Add algorithm rollover test case

Add a test case for algorithm rollover. This is triggered by changing the dnssec-policy. A new nameserver ns6 is introduced for tests related to dnssec-policy changes. This requires a slight change in check_next_key_event to only check the last occurrence. Also, change the debug log message in lib/dns/zone.c to deal with checks when no next scheduled key event exists (and default to loadkeys interval 3600).
2026-06-09 08:22:04 -04:00 · 2020-02-18 16:36:31 +01:00 · 2020-02-18 16:36:31 +01:00 · 88ebe9581b
commit 88ebe9581b
parent cc2afe853b
11 changed files with 557 additions and 8 deletions
--- a/bin/tests/system/kasp/README
+++ b/bin/tests/system/kasp/README
@ -11,3 +11,5 @@ ns2 is running primary service for ns3.
 ns3 is an authoritative server for the various test domains.

 ns4 and ns5 are authoritative servers for various test domains related to views.
+
+ns6 is an authoritative server that tests changes in dnssec-policy.
--- a/bin/tests/system/kasp/clean.sh
+++ b/bin/tests/system/kasp/clean.sh
@ -22,5 +22,4 @@ rm -f ns*/dsset-* ns*/*.db ns*/*.db.signed
 rm -f ns*/keygen.out.* ns*/settime.out.* ns*/signer.out.*
 rm -f ns*/managed-keys.bind
 rm -f ns*/*.mkeys
-# NS3 specific
-rm -f ns3/zones ns3/*.db.infile
+rm -f ns*/zones ns*/*.db.infile
--- a/bin/tests/system/kasp/ns6/named.conf.in
+++ b/bin/tests/system/kasp/ns6/named.conf.in
@ -0,0 +1,41 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS6
+
+include "policies/kasp.conf";
+
+options {
+	query-source address 10.53.0.6;
+	notify-source 10.53.0.6;
+	transfer-source 10.53.0.6;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.6; };
+	listen-on-v6 { none; };
+	allow-transfer { any; };
+	recursion no;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+zone "step1.algorithm-roll.kasp" {
+	type master;
+	file "step1.algorithm-roll.kasp.db";
+	dnssec-policy "rsasha1";
+};
--- a/bin/tests/system/kasp/ns6/named2.conf.in
+++ b/bin/tests/system/kasp/ns6/named2.conf.in
@ -0,0 +1,71 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS6
+
+include "policies/kasp.conf";
+
+options {
+	query-source address 10.53.0.6;
+	notify-source 10.53.0.6;
+	transfer-source 10.53.0.6;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.6; };
+	listen-on-v6 { none; };
+	allow-transfer { any; };
+	recursion no;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+controls {
+	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+zone "step1.algorithm-roll.kasp" {
+	type master;
+	file "step1.algorithm-roll.kasp.db";
+	dnssec-policy "ecdsa256";
+};
+
+zone "step2.algorithm-roll.kasp" {
+	type master;
+	file "step2.algorithm-roll.kasp.db";
+	dnssec-policy "ecdsa256";
+};
+
+zone "step3.algorithm-roll.kasp" {
+	type master;
+	file "step3.algorithm-roll.kasp.db";
+	dnssec-policy "ecdsa256";
+};
+
+zone "step4.algorithm-roll.kasp" {
+	type master;
+	file "step4.algorithm-roll.kasp.db";
+	dnssec-policy "ecdsa256";
+};
+
+zone "step5.algorithm-roll.kasp" {
+	type master;
+	file "step5.algorithm-roll.kasp.db";
+	dnssec-policy "ecdsa256";
+};
+
+zone "step6.algorithm-roll.kasp" {
+	type master;
