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect doesn't work for acl miss ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect doesn't work for acl miss ($n)" ret=0 @@ -107,27 +109,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any > dig.out.ns2.test$n || ret= grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect works for signed nonexist, DO=0 ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect works for signed nonexist, DO=0 ($n)" ret=0 @@ -135,27 +137,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect fails for signed nonexist, DO=1 ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 ($n)" ret=0 @@ -163,9 +165,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 @@ -173,9 +175,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.te grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 @@ -183,9 +185,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2 grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 @@ -194,27 +196,27 @@ grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect works for nonexist authoritative ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect works for nonexist authoritative ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect works for nonexist authoritative ($n)" ret=0 @@ -222,27 +224,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret= grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect doesn't work for acl miss authoritative ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a > dig.out.ns1.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect doesn't work for acl miss authoritative ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa > dig.out.ns1.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect doesn't work for acl miss authoritative ($n)" ret=0 @@ -250,27 +252,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any > dig.out.ns1.test$n || ret= grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect works for signed nonexist, DO=0 authoritative ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect works for signed nonexist, DO=0 authoritative ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect works for signed nonexist, DO=0 authoritative ($n)" ret=0 @@ -278,27 +280,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect fails for signed nonexist, DO=1 authoritative ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect fails for signed nonexist, DO=1 authoritative ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect fails for signed nonexist, DO=1 authoritative ($n)" ret=0 @@ -306,9 +308,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1 grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" ret=0 @@ -316,9 +318,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.te grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" ret=0 @@ -326,9 +328,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1 grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY zone redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" ret=0 @@ -337,17 +339,17 @@ grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking zone redirect works (with noerror) when qtype is not found ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 txt > dig.out.ns2.test$n || ret=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that redirect zones reload correctly" ret=0 @@ -358,7 +360,7 @@ rndc_reload ns2 10.53.0.2 for i in 1 2 3 4 5 6 7 8 9; do tmp=0 $DIG $DIGOPTS +short @10.53.0.2 soa example.nil > dig.out.ns1.test$n || tmp=1 - set -- `cat dig.out.ns1.test$n` + set -- $(cat dig.out.ns1.test$n) [ $3 = 1 ] || tmp=1 $DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || tmp=1 grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || tmp=1 @@ -367,43 +369,43 @@ for i in 1 2 3 4 5 6 7 8 9; do sleep 1 done [ $tmp -eq 1 ] && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A nxdomain-redirect works for nonexist ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "nonexist. .*100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA nxdomain-redirect works for nonexist ($n)" ret=0 -rm ns4/named.stats 2>/dev/null +rm -f ns4/named.stats 2>/dev/null $RNDCCMD 10.53.0.4 stats || ret=1 -PRE_RED=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats` -PRE_SUC=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats` +PRE_RED=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats) +PRE_SUC=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats) $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "nonexist. .*2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA nxdomain-redirect updates statistics ($n)" ret=0 -rm ns4/named.stats 2>/dev/null +rm -f ns4/named.stats 2>/dev/null $RNDCCMD 10.53.0.4 stats || ret=1 -POST_RED=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats` -POST_SUC=`sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats` -if [ `expr $POST_RED - $PRE_RED` != 1 ]; then ret=1; fi -if [ `expr $POST_SUC - $PRE_SUC` != 1 ]; then ret=1; fi -n=`expr $n + 1` +POST_RED=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected$/\1/p" ns4/named.stats) +POST_SUC=$(sed -n -e "s/[ ]*\([0-9]*\).queries resulted in NXDOMAIN that were redirected and resulted in a successful remote lookup$/\1/p" ns4/named.stats) +if [ $((POST_RED - PRE_RED)) != 1 ]; then ret=1; fi +if [ $((POST_SUC - PRE_SUC)) != 1 ]; then ret=1; fi +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY nxdomain-redirect works for nonexist ($n)" ret=0 @@ -411,27 +413,27 @@ $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n || ret= grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A nxdomain-redirect works for signed nonexist, DO=0 ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA nxdomain-redirect works for signed nonexist, DO=0 ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY nxdomain-redirect works for signed nonexist, DO=0 ($n)" ret=0 @@ -439,27 +441,27 @@ $DIG $DIGOPTS nonexist.signed. @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4.test$n grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns4.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A nxdomain-redirect fails for signed nonexist, DO=1 ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA nxdomain-redirect fails for signed nonexist, DO=1 ($n)" ret=0 $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY nxdomain-redirect fails for signed nonexist, DO=1 ($n)" ret=0 @@ -467,9 +469,9 @@ $DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.4 -b 10.53.0.2 any > dig.out.ns4 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking A nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 @@ -477,9 +479,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.te grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking AAAA nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 @@ -487,9 +489,9 @@ $DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.4 -b 10.53.0.2 aaaa > dig.out.ns4 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking ANY nxdomain-redirect fails for nsec3 signed nonexist, DO=1 ($n)" ret=0 @@ -498,50 +500,50 @@ grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "100.100.100.1" dig.out.ns4.test$n > /dev/null && ret=1 grep "2001:ffff:ffff::6464:6401" dig.out.ns4.test$n > /dev/null && ret=1 grep "IN.NSEC3" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking nxdomain-redirect works (with noerror) when qtype is not found ($n)" ret=0 $DIG $DIGOPTS nonexist. @10.53.0.4 -b 10.53.0.2 txt > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking nxdomain-redirect against authoritative zone ($n)" ret=0 $DIG $DIGOPTS nonexist.example @10.53.0.4 -b 10.53.0.2 a > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking tld nxdomain-redirect against signed root zone ($n)" ret=0 $DIG $DIGOPTS @10.53.0.5 asdfasdfasdf > dig.out.ns5.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns5.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking tld nxdomain-redirect against unsigned root zone ($n)" ret=0 $DIG $DIGOPTS @10.53.0.6 asdfasdfasdf > dig.out.ns6.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns6.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking extended error is not set on allow-recursion ($n)" ret=0 $DIG $DIGOPTS example. @10.53.0.1 -b 10.53.0.2 soa > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "EDE" dig.out.ns1.test$n > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index ddad687641..d13952cefd 100755 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=../conf.sh . ../conf.sh @@ -948,7 +950,7 @@ dig_with_opts +timeout=15 large-referral.example.net @10.53.0.1 a > dig.out.ns1. grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1 # Check the total number of findname() calls triggered by a single query # for large-referral.example.net/A. -findname_call_count="$(grep -c "large-referral\.example\.net.*FINDNAME" ns1/named.run)" +findname_call_count="$(grep -c "large-referral\.example\.net.*FINDNAME" ns1/named.run || true)" if [ "${findname_call_count}" -gt 1000 ]; then echo_i "failed: ${findname_call_count} (> 1000) findname() calls detected for large-referral.example.net" ret=1 diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh index acbeb522ab..924507af75 100644 --- a/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" @@ -205,7 +207,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "checking that freezing static zones is not allowed ($n)" ret=0 -$RNDCCMD 10.53.0.2 freeze static > rndc.out.1.test$n 2>&1 +$RNDCCMD 10.53.0.2 freeze static > rndc.out.1.test$n 2>&1 && ret=1 grep 'not dynamic' rndc.out.1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -229,7 +231,7 @@ do grep "addition 6" ns2/other.db > /dev/null && break sleep 1 done -serial=`awk '$3 ~ /serial/ {print $1}' ns2/other.db` +serial=$(awk '$3 ~ /serial/ {print $1}' ns2/other.db) newserial=$((serial + 1)) sed s/$serial/$newserial/ ns2/other.db > ns2/other.db.new echo 'frozen TXT "frozen addition"' >> ns2/other.db.new @@ -272,7 +274,7 @@ do grep "addition 6" ns2/nil.db > /dev/null && break sleep 1 done -serial=`awk '$3 ~ /serial/ {print $1}' ns2/nil.db` +serial=$(awk '$3 ~ /serial/ {print $1}' ns2/nil.db) newserial=$((serial + 1)) sed s/$serial/$newserial/ ns2/nil.db > ns2/nil.db.new echo 'frozen TXT "frozen addition"' >> ns2/nil.db.new @@ -324,7 +326,7 @@ n=$((n+1)) echo_i "test 'rndc reload' on a zone with include files ($n)" ret=0 grep "incl/IN: skipping load" ns2/named.run > /dev/null && ret=1 -loads=`grep "incl/IN: starting load" ns2/named.run | wc -l` +loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l) [ "$loads" -eq 1 ] || ret=1 $RNDCCMD 10.53.0.2 reload > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 @@ -340,7 +342,7 @@ $RNDCCMD 10.53.0.2 reload > /dev/null || ret=1 for i in 1 2 3 4 5 6 7 8 9 do tmp=0 - loads=`grep "incl/IN: starting load" ns2/named.run | wc -l` + loads=$(grep "incl/IN: starting load" ns2/named.run | wc -l) [ "$loads" -eq 2 ] || tmp=1 [ $tmp -eq 0 ] && break sleep 1 @@ -489,7 +491,7 @@ $RNDCCMD4 nta -l 1d nta2.example > rndc.out.2.test$n 2>&1 grep "Negative trust anchor added" rndc.out.2.test$n > /dev/null || ret=1 $RNDCCMD4 nta -l 1w nta3.example > rndc.out.3.test$n 2>&1 grep "Negative trust anchor added" rndc.out.3.test$n > /dev/null || ret=1 -$RNDCCMD4 nta -l 8d nta4.example > rndc.out.4.test$n 2>&1 +$RNDCCMD4 nta -l 8d nta4.example > rndc.out.4.test$n 2>&1 && ret=1 grep "NTA lifetime cannot exceed one week" rndc.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -504,7 +506,7 @@ $RNDCCMD4 nta -c any nta1.example > rndc.out.2.test$n 2>&1 nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null || ret=1 $RNDCCMD4 nta -c ch nta1.example > rndc.out.3.test$n 2>&1 nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null && ret=1 -$RNDCCMD4 nta -c fake nta1.example > rndc.out.4.test$n 2>&1 +$RNDCCMD4 nta -c fake nta1.example > rndc.out.4.test$n 2>&1 && ret=1 nextpart ns4/named.run | grep "added NTA 'nta1.example'" > /dev/null && ret=1 grep 'unknown class' rndc.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -516,8 +518,8 @@ do echo_i "testing rndc buffer size limits (size=${i}) ($n)" ret=0 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf testgen ${i} 2>&1 > rndc.out.$i.test$n || ret=1 - actual_size=`$GENCHECK rndc.out.$i.test$n` - if [ "$?" = "0" ]; then + { actual_size=$($GENCHECK rndc.out.$i.test$n); rc=$?; } || true + if [ "$rc" = "0" ]; then expected_size=$((i+1)) if [ $actual_size != $expected_size ]; then ret=1; fi else @@ -680,7 +682,7 @@ n=$((n+1)) echo_i "check rndc nta reports adding to multiple views ($n)" ret=0 $RNDCCMD 10.53.0.3 nta test.com > rndc.out.test$n 2>&1 || ret=1 -lines=`cat rndc.out.test$n | wc -l` +lines=$(cat rndc.out.test$n | wc -l) [ ${lines:-0} -eq 2 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -691,7 +693,7 @@ ret=0 $RNDCCMD 10.53.0.2 retransfer nil > rndc.out.test$n 2>&1 && ret=1 grep "rndc: 'retransfer' failed: failure" rndc.out.test$n > /dev/null || ret=1 grep "retransfer: inappropriate zone type: primary" rndc.out.test$n > /dev/null || ret=1 -lines=`cat rndc.out.test$n | wc -l` +lines=$(cat rndc.out.test$n | wc -l) [ ${lines:-0} -eq 2 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) diff --git a/bin/tests/system/rootkeysentinel/ns2/sign.sh b/bin/tests/system/rootkeysentinel/ns2/sign.sh index d4b19ccd73..3e48f8a16d 100644 --- a/bin/tests/system/rootkeysentinel/ns2/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns2/sign.sh @@ -11,13 +11,10 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -# leave as expr as expr treats arguments with leading 0's as base 10 -# handle exit code 1 from expr when the result is 0 -oldid=${1:-00000} -newid=$(expr \( ${oldid} + 1000 \) % 65536 || true) -newid=$(expr "0000${newid}" : '.