upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve isctest.template dataclasses' defaults

Browse source 
Extend the Nameserver to generate the default IPv4/IPv6 values, add NSX
values for the predefined nameservers (there are 11 of them, as per
bin/tests/system/ifconfig.sh.in max value). Add the missing ns11
fixture.

Extend the Zone to derive the zone filename by default, unless
specified.

Adjust the existing uses of these classes to utilize the simplified
defaults.
This commit is contained in:
Nicki Křížek 2026-04-01 17:04:22 +02:00
parent a97e5c3031
commit fa3a59e70c
4 changed files with 93 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bin/tests/system/conftest.py
View file

@ -655,3 +655,8 @@ def ns9(servers):
@pytest.fixture(scope="module")
def ns10(servers):
return servers["ns10"]
@pytest.fixture(scope="module")
def ns11(servers):
return servers["ns11"]

37
bin/tests/system/isctest/template.py
View file

@ -15,6 +15,8 @@ from dataclasses import dataclass
from pathlib import Path
from typing import Any
import re
import jinja2
from .log import debug
@ -84,16 +86,47 @@ class TemplateEngine:
@dataclass
class Nameserver:
name: str
ip: str
num: int | None = None
ip: str | None = None
ip6: str | None = None
def __post_init__(self):
if self.num is None:
match = re.search(r"\d+", self.name)
assert match
self.num = int(match.group(0))
if self.ip is None:
self.ip = f"10.53.0.{self.num}"
if self.ip6 is None:
self.ip6 = f"fd92:7065:b8e:ffff::{self.num}"
NS1 = Nameserver("ns1")
NS2 = Nameserver("ns2")
NS3 = Nameserver("ns3")
NS4 = Nameserver("ns4")
NS5 = Nameserver("ns5")
NS6 = Nameserver("ns6")
NS7 = Nameserver("ns7")
NS8 = Nameserver("ns8")
NS9 = Nameserver("ns9")
NS10 = Nameserver("ns10")
NS11 = Nameserver("ns11")
@dataclass
class Zone:
name: str
filename: str
ns: Nameserver
type: str = "primary"
filename: str | None = None
def __post_init__(self):
if self.filename is None:
self.filename = f"{self.name}.db"
@dataclass

