From b4e620b1bf481fdb14828615307eee7630f1fbe0 Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Mon, 31 Oct 2022 14:28:14 +0000 Subject: [PATCH 1/3] Change order of args to dig and drill, fix shellcheck errors --- getssl | 57 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/getssl b/getssl index d4e3687..04384aa 100755 --- a/getssl +++ b/getssl @@ -1560,20 +1560,20 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n fi if [[ -n "$HAS_DIG_OR_DRILL" ]]; then - if [[ -n "$gad_s" ]]; then - gad_s="@$gad_s" + if [[ -n "${gad_s}" ]]; then + gad_s="@${gad_s}" fi # Two options here; either dig CNAME will return the CNAME and the NS or just the CNAME - debug "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME $gad_d $gad_s" + debug "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} CNAME ${gad_d}" # shellcheck disable=SC2086 - res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME "$gad_d" $gad_s| grep "^$gad_d") + res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} CNAME "${gad_d}"| grep "^${gad_d}") cname=$(echo "$res"| awk '$4 ~ "CNAME" {print $5}' |sed 's/\.$//g') if [[ $_TEST_SKIP_CNAME_CALL == 0 ]]; then debug Checking if CNAME result contains NS records # shellcheck disable=SC2086 - res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME "$gad_d" $gad_s| grep -E "IN\W(NS|SOA)\W") + res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} CNAME "${gad_d}"| grep -E "IN\W(NS|SOA)\W") else res= fi @@ -1589,19 +1589,19 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n if [[ -z "$res" ]] && [[ $_TEST_SKIP_SOA_CALL == 0 ]]; then # shellcheck disable=SC2086 if [[ "$HAS_DIG_OR_DRILL" == "drill" ]]; then - debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T SOA $gad_d $gad_s" to find primary nameserver - res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T SOA "$gad_d" $gad_s 2>/dev/null | grep "IN\WNS\W") + debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T ${gad_s} SOA ${gad_d}" to find primary nameserver + res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T ${gad_s} SOA "${gad_d}" 2>/dev/null | grep "IN\WNS\W") else - debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS SOA +trace +nocomments $gad_d $gad_s" to find primary nameserver - res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS SOA +trace +nocomments "$gad_d" $gad_s 2>/dev/null | grep "IN\WNS\W") + debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} SOA +trace +nocomments ${gad_d}" to find primary nameserver + res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} SOA +trace +nocomments "${gad_d}" 2>/dev/null | grep "IN\WNS\W") fi fi # Query for NS records if [[ -z "$res" ]]; then - debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS NS $gad_d $gad_s" to find primary nameserver + debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS ${gad_d}" to find primary nameserver # shellcheck disable=SC2086 - res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS NS "$gad_d" $gad_s | grep -E "IN\W(NS|SOA)\W") + res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS "${gad_d}"| grep -E "IN\W(NS|SOA)\W") fi if [[ -n "$res" ]]; then @@ -1639,12 +1639,12 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n if [[ "$HAS_HOST" == "true" ]]; then gad_d="$orig_gad_d" - debug Using "host -t NS" to find primary name server for "$gad_d" + debug Using "host -t NS" to find primary name server for "${gad_d}" # shellcheck disable=SC2086 - if [[ -z "$gad_s" ]]; then - res=$(host $DNS_CHECK_OPTIONS -t NS "$gad_d"| grep "name server") + if [[ -z "${gad_s}" ]]; then + res=$(host $DNS_CHECK_OPTIONS -t NS "${gad_d}"| grep "name server") else - res=$(host $DNS_CHECK_OPTIONS -t NS "$gad_d" $gad_s| grep "name server") + res=$(host $DNS_CHECK_OPTIONS -t NS "${gad_d}" ${gad_s}| grep "name server") fi if [[ -n "$res" ]]; then all_auth_dns_servers=$(echo "$res" | awk '{print $4}' | sed 's/\.