*\(.....\)$') # prepend leading 0's -badid=$(expr \( ${oldid} + 7777 \) % 65536 || true) -badid=$(expr "0000${badid}" : '.*\(.....\)$') # prepend leading 0's +oldid=$(echo ${1:-0} | sed 's/^0*//') +newid=$(printf '%05u' $(((oldid + 1000) % 65536))) +badid=$(printf '%05u' $(((oldid + 7777) % 65536))) +oldid=$(printf '%05u' $((oldid + 0))) . ../../conf.sh diff --git a/bin/tests/system/rootkeysentinel/tests.sh b/bin/tests/system/rootkeysentinel/tests.sh index a3ad7a2239..bfe653c4f0 100644 --- a/bin/tests/system/rootkeysentinel/tests.sh +++ b/bin/tests/system/rootkeysentinel/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -21,7 +23,7 @@ rm -f dig.out.* DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" newtest() { - n=`expr $n + 1` + n=$((n + 1)) case $# in 1) echo_i "$1 ($n)" @@ -36,260 +38,258 @@ newtest() { newtest "get test ids" $DIG $DIGOPTS . dnskey +short +rrcomm @10.53.0.1 > dig.out.ns1.test$n || ret=1 -oldid=`sed -n 's/.*key id = //p' < dig.out.ns1.test$n` -oldid=`expr "0000${oldid}" : '.*\(.....\)$'` -newid=`expr \( ${oldid} + 1000 \) % 65536` -newid=`expr "0000${newid}" : '.*\(.....\)$'` -badid=`expr \( ${oldid} + 7777 \) % 65536` -badid=`expr "0000${badid}" : '.*\(.....\)$'` +oldid=$(sed -n 's/.*key id = //p' < dig.out.ns1.test$n) +newid=$(printf "%05u" $(((oldid + 1000) % 65536))) +badid=$(printf "%05u" $(((oldid + 7777) % 65536))) +oldid=$(printf "%05u" $((oldid + 0))) echo_i "test id: oldid=${oldid} (configured)" echo_i "test id: newid=${newid} (not configured)" echo_i "test id: badid=${badid}" if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check authoritative server (expect NOERROR)" $DIG $DIGOPTS @10.53.0.2 example SOA > dig.out.ns2.test$n grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check test zone resolves with 'root-key-sentinel yes;'" " (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 example SOA > dig.out.ns3.test$n grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1 grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with old ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1 grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with new ta, CD=1 and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${newid}.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect SERVFAIL)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1 grep "status: SERVFAIL" dig.out.ns3.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with bad ta, CD=1 and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 +cd root-key-sentinel-is-ta-${badid}.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-72345.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-72345.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-is-ta-1234.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 root-key-sentinel-not-ta-1234.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 old-is-ta.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 old-not-ta.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 new-is-ta.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel yes;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.3 new-not-ta.example A > dig.out.ns3.test$n || ret=1 grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 bad-is-ta.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel yes;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.3 bad-not-ta.example A > dig.out.ns3.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1 grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check test zone resolves with 'root-key-sentinel no;'" " (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 example SOA > dig.out.ns4.test$n grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${oldid}.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${newid}.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${newid}.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-${badid}.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-${badid}.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-72345.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with out-of-range ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-72345.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-is-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-is-ta-1234.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check root-key-sentinel-not-ta with no-zero-pad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 root-key-sentinel-not-ta-1234.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 old-is-ta.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "old-is-ta.*CNAME.root-key-sentinel-is-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with old ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 old-not-ta.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "old-not-ta.*CNAME.root-key-sentinel-not-ta-${oldid}.example." dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 new-is-ta.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "new-is-ta.*CNAME.root-key-sentinel-is-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with new ta and" " 'root-key-sentinel no;' (expect NOERROR)" $DIG $DIGOPTS @10.53.0.4 new-not-ta.example A > dig.out.ns4.test$n || ret=1 grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 grep "new-not-ta.*CNAME.root-key-sentinel-not-ta-${newid}.example." dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-is-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 bad-is-ta.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "bad-is-ta.*CNAME.root-key-sentinel-is-ta-${badid}.example" dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) newtest "check CNAME to root-key-sentinel-not-ta with bad ta and" " 'root-key-sentinel no;' (expect NXDOMAIN)" $DIG $DIGOPTS @10.53.0.4 bad-not-ta.example A > dig.out.ns4.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 grep "bad-not-ta.*CNAME.root-key-sentinel-not-ta-${badid}.example." dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/rpz/clean.sh b/bin/tests/system/rpz/clean.sh index 1a3127cffd..35d62115e3 100644 --- a/bin/tests/system/rpz/clean.sh +++ b/bin/tests/system/rpz/clean.sh @@ -22,7 +22,7 @@ while getopts "Px" c; do *) echo "$USAGE" 1>&2; exit 1;; esac done -shift `expr $OPTIND - 1 || true` +shift $((OPTIND - 1)) if test "$#" -ne 0; then echo "$USAGE" 1>&2 exit 1 diff --git a/bin/tests/system/rpz/qperf.sh b/bin/tests/system/rpz/qperf.sh index dc79de9311..146d1e2234 100644 --- a/bin/tests/system/rpz/qperf.sh +++ b/bin/tests/system/rpz/qperf.sh @@ -11,7 +11,7 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -for QDIR in `echo "$PATH" | tr : ' '` ../../../../contrib/queryperf; do +for QDIR in $(echo "$PATH" | tr : ' ') ../../../../contrib/queryperf; do QPERF=$QDIR/queryperf if test -f "$QPERF" -a -x "$QPERF"; then echo $QPERF diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index 0d2dea57e0..4895469faa 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # test response policy zones (RPZ) # touch dnsrps-off to not test with DNSRPS @@ -47,7 +49,7 @@ while getopts "xS:" c; do *) echo "$USAGE" 1>&2; exit 1;; esac done -shift `expr $OPTIND - 1 || true` +shift $((OPTIND - 1)) if test "$#" -ne 0; then echo "$USAGE" 1>&2 exit 1 @@ -82,30 +84,28 @@ digcmd () { # Default to +noauth and @$ns3 # Also default to -bX where X is the @value so that OS X will choose # the right IP source address. - digcmd_args=`echo "+nocookie +noadd +time=2 +tries=1 -p ${PORT} $*" | \ + digcmd_args=$(echo "+nocookie +noadd +time=2 +tries=1 -p ${PORT} $*" | \ sed -e "/@/!s/.*/& @$ns3/" \ -e '/-b/!s/@\([^ ]*\)/@\1 -b\1/' \ - -e '/+n?o?auth/!s/.*/+noauth &/'` + -e '/+n?o?auth/!s/.*/+noauth &/') #echo_i "dig $digcmd_args 1>&2 - $DIG $digcmd_args + $DIG $digcmd_args || return } # set DIGNM=file name for dig output GROUP_NM= TEST_NUM=0 make_dignm () { - TEST_NUM=`expr $TEST_NUM : '\([0-9]*\).*'` # trim '+' characters - TEST_NUM=`expr $TEST_NUM + 1` + TEST_NUM=$((TEST_NUM + 1)) DIGNM=dig.out$GROUP_NM-$TEST_NUM while test -f $DIGNM; do - TEST_NUM="$TEST_NUM+" - DIGNM=dig.out$GROUP_NM-$TEST_NUM + DIGNM="$DIGNM+" done } setret () { ret=1 - status=`expr $status + 1` + status=$((status + 1)) echo_i "$*" } @@ -113,15 +113,15 @@ setret () { # $1=domain # $2=DNS server and client IP address get_sn() { - SOA=`$DIG -p ${PORT} +short +norecurse soa "$1" "@$2" "-b$2"` - SN=`expr "$SOA" : '[^ ]* [^ ]* \([^ ]*\) .*'` + SOA=$($DIG -p ${PORT} +short +norecurse soa "$1" "@$2" "-b$2") + SN=$(expr "$SOA" : '[^ ]* [^ ]* \([^ ]*\) .*' || true) test "$SN" != "" && return echo_i "no serial number from \`dig -p ${PORT} soa $1 @$2\` in \"$SOA\"" exit 1 } get_sn_fast () { - RSN=`$DNSRPSCMD -n "$1"` + RSN=$($DNSRPSCMD -n "$1") #echo "dnsrps serial for $1 is $RSN" if test -z "$RSN"; then echo_i "dnsrps failed to get SOA serial number for $1" @@ -132,9 +132,9 @@ get_sn_fast () { # check that dnsrpzd has loaded its zones # $1=domain # $2=DNS server IP address -FZONES=`sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrpzd.conf` +FZONES=$(sed -n -e 's/^zone "\(.*\)".*\(10.53.0..\).*/Z=\1;M=\2/p' dnsrpzd.conf) dnsrps_loaded() { - test "$mode" = dnsrps || return + test "$mode" = dnsrps || return 0 n=0 for V in $FZONES; do eval "$V" @@ -145,7 +145,7 @@ dnsrps_loaded() { #echo "$Z @$M serial=$SN" break fi - n=`expr $n + 1` + n=$((n + 1)) if test "$n" -gt $TEN_SECS; then echo_i "dnsrps serial for $Z is $RSN instead of $SN" exit 1 @@ -170,7 +170,7 @@ ck_soa() { get_sn "$2" "$3" test "$SN" -eq "$1" && return fi - n=`expr $n + 1` + n=$((n + 1)) if test "$n" -gt $TEN_SECS; then echo_i "got serial number \"$SN\" instead of \"$1\" from $2 @$3" return @@ -204,7 +204,7 @@ restart () { $RNDCCMD $ns$1 halt >/dev/null 2>&1 if test -f ns$1/named.pid; then sleep 1 - PID=`cat ns$1/named.pid 2>/dev/null` + PID=$(cat ns$1/named.pid 2>/dev/null) if test -n "$PID"; then echo_i "killing ns$1 server $PID" kill -9 $PID @@ -228,7 +228,7 @@ restart () { # $1=server and irrelevant args # $2=error message ckalive () { - CKALIVE_NS=`expr "$1" : '.*@ns\([1-9]\).*'` + CKALIVE_NS=$(expr "$1" : '.*@ns\([1-9]\).*' || true) if test -z "$CKALIVE_NS"; then CKALIVE_NS=3 fi @@ -238,7 +238,7 @@ ckalive () { setret "$2" # restart the server to avoid stalling waiting for it to stop restart $CKALIVE_NS "rebuild-bl-rpz" - return 1 + return 0 } resetstats () { @@ -252,10 +252,12 @@ ckstats () { NSDIR="$3" EXPECTED="$4" $RNDCCMD $HOST stats - NEW_CNT=0`sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \ - $NSDIR/named.stats | tail -1` - eval "OLD_CNT=0\$${NSDIR}_CNT" - GOT=`expr $NEW_CNT - $OLD_CNT` + NEW_CNT=$(sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \ + $NSDIR/named.stats | tail -1) + eval "OLD_CNT=\$${NSDIR}_CNT" + NEW_CNT=$((NEW_CNT)) + OLD_CNT=$((OLD_CNT)) + GOT=$((NEW_CNT - OLD_CNT)) if test "$GOT" -ne "$EXPECTED"; then setret "wrong $LABEL $NSDIR statistics of $GOT instead of $EXPECTED" fi @@ -269,10 +271,12 @@ ckstatsrange () { MIN="$4" MAX="$5" $RNDCCMD $HOST stats - NEW_CNT=0`sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \ - $NSDIR/named.stats | tail -1` - eval "OLD_CNT=0\$${NSDIR}_CNT" - GOT=`expr $NEW_CNT - $OLD_CNT` + NEW_CNT=$(sed -n -e 's/[ ]*\([0-9]*\).response policy.*/\1/p' \ + $NSDIR/named.stats | tail -1) + eval "OLD_CNT=\$${NSDIR}_CNT" + NEW_CNT=$((NEW_CNT)) + OLD_CNT=$((OLD_CNT)) + GOT=$((NEW_CNT - OLD_CNT)) if test "$GOT" -lt "$MIN" -o "$GOT" -gt "$MAX"; then setret "wrong $LABEL $NSDIR statistics of $GOT instead of ${MIN}..${MAX}" fi @@ -283,7 +287,7 @@ ckstatsrange () { # $2=optional test file name start_group () { ret=0 - t=`expr $t + 1` + t=$((t + 1)) test -n "$1" && date "+${TS}checking $1 (${t})" | cat_i TEST_FILE=$2 if test -n "$TEST_FILE"; then @@ -382,8 +386,8 @@ addr () { make_dignm digcmd $2 >$DIGNM #ckalive "$2" "server crashed by 'dig $2'" || return 1 - ADDR_ESC=`echo "$ADDR" | sed -e 's/\./\\\\./g'` - ADDR_TTL=`sed -n -e "s/^[-.a-z0-9]\{1,\}[ ]*\([0-9]*\) IN AA* ${ADDR_ESC}\$/\1/p" $DIGNM` + ADDR_ESC=$(echo "$ADDR" | sed -e 's/\./\\./g') + ADDR_TTL=$(sed -n -e "s/^[-.a-z0-9]\{1,\}[ ]*\([0-9]*\) IN AA* ${ADDR_ESC}\$/\1/p" $DIGNM) if test -z "$ADDR_TTL"; then setret "'dig $2' wrong; no address $ADDR record in $DIGNM" return 1 @@ -426,7 +430,7 @@ here () { DROPPED='^;; no servers could be reached' drop () { make_dignm - digcmd $* >$DIGNM + digcmd $* >$DIGNM || true if grep "$DROPPED" $DIGNM >/dev/null; then clean_result ${DIGNM}* return 0 @@ -467,6 +471,8 @@ make_proto_nodata() { # ensure that the fast-expire zone is populated before we begin testing $RNDCCMD $ns3 retransfer fast-expire +native=0 +dnsrps=0 for mode in native dnsrps; do status=0 case ${mode} in @@ -739,7 +745,7 @@ EOF ckstats $ns3 bugs ns3 8 # superficial test for major performance bugs - QPERF=`sh qperf.sh` + QPERF=$(sh qperf.sh) if test -n "$QPERF"; then perf () { date "+${TS}checking performance $1" | cat_i @@ -751,8 +757,8 @@ EOF PFILE="ns5/$2.perf" $QPERF -c -1 -l30 -d ns5/requests -s $ns5 -p ${PORT} >$PFILE comment "after test $1" - X=`sed -n -e 's/.