+	file "step6.algorithm-roll.kasp.db";
+	dnssec-policy "ecdsa256";
+};
--- a/bin/tests/system/kasp/ns6/policies/kasp.conf
+++ b/bin/tests/system/kasp/ns6/policies/kasp.conf
@ -0,0 +1,50 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy "rsasha1" {
+	signatures-refresh P5D;
+	signatures-validity 30d;
+	signatures-validity-dnskey 30d;
+
+	keys {
+		ksk lifetime unlimited algorithm rsasha1;
+		zsk lifetime unlimited algorithm rsasha1;
+	};
+
+	dnskey-ttl 1h;
+	publish-safety PT1H;
+	retire-safety 2h;
+	zone-propagation-delay 3600;
+	max-zone-ttl 6h;
+	parent-registration-delay 1d;
+	parent-propagation-delay pt1h;
+	parent-ds-ttl 7200;
+};
+
+dnssec-policy "ecdsa256" {
+	signatures-refresh P5D;
+	signatures-validity 30d;
+	signatures-validity-dnskey 30d;
+
+	keys {
+		ksk lifetime unlimited algorithm ecdsa256;
+		zsk lifetime unlimited algorithm ecdsa256;
+	};
+
+	dnskey-ttl 1h;
+	publish-safety PT1H;
+	retire-safety 2h;
+	zone-propagation-delay 3600;
+	max-zone-ttl 6h;
+	parent-registration-delay 1d;
+	parent-propagation-delay pt1h;
+	parent-ds-ttl 7200;
+};
--- a/bin/tests/system/kasp/ns6/setup.sh
+++ b/bin/tests/system/kasp/ns6/setup.sh
@ -0,0 +1,185 @@
+#!/bin/sh -e
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# shellcheck source=conf.sh
+. "$SYSTEMTESTTOP/conf.sh"
+
+echo_i "ns6/setup.sh"
+
+setup() {
+	zone="$1"
+	echo_i "setting up zone: $zone"
+	zonefile="${zone}.db"
+	infile="${zone}.db.infile"
+}
+
+private_type_record() {
+	_zone=$1
+	_algorithm=$2
+	_keyfile=$3
+
+	_id=$(keyfile_to_key_id "$_keyfile")
+
+	printf "%s. 0 IN TYPE65534 %s 5 %02x%04x0000\n" "$_zone" "\\#" "$_algorithm" "$_id"
+}
+
+
+# Make lines shorter by storing key states in environment variables.
+H="HIDDEN"
+R="RUMOURED"
+O="OMNIPRESENT"
+U="UNRETENTIVE"
+
+#
+# The zones at algorithm-roll.kasp represent the various steps of a ZSK/KSK
+# algorithm rollover.
+#
+
+# Step 1:
+# Introduce the first key. This will immediately be active.
+setup step1.algorithm-roll.kasp
+echo "$zone" >> zones
+KSK=$($KEYGEN -a RSASHA1 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK=$($KEYGEN -a RSASHA1 -L 3600 $zone 2> keygen.out.$zone.2)
+TactN="now"
+$SETTIME -s -P $TactN -A $TactN  -g $O -k $O $TactN -r $O $TactN -d $O $TactN "$KSK" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TactN -A $TactN  -g $O -k $O $TactN -z $O $TactN              "$ZSK" > settime.out.$zone.2 2>&1
+cat template.db.in "${KSK}.key" "${ZSK}.key" > "$infile"
+private_type_record $zone 5 "$KSK" >> "$infile"
+private_type_record $zone 5 "$ZSK" >> "$infile"
+$SIGNER -S -x -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer.out.$zone.1 2>&1
+
+# Step 2:
+# After the publication interval has passed the DNSKEY is OMNIPRESENT.
+setup step2.algorithm-roll.kasp
+KSK1=$($KEYGEN -a RSASHA1 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK1=$($KEYGEN -a RSASHA1 -L 3600 $zone 2> keygen.out.$zone.2)
+KSK2=$($KEYGEN -a ECDSAP256SHA256 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK2=$($KEYGEN -a ECDSAP256SHA256 -L 3600 $zone 2> keygen.out.$zone.2)
+# The time passed since the new algorithm keys have been introduced is 3 hours.
