From e36c869e8511ab890ec63d8449f1aa29214ebd32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Fri, 24 Aug 2018 09:37:37 +0200 Subject: [PATCH] Prevent a race in the "inline" system test A short time window exists between logging the addition of an NSEC3PARAM record to a zone and committing it to the current version of the zone database. If a query arrives during such a time window, an unsigned response will be returned. One of the checks in the "inline" system test requires NSEC3 records to be present in an answer - that check would fail in the case described above. Use rndc instead of log watching for checking whether zone signing and NSEC3 chain modifications are complete in order to prevent intermittent "inline" system test failures. --- bin/tests/system/inline/tests.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh index 73ab2aeeb5..7ee1b7391e 100755 --- a/bin/tests/system/inline/tests.sh +++ b/bin/tests/system/inline/tests.sh @@ -774,12 +774,15 @@ $RNDCCMD 10.53.0.2 reconfig || ret=1 # Request ns3 to retransfer the "retransfer3" zone. $RNDCCMD 10.53.0.3 retransfer retransfer3 || ret=1 # Wait until ns3 finishes building the NSEC3 chain for "retransfer3". There is -# no need to immediately set ret=1 if the expected message does not appear in -# the log within the time limit because the query we will send shortly will -# detect problems anyway. +# no need to immediately set ret=1 if building the NSEC3 chain is not finished +# within the time limit because the query we will send shortly will detect any +# problems anyway. for i in 0 1 2 3 4 5 6 7 8 9 do - grep "add.*retransfer3.*NSEC3PARAM 1 0 0 -" ns3/named.run > /dev/null && break + $RNDCCMD 10.53.0.3 signing -list retransfer3 > signing.out.test$n.$i 2>&1 + keys_done=`grep "Done signing" signing.out.test$n.$i | wc -l` + nsec3_pending=`grep "NSEC3 chain" signing.out.test$n.$i | wc -l` + test $keys_done -eq 2 -a $nsec3_pending -eq 0 && break sleep 1 done # Check whether "retransfer3" uses NSEC3 as requested.