*Returned *\([^ ]*:\) *\([0-9]*\) .*/\1\2/p' $PFILE \ - | tr '\n' ' '` + X=$(sed -n -e 's/.*Returned *\([^ ]*:\) *\([0-9]*\) .*/\1\2/p' $PFILE \ + | tr '\n' ' ') if test "$X" != "$3"; then setret "wrong results '$X' in $PFILE" fi @@ -764,14 +770,14 @@ EOF # get qps with rpz perf 'with RPZ' rpz 'NOERROR:2900 NXDOMAIN:100 ' - RPZ=`trim rpz` + RPZ=$(trim rpz) # turn off rpz and measure qps again echo "# RPZ off" >ns5/rpz-switch - RNDCCMD_OUT=`$RNDCCMD $ns5 reload` + RNDCCMD_OUT=$($RNDCCMD $ns5 reload) perf 'without RPZ' norpz 'NOERROR:3000 ' - NORPZ=`trim norpz` + NORPZ=$(trim norpz) - PERCENT=`expr \( "$RPZ" \* 100 + \( $NORPZ / 2 \) \) / $NORPZ` + PERCENT=$(( (RPZ * 100 + (NORPZ / 2)) / NORPZ)) echo_i "$RPZ qps with RPZ is $PERCENT% of $NORPZ qps without RPZ" MIN_PERCENT=30 @@ -791,17 +797,17 @@ EOF if [ "$mode" = dnsrps ]; then echo_i "checking that dnsrpzd is automatically restarted" - OLD_PID=`cat dnsrpzd.pid` + OLD_PID=$(cat dnsrpzd.pid) kill "$OLD_PID" n=0 while true; do - NEW_PID=`cat dnsrpzd.pid 2>/dev/null` + NEW_PID=$(cat dnsrpzd.pid 2>/dev/null) if test -n "$NEW_PID" -a "0$OLD_PID" -ne "0$NEW_PID"; then #echo "OLD_PID=$OLD_PID NEW_PID=$NEW_PID" break; fi $DIG -p ${PORT} +short +norecurse a0-1.tld2 @$ns3 >/dev/null - n=`expr $n + 1` + n=$((n + 1)) if test "$n" -gt $TEN_SECS; then setret "dnsrpzd did not restart" break @@ -823,13 +829,13 @@ EOF if test -z "$HAVE_CORE"; then stop_server --use-rndc --port ${CONTROLPORT} ns3 restart 3 "rebuild-bl-rpz" - HAVE_CORE=`find ns* -name '*core*' -print` + HAVE_CORE=$(find ns* -name '*core*' -print) test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?" fi # look for complaints from lib/dns/rpz.c and bin/name/query.c for runfile in ns*/named.run; do - EMSGS=`nextpart $runfile | grep -E -l 'invalid rpz|rpz.*failed'` + EMSGS=$(nextpart $runfile | grep -E -l 'invalid rpz|rpz.*failed' || true) if test -n "$EMSGS"; then setret "error messages in $runfile starting with:" grep -E 'invalid rpz|rpz.*failed' ns*/named.run | \ @@ -839,7 +845,7 @@ EOF if [ native = "$mode" ]; then # restart the main test RPZ server with a bad zone. - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking that ns3 with broken rpz does not crash (${t})" stop_server --use-rndc --port ${CONTROLPORT} ns3 cp ns3/broken.db.in ns3/bl.db @@ -848,7 +854,7 @@ EOF stop_server --use-rndc --port ${CONTROLPORT} ns3 restart 3 "rebuild-bl-rpz" - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking if rpz survives a certain class of failed reconfiguration attempts (${t})" sed -e "s/^#BAD//" < ns3/named.conf.in > ns3/named.conf.tmp copy_setports ns3/named.conf.tmp ns3/named.conf @@ -859,7 +865,7 @@ EOF $RNDCCMD $ns3 reconfig || setret "failed" # reload a RPZ zone that is now deliberately broken. - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking rpz failed update will keep previous rpz rules (${t})" $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.before grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.before > /dev/null || setret "failed" @@ -870,7 +876,7 @@ EOF $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.after grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after > /dev/null || setret "failed" - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking reload of a mixed-case RPZ zone (${t})" # First, a sanity check: the A6-2.TLD2.mixed-case-rpz RPZ record should # cause a6-2.tld2 NOERROR answers to be rewritten to NXDOMAIN answers. @@ -889,13 +895,13 @@ EOF grep "status: NXDOMAIN" dig.out.$t.after >/dev/null || setret "failed" fi - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})" $DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t - ttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.$t` + ttl=$(awk '/a3-2 tld2 text/ {print $2}' dig.out.$t) if test ${ttl:=0} -eq 0; then setret "failed"; fi - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking rpz updates/transfers with parent nodes added after children (${t})" # regression test for RT #36272: the success condition # is the secondary server not crashing. @@ -908,7 +914,7 @@ EOF nsd $ns5 delete '*.example.com.policy1.' example.com.policy1. done - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking that going from an empty policy zone works (${t})" nsd $ns5 add '*.x.servfail.policy2.' x.servfail.policy2. sleep 1 @@ -916,20 +922,20 @@ EOF $DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t} grep NXDOMAIN dig.out.${t} > /dev/null || setret "failed" - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking that "add-soa no" at rpz zone level works (${t})" $DIG z.x.servfail -p ${PORT} @$ns7 > dig.out.${t} grep SOA dig.out.${t} > /dev/null && setret "failed" if [ native = "$mode" ]; then - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking that "add-soa yes" at response-policy level works (${t})" $DIG walled.tld2 -p ${PORT} +noall +add @$ns3 > dig.out.${t} grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null || setret "failed" fi if [ native = "$mode" ]; then - t=`expr $t + 1` + t=$((t + 1)) echo_i "reconfiguring server with 'add-soa no' (${t})" cp ns3/named.conf ns3/named.conf.tmp sed -e "s/add-soa yes/add-soa no/g" < ns3/named.conf.tmp > ns3/named.conf @@ -940,7 +946,7 @@ EOF fi if [ native = "$mode" ]; then - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking that 'add-soa unset' works (${t})" $DIG walled.tld2 -p ${PORT} +noall +add @$ns8 > dig.out.${t} grep "^manual-update-rpz\..*SOA" dig.out.${t} > /dev/null || setret "failed" @@ -949,12 +955,12 @@ EOF # dnsrps does not allow NS RRs in policy zones, so this check # with dnsrps results in no rewriting. if [ native = "$mode" ]; then - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking rpz with delegation fails correctly (${t})" $DIG -p ${PORT} @$ns3 ns example.com > dig.out.$t grep "status: SERVFAIL" dig.out.$t > /dev/null || setret "failed" - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking policies from expired zone are no longer in effect ($t)" $DIG -p ${PORT} @$ns3 a expired > dig.out.$t grep "expired.*10.0.0.10" dig.out.$t > /dev/null && setret "failed" @@ -966,7 +972,7 @@ EOF do for type in AAAA A do - t=`expr $t + 1` + t=$((t + 1)) case $label in a-only) echo_i "checking rpz 'CNAME *.' (NODATA) with dns64, $type lookup with A-only (${t})" @@ -984,12 +990,12 @@ EOF grep "ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2$" dig.out.$t > /dev/null || ret=1 grep "^rpz" dig.out.$t > /dev/null || ret=1 [ $ret -eq 0 ] || echo_i "failed" - status=`expr $status + $ret` + status=$((status + ret)) done done if [ native = "$mode" ]; then - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking that rewriting CD=1 queries handles pending data correctly (${t})" $RNDCCMD $ns3 flush $RNDCCMD $ns6 flush @@ -1009,6 +1015,6 @@ EOF *) echo_i "invalid test mode";; esac done -status=`expr ${native:-0} + ${dnsrps:-0}` +status=$((native + dnsrps)) [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/rpzrecurse/setup.sh b/bin/tests/system/rpzrecurse/setup.sh index e68784f46a..4dcd5eda9d 100644 --- a/bin/tests/system/rpzrecurse/setup.sh +++ b/bin/tests/system/rpzrecurse/setup.sh @@ -27,7 +27,7 @@ while getopts "DNx" c; do *) echo "$USAGE" 1>&2; exit 1;; esac done -shift `expr $OPTIND - 1 || true` +shift $((OPTIND - 1)) if test "$#" -ne 0; then echo "$USAGE" 1>&2 exit 1 @@ -59,16 +59,16 @@ do while test $j -le $i do echo "name$j A 10.53.0.$i" >> ns2/db.max$i.local - j=`expr $j + 1` + j=$((j + 1)) done - i=`expr $i + 1` + i=$((i + 1)) done # decide whether to test DNSRPS $SHELL ../ckdnsrps.sh $TEST_DNSRPS $DEBUG -test -z "`grep 'dnsrps-enable yes' dnsrps.conf`" && TEST_DNSRPS= +test -z "$(grep 'dnsrps-enable yes' dnsrps.conf)" && TEST_DNSRPS= -CWD=`pwd` +CWD=$(pwd) cat <dnsrpzd.conf PID-FILE $CWD/dnsrpzd.pid; @@ -81,7 +81,7 @@ sed -n -e 's/^ *//' -e "/zone.*.*primary/s@file \"@&$CWD/ns2/@p" ns2/*.conf \ # Run dnsrpzd to get the license and prime the static policy zones if test -n "$TEST_DNSRPS"; then - DNSRPZD="`../rpz/dnsrps -p`" + DNSRPZD="$(../rpz/dnsrps -p)" "$DNSRPZD" -D./dnsrpzd.rpzf -S./dnsrpzd.sock -C./dnsrpzd.conf \ -w 0 -dddd -L stdout >./dnsrpzd.run 2>&1 fi diff --git a/bin/tests/system/rpzrecurse/tests.sh b/bin/tests/system/rpzrecurse/tests.sh index 23ed82e6e9..eed53e82fd 100644 --- a/bin/tests/system/rpzrecurse/tests.sh +++ b/bin/tests/system/rpzrecurse/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # touch dnsrps-off to not test with DNSRPS # touch dnsrps-only to not test with classic RPZ @@ -31,7 +33,7 @@ while getopts "xS:" c; do *) echo "$USAGE" 1>&2; exit 1;; esac done -shift `expr $OPTIND - 1 || true` +shift $((OPTIND - 1)) if test "$#" -ne 0; then echo "$USAGE" 1>&2 exit 1 @@ -61,7 +63,7 @@ run_query() { TESTNAME=$1 LINE=$2 - NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1` + NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) $DIG $DIGOPTS $NAME a @10.53.0.2 -p ${PORT} -b 127.0.0.1 > dig.out.${t} grep "status: SERVFAIL" dig.out.${t} > /dev/null 2>&1 && return 1 return 0 @@ -73,8 +75,8 @@ expect_norecurse() { TESTNAME=$1 LINE=$2 - NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1` - t=`expr $t + 1` + NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) + t=$((t + 1)) echo_i "testing $NAME doesn't recurse (${t})" add_test_marker 10.53.0.2 run_query $TESTNAME $LINE || { @@ -89,14 +91,15 @@ expect_recurse() { TESTNAME=$1 LINE=$2 - NAME=`sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1` - t=`expr $t + 1` + NAME=$(sed -n -e "$LINE,"'$p' ns2/$TESTNAME.queries | head -n 1) + t=$((t + 1)) echo_i "testing $NAME recurses (${t})" add_test_marker 10.53.0.2 run_query $TESTNAME $LINE && { echo_i "test ${t} failed" status=1 } + return 0 } add_test_marker() { @@ -106,6 +109,8 @@ add_test_marker() { done } +native=0 +dnsrps=0 for mode in native dnsrps; do status=0 case $mode in @@ -144,7 +149,7 @@ for mode in native dnsrps; do # show whether and why DNSRPS is enabled or disabled sed -n 's/^## //p' dnsrps.conf | cat_i - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing that l1.l0 exists without RPZ (${t})" add_test_marker 10.53.0.2 $DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t} @@ -153,7 +158,7 @@ for mode in native dnsrps; do status=1 } - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing that l2.l1.l0 returns SERVFAIL without RPZ (${t})" add_test_marker 10.53.0.2 $DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p ${PORT} > dig.out.${t} @@ -211,17 +216,16 @@ for mode in native dnsrps; do for n in $testlist; do run_server 4$n ni=$1 - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing that ${ni} of 33 queries skip recursion (${t})" add_test_marker 10.53.0.2 c=0 for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 \ 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 do - run_query 4$n $i - c=`expr $c + $?` + run_query 4$n $i || c=$((c + 1)) done - skipped=`expr 33 - $c` + skipped=$((33 - c)) if [ $skipped != $ni ]; then echo_i "test $t failed (actual=$skipped, expected=$ni)" status=1 @@ -242,21 +246,21 @@ for mode in native dnsrps; do echo_i "check recursive behavior consistency during policy update races" run_server 6a sleep 1 - t=`expr $t + 1` + t=$((t + 1)) echo_i "running dig to cache CNAME record (${t})" add_test_marker 10.53.0.1 10.53.0.2 $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t} sleep 1 echo_i "suspending authority server" - PID=`cat ns1/named.pid` + PID=$(cat ns1/named.pid) kill -STOP $PID echo_i "adding an NSDNAME policy" cp ns2/db.6a.00.policy.local ns2/saved.policy.local cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i - test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid` + test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true sleep 1 - t=`expr $t + 1` + t=$((t + 1)) echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})" add_test_marker 10.53.0.2 $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} & @@ -264,10 +268,10 @@ for mode in native dnsrps; do echo_i "removing the NSDNAME policy" cp ns2/db.6c.00.policy.local ns2/db.6a.00.policy.local $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i - test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid` + test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true sleep 1 echo_i "resuming authority server" - PID=`cat ns1/named.pid` + PID=$(cat ns1/named.pid) kill -CONT $PID add_test_marker 10.53.0.1 for n in 1 2 3 4 5 6 7 8 9 @@ -285,20 +289,20 @@ for mode in native dnsrps; do cp ns2/saved.policy.local ns2/db.6a.00.policy.local run_server 6a sleep 1 - t=`expr $t + 1` + t=$((t + 1)) echo_i "running dig to cache CNAME record (${t})" add_test_marker 10.53.0.1 10.53.0.2 $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org CNAME > dig.out.