1#!/bin/sh 2# 3# Copyright (C) 2010, 2012 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# Id: tests.sh,v 1.4 2012/01/31 23:47:31 tbox Exp 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22status=0 23n=0 24 25rm -f dig.out.* 26 27DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p 5300" 28 29for conf in conf/good*.conf 30do 31 n=`expr $n + 1` 32 echo "I:checking that $conf is accepted ($n)" 33 ret=0 34 $CHECKCONF "$conf" || ret=1 35 if [ $ret != 0 ]; then echo "I:failed"; fi 36 status=`expr $status + $ret` 37done 38 39for conf in conf/bad*.conf 40do 41 n=`expr $n + 1` 42 echo "I:checking that $conf is rejected ($n)" 43 ret=0 44 $CHECKCONF "$conf" >/dev/null && ret=1 45 if [ $ret != 0 ]; then echo "I:failed"; fi 46 status=`expr $status + $ret` 47done 48 49# 50# Authoritative tests against: 51# filter-aaaa-on-v4 yes; 52# filter-aaaa { 10.53.0.1; }; 53# 54n=`expr $n + 1` 55echo "I:checking that AAAA is returned when only AAAA record exists, signed ($n)" 56ret=0 57$DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 58grep ::2 dig.out.ns1.test$n > /dev/null || ret=1 59if [ $ret != 0 ]; then echo "I:failed"; fi 60status=`expr $status + $ret` 61 62n=`expr $n + 1` 63echo "I:checking that AAAA is returned when only AAAA record exists, unsigned ($n)" 64ret=0 65$DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 66grep ::5 dig.out.ns1.test$n > /dev/null || ret=1 67if [ $ret != 0 ]; then echo "I:failed"; fi 68status=`expr $status + $ret` 69 70n=`expr $n + 1` 71echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" 72ret=0 73$DIG $DIGOPTS aaaa dual.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 74grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 75grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 76if [ $ret != 0 ]; then echo "I:failed"; fi 77status=`expr $status + $ret` 78 79n=`expr $n + 1` 80echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" 81ret=0 82$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 83grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 84grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 85if [ $ret != 0 ]; then echo "I:failed"; fi 86status=`expr $status + $ret` 87 88n=`expr $n + 1` 89echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" 90ret=0 91$DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 92grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 93if [ $ret != 0 ]; then echo "I:failed"; fi 94status=`expr $status + $ret` 95 96n=`expr $n + 1` 97echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" 98ret=0 99$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 100grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 101grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 102if [ $ret != 0 ]; then echo "I:failed"; fi 103status=`expr $status + $ret` 104 105n=`expr $n + 1` 106echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" 107ret=0 108$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.1 > dig.out.ns1.test$n || ret=1 109grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 110grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 111if [ $ret != 0 ]; then echo "I:failed"; fi 112status=`expr $status + $ret` 113 114n=`expr $n + 1` 115echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" 116ret=0 117$DIG $DIGOPTS any dual.signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 118grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 119grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 120grep "::3" dig.out.ns1.test$n > /dev/null && ret=1 121if [ $ret != 0 ]; then echo "I:failed"; fi 122status=`expr $status + $ret` 123 124n=`expr $n + 1` 125echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" 126ret=0 127$DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 128grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 129grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 130grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 131if [ $ret != 0 ]; then echo "I:failed"; fi 132status=`expr $status + $ret` 133 134n=`expr $n + 1` 135echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" 136ret=0 137$DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 138grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 139grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 140grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 141if [ $ret != 0 ]; then echo "I:failed"; fi 142status=`expr $status + $ret` 143 144n=`expr $n + 1` 145echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" 146ret=0 147$DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 148grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 149grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 150grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 151if [ $ret != 0 ]; then echo "I:failed"; fi 152status=`expr $status + $ret` 153 154n=`expr $n + 1` 155echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" 156ret=0 157$DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.1 > dig.out.ns1.test$n || ret=1 158grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 159grep 1.0.0.6 dig.out.ns1.test$n > /dev/null || ret=1 160grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 161if [ $ret != 0 ]; then echo "I:failed"; fi 162status=`expr $status + $ret` 163 164n=`expr $n + 1` 165echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 ($n)" 166if $TESTSOCK6 fd92:7065:b8e:ffff::1 167then 168ret=0 169$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 170grep 2001:db8::6 dig.out.ns1.test$n > /dev/null || ret=1 171if [ $ret != 0 ]; then echo "I:failed"; fi 172status=`expr $status + $ret` 173else 174echo "I: skipped." 175fi 176 177n=`expr $n + 1` 178echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" 179ret=0 180$DIG $DIGOPTS +add ns unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 181grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 182grep "ADDITIONAL: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 183if [ $ret != 0 ]; then echo "I:failed"; fi 184status=`expr $status + $ret` 185 186n=`expr $n + 1` 187echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" 188ret=0 189$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 190grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 191if [ $ret != 0 ]; then echo "I:failed"; fi 192status=`expr $status + $ret` 193 194n=`expr $n + 1` 195echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" 196ret=0 197$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 198grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 199if [ $ret != 0 ]; then echo "I:failed"; fi 200status=`expr $status + $ret` 201 202n=`expr $n + 1` 203echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" 204if $TESTSOCK6 fd92:7065:b8e:ffff::1 205then 206ret=0 207$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 208grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 209if [ $ret != 0 ]; then echo "I:failed"; fi 210status=`expr $status + $ret` 211else 212echo "I: skipped." 