+TactN="now-3h"
+TpubN1="now-3h"
+TactN1="now+6h"
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $O $TactN  -r $O $TactN  -d $O $TactN  "$KSK1" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $O $TactN  -z $O $TactN                "$ZSK1" > settime.out.$zone.2 2>&1
+$SETTIME -s -P $TpubN1 -A $TpubN1        -g $O -k $R $TpubN1 -r $R $TpubN1 -d $H $TpubN1 "$KSK2" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $R $TpubN1 -z $R $TpubN1               "$ZSK2" > settime.out.$zone.2 2>&1
+# Fake lifetime of old algorithm keys.
+echo "Lifetime: 0" >> "${KSK1}.state"
+echo "Lifetime: 0" >> "${ZSK1}.state"
+cat template.db.in "${KSK1}.key" "${ZSK1}.key" "${KSK2}.key" "${ZSK2}.key" > "$infile"
+private_type_record $zone 5  "$KSK1" >> "$infile"
+private_type_record $zone 5  "$ZSK1" >> "$infile"
+private_type_record $zone 13 "$KSK2" >> "$infile"
+private_type_record $zone 13 "$ZSK2" >> "$infile"
+$SIGNER -S -x -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer.out.$zone.1 2>&1
+
+# Step 3:
+# The zone signatures are also OMNIPRESENT.
+setup step3.algorithm-roll.kasp
+KSK1=$($KEYGEN -a RSASHA1 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK1=$($KEYGEN -a RSASHA1 -L 3600 $zone 2> keygen.out.$zone.2)
+KSK2=$($KEYGEN -a ECDSAP256SHA256 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK2=$($KEYGEN -a ECDSAP256SHA256 -L 3600 $zone 2> keygen.out.$zone.2)
+# The time passed since the new algorithm keys have been introduced is 9 hours.
+TactN="now-9h"
+TpubN1="now-9h"
+TactN1="now"
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $O $TactN  -r $O $TactN  -d $O $TactN  "$KSK1" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $O $TactN  -z $O $TactN                "$ZSK1" > settime.out.$zone.2 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $O $TpubN1 -r $O $TpubN1 -d $H $TpubN1 "$KSK2" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $O $TpubN1 -z $R $TpubN1               "$ZSK2" > settime.out.$zone.2 2>&1
+# Fake lifetime of old algorithm keys.
+echo "Lifetime: 0" >> "${KSK1}.state"
+echo "Lifetime: 0" >> "${ZSK1}.state"
+cat template.db.in "${KSK1}.key" "${ZSK1}.key" "${KSK2}.key" "${ZSK2}.key" > "$infile"
+private_type_record $zone 5  "$KSK1" >> "$infile"
+private_type_record $zone 5  "$ZSK1" >> "$infile"
+private_type_record $zone 13 "$KSK2" >> "$infile"
+private_type_record $zone 13 "$ZSK2" >> "$infile"
+$SIGNER -S -x -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer.out.$zone.1 2>&1
+
+# Step 4:
+# The DS is swapped and can become OMNIPRESENT.
+setup step4.algorithm-roll.kasp
+KSK1=$($KEYGEN -a RSASHA1 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK1=$($KEYGEN -a RSASHA1 -L 3600 $zone 2> keygen.out.$zone.2)
+KSK2=$($KEYGEN -a ECDSAP256SHA256 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK2=$($KEYGEN -a ECDSAP256SHA256 -L 3600 $zone 2> keygen.out.$zone.2)
+# The time passed since the DS has been swapped is 29 hours.
+TactN="now-38h"
+TpubN1="now-38h"
+TactN1="now-29h"
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $O $TactN  -r $O $TactN  -d $U $TactN1 "$KSK1" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $O $TactN  -z $O $TactN                "$ZSK1" > settime.out.$zone.2 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $O $TpubN1 -r $O $TpubN1 -d $R $TactN1 "$KSK2" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $O $TpubN1 -z $R $TpubN1               "$ZSK2" > settime.out.$zone.2 2>&1
+# Fake lifetime of old algorithm keys.