${t} sleep 1 echo_i "suspending authority server" - PID=`cat ns1/named.pid` + PID=$(cat ns1/named.pid) kill -STOP $PID echo_i "adding an NSDNAME policy" cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p ${CONTROLPORT} reload 6a.00.policy.local 2>&1 | sed 's/^/ns2 /' | cat_i - test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid` + test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true sleep 1 - t=`expr $t + 1` + t=$((t + 1)) echo_i "running dig to follow CNAME (blocks, so runs in the background) (${t})" add_test_marker 10.53.0.2 $DIG $DIGOPTS @10.53.0.2 -p ${PORT} www.test.example.org A +time=5 > dig.out.${t} & @@ -306,10 +310,10 @@ for mode in native dnsrps; do echo_i "removing the policy zone" cp ns2/named.default.conf ns2/named.conf rndc_reconfig ns2 10.53.0.2 - test -f dnsrpzd.pid && kill -USR1 `cat dnsrpzd.pid` + test -f dnsrpzd.pid && kill -USR1 $(cat dnsrpzd.pid) || true sleep 1 echo_i "resuming authority server" - PID=`cat ns1/named.pid` + PID=$(cat ns1/named.pid) kill -CONT $PID add_test_marker 10.53.0.1 for n in 1 2 3 4 5 6 7 8 9; do @@ -323,7 +327,7 @@ for mode in native dnsrps; do } # Check maximum number of RPZ zones (64) - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing maximum number of RPZ zones (${t})" add_test_marker 10.53.0.2 run_server max @@ -335,11 +339,11 @@ for mode in native dnsrps; do echo_i "test $t failed: didn't get expected answer from policy zone $i" status=1 } - i=`expr $i + 1` + i=$((i + 1)) done # Check CLIENT-IP behavior - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing CLIENT-IP behavior (${t})" add_test_marker 10.53.0.2 run_server clientip @@ -354,7 +358,7 @@ for mode in native dnsrps; do } # Check CLIENT-IP behavior #2 - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing CLIENT-IP behavior #2 (${t})" add_test_marker 10.53.0.2 run_server clientip2 @@ -384,11 +388,11 @@ for mode in native dnsrps; do } # Check RPZ log clause - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing RPZ log clause (${t})" add_test_marker 10.53.0.2 run_server log - cur=`awk 'BEGIN {l=0} /^/ {l++} END { print l }' ns2/named.run` + cur=$(awk 'BEGIN {l=0} /^/ {l++} END { print l }' ns2/named.run) $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.4 > dig.out.${t} $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.3 >> dig.out.${t} $DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p ${PORT} -b 10.53.0.2 >> dig.out.${t} @@ -407,7 +411,7 @@ for mode in native dnsrps; do # Check wildcard behavior - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing wildcard behavior with 1 RPZ zone (${t})" add_test_marker 10.53.0.2 run_server wildcard1 @@ -422,7 +426,7 @@ for mode in native dnsrps; do status=1 } - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing wildcard behavior with 2 RPZ zones (${t})" add_test_marker 10.53.0.2 run_server wildcard2 @@ -437,7 +441,7 @@ for mode in native dnsrps; do status=1 } - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing wildcard behavior with 1 RPZ zone and no non-wildcard triggers (${t})" add_test_marker 10.53.0.2 run_server wildcard3 @@ -452,7 +456,7 @@ for mode in native dnsrps; do status=1 } - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing wildcard passthru before explicit drop (${t})" add_test_marker 10.53.0.2 run_server wildcard4 @@ -469,7 +473,7 @@ for mode in native dnsrps; do if [ "$mode" = "native" ]; then # Check for invalid prefix length error - t=`expr $t + 1` + t=$((t + 1)) echo_i "testing for invalid prefix length error (${t})" add_test_marker 10.53.0.2 run_server invalidprefixlength @@ -479,15 +483,15 @@ for mode in native dnsrps; do } fi - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking 'nsip-wait-recurse no' is faster than 'nsip-wait-recurse yes' ($t)" add_test_marker 10.53.0.2 10.53.0.3 echo_i "timing 'nsip-wait-recurse yes' (default)" ret=0 - t1=`$PERL -e 'print time()."\n";'` + t1=$($PERL -e 'print time()."\n";') $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t - t2=`$PERL -e 'print time()."\n";'` - p1=`expr $t2 - $t1` + t2=$($PERL -e 'print time()."\n";') + p1=$((t2 - t1)) echo_i "elapsed time $p1 seconds" $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush @@ -497,15 +501,15 @@ for mode in native dnsrps; do wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 echo_i "timing 'nsip-wait-recurse no'" - t3=`$PERL -e 'print time()."\n";'` + t3=$($PERL -e 'print time()."\n";') $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t - t4=`$PERL -e 'print time()."\n";'` - p2=`expr $t4 - $t3` + t4=$($PERL -e 'print time()."\n";') + p2=$((t4 - t3)) echo_i "elapsed time $p2 seconds" if test $p1 -le $p2; then ret=1; fi if test $ret != 0; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush # restore original named.conf @@ -514,15 +518,15 @@ for mode in native dnsrps; do $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} reload > /dev/null wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 - t=`expr $t + 1` + t=$((t + 1)) echo_i "checking 'nsdname-wait-recurse no' is faster than 'nsdname-wait-recurse yes' ($t)" add_test_marker 10.53.0.2 10.53.0.3 echo_i "timing 'nsdname-wait-recurse yes' (default)" ret=0 - t1=`$PERL -e 'print time()."\n";'` + t1=$($PERL -e 'print time()."\n";') $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.yes.$t - t2=`$PERL -e 'print time()."\n";'` - p1=`expr $t2 - $t1` + t2=$($PERL -e 'print time()."\n";') + p1=$((t2 - t1)) echo_i "elapsed time $p1 seconds" $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p ${CONTROLPORT} flush @@ -532,15 +536,15 @@ for mode in native dnsrps; do wait_for_log 20 "rpz: policy: reload done" ns3/named.run || ret=1 echo_i "timing 'nsdname-wait-recurse no'" - t3=`$PERL -e 'print time()."\n";'` + t3=$($PERL -e 'print time()."\n";') $DIG -p ${PORT} @10.53.0.3 foo.child.example.tld a > dig.out.no.$t - t4=`$PERL -e 'print time()."\n";'` - p2=`expr $t4 - $t3` + t4=$($PERL -e 'print time()."\n";') + p2=$((t4 - t3)) echo_i "elapsed time $p2 seconds" if test $p1 -le $p2; then ret=1; fi if test $ret != 0; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) [ $status -ne 0 ] && pf=fail || pf=pass @@ -554,6 +558,6 @@ for mode in native dnsrps; do *) echo_i "invalid test mode";; esac done -status=`expr ${native:-0} + ${dnsrps:-0}` +status=$((native + dnsrps)) [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/rrchecker/tests.sh b/bin/tests/system/rrchecker/tests.sh index 0e493eb936..65e9d434bf 100644 --- a/bin/tests/system/rrchecker/tests.sh +++ b/bin/tests/system/rrchecker/tests.sh @@ -11,25 +11,27 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 n=0 -n=`expr $n + 1` +n=$((n + 1)) echo_i "class list ($n)" $RRCHECKER -C > classlist.out -diff classlist.out classlist.good || { echo_i "failed"; status=`expr $status + 1`; } +diff classlist.out classlist.good || { echo_i "failed"; status=$((status + 1)); } -n=`expr $n + 1` +n=$((n + 1)) echo_i "type list ($n)" $RRCHECKER -T > typelist.out -diff typelist.out typelist.good || { echo_i "failed"; status=`expr $status + 1`; } +diff typelist.out typelist.good || { echo_i "failed"; status=$((status + 1)); } -n=`expr $n + 1` +n=$((n + 1)) echo_i "private type list ($n)" $RRCHECKER -P > privatelist.out -diff privatelist.out privatelist.good || { echo_i "failed"; status=`expr $status + 1`; } +diff privatelist.out privatelist.good || { echo_i "failed"; status=$((status + 1)); } myecho() { cat << EOF @@ -37,7 +39,7 @@ $* EOF } -n=`expr $n + 1` +n=$((n + 1)) echo_i "check conversions to canonical format ($n)" ret=0 $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 0 > tempzone @@ -54,9 +56,9 @@ do echo_i "'$cl $ty $rest' != '$cl0 $ty0 $rest0'" } done < checkzone.out$n -test $ret -eq 0 || { echo_i "failed"; status=`expr $status + 1`; } +test $ret -eq 0 || { echo_i "failed"; status=$((status + 1)); } -n=`expr $n + 1` +n=$((n + 1)) echo_i "check conversions to and from unknown record format ($n)" ret=0 $CHECKZONE -Dq . tempzone | sed '/^;/d' > checkzone.out$n @@ -77,7 +79,7 @@ do echo_i "'$cl $ty $rest' != '$cl0 $ty0 $rest0'" } done < checkzone.out$n -test $ret -eq 0 || { echo_i "failed"; status=`expr $status + 1`; } +test $ret -eq 0 || { echo_i "failed"; status=$((status + 1)); } echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/rrl/tests.sh b/bin/tests/system/rrl/tests.sh index b5859ef376..9465b93b92 100644 --- a/bin/tests/system/rrl/tests.sh +++ b/bin/tests/system/rrl/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # test response rate limiting . ../conf.sh @@ -32,7 +34,7 @@ while getopts "x" c; do *) echo "$USAGE" 1>&2; exit 1;; esac done -shift `expr $OPTIND - 1 || true` +shift $((OPTIND - 1)) if test "$#" -ne 0; then echo "$USAGE" 1>&2 exit 1 @@ -52,9 +54,9 @@ setret () { # The start of a second credits a rate limit. # This would be far easier in C or by assuming a modern version of perl. sec_start () { - START=`date` + START=$(date) while true; do - NOW=`date` + NOW=$(date) if test "$START" != "$NOW"; then return fi @@ -78,7 +80,7 @@ burst () { CNT=$XCNT DOMS="" - CNTS=`$PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }'` + CNTS=$($PERL -e 'for ( $i = 0; $i < '$BURST_LIMIT'; $i++) { printf "%03d\n", '$QNUM' + $i; }') for CNT in $CNTS do eval BURST_DOM="$BURST_DOM_BASE" @@ -96,7 +98,7 @@ burst () { -e 's/;; .* status: SERVFAIL.*/SERVFAIL/p' \ -e 's/response failed with timed out.*/drop/p' \ -e 's/;; communications error to.*/drop/p' >> $FILENAME & - QNUM=`expr $QNUM + $BURST_LIMIT` + QNUM=$((QNUM + BURST_LIMIT)) } # compare integers $1 and $2; ensure the difference is no more than $3 @@ -110,14 +112,14 @@ ck_result() { # wait to the background mdig calls to complete. wait BAD=no - ADDRS=`grep -E "^$2$" mdig.out-$1 2>/dev/null | wc -l` + ADDRS=$(grep -E "^$2$" mdig.out-$1 2>/dev/null | wc -l) # count simple truncated and truncated NXDOMAIN as TC - TC=`grep -E "^TC|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l` - DROP=`grep -E "^drop$" mdig.out-$1 2>/dev/null | wc -l` + TC=$(grep -E "^TC|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l) + DROP=$(grep -E "^drop$" mdig.out-$1 2>/dev/null | wc -l) # count NXDOMAIN and truncated NXDOMAIN as NXDOMAIN - NXDOMAIN=`grep -E "^NXDOMAIN|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l` - SERVFAIL=`grep -E "^SERVFAIL$" mdig.out-$1 2>/dev/null | wc -l` - NOERROR=`grep -E "^NOERROR$" mdig.out-$1 2>/dev/null | wc -l` + NXDOMAIN=$(grep -E "^NXDOMAIN|NXDOMAINTC$" mdig.out-$1 2>/dev/null | wc -l) + SERVFAIL=$(grep -E "^SERVFAIL$" mdig.out-$1 2>/dev/null | wc -l) + NOERROR=$(grep -E "^NOERROR$" mdig.out-$1 2>/dev/null | wc -l) range $ADDRS "$3" 1 || setret "$ADDRS instead of $3 '$2' responses for $1" && @@ -153,10 +155,10 @@ ckstats () { LABEL="$1"; shift TYPE="$1"; shift EXPECTED="$1"; shift - C=`cat ns2/named.stats | + C=$(cat ns2/named.stats | sed -n -e "s/[ ]*\([0-9]*\).responses $TYPE for rate limits.*/\1/p" | - tail -1` - C=`expr 0$C + 0` + tail -1) + C=$((C)) range "$C" $EXPECTED 1 || setret "wrong $LABEL $TYPE statistics of $C instead of $EXPECTED" @@ -280,7 +282,7 @@ sleep 2 grep "min-table-size 1" broken.out > /dev/null || setret "min-table-size 0 was not changed to 1" if [ -f named.pid ]; then - kill `cat named.pid` + kill $(cat named.pid) setret "named should not have started, but did" fi diff --git a/bin/tests/system/rrsetorder/tests.sh b/bin/tests/system/rrsetorder/tests.sh index 524efd984f..cf8bbd12d3 100644 --- a/bin/tests/system/rrsetorder/tests.sh +++ b/bin/tests/system/rrsetorder/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat +short +nocookie" @@ -133,7 +135,7 @@ do match=0 for j in $GOOD_RANDOM do - eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1" + eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true" if [ $match -eq 1 ]; then break; fi done if [ $match -eq 0 ]; then ret=1; fi @@ -242,7 +244,7 @@ do match=0 for j in $GOOD_RANDOM do - eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1" + eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true" if [ $match -eq 1 ]; then break; fi done if [ $match -eq 0 ]; then ret=1; fi @@ -367,7 +369,7 @@ do match=0 for j in $GOOD_RANDOM do - eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1" + eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true" if [ $match -eq 1 ]; then break; fi done if [ $match -eq 0 ]; then ret=1; fi @@ -480,7 +482,7 @@ do match=0 for j in $GOOD_RANDOM do - eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1" + eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true" if [ $match -eq 1 ]; then break; fi done if [ $match -eq 0 ]; then ret=1; fi @@ -522,7 +524,7 @@ do match=0 for j in $GOOD_RANDOM do - eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1" + eval "diff dig.out.random reference.dig.out.random.good$j >/dev/null && match$j=1 match=1 || true" if [ $match -eq 1 ]; then break; fi done if [ $match -eq 0 ]; then ret=1; fi diff --git a/bin/tests/system/rsabigexponent/ns1/sign.sh b/bin/tests/system/rsabigexponent/ns1/sign.sh index 73804326b0..8a2f6b99b5 100755 --- a/bin/tests/system/rsabigexponent/ns1/sign.sh +++ b/bin/tests/system/rsabigexponent/ns1/sign.sh @@ -19,7 +19,7 @@ zonefile=root.db cp ../ns2/dsset-example.in dsset-example. -keyname=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone` +keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone) cat $infile $keyname.key > $zonefile diff --git a/bin/tests/system/rsabigexponent/ns2/sign.sh b/bin/tests/system/rsabigexponent/ns2/sign.sh index 88f4277966..53e2257e8d 100755 --- a/bin/tests/system/rsabigexponent/ns2/sign.sh +++ b/bin/tests/system/rsabigexponent/ns2/sign.sh @@ -20,7 +20,7 @@ outfile=example.db.bad for i in Xexample.