From 6847a29b54eb87dd46467d1b6e4d0401b80aea58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Wed, 20 Mar 2019 09:50:35 +0100
Subject: [PATCH 1/2] Increase TAT query interval

Currently, ns3 in the "mirror" system test sends trust anchor telemetry
queries every second as it is started with "-T tat=1".  Given the number
of trust anchors configured on ns3 (9), TAT-related traffic clutters up
log files, hindering troubleshooting efforts.  Increase TAT query
interval to 3 seconds in order to alleviate the issue.

Note that the interval chosen cannot be much higher if intermittent test
failures are to be avoided: TAT queries are only sent after the
configured number of seconds passes since resolver startup.  Quick
experiments show that even on contemporary hardware, ns3 should be
running for at least 5 seconds before it is first shut down, so a
3-second TAT query interval seems to be a reasonable, future-proof
compromise.  Ensure the relevant check is performed before ns3 is first
shut down to emphasize this trade-off and make it more clear by what
time TAT queries are expected to be sent.
---
 bin/tests/system/mirror/ns3/named.args |  2 +-
 bin/tests/system/mirror/tests.sh       | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/bin/tests/system/mirror/ns3/named.args b/bin/tests/system/mirror/ns3/named.args
index ac8c56c000..5330759bd4 100644
--- a/bin/tests/system/mirror/ns3/named.args
+++ b/bin/tests/system/mirror/ns3/named.args
@@ -1 +1 @@
--D mirror-ns3 -X named.lock -m record,size,mctx -T clienttest -c named.conf -d 99 -g -U 4 -T tat=1
+-D mirror-ns3 -X named.lock -m record,size,mctx -T clienttest -c named.conf -d 99 -g -U 4 -T tat=3
diff --git a/bin/tests/system/mirror/tests.sh b/bin/tests/system/mirror/tests.sh
index d4ed7d3ad2..98bd22dbce 100644
--- a/bin/tests/system/mirror/tests.sh
+++ b/bin/tests/system/mirror/tests.sh
@@ -213,6 +213,14 @@ nextpartpeek ns3/named.run | grep "verify-load.*mirror zone is now in use" > /de
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo_i "ensuring trust anchor telemetry queries are sent upstream for a mirror zone ($n)"
+ret=0
+# ns3 is started with "-T tat=3", so TAT queries should have already been sent.
+grep "_ta-[-0-9a-f]*/NULL" ns1/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo_i "checking that loading a correctly signed mirror zone from disk succeeds ($n)"
 ret=0
@@ -541,13 +549,5 @@ grep "flags:.* ad" dig.out.ns3.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
-n=`expr $n + 1`
-echo_i "ensuring trust anchor telemetry queries are sent upstream for a mirror zone ($n)"
-ret=0
-# ns3 is started with "-T tat=1", so TAT queries should have already been sent.
-grep "_ta-[-0-9a-f]*/NULL" ns1/named.run > /dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

From 73afbdc5525709a5eb3190101634a73d927a6a06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Wed, 20 Mar 2019 09:50:35 +0100
Subject: [PATCH 2/2] Increase dig query timeout to 2 seconds

The "mirror" system test expects all dig queries (including recursive
ones) to be responded to within 1 second, which turns out to be overly
optimistic in certain cases and leads to false positives being
triggered.  Increase dig query timeout used throughout the "mirror"
system test to 2 seconds in order to alleviate the issue.
---
 bin/tests/system/mirror/tests.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/tests/system/mirror/tests.sh b/bin/tests/system/mirror/tests.sh
index 98bd22dbce..1171ef7693 100644
--- a/bin/tests/system/mirror/tests.sh
+++ b/bin/tests/system/mirror/tests.sh
@@ -12,7 +12,7 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-DIGOPTS="-p ${PORT} -b 10.53.0.1 +dnssec +time=1 +tries=1 +multi"
+DIGOPTS="-p ${PORT} -b 10.53.0.1 +dnssec +time=2 +tries=1 +multi"
 RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
 
 # Wait until the transfer of the given zone to ns3 either completes successfully