mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
4ef1fb5a24
now that the root has a valid ZONEMD.
64 lines
1.4 KiB
Plaintext
64 lines
1.4 KiB
Plaintext
# #-- root_zonemd.test --#
|
|
# source the master var file when it's there
|
|
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
|
# use .tpkg.var.test for in test variable passing
|
|
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
|
|
|
PRE="../.."
|
|
# do the test
|
|
echo "> dig . SOA"
|
|
dig @127.0.0.1 -p $UNBOUND_PORT . SOA | tee outfile
|
|
echo "> check answer"
|
|
if grep root-servers outfile | grep "nstld.verisign-grs.com"; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
exit 1
|
|
fi
|
|
|
|
echo "> unbound-control status"
|
|
$PRE/unbound-control -c ub.conf status
|
|
if test $? -ne 0; then
|
|
echo "wrong exit value."
|
|
exit 1
|
|
else
|
|
echo "exit value: OK"
|
|
fi
|
|
|
|
# This is the output when an unsupported algorithm is used.
|
|
if grep "auth zone . zonemd DNSSEC verification of SOA and ZONEMD RRsets secure" unbound.log; then
|
|
echo "OK"
|
|
else
|
|
echo "ZONEMD verification not OK"
|
|
exit 1
|
|
fi
|
|
if grep "auth-zone . ZONEMD hash is correct" unbound.log; then
|
|
echo "OK"
|
|
else
|
|
echo "ZONEMD verification not OK"
|
|
exit 1
|
|
fi
|
|
if grep "auth zone . ZONEMD verification successful" unbound.log; then
|
|
echo "OK"
|
|
else
|
|
echo "ZONEMD verification not OK"
|
|
exit 1
|
|
fi
|
|
|
|
echo "> unbound-control auth_zone_reload ."
|
|
$PRE/unbound-control -c ub.conf auth_zone_reload . 2>&1 | tee outfile
|
|
if test $? -ne 0; then
|
|
echo "wrong exit value."
|
|
exit 1
|
|
fi
|
|
# The output of the reload can be checked.
|
|
echo "> check unbound-control output"
|
|
if grep ".: ZONEMD verification successful" outfile; then
|
|
echo "OK"
|
|
else
|
|
echo "Not OK"
|
|
exit 1
|
|
fi
|
|
|
|
exit 0
|