+008+51650.key Xexample.+008+51650.private \ Xexample.+008+52810.key Xexample.+008+52810.private do - cp $i `echo $i | sed s/X/K/` + cp $i $(echo $i | sed s/X/K/) done $SIGNER -g -s 20000101000000 -e 20361231235959 -o $zone \ diff --git a/bin/tests/system/rsabigexponent/tests.sh b/bin/tests/system/rsabigexponent/tests.sh index ca7308a1ce..39ebd8a797 100644 --- a/bin/tests/system/rsabigexponent/tests.sh +++ b/bin/tests/system/rsabigexponent/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -25,7 +27,7 @@ do ret=0 $CHECKCONF $f > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done for f in conf/bad*.conf @@ -34,14 +36,14 @@ do ret=0 $CHECKCONF $f > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done echo_i "checking that RSA big exponent keys can't be loaded" ret=0 grep "out of range" ns2/signer.err > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that RSA big exponent signature can't validate" ret=0 @@ -50,7 +52,7 @@ $DIG $DIGOPTS a.example @10.53.0.3 > dig.out.ns3 || ret=1 grep "status: NOERROR" dig.out.ns2 > /dev/null || ret=1 grep "status: SERVFAIL" dig.out.ns3 > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/runtime/tests.sh b/bin/tests/system/runtime/tests.sh index ac29ee3869..6fd428ea6d 100644 --- a/bin/tests/system/runtime/tests.sh +++ b/bin/tests/system/runtime/tests.sh @@ -11,11 +11,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh -set -e - RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" NAMED_DEFAULT_ARGS="-m record -d 99 -g -U 4" @@ -225,8 +225,8 @@ n=$((n+1)) echo_i "verifying that named switches UID ($n)" if [ "$(id -u)" -eq 0 ]; then ret=0 - TEMP_NAMED_DIR=$(mktemp -d "$(pwd)/ns2/tmp.XXXXXXXX") - if [ "$?" -eq 0 ]; then + { TEMP_NAMED_DIR=$(mktemp -d "$(pwd)/ns2/tmp.XXXXXXXX"); rc=$?; } || true + if [ "$rc" -eq 0 ]; then copy_setports ns2/named-alt9.conf.in "${TEMP_NAMED_DIR}/named-alt9.conf" chown -R nobody: "${TEMP_NAMED_DIR}" chmod 0700 "${TEMP_NAMED_DIR}" diff --git a/bin/tests/system/serve-stale/tests.sh b/bin/tests/system/serve-stale/tests.sh index 810967fa46..d42e9b9687 100755 --- a/bin/tests/system/serve-stale/tests.sh +++ b/bin/tests/system/serve-stale/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" @@ -597,7 +599,7 @@ status=$((status+ret)) # Keep track of time so we can access these RRset later, when we expect them # to become ancient. -t1=`$PERL -e 'print time()'` +t1=$($PERL -e 'print time()') n=$((n+1)) echo_i "verify prime cache statistics (low max-stale-ttl) ($n)" @@ -693,11 +695,11 @@ status=$((status+ret)) if [ $ret != 0 ]; then echo_i "failed"; fi # Retrieve max-stale-ttl value. -interval_to_ancient=`grep 'max-stale-ttl' ns1/named3.conf.in | awk '{ print $2 }' | tr -d ';'` +interval_to_ancient=$(grep 'max-stale-ttl' ns1/named3.conf.in | awk '{ print $2 }' | tr -d ';') # We add 2 seconds to it since this is the ttl value of the records being # tested. interval_to_ancient=$((interval_to_ancient + 2)) -t2=`$PERL -e 'print time()'` +t2=$($PERL -e 'print time()') elapsed=$((t2 - t1)) # If elapsed time so far is less than max-stale-ttl + 2 seconds, then we sleep @@ -1134,7 +1136,7 @@ sleep 2 n=$((n+1)) echo_i "check notincache.example TXT times out (max-stale-ttl default) ($n)" ret=0 -$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 notfound.example TXT > dig.out.test$n 2>&1 +$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 notfound.example TXT > dig.out.test$n 2>&1 && ret=1 grep "timed out" dig.out.test$n > /dev/null || ret=1 grep ";; no servers could be reached" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -1373,11 +1375,11 @@ stop_server --use-rndc --port ${CONTROLPORT} ns4 # Load the cache as if it was five minutes (RBTDB_VIRTUAL) older. Since # max-stale-ttl defaults to a week, we need to adjust the date by one week and # five minutes. -LASTWEEK=`TZ=UTC perl -e 'my $now = time(); +LASTWEEK=$(TZ=UTC perl -e 'my $now = time(); my $oneWeekAgo = $now - 604800; my $fiveMinutesAgo = $oneWeekAgo - 300; my ($s, $m, $h, $d, $mo, $y) = (localtime($fiveMinutesAgo))[0, 1, 2, 3, 4, 5]; - printf("%04d%02d%02d%02d%02d%02d", $y+1900, $mo+1, $d, $h, $m, $s);'` + printf("%04d%02d%02d%02d%02d%02d", $y+1900, $mo+1, $d, $h, $m, $s);') echo_i "mock the cache date to $LASTWEEK (serve-stale answers disabled) ($n)" ret=0 @@ -1610,10 +1612,10 @@ stop_server --use-rndc --port ${CONTROLPORT} ns5 # Load the cache as if it was five minutes (RBTDB_VIRTUAL) older. cp ns5/named_dump.db.test$n ns5/named_dump.db -FIVEMINUTESAGO=`TZ=UTC perl -e 'my $now = time(); +FIVEMINUTESAGO=$(TZ=UTC perl -e 'my $now = time(); my $fiveMinutesAgo = 300; my ($s, $m, $h, $d, $mo, $y) = (localtime($fiveMinutesAgo))[0, 1, 2, 3, 4, 5]; - printf("%04d%02d%02d%02d%02d%02d", $y+1900, $mo+1, $d, $h, $m, $s);'` + printf("%04d%02d%02d%02d%02d%02d", $y+1900, $mo+1, $d, $h, $m, $s);') n=$((n+1)) echo_i "mock the cache date to $FIVEMINUTESAGO (serve-stale cache disabled) ($n)" @@ -1726,12 +1728,12 @@ sleep 2 nextpart ns3/named.run > /dev/null echo_i "sending queries for tests $((n+1))-$((n+3))..." -t1=`$PERL -e 'print time()'` +t1=$($PERL -e 'print time()') $DIG -p ${PORT} +tries=1 +timeout=11 @10.53.0.3 data.example TXT > dig.out.test$((n+1)) & $DIG -p ${PORT} +tries=1 +timeout=11 @10.53.0.3 nodata.example TXT > dig.out.test$((n+2)) & $DIG -p ${PORT} +tries=1 +timeout=11 @10.53.0.3 data.slow TXT > dig.out.test$((n+3)) & wait -t2=`$PERL -e 'print time()'` +t2=$($PERL -e 'print time()') # We configured a long value of 30 seconds for resolver-query-timeout. # That should give us enough time to receive an stale answer from cache @@ -1782,7 +1784,7 @@ echo_i "sending queries for tests $((n+2))-$((n+4))..." # the second RRSIG lookup triggers the issue in [GL #3622] $DIG -p ${PORT} +tries=1 +timeout=10 @10.53.0.3 longttl.example TXT > dig.out.test$((n+3)) & $DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 longttl.example RRSIG > dig.out.test$((n+4)) & -$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 longttl.example TXT > dig.out.test$((n+2)) +$DIG -p ${PORT} +tries=1 +timeout=3 @10.53.0.3 longttl.example TXT > dig.out.test$((n+2)) || true # Enable the authoritative name server after stale-answer-client-timeout. n=$((n+1)) @@ -2402,7 +2404,7 @@ burst() { num=${1} rm -f burst.input.$$ while [ $num -gt 0 ]; do - num=`expr $num - 1` + num=$((num - 1)) echo "fetch${num}.example A" >> burst.input.$$ done $PERL ../ditch.pl -p ${PORT} -s 10.53.0.3 burst.input.$$ diff --git a/bin/tests/system/sfcache/tests.sh b/bin/tests/system/sfcache/tests.sh index 7f57aa8214..d2aeee701f 100644 --- a/bin/tests/system/sfcache/tests.sh +++ b/bin/tests/system/sfcache/tests.sh @@ -11,11 +11,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh -set -e - status=0 n=0 diff --git a/bin/tests/system/smartsign/tests.sh b/bin/tests/system/smartsign/tests.sh index 9f953d09ca..1da21bf887 100644 --- a/bin/tests/system/smartsign/tests.sh +++ b/bin/tests/system/smartsign/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 diff --git a/bin/tests/system/sortlist/tests.sh b/bin/tests/system/sortlist/tests.sh index f55cf0abb0..894b022a5b 100644 --- a/bin/tests/system/sortlist/tests.sh +++ b/bin/tests/system/sortlist/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +noadd +nosea +nostat +noquest +noauth +nocomm +nocmd -p ${PORT}" diff --git a/bin/tests/system/spf/tests.sh b/bin/tests/system/spf/tests.sh index 54b3519998..07e6c1980d 100644 --- a/bin/tests/system/spf/tests.sh +++ b/bin/tests/system/spf/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh n=1 @@ -37,9 +39,9 @@ grep "'warn' found type SPF" ns1/named.run > /dev/null && ret=1 grep "zone nowarn/IN: loaded serial 0" ns1/named.run > /dev/null || ret=1 grep "'y.nowarn' found type SPF" ns1/named.run > /dev/null && ret=1 grep "'nowarn' found type SPF" ns1/named.run > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/staticstub/tests.sh b/bin/tests/system/staticstub/tests.sh index f8096d3a97..e0f578858a 100755 --- a/bin/tests/system/staticstub/tests.sh +++ b/bin/tests/system/staticstub/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -21,68 +23,68 @@ n=0 for conf in conf/good*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that $conf is accepted ($n)" ret=0 $CHECKCONF "$conf" || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done for conf in conf/bad*.conf do - n=`expr $n + 1` + n=$((n + 1)) echo_i "checking that $conf is rejected ($n)" ret=0 $CHECKCONF "$conf" >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) done -n=`expr $n + 1` +n=$((n + 1)) echo_i "trying an axfr that should be denied (NOTAUTH) ($n)" ret=0 $DIG $DIGOPTS +tcp data.example. @10.53.0.2 axfr > dig.out.ns2.test$n || ret=1 grep "; Transfer failed." dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "non recursive query for a static-stub zone with server name should be rejected ($n)" ret=0 $DIG $DIGOPTS +tcp +norec data.example. @10.53.0.2 txt > dig.out.ns2.test$n \ || ret=1 grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "non recursive query for a static-stub zone with server name should be rejected ($n)" ret=0 $DIG $DIGOPTS +tcp +norec data.example.org. @10.53.0.2 txt > dig.out.ns2.test$n \ || ret=1 grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "allow-query ACL ($n)" ret=0 $DIG $DIGOPTS +tcp +norec data.example. @10.53.0.2 txt -b 10.53.0.7 \ > dig.out.ns2.test$n || ret=1 grep "REFUSED" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "look for static-stub zone data with recursion (should be found) ($n)" ret=0 $DIG $DIGOPTS +tcp +noauth data.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 digcomp knowngood.dig.out.rec dig.out.ns2.test$n || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking authoritative NS is ignored for delegation ($n)" ret=0 # the auth server returns a different (and incorrect) NS for .example. @@ -92,9 +94,9 @@ grep "ns4.example." dig.out.ns2.test1.$n > /dev/null || ret=1 $DIG $DIGOPTS +tcp data2.example. @10.53.0.2 txt > dig.out.ns2.test2.$n || ret=1 grep "2nd test data" dig.out.ns2.test2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking queries for a child zone of the static-stub zone ($n)" ret=0 # prime the delegation to a child zone of the static-stub zone @@ -118,9 +120,9 @@ copy_setports ns3/named.conf.in tmp sed 's/EXAMPLE_ZONE_PLACEHOLDER/zone "example" { type primary; file "example.db.signed"; };/' tmp > ns3/named.conf rndc_reload ns3 10.53.0.3 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking authoritative NS addresses are ignored for delegation ($n)" ret=0 # the auth server returns a different (and incorrect) A/AAA RR for .example. @@ -135,29 +137,29 @@ rndc_reload ns2 10.53.0.2 $DIG $DIGOPTS +tcp data3.example. @10.53.0.2 txt > dig.out.ns2.test3.$n || ret=1 grep "3rd test data" dig.out.ns2.test3.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # the authoritative server of the query domain (example.com) is the apex # name of the static-stub zone (example). in this case the static-stub # configuration must be ignored and cached information must be used. -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking NS of static-stub is ignored when referenced from other domain ($n)" ret=0 $DIG $DIGOPTS +tcp data.example.com. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 grep "example com data" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # check server-names -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking static-stub with a server-name ($n)" ret=0 $DIG $DIGOPTS +tcp data.example.org. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 grep "example org data" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) # Note: for a short term workaround we use ::1, assuming it's configured and # usable for our tests. We should eventually use the test ULA and available # checks introduced in change 2916. @@ -168,31 +170,31 @@ then $DIG $DIGOPTS +tcp data.example.info. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 grep "example info data" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) else echo_i "SKIPPED: checking IPv6 static-stub address ($n)" fi -n=`expr $n + 1` +n=$((n + 1)) echo_i "look for static-stub zone data with DNSSEC validation ($n)" ret=0 $DIG $DIGOPTS +tcp +dnssec data4.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1 grep "4th test data" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "look for a child of static-stub zone data with DNSSEC validation ($n)" ret=0 $DIG $DIGOPTS +tcp +dnssec data3.sub.example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 grep "ad; QUERY" dig.out.ns2.test$n > /dev/null || ret=1 grep "3rd sub test data" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) # reload with a different name server: existing zone shouldn't be reused. -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking server reload with a different static-stub config ($n)" ret=0 copy_setports ns2/named.conf.in tmp @@ -201,9 +203,9 @@ rndc_reload ns2 10.53.0.2 $DIG $DIGOPTS +tcp data2.example.org. