upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-02-20 00:13:21 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
knot-dns/tests-extra/tests/dnssec/expire/test.py
Daniel Salzman a0ad3de5e6 tests-extra: stabilize dnssec/expire
2024-10-10 10:36:49 +02:00

39 lines
964 B
Python
Raw Permalink Blame History

#!/usr/bin/env python3
'''Test of EDNS expire based on RRSIG validity'''
from dnstest.test import Test
from dnstest.utils import *
t = Test()
master = t.server("knot")
slave = t.server("knot")
zones = t.zone("example.")
t.link(zones, master, slave, ixfr=True, ddns=True)
for z in zones:
master.dnssec(z).enable = True
master.dnssec(z).rrsig_lifetime = 10
master.dnssec(z).rrsig_refresh = 1
master.dnssec(z).rrsig_prerefresh = 1
t.start()
serials = slave.zones_wait(zones)
serials = master.zones_wait(zones, serials) # wait for first re-sign
master.ctl("zone-freeze")
slave.ctl("zone-freeze")
t.sleep(master.dnssec(z).rrsig_lifetime + 1)
for z in zones:
resp = slave.dig(z.name, "SOA", dnssec=True)
resp.check(rcode="SERVFAIL")
resp.check_count(0, rtype="RRSIG")
if not slave.log_search("expired"):
set_err("ZONE NOT EXPIRED")
slave.ctl("zone-thaw")
master.ctl("zone-thaw")
slave.zones_wait(zones, serials)
t.end()
Reference in a new issue View git blame Copy permalink