upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-25 02:47:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Wait until zones are signed before reconfig

Browse source 
In order to make the tests run reliable, first make sure the key
managing for all the zones has finished before doing running the
reconfig command.
This commit is contained in:
Matthijs Mekking 2025-11-21 09:47:08 +01:00
parent 66e4146a88
commit 8cfccb9eac
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bin/tests/system/nsec3/tests_nsec3_reconfig.py
View file

@ -65,6 +65,13 @@ def bootstrap():
@pytest.fixture(scope="module", autouse=True)
def after_servers_start(ns3, templates):
# First make sure all zones are properly signed. Here we specifically need
# to wait until all zones have finished key management before we can
# reconfigure the server, because changing the DNSSEC policy relies on
# zones having finished applying their initial policy.
for zone in ZONES:
isctest.kasp.wait_keymgr_done(ns3, zone)
# Ensure rsasha1-to-nsec3-wait.kasp is fully signed prior to reconfig.
with_rsasha1 = "RSASHA1_SUPPORTED"
assert with_rsasha1 in os.environ, f"{with_rsasha1} env variable undefined"