diff --git a/CHANGES b/CHANGES index a2c409ff52..82633c18bb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +3748. [func] Use delve to test dns_client interfaces. [RT #35383] + 3747. [bug] A race condition could lead to a core dump when destroying a resolver fetch object. [RT #35385] diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 559fcbb13a..73e61b33ad 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -33,6 +33,7 @@ NAMED=$TOP/bin/named/named # if the program is libtoolized. LWRESD="$TOP/bin/named/named -l" DIG=$TOP/bin/dig/dig +DELVE=$TOP/bin/delve/delve RNDC=$TOP/bin/rndc/rndc NSUPDATE=$TOP/bin/nsupdate/nsupdate DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 9e4b6efda4..cc2457cf73 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -29,7 +29,7 @@ rm -f ns2/single-nsec3.db rm -f ns2/nsec3chain-test.db rm -f */example.bk rm -f dig.out.* -rm -f resolve.out* +rm -f delve.out.* rm -f ns2/dlv.db rm -f ns3/multiple.example.db ns3/nsec3-unknown.example.db ns3/nsec3.example.db rm -f ns3/optout-unknown.example.db ns3/optout.example.db @@ -67,6 +67,5 @@ rm -f ns6/optout-tld.db rm -f nosign.before rm -f signing.out* rm -f canonical?.* -rm -f ns1/resolve.key rm -f ns3/siginterval.conf rm -f ns4/named_dump.db diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index 4ac57f1200..486635e899 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -71,8 +71,3 @@ cp managed.conf ../ns4/managed.conf keyid=`expr $keyname : 'K.+001+\(.*\)'` keyid=`expr $keyid + 0` echo "$keyid" > managed.key.id -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print "-a $alg -e -k $dn -K $key\n" -' > resolve.key diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 200ad245ed..494a5c7a9a 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -26,7 +26,7 @@ n=1 rm -f dig.out.* DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" -RESKEY=`cat ns1/resolve.key` +DELVEOPTS="-a ns1/trusted.conf -p 5300" # convert private-type records to readable form showprivate () { @@ -137,12 +137,12 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking postive validation NSEC using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.example > resolve.out$n || ret=1 - grep "a.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1 - grep "a.example..*.RRSIG.A 3 2 300 .*" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.example > delve.out$n || ret=1 + grep "a.example..*10.0.0.1" delve.out$n > /dev/null || ret=1 + grep "a.example..*.RRSIG.A 3 2 300 .*" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -160,12 +160,12 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking positive validation NSEC3 using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.nsec3.example > resolve.out$n || ret=1 - grep "a.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1 - grep "a.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.nsec3.example > delve.out$n || ret=1 + grep "a.nsec3.example..*10.0.0.1" delve.out$n > /dev/null || ret=1 + grep "a.nsec3.example..*RRSIG.A 7 3 300.*" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -183,12 +183,12 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking positive validation OPTOUT using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.optout.example > resolve.out$n || ret=1 - grep "a.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1 - grep "a.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.optout.example > delve.out$n || ret=1 + grep "a.optout.example..*10.0.0.1" delve.out$n > /dev/null || ret=1 + grep "a.optout.example..*RRSIG.A 7 3 300.*" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -209,12 +209,12 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking positive wildcard validation NSEC using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.example > resolve.out$n || ret=1 - grep "a.wild.example..*10.0.0.27" resolve.out$n > /dev/null || ret=1 - grep "a.wild.example..*RRSIG.A 3 2 300.*" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.wild.example > delve.out$n || ret=1 + grep "a.wild.example..*10.0.0.27" delve.out$n > /dev/null || ret=1 + grep "a.wild.example..*RRSIG.A 3 2 300.*" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -251,12 +251,12 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking positive wildcard validation NSEC3 using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.nsec3.example > resolve.out$n || ret=1 - grep "a.wild.nsec3.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1 - grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.wild.nsec3.example > delve.out$n || ret=1 + grep "a.wild.nsec3.example..*10.0.0.6" delve.out$n > /dev/null || ret=1 + grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -277,12 +277,12 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking positive wildcard validation OPTOUT using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.optout.example > resolve.out$n || ret=1 - grep "a.wild.optout.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1 - grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.wild.optout.example > delve.out$n || ret=1 + grep "a.wild.optout.example..*10.0.0.6" delve.out$n > /dev/null || ret=1 + grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -299,11 +299,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative validation NXDOMAIN NSEC using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a q.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxdomain" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -322,11 +322,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative validation NXDOMAIN NSEC3 using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.nsec3.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a q.nsec3.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxdomain" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -346,11 +346,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative validation NXDOMAIN OPTOUT using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.optout.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a q.optout.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxdomain" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -368,11 +368,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 txt a.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxrrset" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -392,11 +392,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative validation NODATA NSEC3 using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.nsec3.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 txt a.nsec3.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxrrset" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -416,11 +416,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.optout.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 txt a.optout.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxrrset" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -437,11 +437,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative wildcard validation NSEC using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 txt b.wild.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxrrset" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -457,11 +457,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative wildcard validation NSEC3 using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.nsec3.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 txt b.wild.nsec3.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxrrset" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -481,11 +481,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking negative wildcard validation OPTOUT using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.optout.nsec3.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 txt b.optout.nsec3.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxrrset" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -505,11 +505,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking 1-server insecurity proof NSEC using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.example > resolve.out$n || ret=1 - grep "a.insecure.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.insecure.example > delve.out$n || ret=1 + grep "a.insecure.example..*10.0.0.1" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -527,11 +527,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking 1-server insecurity proof NSEC3 using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.nsec3.example > resolve.out$n || ret=1 - grep "a.insecure.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.insecure.nsec3.example > delve.out$n || ret=1 + grep "a.insecure.nsec3.example..*10.0.0.1" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -549,11 +549,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking 1-server insecurity proof OPTOUT using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.optout.example > resolve.out$n || ret=1 - grep "a.insecure.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a a.insecure.optout.example > delve.out$n || ret=1 + grep "a.insecure.optout.example..*10.0.0.1" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -573,11 +573,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking 1-server negative insecurity proof NSEC using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a q.insecure.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxdomain" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -597,11 +597,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking 1-server negative insecurity proof NSEC3 using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a q.insecure.nsec3.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxdomain" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -621,11 +621,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking 1-server negative insecurity proof OPTOUT using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.optout.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS @10.53.0.4 a q.insecure.optout.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: ncache nxdomain" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -818,11 +818,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking failed validation using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.bogus.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: RRSIG failed to verify" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS +cd @10.53.0.4 a a.bogus.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: RRSIG failed to verify" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -863,11 +863,11 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -if [ -x ${RESOLVE} ] ; then +if [ -x ${DELVE} ] ; then ret=0 echo "I:checking that validation fails when key record is missing using dns_client ($n)" - $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.b.keyless.example > /dev/null 2> resolve.out$n || ret=1 - grep "resolution failed: broken trust chain" resolve.out$n > /dev/null || ret=1 + $DELVE $DELVEOPTS +cd @10.53.0.4 a a.b.keyless.example > delve.out$n 2>&1 || ret=1 + grep "resolution failed: broken trust chain" delve.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret`