ede.test - external/bsd/unbound/dist/testdata/ede.tdir/ede.test - Netbsd-lockdoc source code (lockdoc-10.99.5-vfs-0.2)

# #-- ede.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test


# DNSSEC failure: Signature Expired or DNSKEY Missing (depending on the servfail configuration)
dig @127.0.0.1 -p $UNBOUND_PORT servfail.nl > servfail.txt

# DNSSEC failure: key not incepted
dig @127.0.0.1 -p $UNBOUND_PORT notyetincepted.dnssec-failures.test. TXT +dnssec > sig_notyetincepted.txt

if ! grep -q -e "OPT=15: 00 08" -e "EDE: 8" sig_notyetincepted.txt
then
	echo "Signature not yet valid does not return EDE Signature Not Yet Valid"
	cat sig_notyetincepted.txt
	exit 1
fi

# DNSSEC failure: key expired
dig @127.0.0.1 -p $UNBOUND_PORT expired.dnssec-failures.test. TXT +dnssec > sig_expired.txt

if ! grep -q -e "OPT=15: 00 07" -e "EDE: 7"  sig_expired.txt
then
	echo "Expired signature does not return EDE Signature expired"
	cat sig_expired.txt
	exit 1
fi

# DNSSEC failure: missing rrsigs
dig @127.0.0.1 -p $UNBOUND_PORT missingrrsigs.dnssec-failures.test. TXT +dnssec > missingrrsigs.txt

if ! grep -q -e "OPT=15: 00 0a" -e "EDE: 10" missingrrsigs.txt
then
	echo "Expired signature does not return EDE RRSIGs missing"
	cat missingrrsigs.txt
	exit 1
fi

# signed zone with DNSKEY missing
dig @127.0.0.1 -p $UNBOUND_PORT dnskey-failures.test > dnskey-failure.txt

if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" dnskey-failure.txt
then
	echo "Expired signature does not return EDE DNSKEY missing"
	cat dnskey-failure.txt
	exit 1
fi

# signed zone with RRSIGs missing
dig @127.0.0.1 -p $UNBOUND_PORT rrsig-failures.test > rrsig-failure.txt

if ! grep -q -e "OPT=15: 00 0a" -e "EDE: 10" rrsig-failure.txt
then
	echo "Expired signature does not return EDE RRSIGs missing"
	cat rrsig-failure.txt
	exit 1
fi

# signed zone with NSEC missing
dig @127.0.0.1 -p $UNBOUND_PORT abc.nsec-failures.test > nsec-failure.txt

if ! grep -q -e "OPT=15: 00 0c" -e "EDE: 12" nsec-failure.txt
then
	echo "Expired signature does not return EDE NSEC missing"
	cat nsec-failure.txt
	exit 1
fi


# @TODO DNSSEC indeterminate when implemented