213fi 214 215 216# 217# Authoritative tests against: 218# filter-aaaa-on-v4 break-dnssec; 219# filter-aaaa { 10.53.0.4; }; 220# 221n=`expr $n + 1` 222echo "I:checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" 223ret=0 224$DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 225grep ::2 dig.out.ns4.test$n > /dev/null || ret=1 226if [ $ret != 0 ]; then echo "I:failed"; fi 227status=`expr $status + $ret` 228 229n=`expr $n + 1` 230echo "I:checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" 231ret=0 232$DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 233grep ::5 dig.out.ns4.test$n > /dev/null || ret=1 234if [ $ret != 0 ]; then echo "I:failed"; fi 235status=`expr $status + $ret` 236 237n=`expr $n + 1` 238echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" 239ret=0 240$DIG $DIGOPTS aaaa dual.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 241grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 242grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 243if [ $ret != 0 ]; then echo "I:failed"; fi 244status=`expr $status + $ret` 245 246n=`expr $n + 1` 247echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" 248ret=0 249$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 250grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 251grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 252if [ $ret != 0 ]; then echo "I:failed"; fi 253status=`expr $status + $ret` 254 255n=`expr $n + 1` 256echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" 257ret=0 258$DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 259grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 260grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 261if [ $ret != 0 ]; then echo "I:failed"; fi 262status=`expr $status + $ret` 263 264n=`expr $n + 1` 265echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" 266ret=0 267$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 268grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 269grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 270if [ $ret != 0 ]; then echo "I:failed"; fi 271status=`expr $status + $ret` 272 273n=`expr $n + 1` 274echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" 275ret=0 276$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.4 > dig.out.ns4.test$n || ret=1 277grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 278grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 279if [ $ret != 0 ]; then echo "I:failed"; fi 280status=`expr $status + $ret` 281 282n=`expr $n + 1` 283echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" 284ret=0 285$DIG $DIGOPTS any dual.signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 286grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 287grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 288grep "::3" dig.out.ns4.test$n > /dev/null && ret=1 289if [ $ret != 0 ]; then echo "I:failed"; fi 290status=`expr $status + $ret` 291 292n=`expr $n + 1` 293echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" 294ret=0 295$DIG $DIGOPTS any dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 296grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 297grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 298grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 299if [ $ret != 0 ]; then echo "I:failed"; fi 300status=`expr $status + $ret` 301 302n=`expr $n + 1` 303echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" 304ret=0 305$DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 306grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 307grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 308grep ::3 dig.out.ns4.test$n > /dev/null && ret=1 309if [ $ret != 0 ]; then echo "I:failed"; fi 310status=`expr $status + $ret` 311 312n=`expr $n + 1` 313echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" 314ret=0 315$DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 316grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 317grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 318grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 319if [ $ret != 0 ]; then echo "I:failed"; fi 320status=`expr $status + $ret` 321 322n=`expr $n + 1` 323echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" 324ret=0 325$DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.4 > dig.out.ns4.test$n || ret=1 326grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 327grep 1.0.0.6 dig.out.ns4.test$n > /dev/null || ret=1 328grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 329if [ $ret != 0 ]; then echo "I:failed"; fi 330status=`expr $status + $ret` 331 332n=`expr $n + 1` 333echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6 with break-dnssec ($n)" 334if $TESTSOCK6 fd92:7065:b8e:ffff::4 335then 336ret=0 337$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 338grep 2001:db8::6 dig.out.ns4.test$n > /dev/null || ret=1 339if [ $ret != 0 ]; then echo "I:failed"; fi 340status=`expr $status + $ret` 341else 342echo "I: skipped." 343fi 344 345n=`expr $n + 1` 346echo "I:checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" 347ret=0 348$DIG $DIGOPTS +add ns unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 349grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 350grep "ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 351if [ $ret != 0 ]; then echo "I:failed"; fi 352status=`expr $status + $ret` 353 354n=`expr $n + 1` 355echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" 356ret=0 357$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 358grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 359if [ $ret != 0 ]; then echo "I:failed"; fi 360status=`expr $status + $ret` 361 362n=`expr $n + 1` 363echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" 364ret=0 365$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 366grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 367if [ $ret != 0 ]; then echo "I:failed"; fi 368status=`expr $status + $ret` 369 370n=`expr $n + 1` 371echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, with break-dnssec ($n)" 372if $TESTSOCK6 fd92:7065:b8e:ffff::4 373then 374ret=0 375$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 376grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 377if [ $ret != 0 ]; then echo "I:failed"; fi 378status=`expr $status + $ret` 379else 380echo "I: skipped." 381fi 382 383 384# 385# Recursive tests against: 386# filter-aaaa-on-v4 yes; 387# filter-aaaa { 10.53.0.2; }; 388# 389n=`expr $n + 1` 390echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" 391ret=0 392$DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 393grep ::2 dig.out.ns2.test$n > /dev/null || ret=1 394if [ $ret != 0 ]; then echo "I:failed"; fi 395status=`expr $status + $ret` 396 397n=`expr $n + 1` 398echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" 399ret=0 400$DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 401grep ::5 dig.out.ns2.test$n > /dev/null || ret=1 402if [ $ret != 0 ]; then echo "I:failed"; fi 403status=`expr $status + $ret` 404 405n=`expr $n + 1` 406echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" 407ret=0 408$DIG $DIGOPTS aaaa dual.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 409grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 410grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 411if [ $ret != 0 ]; then echo "I:failed"; fi 412status=`expr $status + $ret` 413 414n=`expr $n + 1` 415echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" 416ret=0 417$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 418grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 419grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 420if [ $ret != 0 ]; then echo "I:failed"; fi 421status=`expr $status + $ret` 422 423n=`expr $n + 1` 424echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" 425ret=0 426$DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 427grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 428if [ $ret != 0 ]; then echo "I:failed"; fi 429status=`expr $status + $ret` 430 431n=`expr $n + 1` 432echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" 433ret=0 434$DIG $DIGOPTS aaaa dual.unsigned +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 435grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 436grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 437if [ $ret != 0 ]; then echo "I:failed"; fi 438status=`expr $status + $ret` 439 440n=`expr $n + 1` 441echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" 442ret=0 443$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 444grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 445grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 446if [ $ret != 0 ]; then echo "I:failed"; fi 447status=`expr $status + $ret` 448 449n=`expr $n + 1` 450echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" 451ret=0 452$DIG $DIGOPTS any dual.signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 453grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 454grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 455grep "::3" dig.out.ns2.test$n > /dev/null && ret=1 456if [ $ret != 0 ]; then echo "I:failed"; fi 457status=`expr $status + $ret` 458 459n=`expr $n + 1` 460echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" 461ret=0 462$DIG $DIGOPTS any dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 463grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 464grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 465grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 466if [ $ret != 0 ]; then echo "I:failed"; fi 467status=`expr $status + $ret` 468 469n=`expr $n + 1` 470echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" 471ret=0 472$DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 473grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 474grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 475grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 476if [ $ret != 0 ]; then echo "I:failed"; fi 477status=`expr $status + $ret` 478 479n=`expr $n + 1` 480echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" 481ret=0 482$DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 483grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 484grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 485grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 486if [ $ret != 0 ]; then echo "I:failed"; fi 487status=`expr $status + $ret` 488 489n=`expr $n + 1` 490echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" 491ret=0 492$DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.2 > dig.out.ns2.test$n || ret=1 493grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 494grep 1.0.0.6 dig.out.ns2.test$n > /dev/null || ret=1 495grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 496if [ $ret != 0 ]; then echo "I:failed"; fi 497status=`expr $status + $ret` 498 499n=`expr $n + 1` 500echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive ($n)" 501if $TESTSOCK6 fd92:7065:b8e:ffff::2 502then 503ret=0 504$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 505grep 2001:db8::6 dig.out.ns2.test$n > /dev/null || ret=1 506if [ $ret != 0 ]; then echo "I:failed"; fi 507status=`expr $status + $ret` 508else 509echo "I: skipped." 510fi 511 512n=`expr $n + 1` 513echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" 514ret=0 515$DIG $DIGOPTS +add ns unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 516grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 517grep "ADDITIONAL: 2" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 518if [ $ret != 0 ]; then echo "I:failed"; fi 519status=`expr $status + $ret` 520 521n=`expr $n + 1` 522echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" 523ret=0 524$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 525grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 526if [ $ret != 0 ]; then echo "I:failed"; fi 527status=`expr $status + $ret` 528 529n=`expr $n + 1` 530echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" 531ret=0 532$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 533grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 534if [ $ret != 0 ]; then echo "I:failed"; fi 535status=`expr $status + $ret` 536 537n=`expr $n + 1` 538echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6 ($n)" 539if $TESTSOCK6 fd92:7065:b8e:ffff::2 540then 541ret=0 542$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 543grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 544if [ $ret != 0 ]; then echo "I:failed"; fi 545status=`expr $status + $ret` 546else 547echo "I: skipped." 548fi 549 550 551# 552# Recursive tests against: 553# filter-aaaa-on-v4 break-dnssec; 554# filter-aaaa { 10.53.0.3; }; 555# 556n=`expr $n + 1` 557echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" 558ret=0 559$DIG $DIGOPTS aaaa aaaa-only.