Commit 215a2c76 authored by Vitezslav Kriz's avatar Vitezslav Kriz Committed by Jan Včelák
Browse files

semcheck: correct zone tests

parent 8e30b631
; File written on Wed Feb 24 19:07:42 2016
; dnssec_signzone version 9.10.3-P3-RedHat-9.10.3-8.P3.fc22
example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. (
2010111220 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
3600 RRSIG SOA 7 2 3600 (
20840201000000 20160224170742 29600 example.com.
imfvFljZ29MFD+AVQgb8/jeBgRPGJHXWw7jv
lCijFIMnH2gvHeUbKZTQLuxegeQ62ZJsu7w6
RI4aS0fffncK8g== )
3600 NS dns1.example.com.
3600 RRSIG NS 7 2 3600 (
20840201000000 20160224170742 29600 example.com.
pnKWGmJdaur8QVQQ+xo9SbpDvC4E1lvSW1o6
wOUdzE5AMqy9+jB73BCC6Ota+Bt7vBCpAU2L
WFq6sB7oFj3vUA== )
86400 NSEC deleg.example.com. NS SOA RRSIG NSEC DNSKEY
86400 RRSIG NSEC 7 2 86400 (
20840201000000 20160224170742 29600 example.com.
b5bzGxN44wwyABHRjgBSY+YhN+mWbFJsyWJ0
e7FQ3QGKwQkgKiOnUOElGu9qWy5KinPOvTTm
96SOBVuVxfTK3Q== )
3600 DNSKEY 256 3 7 (
AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz
oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35
MFwieWYfDdgUnPxyKMM=
) ; ZSK; alg = NSEC3RSASHA1; key id = 29600
3600 DNSKEY 257 3 7 (
AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04
exG41EtzILS2waabEM5byhRkoylbv91q6HY+
JH9YXitS21LMD0Hqp1s=
) ; KSK; alg = NSEC3RSASHA1; key id = 31323
3600 RRSIG DNSKEY 7 2 3600 (
20840201000000 20160224170742 29600 example.com.
rHeZv1qbt/28Nu44kYsoQdawfXdiWzq0YM7f
mI6QevXbyLx2QvgwlhSCc+sAoVkmQg+448M8
N7CcSooQE6z1eg== )
3600 RRSIG DNSKEY 7 2 3600 (
20840201000000 20160224170742 31323 example.com.
TlUfbDLPLMwqxeiDwqX3vtN5HGxL8+JnEpF7
rgE6Knf3I0oI3oBYBPKpMBYnQXQHUPqoK3uo
MLngsROcqxwi6w== )
deleg.example.com. 3600 IN NS deleg.example.com.
3600 A 192.0.2.1
86400 NSEC dns1.example.com. NS RRSIG NSEC
86400 RRSIG NSEC 7 3 86400 (
20840201000000 20160224170742 29600 example.com.
O81uip6/VmZE6dhWYNNj5FH2CnatytEgFiLW
k886unXnF4/pXpSlwUfZ4iIcA8qY6BRw+AS+
97Y6p2ACTw1/KA== )
dns1.example.com. 3600 IN A 192.0.2.1
3600 RRSIG A 7 3 3600 (
20840201000000 20160224170742 29600 example.com.
qrtmPmS7uGQS9Ytb25zLhyfajR7X7sZWXcIU
T61PSMeJyAYsOHdPB7VHxCRSv7QWYyrK9mh2
ohpYTvvvo1iptg== )
86400 NSEC example.com. A RRSIG NSEC
86400 RRSIG NSEC 7 3 86400 (
20840201000000 20160224170742 29600 example.com.
NJ0Z8NZPBykmhuU/fb4x3AVOdZc6YebfQyYD
PaDTxHpquIh5ThfVtmawIpA6eVFkSscbUFEL
rjeRsepFYI3uig== )
; File written on Mon Feb 29 10:31:10 2016
; dnssec_signzone version 9.10.3-P3-RedHat-9.10.3-8.P3.fc22
example.com. 3600 IN SOA dns1.example.com. hostmaster.example.com. (
2010111220 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
3600 RRSIG SOA 7 2 3600 (
20840201000000 20160229083110 29600 example.com.
W9EprjaR4loSnNW96h4rLsquPDw3LHYvD05k
djkQofHSkMNZAJ7Q+eA3Fs2ik5fnJFM7wi5C
MtFsV2TfqMJFmg== )
3600 NS dns1.example.com.
3600 RRSIG NS 7 2 3600 (
20840201000000 20160229083110 29600 example.com.