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1 grep "2nd example org data" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking static-stub of a undelegated tld resolves after DS query ($n)" ret=0 $DIG $DIGOPTS undelegated. @10.53.0.2 ds > dig.out.ns2.ds.test$n @@ -211,7 +213,7 @@ $DIG $DIGOPTS undelegated. @10.53.0.2 soa > dig.out.ns2.soa.test$n grep "status: NXDOMAIN" dig.out.ns2.ds.test$n > /dev/null || ret=1 grep "status: NOERROR" dig.out.ns2.soa.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/statistics/tests.sh b/bin/tests/system/statistics/tests.sh index a7af610115..af57b60e2c 100644 --- a/bin/tests/system/statistics/tests.sh +++ b/bin/tests/system/statistics/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGCMD="$DIG +tcp -p ${PORT}" @@ -21,6 +23,8 @@ status=0 ret=0 n=1 stats=0 +nsock0nstat=0 +nsock1nstat=0 rndc_stats() { _ns=$1 _ip=$2 @@ -36,35 +40,35 @@ rndc_stats() { echo_i "fetching a.example from ns2's initial configuration ($n)" $DIGCMD +noauth a.example. @10.53.0.2 any > dig.out.ns2.1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "dumping initial stats for ns2 ($n)" rndc_stats ns2 10.53.0.2 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "verifying adb records in named.stats ($n)" grep "ADB stats" $last_stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "checking for 1 entry in adb hash table in named.stats ($n)" grep "1 Addresses in hash table" $last_stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "verifying cache statistics in named.stats ($n)" grep "Cache Statistics" $last_stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "checking for 2 entries in adb hash table in named.stats ($n)" @@ -72,20 +76,20 @@ $DIGCMD a.example.info. @10.53.0.2 any > /dev/null 2>&1 rndc_stats ns2 10.53.0.2 || ret=1 grep "2 Addresses in hash table" $last_stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "dumping initial stats for ns3 ($n)" rndc_stats ns3 10.53.0.3 || ret=1 -nsock0nstat=`grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}'` -[ 0 -ne ${nsock0nstat:-0} ] || ret=1 +nsock0nstat=$(grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}') +[ 0 -ne ${nsock0nstat} ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "sending queries to ns3" -$DIGCMD +tries=2 +time=1 +recurse @10.53.0.3 foo.info. any > /dev/null 2>&1 +$DIGCMD +tries=2 +time=1 +recurse @10.53.0.3 foo.info. any > /dev/null 2>&1 || true ret=0 echo_i "dumping updated stats for ns3 ($n)" @@ -95,30 +99,30 @@ getstats() { } retry_quiet 5 getstats || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "verifying recursing clients output in named.stats ($n)" grep "2 recursing clients" $last_stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "verifying active fetches output in named.stats ($n)" grep "1 active fetches" $last_stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "verifying active sockets output in named.stats ($n)" -nsock1nstat=`grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}'` -[ `expr ${nsock1nstat:-0} - ${nsock0nstat:-0}` -eq 1 ] || ret=1 +nsock1nstat=$(grep "UDP/IPv4 sockets active" $last_stats | awk '{print $1}') +[ $((nsock1nstat - nsock0nstat)) -eq 1 ] || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) # there should be 1 UDP and no TCP queries. As the TCP counter is zero # no status line is emitted. @@ -127,22 +131,22 @@ echo_i "verifying queries in progress in named.stats ($n)" grep "1 UDP queries in progress" $last_stats > /dev/null || ret=1 grep "TCP queries in progress" $last_stats > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "verifying bucket size output ($n)" grep "bucket size" $last_stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "checking priming queries are counted ($n)" grep "priming queries" $last_stats > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "checking that zones with slash are properly shown in XML output ($n)" @@ -153,8 +157,8 @@ else echo_i "skipping test as libxml2 and/or curl was not found" fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "checking that zones return their type ($n)" @@ -165,8 +169,8 @@ else echo_i "skipping test as libxml2 and/or curl was not found" fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "checking bind9.xsl vs xml ($n)" @@ -223,8 +227,8 @@ else echo_i "skipping test as libxml2 and/or curl with HTTP/1.1 support and/or xsltproc was not found" fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) ret=0 echo_i "checking bind9.xml socket statistics ($n)" @@ -247,8 +251,8 @@ else echo_i "skipping test as libxml2 and/or stats.xml.out file and/or xsltproc was not found" fi if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "Check that 'zone-statistics full;' is processed by 'rndc reconfig' ($n)" ret=0 @@ -271,8 +275,8 @@ rndc_reconfig ns2 10.53.0.2 rndc_stats ns2 10.53.0.2 || ret=1 sed -n '/Per Zone Query Statistics/,/^++/p' $last_stats | grep -F '[example]' > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/statschannel/tests.sh b/bin/tests/system/statschannel/tests.sh index 6ce63923c1..d8e4a84a42 100644 --- a/bin/tests/system/statschannel/tests.sh +++ b/bin/tests/system/statschannel/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck source=conf.sh . ../conf.sh @@ -55,10 +57,9 @@ getzones() { json) path='json/v1/zones' ;; *) return 1 ;; esac - file=`$PERL fetch.pl -p ${EXTRAPORT1} $path` + file=$($PERL fetch.pl -p ${EXTRAPORT1} $path) cp $file $file.$1.$3 - $PERL zones-${1}.pl $file $2 2>/dev/null | sort > zones.out.$3 - result=$? + { $PERL zones-${1}.pl $file $2 2>/dev/null | sort > zones.out.$3; result=$?; } || true return $result } @@ -78,34 +79,34 @@ echo_i "checking consistency between named.stats and xml/json ($n)" rm -f ns2/named.stats $DIGCMD +tcp example ns > dig.out.$n || ret=1 $RNDCCMD 10.53.0.2 stats 2>&1 | sed 's/^/I:ns1 /' -query_count=`awk '/QUERY/ {print $1}' ns2/named.stats` -txt_count=`awk '/TXT/ {print $1}' ns2/named.stats` -noerror_count=`awk '/NOERROR/ {print $1}' ns2/named.stats` +query_count=$(awk '/QUERY/ {print $1}' ns2/named.stats) +txt_count=$(awk '/TXT/ {print $1}' ns2/named.stats) +noerror_count=$(awk '/NOERROR/ {print $1}' ns2/named.stats) if [ $PERL_XML ]; then - file=`$PERL fetch.pl -p ${EXTRAPORT1} xml/v3/server` + file=$($PERL fetch.pl -p ${EXTRAPORT1} xml/v3/server) mv $file xml.stats $PERL server-xml.pl > xml.fmtstats 2> /dev/null - xml_query_count=`awk '/opcode QUERY/ { print $NF }' xml.fmtstats` + xml_query_count=$(awk '/opcode QUERY/ { print $NF }' xml.fmtstats) xml_query_count=${xml_query_count:-0} [ "$query_count" -eq "$xml_query_count" ] || ret=1 - xml_txt_count=`awk '/qtype TXT/ { print $NF }' xml.fmtstats` + xml_txt_count=$(awk '/qtype TXT/ { print $NF }' xml.fmtstats) xml_txt_count=${xml_txt_count:-0} [ "$txt_count" -eq "$xml_txt_count" ] || ret=1 - xml_noerror_count=`awk '/rcode NOERROR/ { print $NF }' xml.fmtstats` + xml_noerror_count=$(awk '/rcode NOERROR/ { print $NF }' xml.fmtstats) xml_noerror_count=${xml_noerror_count:-0} [ "$noerror_count" -eq "$xml_noerror_count" ] || ret=1 fi if [ $PERL_JSON ]; then - file=`$PERL fetch.pl -p ${EXTRAPORT1} json/v1/server` + file=$($PERL fetch.pl -p ${EXTRAPORT1} json/v1/server) mv $file json.stats $PERL server-json.pl > json.fmtstats 2> /dev/null - json_query_count=`awk '/opcode QUERY/ { print $NF }' json.fmtstats` + json_query_count=$(awk '/opcode QUERY/ { print $NF }' json.fmtstats) json_query_count=${json_query_count:-0} [ "$query_count" -eq "$json_query_count" ] || ret=1 - json_txt_count=`awk '/qtype TXT/ { print $NF }' json.fmtstats` + json_txt_count=$(awk '/qtype TXT/ { print $NF }' json.fmtstats) json_txt_count=${json_txt_count:-0} [ "$txt_count" -eq "$json_txt_count" ] || ret=1 - json_noerror_count=`awk '/rcode NOERROR/ { print $NF }' json.fmtstats` + json_noerror_count=$(awk '/rcode NOERROR/ { print $NF }' json.fmtstats) json_noerror_count=${json_noerror_count:-0} [ "$noerror_count" -eq "$json_noerror_count" ] || ret=1 fi @@ -116,7 +117,7 @@ n=$((n + 1)) ret=0 echo_i "checking malloced memory statistics xml/json ($n)" if [ $PERL_XML ]; then - file=`$PERL fetch.pl -p ${EXTRAPORT1} xml/v3/mem` + file=$($PERL fetch.pl -p ${EXTRAPORT1} xml/v3/mem) mv $file xml.mem $PERL mem-xml.pl $file > xml.fmtmem grep "'Malloced' => '[0-9][0-9]*'" xml.fmtmem > /dev/null || ret=1 @@ -124,7 +125,7 @@ if [ $PERL_XML ]; then grep "'maxmalloced' => '[0-9][0-9]*'" xml.fmtmem > /dev/null || ret=1 fi if [ $PERL_JSON ]; then - file=`$PERL fetch.pl -p ${EXTRAPORT1} json/v1/mem` + file=$($PERL fetch.pl -p ${EXTRAPORT1} json/v1/mem) mv $file json.mem grep '"malloced":[0-9][0-9]*,' json.mem > /dev/null || ret=1 grep '"maxmalloced":[0-9][0-9]*,' json.mem > /dev/null || ret=1 @@ -169,10 +170,10 @@ ret=0 echo_i "checking if compressed output is really compressed ($n)" if $FEATURETEST --with-zlib; then - REGSIZE=`cat regular.headers | \ - grep -i Content-Length | sed -e "s/.*: \([0-9]*\).*/\1/"` - COMPSIZE=`cat compressed.headers | \ - grep -i Content-Length | sed -e "s/.*: \([0-9]*\).*/\1/"` + REGSIZE=$(cat regular.headers | \ + grep -i Content-Length | sed -e "s/.*: \([0-9]*\).*/\1/") + COMPSIZE=$(cat compressed.headers | \ + grep -i Content-Length | sed -e "s/.*: \([0-9]*\).*/\1/") if [ ! $((REGSIZE / COMPSIZE)) -gt 2 ]; then ret=1 fi @@ -187,8 +188,8 @@ n=$((n + 1)) zone="dnssec" sign_prefix="dnssec-sign operations" refresh_prefix="dnssec-refresh operations" -ksk_id=`cat ns2/$zone.ksk.id` -zsk_id=`cat ns2/$zone.zsk.id` +ksk_id=$(cat ns2/$zone.ksk.id) +zsk_id=$(cat ns2/$zone.zsk.id) # Test sign operations for scheduled resigning. ret=0 @@ -275,12 +276,12 @@ n=$((n + 1)) # Test sign operations for scheduled resigning (many keys). ret=0 zone="manykeys" -ksk8_id=`cat ns2/$zone.ksk8.id` -zsk8_id=`cat ns2/$zone.zsk8.id` -ksk13_id=`cat ns2/$zone.ksk13.id` -zsk13_id=`cat ns2/$zone.zsk13.id` -ksk14_id=`cat ns2/$zone.ksk14.id` -zsk14_id=`cat ns2/$zone.zsk14.id` +ksk8_id=$(cat ns2/$zone.ksk8.id) +zsk8_id=$(cat ns2/$zone.zsk8.id) +ksk13_id=$(cat ns2/$zone.ksk13.id) +zsk13_id=$(cat ns2/$zone.zsk13.id) +ksk14_id=$(cat ns2/$zone.ksk14.id) +zsk14_id=$(cat ns2/$zone.zsk14.id) # The dnssec zone has 10 RRsets to sign (including NSEC) with the ZSKs and one # RRset (DNSKEY) with the KSKs. So starting named with signatures that expire # almost right away, this should trigger 10 zsk and 1 ksk sign operations per @@ -395,7 +396,7 @@ EOF lines=$(grep -c "^&1` -checkfail +{ out=$($NSEC3HASH 00 1 0 2>&1); rc=$?; } || true +checkfail $rc echo_i "checking $NSEC3HASH extra args" -out=`$NSEC3HASH 00 1 0 two names 2>&1` -checkfail +{ out=$($NSEC3HASH 00 1 0 two names 2>&1); rc=$?; } || true +checkfail $rc echo_i "checking $NSEC3HASH bad option" -out=`$NSEC3HASH -? 2>&1` -checkfail +{ out=$($NSEC3HASH -? 2>&1); rc=$?; } || true +checkfail $rc echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/transport-acl/tests.sh b/bin/tests/system/transport-acl/tests.sh index 24a30c9168..9bed02b6f1 100644 --- a/bin/tests/system/transport-acl/tests.sh +++ b/bin/tests/system/transport-acl/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + # shellcheck disable=SC1091 . ../conf.sh diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh index 9791283778..68c5b6dc2a 100644 --- a/bin/tests/system/tsig/tests.sh +++ b/bin/tests/system/tsig/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh index e13b312e0a..37b80fdf11 100644 --- a/bin/tests/system/tsiggss/setup.sh +++ b/bin/tests/system/tsiggss/setup.sh @@ -17,5 +17,5 @@ $SHELL clean.sh copy_setports ns1/named.conf.in ns1/named.conf -key=`$KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.` +key=$($KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.) cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db diff --git a/bin/tests/system/tsiggss/tests.sh b/bin/tests/system/tsiggss/tests.sh index ee592bb470..97cc7bb302 100644 --- a/bin/tests/system/tsiggss/tests.sh +++ b/bin/tests/system/tsiggss/tests.sh @@ -13,6 +13,8 @@ # tests for TSIG-GSS updates +set -e + . ../conf.sh status=0 @@ -41,7 +43,7 @@ EOF } # Verify that TKEY response is signed. - tkeyout=`awk '/recvmsg reply from GSS-TSIG query/,/Sending update to/' nsupdate.out${num}` + tkeyout=$(awk '/recvmsg reply from GSS-TSIG query/,/Sending update to/' nsupdate.out${num}) pattern="recvmsg reply from GSS-TSIG query .* opcode: QUERY, status: NOERROR, id: .* flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;.* ANY TKEY ;; ANSWER SECTION: .* 0 ANY TKEY gss-tsig\. .* ;; TSIG PSEUDOSECTION: .* 0 ANY TSIG gss-tsig\. .* NOERROR 0" echo $tkeyout | grep "$pattern" > /dev/null || { echo_i "bad tkey response (not tsig signed)" @@ -54,8 +56,8 @@ EOF return 1 } - out=`$DIG $DIGOPTS -t $type -q $host | grep -E "^${host}"` - lines=`echo "$out" | grep "$digout" | wc -l` + out=$($DIG $DIGOPTS -t $type -q $host | grep -E "^${host}") + lines=$(echo "$out" | grep "$digout" | wc -l) [ $lines -eq 1 ] || { echo_i "dig output incorrect for $host $type $cmd: $out" return 1 @@ -65,7 +67,7 @@ EOF # Testing updates with good credentials. -KRB5CCNAME="FILE:"`pwd`/ns1/administrator.ccache +KRB5CCNAME="FILE:"$(pwd)/ns1/administrator.ccache export KRB5CCNAME echo_i "testing updates to testdc1 as administrator ($n)" @@ -91,7 +93,7 @@ status=$((status+ret)) # Testing denied updates. -KRB5CCNAME="FILE:"`pwd`/ns1/testdenied.ccache +KRB5CCNAME="FILE:"$(pwd)/ns1/testdenied.ccache export KRB5CCNAME echo_i "testing updates to denied (A) as a user ($n)" @@ -139,7 +141,7 @@ zone example.nil update add fred.example.nil 120 cname foo.bar. send END -output=`$DIG $DIGOPTS +short cname fred.example.nil.