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 560grep ::2 dig.out.ns3.test$n > /dev/null || ret=1 561if [ $ret != 0 ]; then echo "I:failed"; fi 562status=`expr $status + $ret` 563 564n=`expr $n + 1` 565echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" 566ret=0 567$DIG $DIGOPTS aaaa aaaa-only.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 568grep ::5 dig.out.ns3.test$n > /dev/null || ret=1 569if [ $ret != 0 ]; then echo "I:failed"; fi 570status=`expr $status + $ret` 571 572n=`expr $n + 1` 573echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" 574ret=0 575$DIG $DIGOPTS aaaa dual.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 576grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 577grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 578if [ $ret != 0 ]; then echo "I:failed"; fi 579status=`expr $status + $ret` 580 581n=`expr $n + 1` 582echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" 583ret=0 584$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 585grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 586grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 587if [ $ret != 0 ]; then echo "I:failed"; fi 588status=`expr $status + $ret` 589 590n=`expr $n + 1` 591echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" 592ret=0 593$DIG $DIGOPTS aaaa dual.signed +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 594grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 595if [ $ret != 0 ]; then echo "I:failed"; fi 596status=`expr $status + $ret` 597 598n=`expr $n + 1` 599echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" 600ret=0 601$DIG $DIGOPTS aaaa dual.unsigned +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 602grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 603grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 604if [ $ret != 0 ]; then echo "I:failed"; fi 605status=`expr $status + $ret` 606 607n=`expr $n + 1` 608echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" 609ret=0 610$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.3 > dig.out.ns3.test$n || ret=1 611grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 612grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 613if [ $ret != 0 ]; then echo "I:failed"; fi 614status=`expr $status + $ret` 615 616n=`expr $n + 1` 617echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" 618ret=0 619$DIG $DIGOPTS any dual.signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 620grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 621grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 622grep "::3" dig.out.ns3.test$n > /dev/null && ret=1 623if [ $ret != 0 ]; then echo "I:failed"; fi 624status=`expr $status + $ret` 625 626n=`expr $n + 1` 627echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" 628ret=0 629$DIG $DIGOPTS any dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 630grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 631grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 632grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 633if [ $ret != 0 ]; then echo "I:failed"; fi 634status=`expr $status + $ret` 635 636n=`expr $n + 1` 637echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" 638ret=0 639$DIG $DIGOPTS any dual.signed +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 640grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 641grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 642grep ::3 dig.out.ns3.test$n > /dev/null && ret=1 643if [ $ret != 0 ]; then echo "I:failed"; fi 644status=`expr $status + $ret` 645 646n=`expr $n + 1` 647echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" 648ret=0 649$DIG $DIGOPTS any dual.unsigned +dnssec -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 650grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 651grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 652grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 653if [ $ret != 0 ]; then echo "I:failed"; fi 654status=`expr $status + $ret` 655 656n=`expr $n + 1` 657echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" 658ret=0 659$DIG $DIGOPTS any dual.unsigned -b 10.53.0.1 @10.53.0.3 > dig.out.ns3.test$n || ret=1 660grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 661grep 1.0.0.6 dig.out.ns3.test$n > /dev/null || ret=1 662grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 663if [ $ret != 0 ]; then echo "I:failed"; fi 664status=`expr $status + $ret` 665 666n=`expr $n + 1` 667echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv6, recursive with break-dnssec ($n)" 668if $TESTSOCK6 fd92:7065:b8e:ffff::3 669then 670ret=0 671$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 672grep 2001:db8::6 dig.out.ns3.test$n > /dev/null || ret=1 673if [ $ret != 0 ]; then echo "I:failed"; fi 674status=`expr $status + $ret` 675else 676echo "I: skipped." 677fi 678 679n=`expr $n + 1` 680echo "I:checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" 681ret=0 682$DIG $DIGOPTS +add ns unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 683grep AAAA dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 684grep "ADDITIONAL: 2" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 685if [ $ret != 0 ]; then echo "I:failed"; fi 686status=`expr $status + $ret` 687 688n=`expr $n + 1` 689echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" 690ret=0 691$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 692grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 693if [ $ret != 0 ]; then echo "I:failed"; fi 694status=`expr $status + $ret` 695 696n=`expr $n + 1` 697echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" 698ret=0 699$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 700grep "^mx.signed.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 701if [ $ret != 0 ]; then echo "I:failed"; fi 702status=`expr $status + $ret` 703 704n=`expr $n + 1` 705echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv6, recursive with break-dnssec ($n)" 706if $TESTSOCK6 fd92:7065:b8e:ffff::3 707then 708ret=0 709$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 710grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 711if [ $ret != 0 ]; then echo "I:failed"; fi 712status=`expr $status + $ret` 713else 714echo "I: skipped." 