+echo "Lifetime: 0" >> "${KSK1}.state"
+echo "Lifetime: 0" >> "${ZSK1}.state"
+cat template.db.in "${KSK1}.key" "${ZSK1}.key" "${KSK2}.key" "${ZSK2}.key" > "$infile"
+private_type_record $zone 5  "$KSK1" >> "$infile"
+private_type_record $zone 5  "$ZSK1" >> "$infile"
+private_type_record $zone 13 "$KSK2" >> "$infile"
+private_type_record $zone 13 "$ZSK2" >> "$infile"
+$SIGNER -S -x -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer.out.$zone.1 2>&1
+
+# Step 5:
+# The DNSKEY is removed long enough to be HIDDEN.
+setup step5.algorithm-roll.kasp
+KSK1=$($KEYGEN -a RSASHA1 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK1=$($KEYGEN -a RSASHA1 -L 3600 $zone 2> keygen.out.$zone.2)
+KSK2=$($KEYGEN -a ECDSAP256SHA256 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK2=$($KEYGEN -a ECDSAP256SHA256 -L 3600 $zone 2> keygen.out.$zone.2)
+# The time passed since the DNSKEY has been removed is 2 hours.
+TactN="now-40h"
+TpubN1="now-40h"
+TactN1="now-31h"
+TremN="now-2h"
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $U $TremN  -r $U $TremN  -d $H $TremN  "$KSK1" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $U $TremN  -z $U $TremN                "$ZSK1" > settime.out.$zone.2 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $O $TpubN1 -r $O $TpubN1 -d $O $TremN  "$KSK2" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $O $TpubN1 -z $R $TpubN1               "$ZSK2" > settime.out.$zone.2 2>&1
+# Fake lifetime of old algorithm keys.
+echo "Lifetime: 0" >> "${KSK1}.state"
+echo "Lifetime: 0" >> "${ZSK1}.state"
+cat template.db.in "${KSK1}.key" "${ZSK1}.key" "${KSK2}.key" "${ZSK2}.key" > "$infile"
+private_type_record $zone 5  "$KSK1" >> "$infile"
+private_type_record $zone 5  "$ZSK1" >> "$infile"
+private_type_record $zone 13 "$KSK2" >> "$infile"
+private_type_record $zone 13 "$ZSK2" >> "$infile"
+$SIGNER -S -x -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer.out.$zone.1 2>&1
+
+# Step 6:
+# The RRSIGs have been removed long enough to be HIDDEN.
+setup step6.algorithm-roll.kasp
+KSK1=$($KEYGEN -a RSASHA1 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK1=$($KEYGEN -a RSASHA1 -L 3600 $zone 2> keygen.out.$zone.2)
+KSK2=$($KEYGEN -a ECDSAP256SHA256 -f KSK -L 3600 $zone 2> keygen.out.$zone.1)
+ZSK2=$($KEYGEN -a ECDSAP256SHA256 -L 3600 $zone 2> keygen.out.$zone.2)
+# Additional time passed: 7h.
+TactN="now-47h"
+TpubN1="now-47h"
+TactN1="now-38h"
+TremN="now-9h"
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $U $TremN  -r $U $TremN  -d $H $TremN  "$KSK1" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TactN  -A $TactN  -I now -g $H -k $U $TremN  -z $U $TremN                "$ZSK1" > settime.out.$zone.2 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $O $TpubN1 -r $O $TpubN1 -d $O $TremN  "$KSK2" > settime.out.$zone.1 2>&1
+$SETTIME -s -P $TpubN1 -A $TactN1        -g $O -k $O $TpubN1 -z $R $TpubN1               "$ZSK2" > settime.out.$zone.2 2>&1
+# Fake lifetime of old algorithm keys.
