Check 'rndc stats' output for 'covering nsec returned'

2025-08-30 05:57:52 +00:00 · 2021-10-28 11:08:18 +11:00 · 2021-10-28 11:08:18 +11:00 · fe8bc79f2b
commit fe8bc79f2b
parent 43316a40a0
8 changed files with 75 additions and 0 deletions
--- a/bin/tests/system/synthfromdnssec/clean.sh
+++ b/bin/tests/system/synthfromdnssec/clean.sh
@ -15,6 +15,7 @@ rm -f ./*/named.memstats
 rm -f ./*/named.conf
 rm -f ./*/named.run
 rm -f ./*/named.run.prev
 rm -f ./*/named.stats
 rm -f ./dig.out.*
 rm -f ./ns1/K*+*+*.key
 rm -f ./ns1/K*+*+*.private
--- a/bin/tests/system/synthfromdnssec/ns1/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns1/named.conf.in
@ -24,6 +24,15 @@ options {
 	dnssec-validation yes;
 };
 key rndc_key {
 	secret "1234abcd8765";
 	algorithm hmac-sha256;
 };
 controls {
 	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 zone "." {
 	type primary;
 	file "root.db.signed";
--- a/bin/tests/system/synthfromdnssec/ns2/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns2/named.conf.in
@ -24,6 +24,15 @@ options {
 	dnssec-validation yes;
 };
 key rndc_key {
 	secret "1234abcd8765";
 	algorithm hmac-sha256;
 };
 controls {
 	inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/ns3/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns3/named.conf.in
@ -24,6 +24,15 @@ options {
 	dnssec-validation yes;
 };
 key rndc_key {
 	secret "1234abcd8765";
 	algorithm hmac-sha256;
 };
 controls {
 	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/ns4/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns4/named.conf.in
@ -25,6 +25,15 @@ options {
 	synth-from-dnssec no;
 };
 key rndc_key {
 	secret "1234abcd8765";
 	algorithm hmac-sha256;
 };
 controls {
 	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/ns5/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns5/named.conf.in
@ -25,6 +25,15 @@ options {
 	synth-from-dnssec yes;
 };
 key rndc_key {
 	secret "1234abcd8765";
 	algorithm hmac-sha256;
 };
 controls {
 	inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/ns6/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns6/named.conf.in
@ -25,6 +25,15 @@ options {
 	synth-from-dnssec yes;
 };
 key rndc_key {
 	secret "1234abcd8765";
 	algorithm hmac-sha256;
 };
 controls {
 	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/tests.sh
+++ b/bin/tests/system/synthfromdnssec/tests.sh
@ -12,6 +12,8 @@
 # shellcheck source=conf.sh
 . ../conf.sh
 RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
 set -e
 status=0
@ -385,6 +387,24 @@ do
    n=$((n+1))
    if [ $ret != 0 ]; then echo_i "failed"; fi
    status=$((status+ret))
    echo_i "check 'rndc stats' output for 'covering nsec returned' (synth-from-dnssec ${description};) ($n)"
    ret=0
    ${RNDCCMD} 10.53.0.${ns} stats 2>&1 | sed 's/^/ns6 /' | cat_i
    # 2 views, _bind should always be '0 covering nsec returned'
    count=$(grep "covering nsec returned" ns${ns}/named.stats | wc -l)
    test $count = 2 || ret=1
    zero=$(grep " 0 covering nsec returned" ns${ns}/named.stats | wc -l)
    if [ ${synth} = yes ]
    then
 	test $zero = 1 || ret=1
    else
 	test $zero = 2 || ret=1
    fi
    n=$((n+1))
    if [ $ret != 0 ]; then echo_i "failed"; fi
    status=$((status+ret))
 done
 echo_i "check redirect response (+dnssec) (synth-from-dnssec <default>;) ($n)"