$//g'|tr '\n' ' ') @@ -1665,17 +1665,17 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n if [[ "$HAS_NSLOOKUP" == "true" ]]; then gad_d="$orig_gad_d" - debug Using "nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns $gad_d $gad_s" to find primary name server + debug Using "nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns ${gad_d} ${gad_s}" to find primary name server # shellcheck disable=SC2086 - res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "$gad_d" ${gad_s}) + res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "${gad_d}" ${gad_s}) # check for CNAME (assumes gad_d is _acme-challenge.{host}) if [[ "$(grep -c "NXDOMAIN"<<<"$res")" -gt 0 ]]; then - debug "Cannot find nameserver record for $gad_d, using parent domain ${gad_d#*.}" + debug "Cannot find nameserver record for ${gad_d}, using parent domain ${gad_d#*.}" gad_d="${gad_d#*.}" - debug "nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns $gad_d ${gad_s}" + debug "nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns ${gad_d} ${gad_s}" # shellcheck disable=SC2086 - res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "$gad_d" ${gad_s}) + res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "${gad_d}" ${gad_s}) fi if [[ "$(echo "$res" | grep -c "Non-authoritative")" -gt 0 ]]; then @@ -1684,14 +1684,14 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n gad_s=$(echo "$res" | awk '$2 ~ "nameserver" {print $4; exit }' |sed 's/\.$//g') # If the previous line fails to find the nameserver, use the original - if [[ -z "$gad_s" ]]; then + if [[ -z "${gad_s}" ]]; then gad_s="$orig_gad_s" fi if [[ "$(echo "$res" | grep -c "canonical name")" -gt 0 ]]; then - debug "$gad_d" appears to be a CNAME + debug "${gad_d}" appears to be a CNAME gad_d=$(echo "$res" | awk ' $2 ~ "canonical" {print $5; exit }' |sed 's/\.$//g') - debug "Using $gad_d instead" + debug "Using ${gad_d} instead" elif [[ "$(echo "$res" | grep -c "an't find")" -gt 0 ]]; then # if domain name doesn't exist, then find auth servers for next level up debug "Couldn't find NS or SOA for domain name, using nslookup $DNS_CHECK_OPTIONS -debug ${gad_d#*.} ${orig_gad_s}" @@ -1700,28 +1700,28 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n gad_s=$(echo "$res" | awk '$1 ~ "origin" {print $3; exit }') gad_d=$(echo "$res" | awk '$1 ~ "->" {print $2; exit}') # handle scenario where awk returns nothing - if [[ -z "$gad_d" ]]; then + if [[ -z "${gad_d}" ]]; then gad_d="${orig_gad_d}" fi fi - debug "Using nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns $gad_d ${gad_s}" + debug "Using nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns ${gad_d} ${gad_s}" # shellcheck disable=SC2086 - res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "$gad_d" ${gad_s}) + res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "${gad_d}" ${gad_s}) fi if [[ "$(echo "$res" | grep -c "an't find")" -gt 0 ]]; then gad_s=$(echo "$res" | awk ' $1 ~ "origin" {print $3; exit }') gad_d=$(echo "$res"| awk '$1 ~ "->" {print $2; exit}') # handle scenario where awk returns nothing - if [[ -z "$gad_d" ]]; then + if [[ -z "${gad_d}" ]]; then gad_d="$orig_gad_d" fi fi # shellcheck disable=SC2086 # not quoting gad_s fixes the nslookup: couldn't get address for '': not found warning (#332) - all_auth_dns_servers=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "$gad_d" $gad_s \ + all_auth_dns_servers=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "${gad_d}" ${gad_s} \ | awk '$1 ~ "nameserver" {print $3}' \ | sed 's/\.$//g'| tr '\n' ' ') @@ -1872,6 +1872,7 @@ get_eab_json() { # calculate json block for external account bindings, v2 only # single param, assume file path and read into array debug "Using EAB FILE ${EAB_PARAMS[0]}" [[ -s "${EAB_PARAMS[0]}" ]] || error_exit "missing path ${EAB_PARAMS[0]} for eab file" + # shellcheck disable=SC2207 EAB_PARAMS=( $(cat "${EAB_PARAMS[0]}") ) fi if [ ${#EAB_PARAMS[@]} -eq 2 ]; then From 11225dcce20684ef297fafdf7525aaceb0772dba Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Mon, 31 Oct 2022 14:28:54 +0000 Subject: [PATCH 2/3] Change to actions/checkout@v3 --- .github/workflows/run-tests-pebble.yml | 26 +++++++++---------- .../workflows/run-tests-staging-acmedns.yml | 2 +- .../workflows/run-tests-staging-duckdns.yml | 4 +-- .github/workflows/run-tests-staging-dynu.yml | 4 +-- .github/workflows/shellcheck.yml | 2 +- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/run-tests-pebble.yml b/.github/workflows/run-tests-pebble.yml index ae221dc..de938a4 100644 --- a/.github/workflows/run-tests-pebble.yml +++ b/.github/workflows/run-tests-pebble.yml @@ -15,7 +15,7 @@ jobs: test-alpine: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Alpine @@ -23,7 +23,7 @@ jobs: test-bash-4-0: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Alpine using Bash 4.0 @@ -31,7 +31,7 @@ jobs: test-bash-4-2: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Alpine using Bash 4.2 @@ -39,7 +39,7 @@ jobs: test-bash-5-0: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Alpine using Bash 5 @@ -47,7 +47,7 @@ jobs: test-centos6: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on CentOS6 @@ -55,7 +55,7 @@ jobs: test-centos7: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on CentOS7 @@ -63,7 +63,7 @@ jobs: test-centos8: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on CentOS8 @@ -71,7 +71,7 @@ jobs: test-debian: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Debian @@ -79,7 +79,7 @@ jobs: test-rockylinux8: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on RockyLinux8 @@ -87,7 +87,7 @@ jobs: test-ubuntu: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Ubuntu @@ -95,7 +95,7 @@ jobs: test-ubuntu14: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Ubuntu14 @@ -103,7 +103,7 @@ jobs: test-ubuntu16: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Ubuntu16 @@ -111,7 +111,7 @@ jobs: test-ubuntu18: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Ubuntu18 diff --git a/.github/workflows/run-tests-staging-acmedns.yml b/.github/workflows/run-tests-staging-acmedns.yml index 46992c4..fd1adfa 100644 --- a/.github/workflows/run-tests-staging-acmedns.yml +++ b/.github/workflows/run-tests-staging-acmedns.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest if: always() steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Ubuntu against Staging using acmedns diff --git a/.github/workflows/run-tests-staging-duckdns.yml b/.github/workflows/run-tests-staging-duckdns.yml index 29664dc..4bf0caf 100644 --- a/.github/workflows/run-tests-staging-duckdns.yml +++ b/.github/workflows/run-tests-staging-duckdns.yml @@ -9,7 +9,7 @@ jobs: test-centos7-duckdns: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on CentOS7 against Staging using DuckDNS @@ -19,7 +19,7 @@ jobs: if: always() needs: test-centos7-duckdns steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Ubuntu against Staging using DuckDNS diff --git a/.github/workflows/run-tests-staging-dynu.yml b/.github/workflows/run-tests-staging-dynu.yml index 5b8d7e1..8cc147e 100644 --- a/.github/workflows/run-tests-staging-dynu.yml +++ b/.github/workflows/run-tests-staging-dynu.yml @@ -9,7 +9,7 @@ jobs: test-centos7-dynu: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on CentOS7 against Staging using Dynu @@ -19,7 +19,7 @@ jobs: if: always() needs: test-centos7-dynu steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Build the docker-compose stack run: docker-compose up -d --build - name: Run test suite on Ubuntu against Staging using Dynu diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 52873f6..b1669b9 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -15,7 +15,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Lint check uses: azohra/shell-linter@latest with: From eeb4f4f0c612aa5f5551073d64307468a740487e Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Mon, 31 Oct 2022 14:30:08 +0000 Subject: [PATCH 3/3] Move some tests to afraid.org --- test/u1-test-get_auth_dns-dig.bats | 10 +++++----- test/u2-test-get_auth_dns-drill.bats | 10 +++++----- test/u7-test-get_auth_dns-nslookup.bats | 20 ++++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/test/u1-test-get_auth_dns-dig.bats b/test/u1-test-get_auth_dns-dig.bats index 03f70cd..72d93e8 100644 --- a/test/u1-test-get_auth_dns-dig.bats +++ b/test/u1-test-get_auth_dns-dig.bats @@ -53,21 +53,21 @@ teardown() { # Disable CNAME check _TEST_SKIP_CNAME_CALL=1 - PUBLIC_DNS_SERVER=ns1.duckdns.org + PUBLIC_DNS_SERVER=ns1.afraid.org CHECK_PUBLIC_DNS_SERVER=false CHECK_ALL_AUTH_DNS=false - run get_auth_dns ubuntu-getssl.duckdns.org + run get_auth_dns ubuntu-getssl.ignorelist.com # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-9]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-3]+\.afraid\.org' # Assert that we had to use dig NS assert_line --regexp 'Using dig.