+echo "Lifetime: 0" >> "${KSK1}.state"
+echo "Lifetime: 0" >> "${ZSK1}.state"
+cat template.db.in "${KSK1}.key" "${ZSK1}.key" "${KSK2}.key" "${ZSK2}.key" > "$infile"
+private_type_record $zone 5  "$KSK1" >> "$infile"
+private_type_record $zone 5  "$ZSK1" >> "$infile"
+private_type_record $zone 13 "$KSK2" >> "$infile"
+private_type_record $zone 13 "$ZSK2" >> "$infile"
+$SIGNER -S -x -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer.out.$zone.1 2>&1
--- a/bin/tests/system/kasp/ns6/template.db.in
+++ b/bin/tests/system/kasp/ns6/template.db.in
@ -0,0 +1,25 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@		IN	SOA  mname1. . (
+			1       ; serial
+			20      ; refresh (20 seconds)
+			20      ; retry (20 seconds)
+			1814400 ; expire (3 weeks)
+			3600    ; minimum (1 hour)
+			)
+
+			NS	ns3
+ns3			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+c			A	10.0.0.3
+
--- a/bin/tests/system/kasp/setup.sh
+++ b/bin/tests/system/kasp/setup.sh
@ -22,6 +22,7 @@ copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
+copy_setports ns6/named.conf.in ns6/named.conf

 # Setup zones
 (
@ -40,3 +41,7 @@ copy_setports ns5/named.conf.in ns5/named.conf
 	cd ns5
 	$SHELL setup.sh
 )
+(
+	cd ns6
+	$SHELL setup.sh
+)
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@ -1629,7 +1629,8 @@ check_next_key_event() {
 	ret=0
 	grep "zone ${ZONE}.*: next key event in .* seconds" "${DIR}/named.run" > "keyevent.out.$ZONE.test$n" || log_error "no next key event for zone ${ZONE}"

-	_time=$(awk '{print $10}' < "keyevent.out.$ZONE.test$n")
+	# Get the latest next key event.
+	_time=$(awk '{print $10}' < "keyevent.out.$ZONE.test$n" | tail -1)

 	# The next key event time must within 60 seconds of the
 	# expected time.
@ -2081,7 +2082,7 @@ dnssec_verify
 check_next_key_event 13708800

 #
-# Testing CSK key rollover (1).
+# Testing CSK key rollover (2).
 #

 #
@ -2218,5 +2219,163 @@ dnssec_verify
 # Next key event is when the new successor needs to be published.
 check_next_key_event 14684400

+#
+# Testing algorithm rollover.
+#
+
+#
+# Zone: step1.algorithm-roll.kasp
+#
+zone_properties "ns6" "step1.algorithm-roll.kasp" "rsasha1" "3600" "2" "10.53.0.6"
+# The KSK (KEY1) and ZSK (KEY2) start in OMNIPRESENT.
+key_properties "KEY1" "ksk" "0" "5" "RSASHA1" "2048" "no" "yes"
+key_timings "KEY1" "published" "active" "none" "none" "none"
+key_states "KEY1" "omnipresent" "omnipresent" "none" "omnipresent" "omnipresent"
+key_properties "KEY2" "zsk" "0" "5" "RSASHA1" "2048" "yes" "no"
+key_timings "KEY2" "published" "active" "none" "none" "none"
+key_states "KEY2" "omnipresent" "omnipresent" "omnipresent" "none" "none"
+key_clear "KEY3"
+key_clear "KEY4"
+check_keys
+check_apex
+check_subdomain
+dnssec_verify
+
+# Next key event is when the successor keys need to be published.
+# Since the lifetime of the keys are unlimited, so default to loadkeys
+# interval.
+check_next_key_event 3600
+
+# Reconfig dnssec-policy (triggering algorithm roll).
+echo_i "reconfig dnssec-policy to trigger algorithm rollover"
+copy_setports ns6/named2.conf.in ns6/named.conf
+rndc_reconfig ns6 10.53.0.6
+
+zone_properties "ns6" "step1.algorithm-roll.kasp" "ecdsa256" "3600" "4" "10.53.0.6"
+# The RSAHSHA1 keys are outroducing.
