[DNS-1600] Test is disabled until domain is configured

2018-05-02 13:35:46 +02:00 · 2018-05-02 13:35:46 +02:00 · 4efe5dd363
parent 235ec1c8d4
commit 4efe5dd363
1 changed files with 40 additions and 40 deletions
--- a/include/tests_dns
+++ b/include/tests_dns
@ -22,52 +22,52 @@
 #
 #################################################################################
 #
-    SIGOKDNS="sigok.verteiltesysteme.net"      # adress with good DESSEC signiture
-    SIGFAILDNS="sigfail.verteiltesysteme.net"  # adress with bad  DESSEC signiture
-    # TODO update it once cisofy.com records are created
-    # TODO after update even IP match can be checked to detect highjacking
-    TIMEOUT=";; connection timed out; no servers could be reached"
+#    # TODO create records on test domain
+#    # TODO after update even IP match can be checked to detect hijacking
+#    SIGOKDNS="sigok.example.org"      # adress with good DNSSEC signature
+#    SIGFAILDNS="sigfail.example.org"  # adress with bad  DNSSEC signature
+#    TIMEOUT=";; connection timed out; no servers could be reached"
 #
 #################################################################################
 #
-    InsertSection "DNS"
+#    InsertSection "DNS"
 #
 #################################################################################
 #
-    # Test        : DNS-1600
-    # Description : Validate DNSSEC signiture is checked
-    Register --test-no DNS-1600 --weight L --network YES --category security --description "Validate DNSSEC igniture is checked"
-    if [ "${SKIPTEST}" -eq 0 ]; then
-        if [ ! -z "${DIGBINARY}" ]; then
-
-            GOOD=$("${DIGBINARY}" +short +time=1 $SIGOKDNS)
-            BAD=$("${DIGBINARY}" +short +time=1 $SIGFAILDNS)
-
-            if [ "$GOOD" = "$TIMEOUT" ] && [ "$BAD" = "$TIMEOUT" ]; then
-                LogText "Result: Exception found, can't determine DNSSEC validation"
-                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKOWN}" --color YELLOW
-                ReportException "${TEST_NO}" "Exception found, both query failed, due to connection timeout"
-            elif [ -z "$GOOD" ] && ! [ -z "$BAD" ]; then
-                LogText "Result: Exception found, can't determine DNSSEC validation"
-                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKOWN}" --color YELLOW
-                ReportException "${TEST_NO}" "Exception found, OK failed, Bad signiture was accepted"
-            elif ! [ -z "$GOOD" ] && ! [ -z "$BAD" ]; then
-                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW
-                LogText "Note: Useing DNSsec validation can protect from DNS highjacking"
-                ReportSuggestion "${TEST_NO}" "Malformated DNS querys are accepted, Configure DNSSEC valdating name servers"
-                AddHP 2 2
-            elif ! [ -z "$GOOD" ] && [ -z "$BAD" ]; then
-                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_OK}" --color GREEN
-                LogText "Result: Malformated DNS responses were ignored"
-                AddHP 0 2
-            fi
-        else
-            Display --indent 4 --text "- DESSEC validation" --result "${STATUS_SKIPPED}" --color YELLOW
-            LogText "Result: dig not installed, test can't be fully performed"
-        fi
-    else
-        LogText "Result: Test was skipped"
-    fi
+#    # Test        : DNS-1600
+#    # Description : Validate DNSSEC signiture is checked
+#    Register --test-no DNS-1600 --weight L --network YES --category security --description "Validate DNSSEC igniture is checked"
+#    if [ "${SKIPTEST}" -eq 0 ]; then
+#        if [ ! -z "${DIGBINARY}" ]; then
+#
+#            GOOD=$("${DIGBINARY}" +short +time=1 $SIGOKDNS)
+#            BAD=$("${DIGBINARY}" +short +time=1 $SIGFAILDNS)
+#
+#            if [ "${GOOD}" = "${TIMEOUT}" -a "${BAD}" = "${TIMEOUT}" ]; then
+#                LogText "Result: received timeout, can't determine DNSSEC validation"
+#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKOWN}" --color YELLOW
+#                #ReportException "${TEST_NO}" "Exception found, both query failed, due to connection timeout"
+#            elif [ -z "${GOOD}" -a ! -z "${BAD}" ]; then
+#                LogText "Result: good signature failed, yet bad signature was accepted"
+#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKOWN}" --color YELLOW
+#                #ReportException "${TEST_NO}" "Exception found, OK failed, bad signature was accepted"
+#            elif [ ! -z "${GOOD}" -a ! -z "${BAD}" ]; then
+#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW
+#                LogText "Note: Using DNSSEC validation can protect from DNS hijacking"
+#                #ReportSuggestion "${TEST_NO}" "Altered DNS queries are accepted, configure DNSSEC valdating name servers"
+#                AddHP 2 2
+#            elif [ ! -z "${GOOD}" -a -z "${BAD}" ]; then
+#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_OK}" --color GREEN
+#                LogText "Result: altered DNS responses were ignored"
+#                AddHP 0 2
+#            fi
+#        else
+#            Display --indent 4 --text "- DNSSEC validation" --result "${STATUS_SKIPPED}" --color YELLOW
+#            LogText "Result: dig not installed, test can't be fully performed"
+#        fi
+#    else
+#        LogText "Result: Test was skipped"
+#    fi
 #
 #################################################################################
 #