1 files changed, 51 insertions, 0 deletions

diff --git a/testdata/root_anchor.tdir/root_anchor.test b/testdata/root_anchor.tdir/root_anchor.test
new file mode 100644
index 000000000000..8be248ab9e12
--- /dev/null
+++ b/testdata/root_anchor.tdir/root_anchor.test
@@ -0,0 +1,51 @@
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+
+# only do this test if the network is up.
+echo "is the net up?"
+if dig @k.root-servers.net . SOA 2>&1 | grep NOERROR ; then
+	echo yes
+else
+	echo no
+	exit 0
+fi
+
+# test that unbound-anchor, its builtin DNSKEY, works.
+# so the https is disabled (go to 127.0.0.1@10099).
+$PRE/unbound-anchor -u "127.0.0.1" -P 10099 -a test.ds -v
+# check that the test.ds file is OK.
+if $PRE/unbound-host -f test.ds -t SOA -v . 2>&1 | grep "(secure)"; then
+	echo "The builtin DS root anchors work"
+else
+	echo "The builtin DS root anchors do not work"
+	exit 1
+fi
+
+echo ""
+# test that unbound-anchor, the builtin certificate, works
+# so, force https with -F and the -c is a nonexistant file
+$PRE/unbound-anchor -a test.cert -c test.pem -v -F
+# check that the test.cert file is OK.
+if $PRE/unbound-host -f test.cert -t SOA -v . 2>&1 | grep "(secure)"; then
+	echo "The builtin root update certificate works"
+else
+	echo "The builtin root update certificate does not work"
+	exit 1
+fi
+
+# use curl to see if the PGP certificate has been updated.
+curl --time-cond "20170203 10:00:00" https://data.iana.org/root-anchors/icannbundle.pem > newcert
+if test -n "`cat newcert`"; then
+	echo "icannbundle.pem has been updated"
+	cat newcert
+	echo "icannbundle.pem has been updated"
+	exit 1
+else
+	echo "icannbundle.pem has not been updated"
+fi
+
+exit 0