Check 'rndc stats' output for 'covering nsec returned'

2025-08-29 21:47:59 +00:00 · 2021-10-28 11:08:18 +11:00 · 2021-10-28 11:08:18 +11:00 · fe8bc79f2b
commit fe8bc79f2b
parent 43316a40a0
8 changed files with 75 additions and 0 deletions
--- a/bin/tests/system/synthfromdnssec/clean.sh
+++ b/bin/tests/system/synthfromdnssec/clean.sh
@ -15,6 +15,7 @@ rm -f ./*/named.memstats
 rm -f ./*/named.conf
 rm -f ./*/named.run
 rm -f ./*/named.run.prev
+rm -f ./*/named.stats
 rm -f ./dig.out.*
 rm -f ./ns1/K*+*+*.key
 rm -f ./ns1/K*+*+*.private
--- a/bin/tests/system/synthfromdnssec/ns1/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns1/named.conf.in
@ -24,6 +24,15 @@ options {
 	dnssec-validation yes;
 };

+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type primary;
 	file "root.db.signed";
--- a/bin/tests/system/synthfromdnssec/ns2/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns2/named.conf.in
@ -24,6 +24,15 @@ options {
 	dnssec-validation yes;
 };

+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/ns3/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns3/named.conf.in
@ -24,6 +24,15 @@ options {
 	dnssec-validation yes;
 };

+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/ns4/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns4/named.conf.in
@ -25,6 +25,15 @@ options {
 	synth-from-dnssec no;
 };

+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/ns5/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns5/named.conf.in
@ -25,6 +25,15 @@ options {
 	synth-from-dnssec yes;
 };

+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/ns6/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns6/named.conf.in
@ -25,6 +25,15 @@ options {
 	synth-from-dnssec yes;
 };

+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
 zone "." {
 	type hint;
 	file "root.hints";
--- a/bin/tests/system/synthfromdnssec/tests.sh
+++ b/bin/tests/system/synthfromdnssec/tests.sh
@ -12,6 +12,8 @@
 # shellcheck source=conf.sh
 . ../conf.sh

+RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
+
 set -e

 status=0
@ -385,6 +387,24 @@ do
    n=$((n+1))
    if [ $ret != 0 ]; then echo_i "failed"; fi
    status=$((status+ret))
+
+    echo_i "check 'rndc stats' output for 'covering nsec returned' (synth-from-dnssec ${description};) ($n)"
+    ret=0
+    ${RNDCCMD} 10.53.0.${ns} stats 2>&1 | sed 's/^/ns6 /' | cat_i
+    # 2 views, _bind should always be '0 covering nsec returned'
+    count=$(grep "covering nsec returned" ns${ns}/named.stats | wc -l)
+    test $count = 2 || ret=1
+    zero=$(grep " 0 covering nsec returned" ns${ns}/named.stats | wc -l)
+    if [ ${synth} = yes ]
+    then
+	test $zero = 1 || ret=1
+    else
+	test $zero = 2 || ret=1
+    fi
+    n=$((n+1))
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+
 done

 echo_i "check redirect response (+dnssec) (synth-from-dnssec <default>;) ($n)"