+key_timings "KEY1" "published" "active" "retired" "none" "none"
+key_states "KEY1" "hidden" "omnipresent" "none" "omnipresent" "omnipresent"
+key_timings "KEY2" "published" "active" "retired" "none" "none"
+key_states "KEY2" "hidden" "omnipresent" "omnipresent" "none" "none"
+# The ECDSAP256SHA256 keys are introducing.
+key_properties "KEY3" "ksk" "0" "13" "ECDSAP256SHA256" "256" "no" "yes"
+key_timings "KEY3" "published" "active" "none" "none" "none"
+key_states "KEY3" "omnipresent" "rumoured" "none" "rumoured" "hidden"
+key_properties "KEY4" "zsk" "0" "13" "ECDSAP256SHA256" "256" "yes" "no"
+key_timings "KEY4" "published" "active" "none" "none" "none"
+key_states "KEY4" "omnipresent" "rumoured" "rumoured" "none" "none"
+
+check_keys
+check_apex
+check_subdomain
+dnssec_verify
+
+# Next key event is when the ecdsa256 keys have been propagated.
+# This is the DNSKEY TTL plus publish safety plus zone propagation delay:
+# 3 times an hour: 10800 seconds.
+check_next_key_event 10800
+
+#
+# Zone: step2.algorithm-roll.kasp
+#
+zone_properties "ns6" "step2.algorithm-roll.kasp" "ecdsa256" "3600" "4" "10.53.0.6"
+# The RSAHSHA1 keys are outroducing, but need to stay present until the new
+# algorithm chain of trust has been established. Thus the properties, timings
+# and states of the KEY1 and KEY2 are the same as above.
+#
+# The ECDSAP256SHA256 keys are introducing. The DNSKEY RRset is omnipresent,
+# but the zone signatures are not.
+key_states "KEY3" "omnipresent" "omnipresent" "none" "omnipresent" "hidden"
+key_states "KEY4" "omnipresent" "omnipresent" "rumoured" "none" "none"
+
+check_keys
+check_apex
+check_subdomain
+dnssec_verify
+
+# Next key event is when all zone signatures are signed with the new
+# algorithm.  This is the max-zone-ttl plus zone propagation delay
+# plus retire safety: 6h + 1h + 2h.  But three hours have already passed
+# (the time it took to make the DNSKEY omnipresent), so the next event
+# should be scheduled in 6 hour: 21600 seconds.
+check_next_key_event 21600
+
+#
+# Zone: step3.algorithm-roll.kasp
+#
+zone_properties "ns6" "step3.algorithm-roll.kasp" "ecdsa256" "3600" "4" "10.53.0.6"
+# The RSAHSHA1 keys are outroducing, and it is time to swap the DS.
+key_states "KEY1" "hidden" "omnipresent" "none" "omnipresent" "unretentive"
+# The ECDSAP256SHA256 keys are introducing. The DNSKEY RRset and all signatures
+# are now omnipresent, so the DS can be introduced.
+key_states "KEY3" "omnipresent" "omnipresent" "none" "omnipresent" "rumoured"
+key_states "KEY4" "omnipresent" "omnipresent" "omnipresent" "none" "none"
+
+check_keys
+check_apex
+check_subdomain
+dnssec_verify
+
+# Next key event is when the DS becomes OMNIPRESENT. This happens after the
+# parent registration delay, parent propagation delay, retire safety delay,
+# and DS TTL: 24h + 1h + 2h + 2h = 29h = 104400 seconds.
+check_next_key_event 104400
+
+#
+# Zone: step4.algorithm-roll.kasp
+#
+zone_properties "ns6" "step4.algorithm-roll.kasp" "ecdsa256" "3600" "4" "10.53.0.6"
+# The old DS is HIDDEN, we can remove the old algorithm DNSKEY/RRSIG records.
+key_properties "KEY1" "ksk" "0" "5" "RSASHA1" "2048" "no" "no"
+key_states "KEY1" "hidden" "unretentive" "none" "unretentive" "hidden"
+key_properties "KEY2" "zsk" "0" "5" "RSASHA1" "2048" "no" "no"
+key_states "KEY2" "hidden" "unretentive" "unretentive" "none" "none"
+# The ECDSAP256SHA256 DS is now OMNIPRESENT.
