mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Merge branch '129-dnssec-system-test-tweaks' into 'master'
"dnssec" system test tweaks Closes #129 See merge request isc-projects/bind9!1545
This commit is contained in:
Michał Kępień
commit
5ac5d90620
1 changed files with 19 additions and 19 deletions
|
|
@ -1864,8 +1864,8 @@ echo_i "waiting for NTA rechecks/expirations"
|
|||
|
||||
#
|
||||
# secure.example and badds.example used default nta-duration
|
||||
# (configured as 10s in ns4/named1.conf), but nta recheck interval
|
||||
# is configured to 7s, so at t=8 the NTAs for secure.example and
|
||||
# (configured as 12s in ns4/named1.conf), but nta recheck interval
|
||||
# is configured to 9s, so at t=10 the NTAs for secure.example and
|
||||
# fakenode.secure.example should both be lifted, but badds.example
|
||||
# should still be going.
|
||||
#
|
||||
|
|
@ -1886,9 +1886,9 @@ status=$((status+ret))
|
|||
ret=0
|
||||
|
||||
#
|
||||
# bogus.example was set to expire in 20s, so at t=11
|
||||
# bogus.example was set to expire in 20s, so at t=13
|
||||
# it should still be NTA'd, but badds.example used the default
|
||||
# lifetime of 10s, so it should revert to SERVFAIL now.
|
||||
# lifetime of 12s, so it should revert to SERVFAIL now.
|
||||
#
|
||||
# shellcheck disable=SC2016
|
||||
$PERL -e 'my $delay = '"$start"' + 13 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
|
||||
|
|
@ -2087,11 +2087,11 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# nta-recheck is configured as 7s, so at t=10 the NTAs for
|
||||
# nta-recheck is configured as 9s, so at t=12 the NTAs for
|
||||
# secure.example. should be lifted as it is not a forced NTA.
|
||||
echo_i "waiting till 10s have passed after ns4 was restarted"
|
||||
echo_i "waiting till 12s have passed after ns4 was restarted"
|
||||
# shellcheck disable=SC2016
|
||||
$PERL -e 'my $delay = '"$start"' + 10 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
|
||||
$PERL -e 'my $delay = '"$start"' + 12 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
|
||||
|
||||
# secure.example. should now return an AD=1 answer (still validates) as
|
||||
# the NTA has been lifted.
|
||||
|
|
@ -2143,11 +2143,11 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# nta-recheck is configured as 7s, but even at t=10 the NTAs for
|
||||
# nta-recheck is configured as 9s, but even at t=12 the NTAs for
|
||||
# secure.example. should not be lifted as it is a forced NTA.
|
||||
echo_i "waiting till 10s have passed after ns4 was restarted"
|
||||
echo_i "waiting till 12s have passed after ns4 was restarted"
|
||||
# shellcheck disable=SC2016
|
||||
$PERL -e 'my $delay = '"$start"' + 10 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
|
||||
$PERL -e 'my $delay = '"$start"' + 12 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
|
||||
|
||||
# secure.example. should now return an AD=0 answer (non-authenticated)
|
||||
# as the NTA is still there.
|
||||
|
|
@ -2795,10 +2795,10 @@ dig_with_answeropts expiring.example soa @10.53.0.4 > dig.out.ns4.2.$n
|
|||
ttls=$(awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n)
|
||||
ttls2=$(awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n)
|
||||
for ttl in ${ttls:-0}; do
|
||||
[ "${ttl:-0}" -eq 300 ] || ret=1
|
||||
[ "${ttl}" -eq 300 ] || ret=1
|
||||
done
|
||||
for ttl in ${ttls2:-0}; do
|
||||
[ "${ttl:-0}" -le 60 ] || ret=1
|
||||
[ "${ttl}" -le 60 ] || ret=1
|
||||
done
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
|
|
@ -2813,7 +2813,7 @@ dig_with_additionalopts expiring.example ns @10.53.0.4 > dig.out.ns4.2.$n
|
|||
ttls=$(awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n)
|
||||
ttls2=$(awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n)
|
||||
for ttl in ${ttls:-300}; do
|
||||
[ "$ttl" -eq 300 ] || ret=1
|
||||
[ "$ttl" -le 300 ] && [ "$ttl" -gt 240 ] || ret=1
|
||||
done
|
||||
for ttl in ${ttls2:-0}; do
|
||||
[ "$ttl" -le 60 ] || ret=1
|
||||
|
|
@ -2831,7 +2831,7 @@ dig_with_additionalopts expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n
|
|||
ttls=$(awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n)
|
||||
ttls2=$(awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n)
|
||||
for ttl in ${ttls:-300}; do
|
||||
[ "$ttl" -eq 300 ] || ret=1
|
||||
[ "$ttl" -le 300 ] && [ "$ttl" -gt 240 ] || ret=1
|
||||
done
|
||||
for ttl in ${ttls2:-0}; do
|
||||
[ "$ttl" -le 60 ] || ret=1
|
||||
|
|
@ -2855,7 +2855,7 @@ for ttl in ${ttls:-0}; do
|
|||
[ "$ttl" -eq 300 ] || ret=1
|
||||
done
|
||||
for ttl in ${ttls2:-0}; do
|
||||
[ "$ttl" -le 120 ] && [ "$ttl" -gt 60 ] || ret=1
|
||||
[ "$ttl" -eq 120 ] || ret=1
|
||||
done
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
|
|
@ -2871,7 +2871,7 @@ for ttl in ${ttls:-0}; do
|
|||
[ "$ttl" -eq 300 ] || ret=1
|
||||
done
|
||||
for ttl in ${ttls2:-0}; do
|
||||
[ "$ttl" -le 120 ] && [ "$ttl" -gt 60 ] || ret=1
|
||||
[ "$ttl" -eq 120 ] || ret=1
|
||||
done
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
|
|
@ -2880,12 +2880,12 @@ status=$((status+ret))
|
|||
echo_i "testing TTL is capped at RRSIG expiry time for records in the additional section with dnssec-accept-expired yes; ($n)"
|
||||
ret=0
|
||||
rndccmd 10.53.0.4 flush 2>&1 | sed 's/^/ns4 /' | cat_i
|
||||
dig_with_answeropts +cd expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n
|
||||
dig_with_answeropts expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n
|
||||
dig_with_additionalopts +cd expiring.example mx @10.53.0.4 > dig.out.ns4.1.$n
|
||||
dig_with_additionalopts expiring.example mx @10.53.0.4 > dig.out.ns4.2.$n
|
||||
ttls=$(awk '$1 != ";;" {print $2}' dig.out.ns4.1.$n)
|
||||
ttls2=$(awk '$1 != ";;" {print $2}' dig.out.ns4.2.$n)
|
||||
for ttl in ${ttls:-300}; do
|
||||
[ "$ttl" -eq 300 ] || ret=1
|
||||
[ "$ttl" -le 300 ] && [ "$ttl" -gt 240 ] || ret=1
|
||||
done
|
||||
for ttl in ${ttls2:-0}; do
|
||||
[ "$ttl" -le 120 ] && [ "$ttl" -gt 60 ] || ret=1
|
||||
|
|
|
|||
Loading…
Reference in a new issue