From 75888a1f168a6062058f04f3efaae81d6f48fd6c Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 27 Jun 2018 13:32:31 +1000
Subject: [PATCH 1/2] improve forensics

---
 bin/tests/system/dnssec/tests.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index a5bed94bb8..c87700e120 100644
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3035,8 +3035,14 @@ if [ -x "$PYTHON" ]; then
     # convert expiry date to a comma-separated list of integers python can
     # use as input to date(). strip leading 0s in months and days so
     # python3 will recognize them as integers.
-    soaexpire=`$DIG +dnssec +short -p ${PORT} @10.53.0.3 soa siginterval.example | awk '$1 ~ /SOA/ { print $5 }' | sed 's/\(....\)\(..\)\(..\).*/\1, \2, \3/' | sed 's/ 0/ /g'`
-    dnskeyexpire=`$DIG +dnssec +short -p ${PORT} @10.53.0.3 dnskey siginterval.example | awk '$1 ~ /DNSKEY/ { print $5; exit 0 }' | sed 's/\(....\)\(..\)\(..\).*/\1, \2, \3/' | sed 's/ 0/ /g'`
+    $DIG +dnssec +short -p ${PORT} @10.53.0.3 soa siginterval.example > dig.out.soa.test$n
+    soaexpire=`awk '$1 ~ /SOA/ { print $5 }' dig.out.soa.test$n |
+	       sed 's/\(....\)\(..\)\(..\).*/\1, \2, \3/' |
+	       sed 's/ 0/ /g'`
+    $DIG +dnssec +short -p ${PORT} @10.53.0.3 dnskey siginterval.example > dig.out.dnskey.test$n
+    dnskeyexpire=`awk '$1 ~ /DNSKEY/ { print $5; exit 0 }' dig.out.dnskey.test$n |
+		  sed 's/\(....\)\(..\)\(..\).*/\1, \2, \3/' |
+		  sed 's/ 0/ /g'`
     $PYTHON > python.out.$n <<EOF
 from datetime import date;
 ke=date($dnskeyexpire)

From 7288d321ae253d9a284702916682747ce0891e1d Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 27 Jun 2018 14:04:16 +1000
Subject: [PATCH 2/2] remove re-signing race when testing dnskey-sig-validity

---
 bin/tests/system/dnssec/ns3/siginterval1.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/tests/system/dnssec/ns3/siginterval1.conf b/bin/tests/system/dnssec/ns3/siginterval1.conf
index 092dcfa29a..397fa76b51 100644
--- a/bin/tests/system/dnssec/ns3/siginterval1.conf
+++ b/bin/tests/system/dnssec/ns3/siginterval1.conf
@@ -13,6 +13,7 @@ zone "siginterval.example" {
 	type master;
 	allow-update { any; };
 	sig-validity-interval 1 23;
+	dnskey-sig-validity 90;
 	auto-dnssec maintain;
 	file "siginterval.example.db";
 };