+key_states "KEY3" "omnipresent" "omnipresent" "none" "omnipresent" "omnipresent"
+
+check_keys
+check_apex
+check_subdomain
+dnssec_verify
+
+# Next key event is when the old DNSKEY becomes HIDDEN.  This happens after the
+# DNSKEY TTL plus zone propagation delay (2h).
+check_next_key_event 7200
+
+#
+# Zone: step5.algorithm-roll.kasp
+#
+zone_properties "ns6" "step5.algorithm-roll.kasp" "ecdsa256" "3600" "4" "10.53.0.6"
+# The DNSKEY becomes HIDDEN.
+key_states "KEY1" "hidden" "hidden" "none" "hidden" "hidden"
+key_states "KEY2" "hidden" "hidden" "unretentive" "none" "none"
+
+check_keys
+check_apex
+check_subdomain
+dnssec_verify
+
+# Next key event is when the RSASHA1 signatures become HIDDEN.  This happens
+# after the max-zone-ttl plus zone propagation delay plus retire safety
+# (6h + 1h + 2h) minus the time already passed since the UNRETENTIVE state has
+# been reached (2h): 9h - 2h = 7h = 25200
+check_next_key_event 25200
+
+#
+# Zone: step6.algorithm-roll.kasp
+#
+zone_properties "ns6" "step6.algorithm-roll.kasp" "ecdsa256" "3600" "4" "10.53.0.6"
+# The zone signatures should now also be HIDDEN.
+key_states "KEY2" "hidden" "hidden" "hidden" "none" "none"
+
+check_keys
+check_apex
+check_subdomain
+dnssec_verify
+
+# Next key event is never since we established the policy and the keys have
+# an unlimited lifetime.  Fallback to the default loadkeys interval.
+check_next_key_event 3600
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@ -19657,17 +19657,28 @@ zone_rekey(dns_zone_t *zone) {
 	/*
 	 * If keymgr provided a next time, use the calculated next rekey time.
 	 */
-	if (kasp != NULL && nexttime > 0) {
+	if (kasp != NULL) {
 		isc_time_t timenext;
+		uint32_t nexttime_seconds;

-		DNS_ZONE_TIME_ADD(&timenow, nexttime - now, &timenext);
+		/*
+		 * Set the key refresh timer to the next scheduled key event
+		 * or to 'dnssec-loadkeys-interval' seconds in the future
+		 * if no next key event is scheduled (nexttime == 0).
+		 */
+		if (nexttime > 0) {
+			nexttime_seconds = nexttime - now;
+		} else {
+			nexttime_seconds = zone->refreshkeyinterval;
+		}
+
+		DNS_ZONE_TIME_ADD(&timenow, nexttime_seconds, &timenext);
 		zone->refreshkeytime = timenext;
 		zone_settimer(zone, &timenow);
 		isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80);

 		dnssec_log(zone, ISC_LOG_DEBUG(3),
-			   "next key event in %u seconds: %s", (nexttime - now),
-			   timebuf);
+			   "next key event in %u seconds", nexttime_seconds);
 		dnssec_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf);
 	}
 	/*
--- a/util/copyrights
+++ b/util/copyrights
@ -697,6 +697,7 @@
 ./bin/tests/system/kasp/ns3/setup.sh		SH	2019,2020
 ./bin/tests/system/kasp/ns4/setup.sh		SH	2019,2020
 ./bin/tests/system/kasp/ns5/setup.sh		SH	2019,2020
+./bin/tests/system/kasp/ns6/setup.sh		SH	2020
 ./bin/tests/system/kasp/setup.sh		SH	2019,2020
 ./bin/tests/system/kasp/tests.sh		SH	2019,2020
 ./bin/tests/system/keepalive/clean.sh		SH	2017,2018,2019,2020