I9Je1S7XhZIW9C0fWE8NwFLC2rhHklddNYBO
dxVKL/lxENU4jPPBwZBGrcYn2WVHgkIzjG0n
EOHONAgRFPi3Xw== )
3600 DNSKEY 256 3 7 (
AwEAAcvvW/oJAjcRdntRC8J52baXoNFVWOFz
oVFe3Vgl8aBBiGh3gnbuNt7xKmy9z2qc2/35
MFwieWYfDdgUnPxyKMM=
) ; ZSK; alg = NSEC3RSASHA1; key id = 29600
3600 DNSKEY 257 3 7 (
AwEAAeXCF7sHLcFiaCwCFH4xh2CJcCp55i04
exG41EtzILS2waabEM5byhRkoylbv91q6HY+
JH9YXitS21LMD0Hqp1s=
) ; KSK; alg = NSEC3RSASHA1; key id = 31323
3600 RRSIG DNSKEY 7 2 3600 (
20840201000000 20160229083110 29600 example.com.
vO2UQiTN/CNUZOmSEg8kJlR/UqiAZHc4qMwj
9u31sbPmOMuni+ZGuVCFFoEMtZerIkkQowkB
sXJFkvCP5oF2rA== )
3600 RRSIG DNSKEY 7 2 3600 (
20840201000000 20160229083110 31323 example.com.
Z+aaLu4rmzekfhlj6A0ClREloRi8MloRHf/3
Dlw/RYY1hrOCfcZKEY6AXeVdUwESEsSkSOco
CbhyGHH10dKAAg== )
0 NSEC3PARAM 1 0 10 -
0 RRSIG NSEC3PARAM 7 2 0 (
20840201000000 20160229083110 29600 example.com.
d69kc52VdALI8fbdbflsVsltc1m7bI6QsJ5U
IDE9fy5VqcufZecZMKuozPDuF2vBA8ADFIRU
OfYgKs6YNIOLWg== )
deleg.example.com. 3600 IN NS deleg.example.com.
3600 A 192.0.2.1
20G1GOL477RO51RK9A9NFD54TFQAL7IQ.example.com. 86400 IN NSEC3 1 0 10 - (
MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938
A RRSIG )
86400 RRSIG NSEC3 7 3 86400 (
20840201000000 20160229083110 29600 example.com.
D24JCtCcNzwsY1FXVliAjxMm+x95N2eUTXn0
M8NK5glSk1yLtnAUKzHxpRExAJLGUiaG4yPu
2yGZuqwNvJztzw== )
MJV836RJQEJ5UBGHVKSQ7N44RSO3Q938.example.com. 86400 IN NSEC3 1 0 10 - (
UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A
NS )
86400 RRSIG NSEC3 7 3 86400 (
20840201000000 20160229083110 29600 example.com.
jRNMrWLfS4yzRHQOBxs6/GKWIzx6AZV5lyCm
7bYTV9wS3owDJSQhJ7lft0WbBmUMtV3tP9Xr
Yc+yW48p2Vr+QQ== )
UTQVUHU2BLK3DHMRR5T1HD9VTEOHQT0A.example.com. 86400 IN NSEC3 1 0 10 - (
20G1GOL477RO51RK9A9NFD54TFQAL7IQ
NS SOA RRSIG DNSKEY NSEC3PARAM )
86400 RRSIG NSEC3 7 3 86400 (
20840201000000 20160229083110 29600 example.com.
F7y+xW/C7iICgmZeYrF4e7Yx4kWZAZPAMzlu
PtWVuf37ySg1VfEWcQcDP04vF2rXVUqSMEcj
bqUVN5W8Hoazxw== )
dns1.example.com. 3600 IN A 192.0.2.1
3600 RRSIG A 7 3 3600 (
20840201000000 20160229083110 29600 example.com.
MoYrL/lToC4AHo6KCZRiBRmCMWHUAx2Xt32A
P4lDpwA+wiBWkCZSfVTh60AosS/BIGtBb2BK
mszMx8CLBvkjRg== )
......@@ -8,7 +8,7 @@ DATA=@top_srcdir@/tests/semcheck
TMPDIR=$(test_tmpdir)
LOG=$TMPDIR/log
#param zonefile fatal_error expected_erros_count semcheck_err_msg
test_zone()
expect_error()
{
if [ ! -r $DATA/$1 ]; then
skip_block 4 "missing zone file for test"
......@@ -29,40 +29,49 @@ test_zone()
fi
}
#param zonefile
test_correct()
{
$KZONECHECK -o example.com "$DATA/$1" > /dev/null
ok "$1 - correct zone, without error" test $? -eq 0
}
if [ ! -x $KZONECHECK ]; then
skip_all "kzonecheck is missing or is not executable"
fi
plan_lazy
test_zone "cname_extra_01.zone" 1 1 "CNAME, node contains other records)"
test_zone "cname_extra_02.signed" 1 1 "CNAME, node contains other records than RRSIG and NSEC/NSEC3"
test_zone "cname_multiple.zone" 1 1 "CNAME, multiple records"
test_zone "dname_children.zone" 1 2 "DNAME, node has children error triggered by child node"
test_zone "dname_children.zone" 1 2 "DNAME, node has children error triggered by parent node"
expect_error "cname_extra_01.zone" 1 1 "CNAME, node contains other records)"
expect_error "cname_extra_02.signed" 1 1 "CNAME, node contains other records than RRSIG and NSEC/NSEC3"
expect_error "cname_multiple.zone" 1 1 "CNAME, multiple records"
