1#!/bin/sh 2# 3# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# Id 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22status=0 23 24rm -f dig.out.* 25 26DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" 27 28# Check the good. domain 29 30echo "I:checking that validation with enabled digest types works" 31ret=0 32$DIG $DIGOPTS a.good. @10.53.0.3 a > dig.out.good || ret=1 33grep "status: NOERROR" dig.out.good > /dev/null || ret=1 34grep "flags:[^;]* ad[ ;]" dig.out.good > /dev/null || ret=1 35if [ $ret != 0 ]; then echo "I:failed"; fi 36status=`expr $status + $ret` 37 38# Check the bad. domain 39 40echo "I:checking that validation with no supported digest types and must-be-secure results in SERVFAIL" 41ret=0 42$DIG $DIGOPTS a.bad. @10.53.0.3 a > dig.out.bad || ret=1 43grep "SERVFAIL" dig.out.bad > /dev/null || ret=1 44if [ $ret != 0 ]; then echo "I:failed"; fi 45status=`expr $status + $ret` 46 47echo "I:checking that validation with no supported digest algorithms results in insecure" 48ret=0 49$DIG $DIGOPTS bad. @10.53.0.4 ds > dig.out.ds || ret=1 50grep "NOERROR" dig.out.ds > /dev/null || ret=1 51grep "flags:[^;]* ad[ ;]" dig.out.ds > /dev/null || ret=1 52$DIG $DIGOPTS a.bad. @10.53.0.4 a > dig.out.insecure || ret=1 53grep "NOERROR" dig.out.insecure > /dev/null || ret=1 54grep "flags:[^;]* ad[ ;]" dig.out.insecure > /dev/null && ret=1 55if [ $ret != 0 ]; then echo "I:failed"; fi 56status=`expr $status + $ret` 57echo "I:exit status: $status" 58 59exit $status 60