715fi 716 717$TESTSOCK6 fd92:7065:b8e:ffff::1 || { 718 echo "I:IPv6 address not configured; skipping IPv6 query tests" 719 echo "I:exit status: $status" 720 exit $status 721} 722 723# Reconfiguring for IPv6 tests 724echo "I:reconfiguring servers" 725cp -f ns1/named2.conf ns1/named.conf 726$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /' 727cp -f ns2/named2.conf ns2/named.conf 728$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reconfig 2>&1 | sed 's/^/I:ns2 /' 729cp -f ns3/named2.conf ns3/named.conf 730$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 reconfig 2>&1 | sed 's/^/I:ns3 /' 731cp -f ns4/named2.conf ns4/named.conf 732$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reconfig 2>&1 | sed 's/^/I:ns4 /' 733 734# BEGIN IPv6 TESTS 735 736# 737# Authoritative tests against: 738# filter-aaaa-on-v6 yes; 739# filter-aaaa { fd92:7065:b8e:ffff::1; }; 740# 741n=`expr $n + 1` 742echo "I:checking that AAAA is returned when only AAAA record exists, signed ($n)" 743ret=0 744$DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 745grep ::2 dig.out.ns1.test$n > /dev/null || ret=1 746if [ $ret != 0 ]; then echo "I:failed"; fi 747status=`expr $status + $ret` 748 749n=`expr $n + 1` 750echo "I:checking that AAAA is returned when only AAAA record exists, unsigned ($n)" 751ret=0 752$DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 753grep ::5 dig.out.ns1.test$n > /dev/null || ret=1 754if [ $ret != 0 ]; then echo "I:failed"; fi 755status=`expr $status + $ret` 756 757n=`expr $n + 1` 758echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed ($n)" 759ret=0 760$DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 761grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 762grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 763if [ $ret != 0 ]; then echo "I:failed"; fi 764status=`expr $status + $ret` 765 766n=`expr $n + 1` 767echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned ($n)" 768ret=0 769$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 770grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 771grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 772if [ $ret != 0 ]; then echo "I:failed"; fi 773status=`expr $status + $ret` 774 775n=`expr $n + 1` 776echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set ($n)" 777ret=0 778$DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 779grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 780if [ $ret != 0 ]; then echo "I:failed"; fi 781status=`expr $status + $ret` 782 783n=`expr $n + 1` 784echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set ($n)" 785ret=0 786$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 787grep "ANSWER: 0" dig.out.ns1.test$n > /dev/null || ret=1 788grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 789if [ $ret != 0 ]; then echo "I:failed"; fi 790status=`expr $status + $ret` 791 792n=`expr $n + 1` 793echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl ($n)" 794ret=0 795$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 796grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 797grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 798if [ $ret != 0 ]; then echo "I:failed"; fi 799status=`expr $status + $ret` 800 801n=`expr $n + 1` 802echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY ($n)" 803ret=0 804$DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 805grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 806grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 807grep "::3" dig.out.ns1.test$n > /dev/null && ret=1 808if [ $ret != 0 ]; then echo "I:failed"; fi 809status=`expr $status + $ret` 810 811n=`expr $n + 1` 812echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY ($n)" 813ret=0 814$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 815grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 816grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 817grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 818if [ $ret != 0 ]; then echo "I:failed"; fi 819status=`expr $status + $ret` 820 821n=`expr $n + 1` 822echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set ($n)" 823ret=0 824$DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 825grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 826grep ::3 dig.out.ns1.test$n > /dev/null || ret=1 827grep "1.0.0.3" dig.out.ns1.test$n > /dev/null || ret=1 828if [ $ret != 0 ]; then echo "I:failed"; fi 829status=`expr $status + $ret` 830 831n=`expr $n + 1` 832echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set ($n)" 833ret=0 834$DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 835grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 836grep "1.0.0.6" dig.out.ns1.test$n > /dev/null || ret=1 837grep "::6" dig.out.ns1.test$n > /dev/null && ret=1 838if [ $ret != 0 ]; then echo "I:failed"; fi 839status=`expr $status + $ret` 840 841n=`expr $n + 1` 842echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl ($n)" 843ret=0 844$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 845grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 846grep 1.0.0.6 dig.out.ns1.test$n > /dev/null || ret=1 847grep ::6 dig.out.ns1.test$n > /dev/null || ret=1 848if [ $ret != 0 ]; then echo "I:failed"; fi 849status=`expr $status + $ret` 850 851n=`expr $n + 1` 852echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 ($n)" 853ret=0 854$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 855grep 2001:db8::6 dig.out.ns1.test$n > /dev/null || ret=1 856if [ $ret != 0 ]; then echo "I:failed"; fi 857status=`expr $status + $ret` 858 859n=`expr $n + 1` 860echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" 861ret=0 862$DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 863grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 864grep "ADDITIONAL: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 865if [ $ret != 0 ]; then echo "I:failed"; fi 866status=`expr $status + $ret` 867 868n=`expr $n + 1` 869echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" 870ret=0 871$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 872grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1 873if [ $ret != 0 ]; then echo "I:failed"; fi 874status=`expr $status + $ret` 875 876n=`expr $n + 1` 877echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" 878ret=0 879$DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1 880grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 881if [ $ret != 0 ]; then echo "I:failed"; fi 882status=`expr $status + $ret` 883 884n=`expr $n + 1` 885echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" 886ret=0 887$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1 888grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1 889if [ $ret != 0 ]; then echo "I:failed"; fi 890status=`expr $status + $ret` 891 892 893# 894# Authoritative tests against: 895# filter-aaaa-on-v6 break-dnssec; 896# filter-aaaa { fd92:7065:b8e:ffff::4; }; 897# 898n=`expr $n + 1` 899echo "I:checking that AAAA is returned when only AAAA record exists, signed with break-dnssec ($n)" 900ret=0 901$DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 902grep ::2 dig.out.ns4.test$n > /dev/null || ret=1 903if [ $ret != 0 ]; then echo "I:failed"; fi 904status=`expr $status + $ret` 905 906n=`expr $n + 1` 907echo "I:checking that AAAA is returned when only AAAA record exists, unsigned with break-dnssec ($n)" 908ret=0 909$DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 910grep ::5 dig.out.ns4.test$n > /dev/null || ret=1 911if [ $ret != 0 ]; then echo "I:failed"; fi 912status=`expr $status + $ret` 913 914n=`expr $n + 1` 915echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed with break-dnssec ($n)" 916ret=0 917$DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 918grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 919grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 920if [ $ret != 0 ]; then echo "I:failed"; fi 921status=`expr $status + $ret` 922 923n=`expr $n + 1` 924echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned with break-dnssec ($n)" 925ret=0 926$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 927grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 928grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 929if [ $ret != 0 ]; then echo "I:failed"; fi 930status=`expr $status + $ret` 931 932n=`expr $n + 1` 933echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set with break-dnssec ($n)" 934ret=0 935$DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 936grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 937grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 938if [ $ret != 0 ]; then echo "I:failed"; fi 939status=`expr $status + $ret` 940 941n=`expr $n + 1` 942echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set with break-dnssec ($n)" 943ret=0 944$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 945grep "ANSWER: 0" dig.out.ns4.test$n > /dev/null || ret=1 946grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 947if [ $ret != 0 ]; then echo "I:failed"; fi 948status=`expr $status + $ret` 949 950n=`expr $n + 1` 951echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl with break-dnssec ($n)" 952ret=0 953$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 954grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 955grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 956if [ $ret != 0 ]; then echo "I:failed"; fi 957status=`expr $status + $ret` 958 959n=`expr $n + 1` 960echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" 961ret=0 962$DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 963grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 964grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 965grep "::3" dig.out.ns4.test$n > /dev/null && ret=1 966if [ $ret != 0 ]; then echo "I:failed"; fi 967status=`expr $status + $ret` 968 969n=`expr $n + 1` 970echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" 971ret=0 972$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 973grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 974grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 975grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 976if [ $ret != 0 ]; then echo "I:failed"; fi 977status=`expr $status + $ret` 978 979n=`expr $n + 1` 980echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" 981ret=0 982$DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 983grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 984grep "1.0.0.3" dig.out.ns4.test$n > /dev/null || ret=1 985grep ::3 dig.out.ns4.test$n > /dev/null && ret=1 986if [ $ret != 0 ]; then echo "I:failed"; fi 987status=`expr $status + $ret` 988 989n=`expr $n + 1` 990echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" 991ret=0 992$DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 993grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 994grep "1.0.0.6" dig.out.ns4.test$n > /dev/null || ret=1 995grep "::6" dig.out.ns4.test$n > /dev/null && ret=1 996if [ $ret != 0 ]; then echo "I:failed"; fi 997status=`expr $status + $ret` 998 999n=`expr $n + 1` 1000echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl with break-dnssec ($n)" 1001ret=0 1002$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 1003grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 1004grep 1.0.0.6 dig.out.ns4.test$n > /dev/null || ret=1 1005grep ::6 dig.out.ns4.test$n > /dev/null || ret=1 1006if [ $ret != 0 ]; then echo "I:failed"; fi 1007status=`expr $status + $ret` 1008 1009n=`expr $n + 1` 1010echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4 with break-dnssec ($n)" 1011ret=0 1012$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 1013grep 2001:db8::6 dig.out.ns4.test$n > /dev/null || ret=1 1014if [ $ret != 0 ]; then echo "I:failed"; fi 1015status=`expr $status + $ret` 1016 1017n=`expr $n + 1` 1018echo "I:checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)" 1019ret=0 1020$DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 1021grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 1022grep "ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 1023if [ $ret != 0 ]; then echo "I:failed"; fi 1024status=`expr $status + $ret` 1025 1026n=`expr $n + 1` 1027echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)" 1028ret=0 1029$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 1030grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 1031if [ $ret != 0 ]; then echo "I:failed"; fi 1032status=`expr $status + $ret` 1033 1034n=`expr $n + 1` 1035echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)" 1036ret=0 1037$DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1 1038grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1 1039if [ $ret != 0 ]; then echo "I:failed"; fi 1040status=`expr $status + $ret` 1041 1042n=`expr $n + 1` 1043echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, with break-dnssec ($n)" 1044ret=0 1045$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1 1046grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1 1047if [ $ret != 0 ]; then echo "I:failed"; fi 1048status=`expr $status + $ret` 1049 1050 1051# 1052# Recursive tests against: 1053# filter-aaaa-on-v6 yes; 1054# filter-aaaa { fd92:7065:b8e:ffff::2; }; 1055# 1056n=`expr $n + 1` 1057echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive ($n)" 1058ret=0 1059$DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1060grep ::2 dig.out.ns2.test$n > /dev/null || ret=1 1061if [ $ret != 0 ]; then echo "I:failed"; fi 1062status=`expr $status + $ret` 1063 1064n=`expr $n + 1` 1065echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive ($n)" 1066ret=0 