` +output=$($DIG $DIGOPTS +short cname fred.example.nil.) [ -n "$output" ] || ret=1 [ $ret -eq 0 ] || echo_i "failed" n=$((n+1)) @@ -170,7 +172,7 @@ status=$((status+ret)) [ $status -eq 0 ] && echo_i "tsiggss tests all OK" -kill `cat authsock.pid` +kill $(cat authsock.pid) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/unknown/tests.sh b/bin/tests/system/unknown/tests.sh index 421fac66ef..f52b50e8e5 100644 --- a/bin/tests/system/unknown/tests.sh +++ b/bin/tests/system/unknown/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -34,7 +36,7 @@ do then echo_i "#$i failed" fi - status=`expr $status + $ret` + status=$((status + ret)) done n=$((n+1)) @@ -48,7 +50,7 @@ do then echo_i "#$i failed" fi - status=`expr $status + $ret` + status=$((status + ret)) done n=$((n+1)) @@ -62,7 +64,7 @@ do then echo_i "#$i failed" fi - status=`expr $status + $ret` + status=$((status + ret)) done n=$((n+1)) @@ -71,7 +73,7 @@ ret=0 dig_cmd +short @10.53.0.1 null.example null in > dig.out.test$n echo '\# 1 00' | diff - dig.out.test$n || ret=1 [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) n=$((n+1)) echo_i "querying for empty NULL record ($n)" @@ -79,7 +81,7 @@ ret=0 dig_cmd +short @10.53.0.1 empty.example null in > dig.out.test$n echo '\# 0' | diff - dig.out.test$n || ret=1 [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) n=$((n+1)) echo_i "querying for various representations of a CLASS10 TYPE1 record ($n)" @@ -92,7 +94,7 @@ do then echo_i "#$i failed" fi - status=`expr $status + $ret` + status=$((status + ret)) done n=$((n+1)) @@ -106,7 +108,7 @@ do then echo_i "#$i failed" fi - status=`expr $status + $ret` + status=$((status + ret)) done n=$((n+1)) @@ -120,7 +122,7 @@ do then echo_i "#$i failed" fi - status=`expr $status + $ret` + status=$((status + ret)) done n=$((n+1)) @@ -134,7 +136,7 @@ do then echo_i "#$i failed" fi - status=`expr $status + $ret` + status=$((status + ret)) done n=$((n+1)) @@ -147,7 +149,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do sleep 1 done [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) n=$((n+1)) echo_i "checking large unknown record loading on secondary ($n)" @@ -159,7 +161,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do sleep 1 done [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "stop and restart secondary" stop_server ns2 @@ -177,7 +179,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do sleep 1 done [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) n=$((n+1)) echo_i "checking large unknown record loading on inline secondary ($n)" @@ -185,7 +187,7 @@ ret=0 dig_cmd @10.53.0.3 +tcp +short large.example TYPE45234 > dig.out.test$n diff large.out dig.out.test$n > /dev/null || { ret=1 ; echo_i "diff failed"; } [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "stop and restart inline secondary" stop_server ns3 @@ -203,7 +205,7 @@ for try in 0 1 2 3 4 5 6 7 8 9; do sleep 1 done [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) n=$((n+1)) echo_i "check that '"'"\\#"'"' is not treated as the unknown escape sequence ($n)" @@ -211,7 +213,7 @@ ret=0 dig_cmd @10.53.0.1 +tcp +short txt8.example txt > dig.out.test$n echo '"#" "2" "0145"' | diff - dig.out.test$n || ret=1 [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) n=$((n+1)) echo_i "check that 'TXT \# text' is not treated as the unknown escape sequence ($n)" @@ -219,15 +221,15 @@ ret=0 dig_cmd @10.53.0.1 +tcp +short txt9.example txt > dig.out.test$n echo '"#" "text"' | diff - dig.out.test$n || ret=1 [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) n=$((n+1)) echo_i "check that 'TYPE353 \# cat' produces 'not a valid number' ($n)" ret=0 -$CHECKZONE nan.bad zones/nan.bad > check.out 2>&1 +$CHECKZONE nan.bad zones/nan.bad > check.out 2>&1 && ret=1 grep "not a valid number" check.out > /dev/null || ret=1 [ $ret = 0 ] || echo_i "failed" -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh index bc95aa42ab..9b49fbdfb2 100644 --- a/bin/tests/system/upforwd/tests.sh +++ b/bin/tests/system/upforwd/tests.sh @@ -15,6 +15,8 @@ # ns2 = secondary with update forwarding disabled; not currently used # ns3 = secondary with update forwarding enabled +set -e + . ../conf.sh DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" @@ -48,35 +50,35 @@ do test $ret = 0 && break sleep 1 done -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "fetching primary copy of zone before update ($n)" ret=0 $DIG $DIGOPTS example.\ @10.53.0.1 axfr > dig.out.ns1 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "fetching secondary 1 copy of zone before update ($n)" $DIG $DIGOPTS example.\ @10.53.0.2 axfr > dig.out.ns2 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "fetching secondary 2 copy of zone before update ($n)" ret=0 $DIG $DIGOPTS example.\ @10.53.0.3 axfr > dig.out.ns3 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "comparing pre-update copies to known good data ($n)" ret=0 digcomp knowngood.before dig.out.ns1 || ret=1 digcomp knowngood.before dig.out.ns2 || ret=1 digcomp knowngood.before dig.out.ns3 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi echo_i "updating zone (signed) ($n)" ret=0 @@ -87,8 +89,8 @@ update add updated.example. 600 A 10.10.10.1 update add updated.example. 600 TXT Foo send EOF -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "sleeping 15 seconds for server to incorporate changes" sleep 15 @@ -97,34 +99,34 @@ echo_i "fetching primary copy of zone after update ($n)" ret=0 $DIG $DIGOPTS example.\ @10.53.0.1 axfr > dig.out.ns1 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "fetching secondary 1 copy of zone after update ($n)" ret=0 $DIG $DIGOPTS example.\ @10.53.0.2 axfr > dig.out.ns2 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi echo_i "fetching secondary 2 copy of zone after update ($n)" ret=0 $DIG $DIGOPTS example.\ @10.53.0.3 axfr > dig.out.ns3 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "comparing post-update copies to known good data ($n)" ret=0 digcomp knowngood.after1 dig.out.ns1 || ret=1 digcomp knowngood.after1 dig.out.ns2 || ret=1 digcomp knowngood.after1 dig.out.ns3 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi echo_i "checking 'forwarding update for zone' is logged ($n)" ret=0 grep "forwarding update for zone 'example/IN'" ns3/named.run > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) if $FEATURETEST --enable-dnstap then @@ -133,8 +135,8 @@ then capture_dnstap uq_equals_ur || ret=1 if [ $ret != 0 ] ; then echo_i "failed"; fi - status=`expr $status + $ret` - n=`expr $n + 1` + status=$((status + ret)) + n=$((n + 1)) fi echo_i "updating zone (unsigned) ($n)" @@ -146,8 +148,8 @@ update add unsigned.example. 600 A 10.10.10.1 update add unsigned.example. 600 TXT Foo send EOF -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "sleeping 15 seconds for server to incorporate changes" sleep 15 @@ -156,27 +158,27 @@ echo_i "fetching primary copy of zone after update ($n)" ret=0 $DIG $DIGOPTS example.\ @10.53.0.1 axfr > dig.out.ns1 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi echo_i "fetching secondary 1 copy of zone after update ($n)" ret=0 $DIG $DIGOPTS example.\ @10.53.0.2 axfr > dig.out.ns2 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "fetching secondary 2 copy of zone after update ($n)" ret=0 $DIG $DIGOPTS example.\ @10.53.0.3 axfr > dig.out.ns3 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi echo_i "comparing post-update copies to known good data ($n)" ret=0 digcomp knowngood.after2 dig.out.ns1 || ret=1 digcomp knowngood.after2 dig.out.ns2 || ret=1 digcomp knowngood.after2 dig.out.ns3 || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi if $FEATURETEST --enable-dnstap then @@ -185,16 +187,16 @@ then capture_dnstap uq_equals_ur || ret=1 if [ $ret != 0 ] ; then echo_i "failed"; fi - status=`expr $status + $ret` - n=`expr $n + 1` + status=$((status + ret)) + n=$((n + 1)) fi -n=`expr $n + 1` +n=$((n + 1)) if test -f keyname then echo_i "checking update forwarding to with sig0 ($n)" ret=0 - keyname=`cat keyname` + keyname=$(cat keyname) $NSUPDATE -k $keyname.private -- - < dig.out.ns1.test$n grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ] ; then echo_i "failed"; fi - status=`expr $status + $ret` - n=`expr $n + 1` + status=$((status + ret)) + n=$((n + 1)) if $FEATURETEST --enable-dnstap then @@ -216,8 +218,8 @@ EOF capture_dnstap uq_equals_ur || ret=1 if [ $ret != 0 ] ; then echo_i "failed"; fi - status=`expr $status + $ret` - n=`expr $n + 1` + status=$((status + ret)) + n=$((n + 1)) fi fi @@ -231,10 +233,10 @@ ret=0 update add another.unsigned.example. 600 TXT Bar send EOF -} > nsupdate.out.$n 2>&1 +} > nsupdate.out.$n 2>&1 && ret=1 grep REFUSED nsupdate.out.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) echo_i "checking update forwarding to dead primary ($n)" count=0 @@ -253,10 +255,10 @@ EOF ) > /dev/null 2>&1 & $DIG -p ${PORT} +noadd +notcp +noauth noprimary. @10.53.0.3 soa > dig.out.ns3 || ret=1 grep "status: NOERROR" dig.out.ns3 > /dev/null || ret=1 - count=`expr $count + 1` + count=$((count + 1)) done -if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi -n=`expr $n + 1` +if [ $ret != 0 ] ; then echo_i "failed"; status=$((status + ret)); fi +n=$((n + 1)) if $FEATURETEST --enable-dnstap then @@ -265,8 +267,8 @@ then capture_dnstap uq_equals_ur && ret=1 if [ $ret != 0 ] ; then echo_i "failed"; fi - status=`expr $status + $ret` - n=`expr $n + 1` + status=$((status + ret)) + n=$((n + 1)) fi n=$((n + 1)) diff --git a/bin/tests/system/verify/tests.sh b/bin/tests/system/verify/tests.sh index 1ced3a37a3..d40780a236 100644 --- a/bin/tests/system/verify/tests.sh +++ b/bin/tests/system/verify/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh failed () { cat verify.out.$n | sed 's/^/D:/'; @@ -23,8 +25,8 @@ status=0 for file in zones/*.good do - n=`expr $n + 1` - zone=`expr "$file" : 'zones/\(.*\).good'` + n=$((n + 1)) + zone=$(expr "$file" : 'zones/\(.*\).good') echo_i "checking supposedly good zone: $zone ($n)" ret=0 case $zone in @@ -38,8 +40,8 @@ done for file in zones/*.bad do - n=`expr $n + 1` - zone=`expr "$file" : 'zones/\(.*\).bad'` + n=$((n + 1)) + zone=$(expr "$file" : 'zones/\(.*\).bad') echo_i "checking supposedly bad zone: $zone ($n)" ret=0 dumpit=0 @@ -90,7 +92,7 @@ do [ $dumpit = 1 ] && cat verify.out.$n done -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking error message when -o is not used and a SOA record not at top of zone is found ($n)" ret=0 # When -o is not used, origin is set to zone file name, which should cause an error in this case @@ -99,7 +101,7 @@ grep "not at top of zone" verify.out.$n > /dev/null || ret=1 grep "use -o to specify a different zone origin" verify.out.$n > /dev/null || ret=1 [ $ret = 0 ] || failed -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking error message when an invalid -o is specified and a SOA record not at top of zone is found ($n)" ret=0 $VERIFY -o invalid.origin zones/ksk+zsk.nsec.good > verify.out.$n 2>&1 && ret=1 diff --git a/bin/tests/system/wildcard/tests.sh b/bin/tests/system/wildcard/tests.sh index d2e0bac8c0..b956874aa5 100644 --- a/bin/tests/system/wildcard/tests.sh +++ b/bin/tests/system/wildcard/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh status=0 @@ -20,41 +22,41 @@ rm -f dig.out.* DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC wildcard non-existence proof is returned auth ($n)" ret=0 $DIG $DIGOPTS a b.wild.nsec +norec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC wildcard non-existence proof is returned non-validating ($n)" ret=0 $DIG $DIGOPTS a b.wild.nsec @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns2.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC wildcard non-existence proof is returned validating ($n)" ret=0 $DIG $DIGOPTS a b.wild.nsec @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns3.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC wildcard non-existence proof is returned validating + CD ($n)" ret=0 $DIG $DIGOPTS +cd a b.wild.nsec @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns5.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns5.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` -n=`expr $n + 1` +status=$((status + ret)) +n=$((n + 1)) echo_i "checking that returned NSEC wildcard non-existence proof validates ($n)" ret=0 @@ -62,91 +64,91 @@ $DIG $DIGOPTS a b.wild.nsec @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns4.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC wildcard non-existence proof is returned private, validating ($n)" ret=0 $DIG $DIGOPTS a b.wild.private.nsec @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep -i 'a\.wild\.private\.nsec\..*NSEC.*private\.nsec\..*NSEC' dig.out.ns3.