upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-24 10:21:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update inline system test, zone 'retransfer3.'

Browse source 
The zone 'retransfer3.' tests whether zones that 'rndc signing
-nsec3param' requests are queued even if the zone is not loaded.

The test assumes that if 'rndc signing -list' shows that the zone is
done signing with two keys, and there are no NSEC3 chains pending, the
zone is done handling the '-nsec3param' queued requests. However, it
is possible that the 'rndc signing -list' command is received before
the corresponding privatetype records are added to the zone (the records
that are used to retrieve the signing status with 'rndc signing').

This is what happens in test failure
https://gitlab.isc.org/isc-projects/bind9/-/jobs/2722752.

The 'rndc signing -list retransfer3' is thus an unreliable check.
It is simpler to just remove the check and wait for a certain amount
of time and check whether ns3 has re-signed the zone using NSEC3.
This commit is contained in:
Matthijs Mekking 2022-08-30 10:04:16 +02:00
parent 77f5341730
commit 8b71cbd09c
1 changed files with 6 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
bin/tests/system/inline/tests.sh
View file

@ -796,22 +796,16 @@ mv ns2/named.conf.new ns2/named.conf
$RNDCCMD 10.53.0.2 reconfig || ret=1
# Request ns3 to retransfer the "retransfer3" zone.
$RNDCCMD 10.53.0.3 retransfer retransfer3 || ret=1
# Wait until ns3 finishes building the NSEC3 chain for "retransfer3". There is
# no need to immediately set ret=1 if building the NSEC3 chain is not finished
# within the time limit because the query we will send shortly will detect any
# problems anyway.
# Check whether "retransfer3" uses NSEC3 as requested.
for i in 0 1 2 3 4 5 6 7 8 9
do
$RNDCCMD 10.53.0.3 signing -list retransfer3 > signing.out.test$n.$i 2>&1
keys_done=$(grep "Done signing" signing.out.test$n.$i | wc -l)
nsec3_pending=$(grep "NSEC3 chain" signing.out.test$n.$i | wc -l)
test $keys_done -eq 2 -a $nsec3_pending -eq 0 && break
ret=0
$DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n.$i
grep "status: NXDOMAIN" dig.out.ns3.post.test$n.$i > /dev/null || ret=1
grep "NSEC3" dig.out.ns3.post.test$n.$i > /dev/null || ret=1
test $ret -eq 0 && break
sleep 1
done
# Check whether "retransfer3" uses NSEC3 as requested.
$DIG $DIGOPTS @10.53.0.3 nonexist.retransfer3 A > dig.out.ns3.post.test$n
grep "status: NXDOMAIN" dig.out.ns3.post.test$n > /dev/null || ret=1
grep "NSEC3" dig.out.ns3.post.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))