1067$DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1068grep ::5 dig.out.ns2.test$n > /dev/null || ret=1 1069if [ $ret != 0 ]; then echo "I:failed"; fi 1070status=`expr $status + $ret` 1071 1072n=`expr $n + 1` 1073echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive ($n)" 1074ret=0 1075$DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1076grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 1077grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1078if [ $ret != 0 ]; then echo "I:failed"; fi 1079status=`expr $status + $ret` 1080 1081n=`expr $n + 1` 1082echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive ($n)" 1083ret=0 1084$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1085grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 1086grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1087if [ $ret != 0 ]; then echo "I:failed"; fi 1088status=`expr $status + $ret` 1089 1090n=`expr $n + 1` 1091echo "I:checking that AAAA is returned when both AAAA and A records exist, signed and DO set, recursive ($n)" 1092ret=0 1093$DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1094grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 1095if [ $ret != 0 ]; then echo "I:failed"; fi 1096status=`expr $status + $ret` 1097 1098n=`expr $n + 1` 1099echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive ($n)" 1100ret=0 1101$DIG $DIGOPTS aaaa dual.unsigned +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1102grep "ANSWER: 0" dig.out.ns2.test$n > /dev/null || ret=1 1103grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1104if [ $ret != 0 ]; then echo "I:failed"; fi 1105status=`expr $status + $ret` 1106 1107n=`expr $n + 1` 1108echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive ($n)" 1109ret=0 1110$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1111grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1112grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 1113if [ $ret != 0 ]; then echo "I:failed"; fi 1114status=`expr $status + $ret` 1115 1116n=`expr $n + 1` 1117echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY recursive ($n)" 1118ret=0 1119$DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1120grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1121grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 1122grep "::3" dig.out.ns2.test$n > /dev/null && ret=1 1123if [ $ret != 0 ]; then echo "I:failed"; fi 1124status=`expr $status + $ret` 1125 1126n=`expr $n + 1` 1127echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY recursive ($n)" 1128ret=0 1129$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1130grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1131grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 1132grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 1133if [ $ret != 0 ]; then echo "I:failed"; fi 1134status=`expr $status + $ret` 1135 1136n=`expr $n + 1` 1137echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, signed, qtype=ANY and DO is set, recursive ($n)" 1138ret=0 1139$DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1140grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1141grep ::3 dig.out.ns2.test$n > /dev/null || ret=1 1142grep "1.0.0.3" dig.out.ns2.test$n > /dev/null || ret=1 1143if [ $ret != 0 ]; then echo "I:failed"; fi 1144status=`expr $status + $ret` 1145 1146n=`expr $n + 1` 1147echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set, recursive ($n)" 1148ret=0 1149$DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1150grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1151grep "1.0.0.6" dig.out.ns2.test$n > /dev/null || ret=1 1152grep "::6" dig.out.ns2.test$n > /dev/null && ret=1 1153if [ $ret != 0 ]; then echo "I:failed"; fi 1154status=`expr $status + $ret` 1155 1156n=`expr $n + 1` 1157echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive ($n)" 1158ret=0 1159$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1160grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 1161grep 1.0.0.6 dig.out.ns2.test$n > /dev/null || ret=1 1162grep ::6 dig.out.ns2.test$n > /dev/null || ret=1 1163if [ $ret != 0 ]; then echo "I:failed"; fi 1164status=`expr $status + $ret` 1165 1166n=`expr $n + 1` 1167echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive ($n)" 1168ret=0 1169$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 1170grep 2001:db8::6 dig.out.ns2.test$n > /dev/null || ret=1 1171if [ $ret != 0 ]; then echo "I:failed"; fi 1172status=`expr $status + $ret` 1173 1174n=`expr $n + 1` 1175echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)" 1176ret=0 1177$DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1178grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 1179grep "ADDITIONAL: 2" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 1180if [ $ret != 0 ]; then echo "I:failed"; fi 1181status=`expr $status + $ret` 1182 1183n=`expr $n + 1` 1184echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)" 1185ret=0 1186$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1187grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1 1188if [ $ret != 0 ]; then echo "I:failed"; fi 1189status=`expr $status + $ret` 1190 1191n=`expr $n + 1` 1192echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)" 1193ret=0 1194$DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1 1195grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 1196if [ $ret != 0 ]; then echo "I:failed"; fi 1197status=`expr $status + $ret` 1198 1199n=`expr $n + 1` 1200echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4 ($n)" 1201ret=0 1202$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1 1203grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1 1204if [ $ret != 0 ]; then echo "I:failed"; fi 1205status=`expr $status + $ret` 1206 1207 1208# 1209# Recursive tests against: 1210# filter-aaaa-on-v6 yes; 1211# filter-aaaa { fd92:7065:b8e:ffff::3; }; 1212# 1213n=`expr $n + 1` 1214echo "I:checking that AAAA is returned when only AAAA record exists, signed, recursive with break-dnssec ($n)" 1215ret=0 1216$DIG $DIGOPTS aaaa aaaa-only.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1217grep ::2 dig.out.ns3.test$n > /dev/null || ret=1 1218if [ $ret != 0 ]; then echo "I:failed"; fi 1219status=`expr $status + $ret` 1220 1221n=`expr $n + 1` 1222echo "I:checking that AAAA is returned when only AAAA record exists, unsigned, recursive with break-dnssec ($n)" 1223ret=0 1224$DIG $DIGOPTS aaaa aaaa-only.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1225grep ::5 dig.out.ns3.test$n > /dev/null || ret=1 1226if [ $ret != 0 ]; then echo "I:failed"; fi 1227status=`expr $status + $ret` 1228 1229n=`expr $n + 1` 1230echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed, recursive with break-dnssec ($n)" 1231ret=0 1232$DIG $DIGOPTS aaaa dual.