expect_error "dname_children.zone" 1 2 "DNAME, node has children error triggered by child node"
expect_error "dname_children.zone" 1 2 "DNAME, node has children error triggered by parent node"
test_zone "missing_ns.zone" 0 1 "NS record missing in zone apex"
test_zone "missing_glue_01.zone" 0 1 "GLUE, node with glue record missing"
test_zone "missing_glue_02.zone" 0 1 "GLUE, node with glue record missing"
test_zone "missing_glue_03.zone" 0 1 "GLUE, node with glue record missing"
test_zone "different_signer_name.signed" 0 1 "RRSIG, signer name is different than in DNSKEY"
test_zone "no_rrsig.signed" 0 2 "RRSIG, no RRSIG"
test_zone "no_rrsig_with_delegation.signed" 0 1 "RRSIG, no RRSIG"
test_zone "nsec_broken_chain_01.signed" 0 1 "NSEC, chain is not coherent"
test_zone "nsec_broken_chain_02.signed" 0 1 "NSEC, chain is not cyclic"
test_zone "nsec_missing.signed" 0 1 "NSEC, missing record"
test_zone "nsec_multiple.signed" 0 2 "NSEC, multiple records"
test_zone "nsec_wrong_bitmap_01.signed" 0 1 "NSEC(3), wrong bitmap"
test_zone "nsec_wrong_bitmap_02.signed" 0 1 "NSEC(3), wrong bitmap"
test_zone "nsec3_wrong_bitmap_01.signed" 0 1 "NSEC(3), wrong bitmap"
test_zone "nsec3_wrong_bitmap_02.signed" 0 1 "NSEC(3), wrong bitmap"
test_zone "rrsig_signed.signed" 0 1 "RRSIG, signed RRSIG"
test_zone "rrsig_ttl.signed" 0 1 "RRSIG, TTL is wrong"
test_zone "rrsig_rdata_ttl.signed" 0 1 "RRSIG, TTL RDATA field is wrong"
test_zone "wrong_dnskey.signed" 0 5 "RRSIG, missing DNSKEY for RRSIG"
test_zone "nsec3_chain_01.signed" 0 1 "NSEC3, chain is not coherent"
test_zone "nsec3_chain_02.signed" 0 2 "NSEC3, chain is not coherent"
test_zone "nsec3_chain_03.signed" 0 2 "NSEC3, chain is not coherent"
expect_error "missing_ns.zone" 0 1 "NS record missing in zone apex"
expect_error "missing_glue_01.zone" 0 1 "GLUE, node with glue record missing"
expect_error "missing_glue_02.zone" 0 1 "GLUE, node with glue record missing"
expect_error "missing_glue_03.zone" 0 1 "GLUE, node with glue record missing"
expect_error "different_signer_name.signed" 0 1 "RRSIG, signer name is different than in DNSKEY"
expect_error "no_rrsig.signed" 0 2 "RRSIG, no RRSIG"
expect_error "no_rrsig_with_delegation.signed" 0 1 "RRSIG, no RRSIG"
expect_error "nsec_broken_chain_01.signed" 0 1 "NSEC, chain is not coherent"
expect_error "nsec_broken_chain_02.signed" 0 1 "NSEC, chain is not cyclic"
expect_error "nsec_missing.signed" 0 1 "NSEC, missing record"
expect_error "nsec_multiple.signed" 0 2 "NSEC, multiple records"
expect_error "nsec_wrong_bitmap_01.signed" 0 1 "NSEC(3), wrong bitmap"
expect_error "nsec_wrong_bitmap_02.signed" 0 1 "NSEC(3), wrong bitmap"
expect_error "nsec3_wrong_bitmap_01.signed" 0 1 "NSEC(3), wrong bitmap"
expect_error "nsec3_wrong_bitmap_02.signed" 0 1 "NSEC(3), wrong bitmap"
expect_error "rrsig_signed.signed" 0 1 "RRSIG, signed RRSIG"
expect_error "rrsig_ttl.signed" 0 1 "RRSIG, TTL is wrong"
expect_error "rrsig_rdata_ttl.signed" 0 1 "RRSIG, TTL RDATA field is wrong"
expect_error "wrong_dnskey.signed" 0 5 "RRSIG, missing DNSKEY for RRSIG"
expect_error "nsec3_chain_01.signed" 0 1 "NSEC3, chain is not coherent"
expect_error "nsec3_chain_02.signed" 0 2 "NSEC3, chain is not coherent"
expect_error "nsec3_chain_03.signed" 0 2 "NSEC3, chain is not coherent"
test_correct "no_error_delegaton_bitmap.signed"
test_correct "no_error_nsec3_delegation.signed"
rm $LOG
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment