upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change max NSEC3 iterations in system tests to 50

Browse source 
The dnssec and nsupdate system tests need to be adjusted to accept
a lower maximum value for NSEC3 iterations.
This commit is contained in:
Matthijs Mekking 2023-11-22 16:29:44 +01:00
parent ff4201e388
commit abdaa77303
3 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/tests/system/dnssec/tests.sh
View file

@ -1467,7 +1467,7 @@ ret=0
(
cd signer/general || exit 0
rm -f signed.zone
$SIGNER -f signed.zone -3 - -H 151 -o example.com. test9.zone >signer.out.$n
$SIGNER -f signed.zone -3 - -H 51 -o example.com. test9.zone >signer.out.$n
test -f signed.zone
) && ret=1
n=$((n + 1))
@ -1492,7 +1492,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -3 - -H 150 -o example.com. test9.zone >signer.out.$n
$SIGNER -f signed.zone -3 - -H 50 -o example.com. test9.zone >signer.out.$n
test -f signed.zone
) || ret=1
n=$((n + 1))
@ -4317,8 +4317,8 @@ status=$((status + ret))
echo_i "checking excessive NSEC3 iteration warnings in named.run ($n)"
ret=0
grep "zone too-many-iterations/IN: excessive NSEC3PARAM iterations [0-9]* > 150" ns2/named.run >/dev/null 2>&1 || ret=1
grep "zone too-many-iterations/IN: excessive NSEC3PARAM iterations [0-9]* > 150" ns3/named.run >/dev/null 2>&1 || ret=1
grep "zone too-many-iterations/IN: excessive NSEC3PARAM iterations [0-9]* > 50" ns2/named.run >/dev/null 2>&1 || ret=1
grep "zone too-many-iterations/IN: excessive NSEC3PARAM iterations [0-9]* > 50" ns3/named.run >/dev/null 2>&1 || ret=1
n=$((n + 1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))

6
bin/tests/system/nsupdate/tests.sh
View file

@ -433,7 +433,7 @@ if $PERL -e 'use Net::DNS;' 2>/dev/null; then
n=$((n + 1))
ret=0
echo_i "check for too many NSEC3 iterations log ($n)"
grep "updating zone 'update.nil/IN': too many NSEC3 iterations (151)" ns1/named.run >/dev/null || ret=1
grep "updating zone 'update.nil/IN': too many NSEC3 iterations (51)" ns1/named.run >/dev/null || ret=1
[ $ret -eq 1 ] && {
echo_i "failed"
status=1
@ -1899,9 +1899,9 @@ echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)
$NSUPDATE -d <<END >nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone example
update add example 0 in NSEC3PARAM 1 0 151 -
update add example 0 in NSEC3PARAM 1 0 51 -
END
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out.test$n >/dev/null || ret=1
grep "NSEC3PARAM has excessive iterations (> 50)" nsupdate.out.test$n >/dev/null || ret=1
[ $ret = 0 ] || {
echo_i "failed"
status=1

4
bin/tests/system/nsupdate/update_test.pl
View file

@ -417,8 +417,8 @@ if ($Net::DNS::VERSION < 1.01) {
print "skipped Excessive NSEC3PARAM iterations; Net::DNS too old.\n";
} else {
section("Excessive NSEC3PARAM iterations");
test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 151 -")]);
test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 150 -")]);
test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 51 -")]);
test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 50 -")]);
}
if ($failures) {