1#!/bin/sh
2#
3# Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15# PERFORMANCE OF THIS SOFTWARE.
16
17# Id
18
19SYSTEMTESTTOP=..
20. $SYSTEMTESTTOP/conf.sh
21
22status=0
23
24rm -f dig.out.*
25
26DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
27
28# Check the good. domain
29
30echo "I:checking that validation with enabled digest types works"
31ret=0
32$DIG $DIGOPTS a.good. @10.53.0.3 a > dig.out.good || ret=1
33grep "status: NOERROR" dig.out.good > /dev/null || ret=1
34grep "flags:[^;]* ad[ ;]" dig.out.good > /dev/null || ret=1
35if [ $ret != 0 ]; then echo "I:failed"; fi
36status=`expr $status + $ret`
37
38# Check the bad. domain
39
40echo "I:checking that validation with no supported digest types and must-be-secure results in SERVFAIL"
41ret=0
42$DIG $DIGOPTS a.bad. @10.53.0.3 a > dig.out.bad || ret=1
43grep "SERVFAIL" dig.out.bad > /dev/null || ret=1
44if [ $ret != 0 ]; then echo "I:failed"; fi
45status=`expr $status + $ret`
46
47echo "I:checking that validation with no supported digest algorithms results in insecure"
48ret=0
49$DIG $DIGOPTS bad. @10.53.0.4 ds > dig.out.ds || ret=1
50grep "NOERROR" dig.out.ds > /dev/null || ret=1
51grep "flags:[^;]* ad[ ;]" dig.out.ds > /dev/null || ret=1
52$DIG $DIGOPTS a.bad. @10.53.0.4 a > dig.out.insecure || ret=1
53grep "NOERROR" dig.out.insecure > /dev/null || ret=1
54grep "flags:[^;]* ad[ ;]" dig.out.insecure > /dev/null && ret=1
55if [ $ret != 0 ]; then echo "I:failed"; fi
56status=`expr $status + $ret`
57echo "I:exit status: $status"
58
59exit $status
60