test "delv +ns"

add tests for "delv +ns", with and without +qmin and with and without
validation.

bin/tests/system/digdelv/clean.sh

@@ -13,7 +13,7 @@
 
 set -e
 
-rm -f ./*/anchor.*
+rm -f ./anchor.* ./*/anchor.*
 rm -f ./*/named.conf
 rm -f ./*/named.memstats
 rm -f ./*/named.run
@@ -28,9 +28,10 @@ rm -f ./dig.out.nn.*
 rm -f ./host.out.test*
 rm -f ./ns*/managed-keys.bind*
 rm -f ./ns*/named.lock
-rm -f ./ns2/dsset-example.
-rm -f ./ns2/dsset-example.tld.
-rm -f ./ns2/example.db ./ns2/K* ./ns2/keyid ./ns2/keydata
+rm -f ./ns*/K* ./ns*/keyid ./ns*/keydata
+rm -f ./ns1/root.db
+rm -f ./ns*/dsset-*
+rm -f ./ns2/example.db 
 rm -f ./ns2/example.tld.db
 rm -f ./nslookup.out.test*
 rm -f ./nsupdate.out.test*

bin/tests/system/digdelv/ns1/sign.sh

@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# shellcheck source=conf.sh
+. ../../conf.sh
+
+set -e
+
+(cd ../ns2 && $SHELL sign.sh )
+
+cp "../ns2/dsset-example." .
+
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone .)
+
+cp root.db.in root.db
+
+"$SIGNER" -Sgz -f root.db -o . root.db.in > /dev/null 2>&1
+
+keyfile_to_key_id "$ksk" > keyid
+grep -Ev '^;' < "$ksk.key" | cut -f 7- -d ' ' > keydata
+keyfile_to_initial_keys "$ksk" > anchor.dnskey

bin/tests/system/digdelv/setup.sh

@@ -20,4 +20,4 @@ copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf
 
-cd ns2 && $SHELL sign.sh
+cd ns1 && $SHELL sign.sh

bin/tests/system/digdelv/tests.sh

@@ -54,7 +54,7 @@ check_ttl_range() {
    return $result
 }
 
-# using delv insecure mode as not testing dnssec here
+# use delv insecure mode by default, as we're mostly not testing dnssec
 delv_with_opts() {
     "$DELV" +noroot -p "$PORT" "$@"
 }
@@ -1404,6 +1404,42 @@ if [ -x "$DELV" ] ; then
   if [ $ret -ne 0 ]; then echo_i "failed"; fi
   status=$((status+ret))
 
+  n=$((n+1))
+  echo_i "checking delv +ns (no validation) ($n)"
+  ret=0
+  delv_with_opts -i +ns +hint=../common/root.hint a a.example > delv.out.test$n || ret=1
+  grep -q '; authoritative' delv.out.test$n || ret=1
+  grep -q '_.example' delv.out.test$n && ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
+  n=$((n+1))
+  echo_i "checking delv +ns +qmin (no validation) ($n)"
+  ret=0
+  delv_with_opts -i +ns +qmin +hint=../common/root.hint a a.example > delv.out.test$n || ret=1
+  grep -q '; authoritative' delv.out.test$n || ret=1
+  grep -q '_.example' delv.out.test$n || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
+  n=$((n+1))
+  echo_i "checking delv +ns (with validation) ($n)"
+  ret=0
+  delv_with_opts -a ns1/anchor.dnskey +root +ns +hint=../common/root.hint a a.example > delv.out.test$n || ret=1
+  grep -q '; fully validated' delv.out.test$n || ret=1
+  grep -q '_.example' delv.out.test$n && ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
+  n=$((n+1))
+  echo_i "checking delv +ns +qmin (with validation) ($n)"
+  ret=0
+  delv_with_opts -a ns1/anchor.dnskey +root +ns +qmin +hint=../common/root.hint a a.example > delv.out.test$n || ret=1
+  grep -q '; fully validated' delv.out.test$n || ret=1
+  grep -q '_.example' delv.out.test$n || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
 else
   echo_i "$DELV is needed, so skipping these delv tests"
 fi