1103ba509SCy Schubert# #-- root_zonemd.test --# 2103ba509SCy Schubert# source the master var file when it's there 3103ba509SCy Schubert[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master 4103ba509SCy Schubert# use .tpkg.var.test for in test variable passing 5103ba509SCy Schubert[ -f .tpkg.var.test ] && source .tpkg.var.test 6103ba509SCy Schubert 7103ba509SCy SchubertPRE="../.." 8103ba509SCy Schubert# do the test 9*b7c0c8c1SCy Schubertecho "> dig . SOA" 10*b7c0c8c1SCy Schubertdig @127.0.0.1 -p $UNBOUND_PORT . SOA | tee outfile 11103ba509SCy Schubertecho "> check answer" 12103ba509SCy Schubertif grep root-servers outfile | grep "nstld.verisign-grs.com"; then 13103ba509SCy Schubert echo "OK" 14103ba509SCy Schubertelse 15103ba509SCy Schubert echo "Not OK" 16103ba509SCy Schubert exit 1 17103ba509SCy Schubertfi 18103ba509SCy Schubert 19103ba509SCy Schubertecho "> unbound-control status" 20103ba509SCy Schubert$PRE/unbound-control -c ub.conf status 21103ba509SCy Schubertif test $? -ne 0; then 22103ba509SCy Schubert echo "wrong exit value." 23103ba509SCy Schubert exit 1 24103ba509SCy Schubertelse 25103ba509SCy Schubert echo "exit value: OK" 26103ba509SCy Schubertfi 27103ba509SCy Schubert 28103ba509SCy Schubert# This is the output when an unsupported algorithm is used. 29*b7c0c8c1SCy Schubertif grep "auth zone . zonemd DNSSEC verification of SOA and ZONEMD RRsets secure" unbound.log; then 30*b7c0c8c1SCy Schubert echo "OK" 31*b7c0c8c1SCy Schubertelse 32*b7c0c8c1SCy Schubert echo "ZONEMD verification not OK" 33*b7c0c8c1SCy Schubert exit 1 34*b7c0c8c1SCy Schubertfi 35*b7c0c8c1SCy Schubertif grep "auth-zone . ZONEMD hash is correct" unbound.log; then 36*b7c0c8c1SCy Schubert echo "OK" 37*b7c0c8c1SCy Schubertelse 38*b7c0c8c1SCy Schubert echo "ZONEMD verification not OK" 39*b7c0c8c1SCy Schubert exit 1 40*b7c0c8c1SCy Schubertfi 41*b7c0c8c1SCy Schubertif grep "auth zone . ZONEMD verification successful" unbound.log; then 42103ba509SCy Schubert echo "OK" 43103ba509SCy Schubertelse 44103ba509SCy Schubert echo "ZONEMD verification not OK" 45103ba509SCy Schubert exit 1 46103ba509SCy Schubertfi 47103ba509SCy Schubert 48103ba509SCy Schubertecho "> unbound-control auth_zone_reload ." 49103ba509SCy Schubert$PRE/unbound-control -c ub.conf auth_zone_reload . 2>&1 | tee outfile 50103ba509SCy Schubertif test $? -ne 0; then 51103ba509SCy Schubert echo "wrong exit value." 52103ba509SCy Schubert exit 1 53103ba509SCy Schubertfi 54103ba509SCy Schubert# The output of the reload can be checked. 55*b7c0c8c1SCy Schubertecho "> check unbound-control output" 56*b7c0c8c1SCy Schubertif grep ".: ZONEMD verification successful" outfile; then 57*b7c0c8c1SCy Schubert echo "OK" 58*b7c0c8c1SCy Schubertelse 59*b7c0c8c1SCy Schubert echo "Not OK" 60*b7c0c8c1SCy Schubert exit 1 61*b7c0c8c1SCy Schubertfi 62103ba509SCy Schubert 63103ba509SCy Schubertexit 0 64