mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-09 04:12:08 -04:00
Merge branch 'matthijs-kasp-system-test-failure' into 'main'
Fix kasp system test failures See merge request isc-projects/bind9!6223
This commit is contained in:
Matthijs Mekking
commit
9c12720f3d
2 changed files with 35 additions and 17 deletions
|
|
@ -1008,6 +1008,15 @@ check_cds() {
|
|||
status=$((status+ret))
|
||||
}
|
||||
|
||||
_find_dnskey() {
|
||||
_owner="${ZONE}."
|
||||
_alg="$(key_get $1 ALG_NUM)"
|
||||
_flags="$(key_get $1 FLAGS)"
|
||||
_key_file="$(key_get $1 BASEFILE).key"
|
||||
|
||||
awk '$1 == "'"$_owner"'" && $2 == "'"$DNSKEY_TTL"'" && $3 == "IN" && $4 == "DNSKEY" && $5 == "'"$_flags"'" && $6 == "3" && $7 == "'"$_alg"'" { print $8 }' < "$_key_file"
|
||||
}
|
||||
|
||||
|
||||
# Test DNSKEY query.
|
||||
_check_apex_dnskey() {
|
||||
|
|
@ -1015,40 +1024,49 @@ _check_apex_dnskey() {
|
|||
grep "status: NOERROR" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
|
||||
_checksig=0
|
||||
_flags="$(key_get KEY1 FLAGS)"
|
||||
|
||||
if [ "$(key_get KEY1 STATE_DNSKEY)" = "rumoured" ] || [ "$(key_get KEY1 STATE_DNSKEY)" = "omnipresent" ]; then
|
||||
grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*DNSKEY.*${_flags}.*.3.*$(key_get KEY1 ALG_NUM)" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
_pubkey=$(_find_dnskey KEY1)
|
||||
test -z "$_pubkey" && return 1
|
||||
grep -F "$_pubkey" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
_checksig=1
|
||||
elif [ "$(key_get KEY1 EXPECT)" = "yes" ]; then
|
||||
grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*DNSKEY.*${_flags}.*.3.*$(key_get KEY1 ALG_NUM)" "dig.out.$DIR.test$n" > /dev/null && return 1
|
||||
_pubkey=$(_find_dnskey KEY1)
|
||||
test -z "$_pubkey" && return 1
|
||||
grep -F "$_pubkey" "dig.out.$DIR.test$n" > /dev/null && return 1
|
||||
fi
|
||||
|
||||
_flags="$(key_get KEY2 FLAGS)"
|
||||
|
||||
if [ "$(key_get KEY2 STATE_DNSKEY)" = "rumoured" ] || [ "$(key_get KEY2 STATE_DNSKEY)" = "omnipresent" ]; then
|
||||
grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*DNSKEY.*${_flags}.*.3.*$(key_get KEY2 ALG_NUM)" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
_pubkey=$(_find_dnskey KEY2)
|
||||
test -z "$_pubkey" && return 1
|
||||
grep -F "$_pubkey" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
_checksig=1
|
||||
elif [ "$(key_get KEY2 EXPECT)" = "yes" ]; then
|
||||
grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*DNSKEY.*${_flags}.*.3.*$(key_get KEY2 ALG_NUM)" "dig.out.$DIR.test$n" > /dev/null && return 1
|
||||
_pubkey=$(_find_dnskey KEY2)
|
||||
test -z "$_pubkey" && return 1
|
||||
grep -F "$_pubkey" "dig.out.$DIR.test$n" > /dev/null && return 1
|
||||
fi
|
||||
|
||||
_flags="$(key_get KEY3 FLAGS)"
|
||||
|
||||
if [ "$(key_get KEY3 STATE_DNSKEY)" = "rumoured" ] || [ "$(key_get KEY3 STATE_DNSKEY)" = "omnipresent" ]; then
|
||||
grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*DNSKEY.*${_flags}.*.3.*$(key_get KEY3 ALG_NUM)" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
_pubkey=$(_find_dnskey KEY3)
|
||||
test -z "$_pubkey" && return 1
|
||||
grep -F "$_pubkey" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
_checksig=1
|
||||
elif [ "$(key_get KEY3 EXPECT)" = "yes" ]; then
|
||||
grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*DNSKEY.*${_flags}.*.3.*$(key_get KEY3 ALG_NUM)" "dig.out.$DIR.test$n" > /dev/null && return 1
|
||||
_pubkey=$(_find_dnskey KEY3)
|
||||
test -z "$_pubkey" && return 1
|
||||
grep -F "$_pubkey" "dig.out.$DIR.test$n" > /dev/null && return 1
|
||||
fi
|
||||
|
||||
_flags="$(key_get KEY4 FLAGS)"
|
||||
|
||||
if [ "$(key_get KEY4 STATE_DNSKEY)" = "rumoured" ] || [ "$(key_get KEY4 STATE_DNSKEY)" = "omnipresent" ]; then
|
||||
grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*DNSKEY.*${_flags}.*.3.*$(key_get KEY4 ALG_NUM)" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
_pubkey=$(_find_dnskey KEY4)
|
||||
test -z "$_pubkey" && return 1
|
||||
grep -F "$_pubkey" "dig.out.$DIR.test$n" > /dev/null || return 1
|
||||
_checksig=1
|
||||
elif [ "$(key_get KEY4 EXPECT)" = "yes" ]; then
|
||||
grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*DNSKEY.*${_flags}.*.3.*$(key_get KEY4 ALG_NUM)" "dig.out.$DIR.test$n" > /dev/null && return 1
|
||||
_pubkey=$(_find_dnskey KEY4)
|
||||
test -z "$_pubkey" && return 1
|
||||
grep -F "$_pubkey" "dig.out.$DIR.test$n" > /dev/null && return 1
|
||||
fi
|
||||
|
||||
test "$_checksig" -eq 0 && return 0
|
||||
|
|
|
|||
|
|
@ -2024,7 +2024,7 @@ dnssec_verify
|
|||
# Schedule KSK rollover now.
|
||||
set_policy "manual-rollover" "3" "3600"
|
||||
set_keystate "KEY1" "GOAL" "hidden"
|
||||
# This key was activated one day agao, so lifetime is set to 1d plus
|
||||
# This key was activated one day ago, so lifetime is set to 1d plus
|
||||
# prepublication duration (7500 seconds) = 93900 seconds.
|
||||
set_keylifetime "KEY1" "93900"
|
||||
created=$(key_get KEY1 CREATED)
|
||||
|
|
@ -2051,7 +2051,7 @@ dnssec_verify
|
|||
# Schedule ZSK rollover now.
|
||||
set_policy "manual-rollover" "4" "3600"
|
||||
set_keystate "KEY2" "GOAL" "hidden"
|
||||
# This key was activated one day agao, so lifetime is set to 1d plus
|
||||
# This key was activated one day ago, so lifetime is set to 1d plus
|
||||
# prepublication duration (7500 seconds) = 93900 seconds.
|
||||
set_keylifetime "KEY2" "93900"
|
||||
created=$(key_get KEY2 CREATED)
|
||||
|
|
|
|||
Loading…
Reference in a new issue