From c57917989c2b2c9e8029726edbd1ff742d671f2b Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Thu, 10 May 2018 19:09:34 +0200 Subject: [PATCH] revive validns testing, closes #3097 --- build-scripts/travis.sh | 4 +++ .../rectify-axfr/expected_result | 33 +++++++++++++++++++ .../tests/verify-dnssec-zone/command | 6 +++- .../tests/verify-dnssec-zone/expected_result | 33 +++++++++++++++++++ .../expected_result.nsec3-optout | 33 +++++++++++++++++++ 5 files changed, 108 insertions(+), 1 deletion(-) diff --git a/build-scripts/travis.sh b/build-scripts/travis.sh index 128e3abb3..9c4be9765 100755 --- a/build-scripts/travis.sh +++ b/build-scripts/travis.sh @@ -206,6 +206,10 @@ install_auth() { run "sudo apt-get -qq --no-install-recommends install \ libp11-kit-dev" + # for validns + run "sudo add-apt-repository -y ppa:jelu/validns" + run 'curl "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x7AA4AC1F04A52E842B88094F01B7B7D6564DECD0" | sudo apt-key add - ' + # geoip-backend run "sudo add-apt-repository -y ppa:maxmind/ppa" run "gpg --keyserver keyserver.ubuntu.com --recv-keys DE742AFA" diff --git a/regression-tests.nobackend/rectify-axfr/expected_result b/regression-tests.nobackend/rectify-axfr/expected_result index 9d72712d2..0da83a2e5 100644 --- a/regression-tests.nobackend/rectify-axfr/expected_result +++ b/regression-tests.nobackend/rectify-axfr/expected_result @@ -1,6 +1,9 @@ --- ldns-verify-zone -V2 test.com RETVAL: 0 +--- validns test.com +RETVAL: 0 + --- jdnssec-verifyzone test.com zone verified. RETVAL: 0 @@ -15,6 +18,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 test.dyndns RETVAL: 0 +--- validns test.dyndns +RETVAL: 0 + --- jdnssec-verifyzone test.dyndns zone verified. RETVAL: 0 @@ -27,6 +33,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 wtest.com RETVAL: 0 +--- validns wtest.com +RETVAL: 0 + --- jdnssec-verifyzone wtest.com zone verified. RETVAL: 0 @@ -43,6 +52,9 @@ Error: there is no NSEC(3) for ent.ent.auth-ent.dnssec-parent.com. There were errors in the zone RETVAL: 11 +--- validns dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone dnssec-parent.com zone verified. RETVAL: 0 @@ -55,6 +67,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 delegated.dnssec-parent.com RETVAL: 0 +--- validns delegated.dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone delegated.dnssec-parent.com zone verified. RETVAL: 0 @@ -67,6 +82,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com RETVAL: 0 +--- validns secure-delegated.dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone secure-delegated.dnssec-parent.com zone verified. RETVAL: 0 @@ -79,6 +97,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 minimal.com RETVAL: 0 +--- validns minimal.com +RETVAL: 0 + --- jdnssec-verifyzone minimal.com zone verified. RETVAL: 0 @@ -91,6 +112,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 tsig.com RETVAL: 0 +--- validns tsig.com +RETVAL: 0 + --- jdnssec-verifyzone tsig.com zone verified. RETVAL: 0 @@ -103,6 +127,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 stest.com RETVAL: 0 +--- validns stest.com +RETVAL: 0 + --- jdnssec-verifyzone stest.com zone verified. RETVAL: 0 @@ -115,6 +142,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 cdnskey-cds-test.com RETVAL: 0 +--- validns cdnskey-cds-test.com +RETVAL: 0 + --- jdnssec-verifyzone cdnskey-cds-test.com zone verified. RETVAL: 0 @@ -127,6 +157,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 2.0.192.in-addr.arpa RETVAL: 0 +--- validns 2.0.192.in-addr.arpa +RETVAL: 0 + --- jdnssec-verifyzone 2.0.192.in-addr.arpa zone verified. RETVAL: 0 diff --git a/regression-tests/tests/verify-dnssec-zone/command b/regression-tests/tests/verify-dnssec-zone/command index 0f9d39ae5..98cf3d9a0 100755 --- a/regression-tests/tests/verify-dnssec-zone/command +++ b/regression-tests/tests/verify-dnssec-zone/command @@ -3,8 +3,12 @@ for zone in $(grep 'zone ' named.conf | cut -f2 -d\" | grep -v '^\(example.com\ do TFILE=$(mktemp tmp.XXXXXXXXXX) drill -p $port axfr $zone @$nameserver | ldns-read-zone -z -u CDS -u CDNSKEY > $TFILE - for validator in "ldns-verify-zone -V2" jdnssec-verifyzone named-checkzone + for validator in "ldns-verify-zone -V2" validns jdnssec-verifyzone named-checkzone do + if [ "$validator" = "validns" ] && [ "$zone" = "." ] + then + continue + fi echo --- $validator $zone if [ "$validator" = "named-checkzone" ] then diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result b/regression-tests/tests/verify-dnssec-zone/expected_result index e3d447869..f2f0e6bb5 100644 --- a/regression-tests/tests/verify-dnssec-zone/expected_result +++ b/regression-tests/tests/verify-dnssec-zone/expected_result @@ -1,6 +1,9 @@ --- ldns-verify-zone -V2 test.com RETVAL: 0 +--- validns test.com +RETVAL: 0 + --- jdnssec-verifyzone test.com zone verified. RETVAL: 0 @@ -15,6 +18,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 test.dyndns RETVAL: 0 +--- validns test.dyndns +RETVAL: 0 + --- jdnssec-verifyzone test.dyndns zone verified. RETVAL: 0 @@ -27,6 +33,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 wtest.com RETVAL: 0 +--- validns wtest.com +RETVAL: 0 + --- jdnssec-verifyzone wtest.com zone verified. RETVAL: 0 @@ -40,6 +49,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 dnssec-parent.com RETVAL: 0 +--- validns dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone dnssec-parent.com zone verified. RETVAL: 0 @@ -52,6 +64,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 delegated.dnssec-parent.com RETVAL: 0 +--- validns delegated.dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone delegated.dnssec-parent.com zone verified. RETVAL: 0 @@ -64,6 +79,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com RETVAL: 0 +--- validns secure-delegated.dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone secure-delegated.dnssec-parent.com zone verified. RETVAL: 0 @@ -76,6 +94,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 minimal.com RETVAL: 0 +--- validns minimal.com +RETVAL: 0 + --- jdnssec-verifyzone minimal.com zone verified. RETVAL: 0 @@ -88,6 +109,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 tsig.com RETVAL: 0 +--- validns tsig.com +RETVAL: 0 + --- jdnssec-verifyzone tsig.com zone verified. RETVAL: 0 @@ -100,6 +124,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 stest.com RETVAL: 0 +--- validns stest.com +RETVAL: 0 + --- jdnssec-verifyzone stest.com zone verified. RETVAL: 0 @@ -112,6 +139,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 cdnskey-cds-test.com RETVAL: 0 +--- validns cdnskey-cds-test.com +RETVAL: 0 + --- jdnssec-verifyzone cdnskey-cds-test.com zone verified. RETVAL: 0 @@ -124,6 +154,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 2.0.192.in-addr.arpa RETVAL: 0 +--- validns 2.0.192.in-addr.arpa +RETVAL: 0 + --- jdnssec-verifyzone 2.0.192.in-addr.arpa zone verified. RETVAL: 0 diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout index 082b76a6d..667918b8b 100644 --- a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout +++ b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout @@ -1,6 +1,9 @@ --- ldns-verify-zone -V2 test.com RETVAL: 0 +--- validns test.com +RETVAL: 0 + --- jdnssec-verifyzone test.com zone verified. RETVAL: 0 @@ -15,6 +18,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 test.dyndns RETVAL: 0 +--- validns test.dyndns +RETVAL: 0 + --- jdnssec-verifyzone test.dyndns zone verified. RETVAL: 0 @@ -27,6 +33,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 wtest.com RETVAL: 0 +--- validns wtest.com +RETVAL: 0 + --- jdnssec-verifyzone wtest.com zone verified. RETVAL: 0 @@ -43,6 +52,9 @@ Error: there is no NSEC(3) for ent.ent.auth-ent.dnssec-parent.com. There were errors in the zone RETVAL: 11 +--- validns dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone dnssec-parent.com zone verified. RETVAL: 0 @@ -55,6 +67,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 delegated.dnssec-parent.com RETVAL: 0 +--- validns delegated.dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone delegated.dnssec-parent.com zone verified. RETVAL: 0 @@ -67,6 +82,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com RETVAL: 0 +--- validns secure-delegated.dnssec-parent.com +RETVAL: 0 + --- jdnssec-verifyzone secure-delegated.dnssec-parent.com zone verified. RETVAL: 0 @@ -79,6 +97,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 minimal.com RETVAL: 0 +--- validns minimal.com +RETVAL: 0 + --- jdnssec-verifyzone minimal.com zone verified. RETVAL: 0 @@ -91,6 +112,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 tsig.com RETVAL: 0 +--- validns tsig.com +RETVAL: 0 + --- jdnssec-verifyzone tsig.com zone verified. RETVAL: 0 @@ -103,6 +127,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 stest.com RETVAL: 0 +--- validns stest.com +RETVAL: 0 + --- jdnssec-verifyzone stest.com zone verified. RETVAL: 0 @@ -115,6 +142,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 cdnskey-cds-test.com RETVAL: 0 +--- validns cdnskey-cds-test.com +RETVAL: 0 + --- jdnssec-verifyzone cdnskey-cds-test.com zone verified. RETVAL: 0 @@ -127,6 +157,9 @@ RETVAL: 0 --- ldns-verify-zone -V2 2.0.192.in-addr.arpa RETVAL: 0 +--- validns 2.0.192.in-addr.arpa +RETVAL: 0 + --- jdnssec-verifyzone 2.0.192.in-addr.arpa zone verified. RETVAL: 0 -- 2.40.0