* NS' # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true - run get_auth_dns ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns = (ns[1-9]+\.duckdns\.org )+' + run get_auth_dns ubuntu-getssl.ignorelist.com + assert_output --regexp 'set primary_ns = (ns[1-3]+\.afraid\.org ?)+' } diff --git a/test/u2-test-get_auth_dns-drill.bats b/test/u2-test-get_auth_dns-drill.bats index 57b913f..3ac8a87 100644 --- a/test/u2-test-get_auth_dns-drill.bats +++ b/test/u2-test-get_auth_dns-drill.bats @@ -59,21 +59,21 @@ teardown() { _TEST_SKIP_CNAME_CALL=1 _TEST_SKIP_SOA_CALL=1 - PUBLIC_DNS_SERVER=ns1.duckdns.org + PUBLIC_DNS_SERVER=ns1.afraid.org CHECK_PUBLIC_DNS_SERVER=false CHECK_ALL_AUTH_DNS=false - run get_auth_dns ubuntu-getssl.duckdns.org + run get_auth_dns ubuntu-getssl.ignorelist.com # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns = ns[1-9]+\.duckdns\.org' + assert_output --regexp 'set primary_ns = ns[1-3]+\.afraid\.org' # Assert that we had to use drill NS assert_line --regexp 'Using drill.* NS' # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true - run get_auth_dns ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns = (ns[1-9]+\.duckdns\.org )+' + run get_auth_dns ubuntu-getssl.ignorelist.com + assert_output --regexp 'set primary_ns = (ns[1-3]+\.afraid\.org ?)+' } diff --git a/test/u7-test-get_auth_dns-nslookup.bats b/test/u7-test-get_auth_dns-nslookup.bats index 597a652..d8ada2c 100644 --- a/test/u7-test-get_auth_dns-nslookup.bats +++ b/test/u7-test-get_auth_dns-nslookup.bats @@ -65,17 +65,17 @@ teardown() { CHECK_PUBLIC_DNS_SERVER=false CHECK_ALL_AUTH_DNS=false - run get_auth_dns ubuntu-getssl.duckdns.org + run get_auth_dns ubuntu-getssl.ignorelist.com # Assert that we've found the primary_ns server - #assert_output --regexp 'set primary_ns = ns[1-9]+\.duckdns\.org' + #assert_output --regexp 'set primary_ns = ns[1-3]+\.afraid\.org' # Assert that we had to use dig NS #assert_line --regexp 'Using nslookup.* NS' # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true - run get_auth_dns _acme-challenge.ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns=(ns[1-9]+\.duckdns\.org )+' + run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com + assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+' } @@ -92,10 +92,10 @@ teardown() { CHECK_PUBLIC_DNS_SERVER=false CHECK_ALL_AUTH_DNS=false - run get_auth_dns _acme-challenge.ubuntu-getssl.duckdns.org + run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com # Assert that we've found the primary_ns server - assert_output --regexp 'set primary_ns=ns[1-9]+\.duckdns\.org' + assert_output --regexp 'set primary_ns=ns[1-3]+\.afraid\.org' # Assert that we had to use nslookup NS assert_line --regexp 'Using nslookup.*-type=soa' @@ -103,13 +103,13 @@ teardown() { # Check all Authoritive DNS servers are returned if requested CHECK_ALL_AUTH_DNS=true - run get_auth_dns _acme-challenge.ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns=(ns[1-9]+\.duckdns\.org )+' + run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com + assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+' # Check that we also check the public DNS server if requested CHECK_PUBLIC_DNS_SERVER=true - run get_auth_dns _acme-challenge.ubuntu-getssl.duckdns.org - assert_output --regexp 'set primary_ns=(ns[1-9]+\.duckdns\.org )+ 1\.0\.0\.1' + run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com + assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+ 1\.0\.0\.1' }