diff options
Diffstat (limited to 'testdata/root_anchor.tdir/root_anchor.test')
-rw-r--r-- | testdata/root_anchor.tdir/root_anchor.test | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/testdata/root_anchor.tdir/root_anchor.test b/testdata/root_anchor.tdir/root_anchor.test new file mode 100644 index 000000000000..8be248ab9e12 --- /dev/null +++ b/testdata/root_anchor.tdir/root_anchor.test @@ -0,0 +1,51 @@ +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." + +# only do this test if the network is up. +echo "is the net up?" +if dig @k.root-servers.net . SOA 2>&1 | grep NOERROR ; then + echo yes +else + echo no + exit 0 +fi + +# test that unbound-anchor, its builtin DNSKEY, works. +# so the https is disabled (go to 127.0.0.1@10099). +$PRE/unbound-anchor -u "127.0.0.1" -P 10099 -a test.ds -v +# check that the test.ds file is OK. +if $PRE/unbound-host -f test.ds -t SOA -v . 2>&1 | grep "(secure)"; then + echo "The builtin DS root anchors work" +else + echo "The builtin DS root anchors do not work" + exit 1 +fi + +echo "" +# test that unbound-anchor, the builtin certificate, works +# so, force https with -F and the -c is a nonexistant file +$PRE/unbound-anchor -a test.cert -c test.pem -v -F +# check that the test.cert file is OK. +if $PRE/unbound-host -f test.cert -t SOA -v . 2>&1 | grep "(secure)"; then + echo "The builtin root update certificate works" +else + echo "The builtin root update certificate does not work" + exit 1 +fi + +# use curl to see if the PGP certificate has been updated. +curl --time-cond "20170203 10:00:00" https://data.iana.org/root-anchors/icannbundle.pem > newcert +if test -n "`cat newcert`"; then + echo "icannbundle.pem has been updated" + cat newcert + echo "icannbundle.pem has been updated" + exit 1 +else + echo "icannbundle.pem has not been updated" +fi + +exit 0 |