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1233grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 1234grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1235if [ $ret != 0 ]; then echo "I:failed"; fi 1236status=`expr $status + $ret` 1237 1238n=`expr $n + 1` 1239echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned, recursive with break-dnssec ($n)" 1240ret=0 1241$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1242grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 1243grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1244if [ $ret != 0 ]; then echo "I:failed"; fi 1245status=`expr $status + $ret` 1246 1247n=`expr $n + 1` 1248echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, signed and DO set, recursive with break-dnssec ($n)" 1249ret=0 1250$DIG $DIGOPTS aaaa dual.signed +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1251grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 1252if [ $ret != 0 ]; then echo "I:failed"; fi 1253status=`expr $status + $ret` 1254 1255n=`expr $n + 1` 1256echo "I:checking that NODATA/NOERROR is returned when both AAAA and A records exist, unsigned and DO set, recursive with break-dnssec ($n)" 1257ret=0 1258$DIG $DIGOPTS aaaa dual.unsigned +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1259grep "ANSWER: 0" dig.out.ns3.test$n > /dev/null || ret=1 1260grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1261if [ $ret != 0 ]; then echo "I:failed"; fi 1262status=`expr $status + $ret` 1263 1264n=`expr $n + 1` 1265echo "I:checking that AAAA is returned when both AAAA and A records exist and query source does not match acl, recursive with break-dnssec ($n)" 1266ret=0 1267$DIG $DIGOPTS aaaa dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1268grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1269grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 1270if [ $ret != 0 ]; then echo "I:failed"; fi 1271status=`expr $status + $ret` 1272 1273n=`expr $n + 1` 1274echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed and qtype=ANY with break-dnssec ($n)" 1275ret=0 1276$DIG $DIGOPTS any dual.signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1277grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1278grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 1279grep "::3" dig.out.ns3.test$n > /dev/null && ret=1 1280if [ $ret != 0 ]; then echo "I:failed"; fi 1281status=`expr $status + $ret` 1282 1283n=`expr $n + 1` 1284echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned and qtype=ANY with break-dnssec ($n)" 1285ret=0 1286$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1287grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1288grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 1289grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 1290if [ $ret != 0 ]; then echo "I:failed"; fi 1291status=`expr $status + $ret` 1292 1293n=`expr $n + 1` 1294echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, signed, qtype=ANY and DO is set with break-dnssec ($n)" 1295ret=0 1296$DIG $DIGOPTS any dual.signed +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1297grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1298grep "1.0.0.3" dig.out.ns3.test$n > /dev/null || ret=1 1299grep ::3 dig.out.ns3.test$n > /dev/null && ret=1 1300if [ $ret != 0 ]; then echo "I:failed"; fi 1301status=`expr $status + $ret` 1302 1303n=`expr $n + 1` 1304echo "I:checking that A and not AAAA is returned when both AAAA and A records exist, unsigned, qtype=ANY and DO is set with break-dnssec ($n)" 1305ret=0 1306$DIG $DIGOPTS any dual.unsigned +dnssec -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1307grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1308grep "1.0.0.6" dig.out.ns3.test$n > /dev/null || ret=1 1309grep "::6" dig.out.ns3.test$n > /dev/null && ret=1 1310if [ $ret != 0 ]; then echo "I:failed"; fi 1311status=`expr $status + $ret` 1312 1313n=`expr $n + 1` 1314echo "I:checking that both A and AAAA are returned when both AAAA and A records exist, qtype=ANY and query source does not match acl, recursive with break-dnssec ($n)" 1315ret=0 1316$DIG $DIGOPTS any dual.unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1317grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1 1318grep 1.0.0.6 dig.out.ns3.test$n > /dev/null || ret=1 1319grep ::6 dig.out.ns3.test$n > /dev/null || ret=1 1320if [ $ret != 0 ]; then echo "I:failed"; fi 1321status=`expr $status + $ret` 1322 1323n=`expr $n + 1` 1324echo "I:checking that AAAA is returned when both AAAA and A record exists, unsigned over IPv4, recursive with break-dnssec ($n)" 1325ret=0 1326$DIG $DIGOPTS aaaa dual.unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 1327grep 2001:db8::6 dig.out.ns3.test$n > /dev/null || ret=1 1328if [ $ret != 0 ]; then echo "I:failed"; fi 1329status=`expr $status + $ret` 1330 1331n=`expr $n + 1` 1332echo "I:checking that AAAA is omitted from additional section, qtype=NS, recursive with break-dnssec ($n)" 1333ret=0 1334$DIG $DIGOPTS +add +dnssec ns unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1335grep AAAA dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 1336grep "ADDITIONAL: 2" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 1337if [ $ret != 0 ]; then echo "I:failed"; fi 1338status=`expr $status + $ret` 1339 1340n=`expr $n + 1` 1341echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, recursive with break-dnssec ($n)" 1342ret=0 1343$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1344grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 1345if [ $ret != 0 ]; then echo "I:failed"; fi 1346status=`expr $status + $ret` 1347 1348n=`expr $n + 1` 1349echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, recursive with break-dnssec ($n)" 1350ret=0 1351$DIG $DIGOPTS +add +dnssec mx signed -b fd92:7065:b8e:ffff::3 @fd92:7065:b8e:ffff::3 > dig.out.ns3.test$n || ret=1 1352grep "^mx.signed.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 && ret=1 1353if [ $ret != 0 ]; then echo "I:failed"; fi 1354status=`expr $status + $ret` 1355 1356n=`expr $n + 1` 1357echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPv4, recursive with break-dnssec ($n)" 1358ret=0 1359$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 1360grep "^mx.unsigned.*AAAA" dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 1361if [ $ret != 0 ]; then echo "I:failed"; fi 1362status=`expr $status + $ret` 1363 1364echo "I:exit status: $status" 1365exit $status 1366