xref: /freebsd/contrib/unbound/testdata/root_zonemd.tdir/root_zonemd.test (revision b7c0c8c1)

# #-- root_zonemd.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test

PRE="../.."
# do the test
echo "> dig . SOA"
dig @127.0.0.1 -p $UNBOUND_PORT . SOA | tee outfile
echo "> check answer"
if grep root-servers outfile | grep "nstld.verisign-grs.com"; then
	echo "OK"
else
	echo "Not OK"
	exit 1
fi

echo "> unbound-control status"
$PRE/unbound-control -c ub.conf status
if test $? -ne 0; then
	echo "wrong exit value."
	exit 1
else
	echo "exit value: OK"
fi

# This is the output when an unsupported algorithm is used.
if grep "auth zone . zonemd DNSSEC verification of SOA and ZONEMD RRsets secure" unbound.log; then
	echo "OK"
else
	echo "ZONEMD verification not OK"
	exit 1
fi
if grep "auth-zone . ZONEMD hash is correct" unbound.log; then
	echo "OK"
else
	echo "ZONEMD verification not OK"
	exit 1
fi
if grep "auth zone . ZONEMD verification successful" unbound.log; then
	echo "OK"
else
	echo "ZONEMD verification not OK"
	exit 1
fi

echo "> unbound-control auth_zone_reload ."
$PRE/unbound-control -c ub.conf auth_zone_reload . 2>&1 | tee outfile
if test $? -ne 0; then
	echo "wrong exit value."
	exit 1
fi
# The output of the reload can be checked.
echo "> check unbound-control output"
if grep ".: ZONEMD verification successful" outfile; then
	echo "OK"
else
	echo "Not OK"
	exit 1
fi

exit 0