upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 10:10:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Test rndc sign updates the signatures

Browse source 
Add a check to the ZSK rollover test case that ensures the zone is
signed with the successor key only, after a 'rndc sign' is commanded.
This commit is contained in:
Matthijs Mekking 2025-08-19 12:42:35 +02:00
parent 7e0318df85
commit 008d3d2a9c
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py
View file

@ -222,6 +222,14 @@ def test_zsk_prepub_step3(tld, alg, size, ns3):
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
# Force full resign and check all signatures have been replaced.
with ns3.watch_log_from_here() as watcher:
ns3.rndc(f"sign {zone}", log=False)
watcher.wait_for_line(f"zone {zone}/IN (signed): sending notifies")
step["smooth"] = False
isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step)
@pytest.mark.parametrize(
"tld",