Various TTL fixes in dnssec tests

Make sure the various TTL checks are using a lower bound as well and use a common TTL of 5 min.
2026-02-18 18:18:00 -05:00 · 2025-07-25 17:21:56 +02:00 · 2025-07-25 17:21:56 +02:00 · d0e2487ab6
commit d0e2487ab6
parent 19941adab0
5 changed files with 12 additions and 12 deletions
--- a/bin/tests/system/dnssec/ns2/example.db.in
+++ b/bin/tests/system/dnssec/ns2/example.db.in
@ -9,7 +9,7 @@
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.

-$TTL 3600	; 1 hour
+$TTL 300	; 5 minutes
@			IN SOA	mname1. . (
 				2000042407 ; serial
 				20	   ; refresh (20 seconds)
--- a/bin/tests/system/dnssec/ns2/template.db.in
+++ b/bin/tests/system/dnssec/ns2/template.db.in
@ -9,7 +9,7 @@
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.

-$TTL 3600
+$TTL 300	; 5 minutes
@	SOA	ns2.example. . 1 3600 1200 86400 1200
@	NS	ns2
 ns2	A	10.53.0.2
--- a/bin/tests/system/dnssec/tests_delv.py
+++ b/bin/tests/system/dnssec/tests_delv.py
@ -75,12 +75,12 @@ def test_positive_validation_delv():
    # check positive validation NSEC
    response = delv("a", "a.example")
    assert grep_c("a.example..*10.0.0.1", response)
-    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)

    # check positive validation NSEC (trsuted-keys)
    response = delv("a", "a.example", tkeys=True)
    assert grep_c("a.example..*10.0.0.1", response)
-    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)

    # check positive validation NSEC3
    response = delv("a", "a.nsec3.example")
@ -95,7 +95,7 @@ def test_positive_validation_delv():
    # check positive wildcard validation NSEC
    response = delv("a", "a.wild.example")
    assert grep_c("a.wild.example..*10.0.0.27", response)
-    assert grep_c("a.wild.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.wild.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)

    # check positive wildcard validation NSEC3
    response = delv("a", "a.wild.nsec3.example")
--- a/bin/tests/system/dnssec/tests_validation.py
+++ b/bin/tests/system/dnssec/tests_validation.py
@ -721,7 +721,7 @@ def test_cache(servers):
    isctest.check.rr_count_eq(res1.answer, 2)
    isctest.check.rr_count_eq(res2.answer, 2)
    for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 3000 <= rrset.ttl <= 3600
    for rrset in res2.answer:
        assert rrset.ttl <= 300

@ -1157,7 +1157,7 @@ def test_expired_signatures(servers):
    msg = isctest.query.create("expiring.example", "SOA")
    res2 = isctest.query.tcp(msg, "10.53.0.4")
    for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
    for rrset in res2.answer:
        assert rrset.ttl <= 60

@ -1168,7 +1168,7 @@ def test_expired_signatures(servers):
    msg = isctest.query.create("expiring.example", "NS")
    res2 = isctest.query.tcp(msg, "10.53.0.4")
    for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
    for rrset in res2.additional:
        assert rrset.ttl <= 60

@ -1179,7 +1179,7 @@ def test_expired_signatures(servers):
    msg = isctest.query.create("expiring.example", "MX")
    res2 = isctest.query.tcp(msg, "10.53.0.4")
    for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
    for rrset in res2.additional:
        assert rrset.ttl <= 60

--- a/bin/tests/system/dnssec/tests_validation_accept_expired.py
+++ b/bin/tests/system/dnssec/tests_validation_accept_expired.py
@ -34,7 +34,7 @@ def test_accept_expired(servers):
    msg = isctest.query.create("expiring.example", "SOA")
    res2 = isctest.query.tcp(msg, "10.53.0.4")
    for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
    for rrset in res2.answer:
        assert rrset.ttl <= 120

@ -47,7 +47,7 @@ def test_accept_expired(servers):
    msg = isctest.query.create("expiring.example", "MX")
    res2 = isctest.query.tcp(msg, "10.53.0.4")
    for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
    for rrset in res2.additional:
        assert rrset.ttl <= 120

@ -59,6 +59,6 @@ def test_accept_expired(servers):
    msg = isctest.query.create("expired.example", "SOA")
    res2 = isctest.query.tcp(msg, "10.53.0.4")
    for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
    for rrset in res2.additional:
        assert rrset.ttl <= 120