Retry the SOA serial check in the rpz test

While a response-policy zone is being (re)loaded it can briefly answer with no SOA (SERVFAIL/REFUSED), which `dig +short` renders as empty output. get_sn() aborted the whole tests.sh on the first such miss, defeating the retry_quiet() loop in ck_soa() that is meant to wait for the reload to settle. Return failure instead so the check is retried. Assisted-by: Claude:claude-opus-4-8
2026-06-11 02:29:59 -04:00 · 2026-06-03 16:39:56 +00:00 · 2026-06-03 16:39:56 +00:00 · bb4afd1332
commit bb4afd1332
parent 9fd01e5121
1 changed files with 6 additions and 2 deletions
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@ -111,8 +111,12 @@ get_sn() {
  $DIG -p "${PORT}" +short +norecurse soa "$1" "@$2" "-b$2" >$DIGNM
  SN=$(awk '{ print $3 }' <$DIGNM)
  [ -n "$SN" ] && return
+  # A policy zone being (re)loaded can briefly answer with no SOA
+  # (SERVFAIL/REFUSED), which +short renders as empty output.  Return
+  # failure rather than aborting so the retry_quiet() in ck_soa() can
+  # probe again instead of dying on a single transient miss.
  echo_i "no serial number from \`dig -p ${PORT} soa $1 @$2\`"
-  exit 1
+  return 1
 }

 # check the serial number in an SOA to ensure that a policy zone has
@ -121,7 +125,7 @@ get_sn() {
 # $2=domain
 # $3=DNS server
 test_soa() {
-  get_sn "$2" "$3"
+  get_sn "$2" "$3" || return 1
  test "$SN" -eq "$1"
 }