Convert reload/restart kasp test case

This test checks that the SOA SERIAL and TTL are adjusted correctly after a reload/restart.
2026-06-09 00:02:04 -04:00 · 2025-03-17 17:09:08 +01:00 · 2025-03-17 17:09:08 +01:00 · bff7453e50
commit bff7453e50
parent 44b4d5ebd6
2 changed files with 59 additions and 44 deletions
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@ -3661,49 +3661,5 @@ dnssec_verify
 # an unlimited lifetime.  Fallback to the default loadkeys interval.
 check_next_key_event 3600

-_check_soa_ttl() {
-  dig_with_opts @10.53.0.6 example SOA >dig.out.ns6.test$n.soa2 || return 1
-  soa1=$(awk '$4 == "SOA" { print $7 }' dig.out.ns6.test$n.soa1)
-  soa2=$(awk '$4 == "SOA" { print $7 }' dig.out.ns6.test$n.soa2)
-  ttl1=$(awk '$4 == "SOA" { print $2 }' dig.out.ns6.test$n.soa1)
-  ttl2=$(awk '$4 == "SOA" { print $2 }' dig.out.ns6.test$n.soa2)
-  test ${soa1:-1000} -lt ${soa2:-0} || return 1
-  test ${ttl1:-0} -eq $1 || return 1
-  test ${ttl2:-0} -eq $2 || return 1
-}
-
-n=$((n + 1))
-echo_i "Check that 'rndc reload' of just the serial updates the signed instance ($n)"
-TSIG=
-ret=0
-dig_with_opts @10.53.0.6 example SOA >dig.out.ns6.test$n.soa1 || ret=1
-cp ns6/example2.db.in ns6/example.db || ret=1
-nextpart ns6/named.run >/dev/null
-rndccmd 10.53.0.6 reload || ret=1
-wait_for_log 3 "all zones loaded" ns6/named.run || ret=1
-# Check that the SOA SERIAL increases and check the TTLs (should be 300 as
-# defined in ns6/example2.db.in).
-retry_quiet 10 _check_soa_ttl 300 300 || ret=1
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "Check that restart with zone changes and deleted journal works ($n)"
-TSIG=
-ret=0
-dig_with_opts @10.53.0.6 example SOA >dig.out.ns6.test$n.soa1 || ret=1
-stop_server --use-rndc --port ${CONTROLPORT} ns6
-# TTL of all records change from 300 to 400
-cp ns6/example3.db.in ns6/example.db || ret=1
-rm ns6/example.db.jnl
-nextpart ns6/named.run >/dev/null
-start_server --noclean --restart --port ${PORT} ns6
-wait_for_log 3 "all zones loaded" ns6/named.run || ret=1
-# Check that the SOA SERIAL increases and check the TTLs (should be changed
-# from 300 to 400 as defined in ns6/example3.db.in).
-retry_quiet 10 _check_soa_ttl 300 400 || ret=1
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/bin/tests/system/kasp/tests_kasp.py
+++ b/bin/tests/system/kasp/tests_kasp.py
@ -1446,3 +1446,62 @@ def test_kasp_zsk_retired(servers):

    msg = f"zone {zone}/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing"
    server.log.prohibit(msg)
+
+
+def test_kasp_reload_restart(servers):
+    server = servers["ns6"]
+    zone = "example"
+
+    def query_soa(qname):
+        fqdn = dns.name.from_text(qname)
+        qtype = dns.rdatatype.SOA
+        query = dns.message.make_query(fqdn, qtype, use_edns=True, want_dnssec=True)
+        try:
+            response = isctest.query.tcp(query, server.ip, server.ports.dns, timeout=3)
+        except dns.exception.Timeout:
+            isctest.log.debug(f"query timeout for query {qname} SOA to {server.ip}")
+            return 0, 0
+
+        assert response.rcode() == dns.rcode.NOERROR
+
+        for rr in response.answer:
+            if rr.match(fqdn, dns.rdataclass.IN, dns.rdatatype.RRSIG, qtype):
+                continue
+
+            assert rr.match(fqdn, dns.rdataclass.IN, qtype, dns.rdatatype.NONE)
+            assert len(rr) == 1
+            return rr[0].serial, rr.ttl
+
+        return 0, 0
+
+    def check_soa_ttl():
+        soa2, ttl2 = query_soa(zone)
+        return soa1 < soa2 and ttl2 == newttl
+
+    # Check that the SOA SERIAL increases and check the TTLs (should be 300 as
+    # defined in ns6/example2.db.in).
+    soa1, ttl1 = query_soa(zone)
+    assert ttl1 == 300
+
+    shutil.copyfile(f"ns6/{zone}2.db.in", f"ns6/{zone}.db")
+    with server.watch_log_from_here() as watcher:
+        server.rndc("reload", log=False)
+        watcher.wait_for_line("all zones loaded")
+
+    newttl = 300
+    isctest.run.retry_with_timeout(check_soa_ttl, timeout=10)
+
+    # Check that the SOA SERIAL increases and check the TTLs (should be changed
+    # from 300 to 400 as defined in ns6/example3.db.in).
+    soa1, ttl1 = query_soa(zone)
+    assert ttl1 == 300
+
+    server.stop()
+    shutil.copyfile(f"ns6/{zone}3.db.in", f"ns6/{zone}.db")
+    os.unlink(f"ns6/{zone}.db.jnl")
+    with server.watch_log_from_here() as watcher:
+        server.start(["--noclean", "--restart", "--port", os.environ["PORT"]])
+        watcher.wait_for_line("all zones loaded")
+
+    newttl = 400
+    isctest.run.retry_with_timeout(check_soa_ttl, timeout=10)