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that returned NSEC wildcard non-existence proof for private zone validates ($n)" ret=0 $DIG $DIGOPTS a b.wild.private.nsec @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep -i 'a\.wild\.private\.nsec\..*NSEC.*private\.nsec\..*NSEC' dig.out.ns4.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC3 wildcard non-existence proof is returned auth ($n)" ret=0 $DIG $DIGOPTS a b.wild.nsec3 +norec @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC3 wildcard non-existence proof is returned non-validating ($n)" ret=0 $DIG $DIGOPTS a b.wild.nsec3 @10.53.0.2 > dig.out.ns2.test$n || ret=1 grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns2.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns2.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC3 wildcard non-existence proof is returned validating ($n)" ret=0 $DIG $DIGOPTS a b.wild.nsec3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns3.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC3 wildcard non-existence proof is returned validating + CD ($n)" ret=0 $DIG $DIGOPTS +cd a b.wild.nsec3 @10.53.0.5 > dig.out.ns5.test$n || ret=1 grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns5.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns5.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that returned NSEC3 wildcard non-existence proof validates ($n)" ret=0 $DIG $DIGOPTS a b.wild.nsec3 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns4.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that NSEC3 wildcard non-existence proof is returned private, validating ($n)" ret=0 $DIG $DIGOPTS a b.wild.private.nsec3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 grep -i 'UDBSP4R8OUOT6HSO39VD8B5LMOSHRD5N\.private\.nsec3\..*NSEC3.*ASDRUIB7GO00OR92S5OUGI404LT27RNU' dig.out.ns3.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking that returned NSEC3 wildcard non-existence proof for private zone validates ($n)" ret=0 $DIG $DIGOPTS a b.wild.private.nsec3 @10.53.0.4 > dig.out.ns4.test$n || ret=1 grep -i 'UDBSP4R8OUOT6HSO39VD8B5LMOSHRD5N\.private\.nsec3\..*NSEC3.*ASDRUIB7GO00OR92S5OUGI404LT27RNU' dig.out.ns4.test$n > /dev/null || ret=1 grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking RFC 4592 responses ..." -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: host3.example. QTYPE=MX, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 host3.example. MX IN > dig.out.ns1.test$n || ret=1 @@ -154,18 +156,18 @@ grep '^host3.example..*IN.MX.10 host1.example.' dig.out.ns1.test$n > /dev/null | grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: host3.example. QTYPE=A, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 host3.example. A IN > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: foo.bar.example. QTYPE=TXT, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 foo.bar.example TXT IN > dig.out.ns1.test$n || ret=1 @@ -173,45 +175,45 @@ grep '^foo.bar.example..*IN.TXT."this is a wildcard"' dig.out.ns1.test$n > /dev/ grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: host1.example. QTYPE=MX, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 host1.example MX IN > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: host1.example. QTYPE=MX, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 host1.example MX IN > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: sub.*.example. QTYPE=MX, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 "sub.*.example." MX IN > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: _telnet._tcp.host1.example. QTYPE=SRV, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 _telnet._tcp.host1.example. SRV IN > dig.out.ns1.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: host.subdel.example. QTYPE=A, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 host.subdel.example A IN > dig.out.ns1.test$n || ret=1 @@ -221,33 +223,33 @@ grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1 grep "subdel.example..*IN.NS.ns.example.com." dig.out.ns1.test$n > /dev/null || ret=1 grep "subdel.example..*IN.NS.ns.example.net." dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: ghost.*.example. QTYPE=MX, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 "ghost.*.example" MX IN > dig.out.ns1.test$n || ret=1 grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "checking RFC 4592: _foo._udp.bar.example. QTYPE=SRV, QCLASS=IN ($n)" ret=0 $DIG $DIGOPTS @10.53.0.1 "_foo._udp.bar.example" SRV IN > dig.out.ns1.test$n || ret=1 grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) -n=`expr $n + 1` +n=$((n + 1)) echo_i "check wild card expansions by code point ($n)" ret=0 i=0 while test $i -lt 256 do - x=`expr 00$i : '.*\(...\)$'` + x=$(expr 00$i : '.*\(...\)$' || true) $DIG $DIGOPTS @10.53.0.1 "\\$x.example" TXT > dig.out.ns1.$x.test$n if test $i -le 32 -o $i -ge 127 then @@ -271,10 +273,10 @@ do else grep '^\\' dig.out.ns1.$x.test$n && { echo_i "code point $x failed" ; ret=1; } fi - i=`expr $i + 1` + i=$((i + 1)) done if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh index ecdfc49c1f..f012d8b3ff 100755 --- a/bin/tests/system/xfer/tests.sh +++ b/bin/tests/system/xfer/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" @@ -254,7 +256,7 @@ status=$((status+tmp)) n=$((n+1)) echo_i "check that a multi-message uncompressable zone transfers ($n)" $DIG axfr . -p ${PORT} @10.53.0.4 | grep SOA > axfr.out -if test `wc -l < axfr.out` != 2 +if test $(wc -l < axfr.out) != 2 then echo_i "failed" status=$((status+1)) @@ -468,7 +470,7 @@ $RNDCCMD 10.53.0.7 refresh edns-expire 2>&1 | sed 's/^/ns7 /' | cat_i sleep 10 # there may be multiple log entries so get the last one. -expire=`awk '/edns-expire\/IN: got EDNS EXPIRE of/ { x=$9 } END { print x }' ns7/named.run` +expire=$(awk '/edns-expire\/IN: got EDNS EXPIRE of/ { x=$9 } END { print x }' ns7/named.run) test ${expire:-0} -gt 0 -a ${expire:-0} -lt 1814400 || { echo_i "failed (expire=${expire:-0})" status=$((status+1)) @@ -479,13 +481,13 @@ echo_i "test smaller transfer TCP message size ($n)" $DIG $DIGOPTS example. @10.53.0.8 axfr \ -y key1.:1234abcd8765 > dig.out.msgsize.test$n || status=1 -bytes=`wc -c < dig.out.msgsize.test$n` +bytes=$(wc -c < dig.out.msgsize.test$n) if [ $bytes -ne 459357 ]; then echo_i "failed axfr size check" status=$((status+1)) fi -num_messages=`cat ns8/named.run | grep "sending TCP message of" | wc -l` +num_messages=$(cat ns8/named.run | grep "sending TCP message of" | wc -l) if [ $num_messages -le 300 ]; then echo_i "failed transfer message count check" status=$((status+1)) @@ -607,12 +609,12 @@ stop_server ns1 copy_setports ns1/named3.conf.in ns1/named.conf start_server --noclean --restart --port ${PORT} ns1 -- "-D xfer-ns1 $NS_PARAMS -T transferinsecs -T transferstuck" sleep 1 -start=`date +%s` +start=$(date +%s) $RNDCCMD 10.53.0.6 retransfer axfr-max-idle-time 2>&1 | sed 's/^/ns6 /' | cat_i tmp=0 retry_quiet 60 wait_for_message "maximum idle time exceeded: timed out" || tmp=1 if [ $tmp -eq 0 ]; then - now=`date +%s` + now=$(date +%s) diff=$((now - start)) # we expect a timeout in 50 seconds test $diff -lt 50 && tmp=1 diff --git a/bin/tests/system/xferquota/tests.sh b/bin/tests/system/xferquota/tests.sh index e0869aff90..46dfba0539 100755 --- a/bin/tests/system/xferquota/tests.sh +++ b/bin/tests/system/xferquota/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}" @@ -26,16 +28,16 @@ while [ $count != 300 ]; do if [ $ticks = 1 ]; then echo_i "Changing test zone..." cp -f ns1/changing2.db ns1/changing.db - kill -HUP `cat ns1/named.pid` + kill -HUP $(cat ns1/named.pid) fi sleep 1 - ticks=`expr $ticks + 1` - seconds=`expr $ticks \* 1` + ticks=$((ticks + 1)) + seconds=$((ticks * 1)) if [ $ticks = 360 ]; then echo_i "Took too long to load zones" exit 1 fi - count=`cat ns2/zone*.bk | grep xyzzy | wc -l` + count=$(cat ns2/zone*.bk | grep xyzzy | wc -l) echo_i "Have $count zones up in $seconds seconds" done diff --git a/bin/tests/system/zero/tests.sh b/bin/tests/system/zero/tests.sh index 035447b4c8..f5e2038815 100644 --- a/bin/tests/system/zero/tests.sh +++ b/bin/tests/system/zero/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + #shellcheck source=conf.sh . ../conf.sh @@ -48,7 +50,7 @@ do (dig_with_opts -d +qr @10.53.0.3 -f query.list > "dig.out$i.6.test$n" 2>&1) & pid6="$!" retry_quiet "$timeout" wait_for_pid "$pid1" "$pid2" "$pid3" "$pid4" "$pid5" "$pid6" || { echo_i "wait_for_pid failed"; ret=1; } - kill -TERM "$pid1" "$pid2" "$pid3" "$pid4" "$pid5" "$pid6" 2>/dev/null + kill -TERM "$pid1" "$pid2" "$pid3" "$pid4" "$pid5" "$pid6" 2>/dev/null || true wait "$pid1" || { echo_i "wait $pid1 (dig.out$i.1.test$n) failed with $?"; ret=1; } wait "$pid2" || { echo_i "wait $pid2 (dig.out$i.2.test$n) failed with $?"; ret=1; } diff --git a/bin/tests/system/zonechecks/tests.sh b/bin/tests/system/zonechecks/tests.sh index 59b41ccbc1..958bfed99a 100644 --- a/bin/tests/system/zonechecks/tests.sh +++ b/bin/tests/system/zonechecks/tests.sh @@ -11,6 +11,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + . ../conf.sh DIGOPTS="-p ${PORT}" @@ -22,13 +24,13 @@ status=0 echo_i "checking that we detect a NS which refers to a CNAME" if $CHECKZONE . cname.db > cname.out 2>&1 then - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) else if grep "is a CNAME" cname.out > /dev/null then : else - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) fi fi @@ -36,13 +38,13 @@ fi echo_i "checking that we detect a NS which is below a DNAME" if $CHECKZONE . dname.db > dname.out 2>&1 then - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) else if grep "is below a DNAME" dname.out > /dev/null then : else - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) fi fi @@ -50,13 +52,13 @@ fi echo_i "checking that we detect a NS which has no address records (A/AAAA)" if $CHECKZONE . noaddress.db > noaddress.out then - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) else if grep "has no address records" noaddress.out > /dev/null then : else - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) fi fi @@ -64,13 +66,13 @@ fi echo_i "checking that we detect a NS which has no records" if $CHECKZONE . nxdomain.db > nxdomain.out then - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) else if grep "has no address records" noaddress.out > /dev/null then : else - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) fi fi @@ -78,13 +80,13 @@ fi echo_i "checking that we detect a NS which looks like a A record (fail)" if $CHECKZONE -n fail . a.db > a.out 2>&1 then - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) else if grep "appears to be an address" a.out > /dev/null then : else - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) fi fi @@ -96,10 +98,10 @@ then then : else - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) fi else - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) fi # @@ -108,25 +110,25 @@ if $CHECKZONE -n ignore . a.db > a.out 2>&1 then if grep "appears to be an address" a.out > /dev/null then - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) else : fi else - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) fi # echo_i "checking that we detect a NS which looks like a AAAA record (fail)" if $CHECKZONE -n fail . aaaa.db > aaaa.out 2>&1 then - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) else if grep "appears to be an address" aaaa.out > /dev/null then : else - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) fi fi @@ -138,10 +140,10 @@ then then : else - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) fi else - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) fi # @@ -150,12 +152,12 @@ if $CHECKZONE -n ignore . aaaa.db > aaaa.out 2>&1 then if grep "appears to be an address" aaaa.out > /dev/null then - echo_i "failed (message)"; status=`expr $status + 1` + echo_i "failed (message)"; status=$((status + 1)) else : fi else - echo_i "failed (status)"; status=`expr $status + 1` + echo_i "failed (status)"; status=$((status + 1)) fi # @@ -232,25 +234,25 @@ $RNDCCMD 10.53.0.1 zonestatus reload.example > rndc.out.removeinclude 2>&1 checkfor "files: reload.db$" rndc.out.removeinclude if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking 'rdnc zonestatus' with duplicated zone name" ret=0 -$RNDCCMD 10.53.0.1 zonestatus duplicate.example > rndc.out.duplicate 2>&1 +$RNDCCMD 10.53.0.1 zonestatus duplicate.example > rndc.out.duplicate 2>&1 && ret=1 checkfor "zone 'duplicate.example' was found in multiple views" rndc.out.duplicate -$RNDCCMD 10.53.0.1 zonestatus duplicate.example in primary > rndc.out.duplicate 2>&1 +$RNDCCMD 10.53.0.1 zonestatus duplicate.example in primary > rndc.out.duplicate 2>&1 || ret=1 checkfor "name: duplicate.example" rndc.out.duplicate -$RNDCCMD 10.53.0.1 zonestatus nosuchzone.example > rndc.out.duplicate 2>&1 +$RNDCCMD 10.53.0.1 zonestatus nosuchzone.example > rndc.out.duplicate 2>&1 && ret=1 checkfor "no matching zone 'nosuchzone.example' in any view" rndc.out.duplicate if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking 'rdnc zonestatus' with big serial value" ret=0 $RNDCCMD 10.53.0.1 zonestatus bigserial.example > rndc.out.bigserial 2>&1 checkfor "serial: 3003113544" rndc.out.bigserial if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1