106
bin/tests/system/rollover/setup.py
View file

@ -13,7 +13,7 @@ import shutil
from isctest.kasp import SettimeOptions, private_type_record
from isctest.run import EnvCmd
from isctest.template import Nameserver, TrustAnchor, Zone
from isctest.template import NS2, NS3, TrustAnchor, Zone
from isctest.vars.algorithms import Algorithm
import isctest
@ -50,7 +50,7 @@ def configure_tld(zonename: str, delegations: list[Zone]) -> Zone:
templates.render(f"ns2/{outfile}", tdata, template=f"ns2/{template}")
signer(f"-P -x -O full -o {zonename} -f {outfile}.signed {outfile}", cwd="ns2")
return Zone(zonename, f"{outfile}.signed", Nameserver("ns2", "10.53.0.2"))
return Zone(zonename, NS2, filename=f"{outfile}.signed")
def configure_root(delegations: list[Zone]) -> TrustAnchor:
@ -150,7 +150,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo
# Step 1:
# Introduce the first key. This will immediately be active.
zonename = f"step1.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
TactN = "now-7d"
TsbmN = "now-161h"
@ -173,7 +173,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo
# Step 2:
# After the publication interval has passed the DNSKEY is OMNIPRESENT.
zonename = f"step2.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The time passed since the new algorithm keys have been introduced is 3 hours.
TpubN1 = "now-3h"
@ -205,7 +205,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo
# Step 3:
# The zone signatures are also OMNIPRESENT.
zonename = f"step3.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The time passed since the new algorithm keys have been introduced is 7 hours.
TpubN1 = "now-7h"
@ -238,7 +238,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo
# Step 4:
# The DS is swapped and can become OMNIPRESENT.
zonename = f"step4.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The time passed since the DS has been swapped is 3 hours.
TpubN1 = "now-10h"
@ -273,7 +273,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo
# Step 5:
# The DNSKEY is removed long enough to be HIDDEN.
zonename = f"step5.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The time passed since the DNSKEY has been removed is 2 hours.
TpubN1 = "now-12h"
@ -306,7 +306,7 @@ def configure_algo_csk(tld: str, policy: str, reconfig: bool = False) -> list[Zo
# Step 6:
# The RRSIGs have been removed long enough to be HIDDEN.
zonename = f"step6.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Additional time passed: 7h.
TpubN1 = "now-19h"
@ -349,7 +349,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]:
# Step 1:
# Introduce the first key. This will immediately be active.
zonename = f"step1.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
TactN = "now-7d"
TsbmN = "now-161h"
@ -380,7 +380,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]:
# Step 2:
# After the publication interval has passed the DNSKEY is OMNIPRESENT.
zonename = f"step2.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The time passed since the new algorithm keys have been introduced is 3 hours.
# Tsbm(N+1) = TpubN1 + Ipub = now + TTLsig + Dprp = now - 3h + 6h + 1h = now + 4h
@ -436,7 +436,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]:
# Step 3:
# The zone signatures are also OMNIPRESENT.
zonename = f"step3.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The time passed since the new algorithm keys have been introduced is 7 hours.
TpubN1 = "now-7h"
@ -491,7 +491,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]:
# Step 4:
# The DS is swapped and can become OMNIPRESENT.
zonename = f"step4.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The time passed since the DS has been swapped is 3 hours.
TpubN1 = "now-10h"
@ -548,7 +548,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]:
# Step 5:
# The DNSKEY is removed long enough to be HIDDEN.
zonename = f"step5.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The time passed since the DNSKEY has been removed is 2 hours.
TpubN1 = "now-12h"
@ -603,7 +603,7 @@ def configure_algo_ksk_zsk(tld: str, reconfig: bool = False) -> list[Zone]:
# Step 6:
# The RRSIGs have been removed long enough to be HIDDEN.
zonename = f"step6.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Additional time passed: 7h.
TpubN1 = "now-19h"
@ -668,7 +668,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]:
# Step 1:
# Introduce the first key. This will immediately be active.
zonename = f"step1.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
TactN = "now-7d"
keytimes = f"-P {TactN} -A {TactN}"
@ -689,7 +689,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]:
# Step 2:
# It is time to introduce the new CSK.
zonename = f"step2.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
# KSK: Tpub(N+1) <= Tact(N) + Lksk - IpubC
@ -726,7 +726,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]:
# Step 3:
# It is time to submit the DS and to roll signatures.
zonename = f"step3.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
#
@ -800,7 +800,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]:
# (which is 26d3h). The DS is swapped after Iret (which is 4h).
# In other words, the DS is swapped before all zone signatures are replaced.
zonename = f"step4.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
# Trem(N) = Tret(N) - Iret + IretZ
@ -862,7 +862,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]:
# After the DS is swapped in step 4, also the KRRSIG records can be removed.
# At this time these have all become hidden.
zonename = f"step5.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract DNSKEY TTL plus zone propagation delay from all the times (2h).
TpubN = "now-4470h"
@ -906,7 +906,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]:
# After the retire interval has passed the predecessor DNSKEY can be
# removed from the zone.
zonename = f"step6.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
# Trem(N) = Tret(N) + IretZ
@ -965,7 +965,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]:
# Step 7:
# Some time later the predecessor DNSKEY enters the HIDDEN state.
zonename = f"step7.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract DNSKEY TTL plus zone propagation delay from all the times (2h).
TpubN = "now-5093h"
@ -1008,7 +1008,7 @@ def configure_cskroll1(tld: str, policy: str) -> list[Zone]:
# Step 8:
# The predecessor DNSKEY can be purged.
zonename = f"step8.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract purge-keys interval from all the times (1h).
TpubN = "now-5094h"
@ -1064,7 +1064,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]:
# Step 1:
# Introduce the first key. This will immediately be active.
zonename = f"step1.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
TactN = "now-7d"
keytimes = f"-P {TactN} -A {TactN}"
@ -1085,7 +1085,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]:
# Step 2:
# It is time to introduce the new CSK.
zonename = f"step2.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
# KSK: Tpub(N+1) <= Tact(N) + Lksk - IpubC
@ -1122,7 +1122,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]:
# Step 3:
# It is time to submit the DS and to roll signatures.
zonename = f"step3.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
#
@ -1196,7 +1196,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]:
# The DS is swapped after Dreg + Iret (1w3h). In other words, the zone
# signatures are replaced before the DS is swapped.
zonename = f"step4.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
# Trem(N) = Tret(N) + IretZ
@ -1260,7 +1260,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]:
# Some time later the DS can be swapped and the old DNSKEY can be removed from
# the zone.
zonename = f"step5.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract Iret (170h) - IretZ (38h) = 132h.
#
@ -1314,7 +1314,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]:
# Step 6:
# Some time later the predecessor DNSKEY enters the HIDDEN state.
zonename = f"step6.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract DNSKEY TTL plus zone propagation delay (2h).
#
@ -1366,7 +1366,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]:
# Step 7:
# The predecessor DNSKEY can be purged, but purge-keys is disabled.
zonename = f"step7.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract 90 days (default, 2160h) from all the times.
#
@ -1419,7 +1419,7 @@ def configure_cskroll2(tld: str, policy: str) -> list[Zone]:
# Step 8:
# The predecessor DNSKEY can be purged.
zonename = f"step8.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract purge-keys interval from all the times (1h).
TpubN = "now-5094h"
@ -1473,14 +1473,14 @@ def configure_enable_dnssec(tld: str, policy: str) -> list[Zone]:
# This is an unsigned zone and named should perform the initial steps of
# introducing the DNSSEC records in the right order.
zonename = f"step1.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
render_and_sign_zone(zonename, [], signing=False)
# Step 2:
# The DNSKEY has been published long enough to become OMNIPRESENT.
zonename = f"step2.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# DNSKEY TTL: 300 seconds
# zone-propagation-delay: 5 minutes (300 seconds)
@ -1505,7 +1505,7 @@ def configure_enable_dnssec(tld: str, policy: str) -> list[Zone]:
# Step 3:
# The zone signatures have been published long enough to become OMNIPRESENT.
zonename = f"step3.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Passed time since publication:
# max-zone-ttl: 12 hours (43200 seconds)
@ -1530,7 +1530,7 @@ def configure_enable_dnssec(tld: str, policy: str) -> list[Zone]:
# Step 4:
# The DS has been submitted long enough ago to become OMNIPRESENT.
zonename = f"step4.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# DS TTL: 2 hour (7200 seconds)
# parent-propagation-delay: 1 hour (3600 seconds)
@ -1568,7 +1568,7 @@ def configure_going_insecure(tld: str, reconfig: bool = False) -> list[Zone]:
# Step 1:
zonename = f"step1.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Timing metadata.
TpubN = "now-10d"
@ -1600,9 +1600,7 @@ def configure_going_insecure(tld: str, reconfig: bool = False) -> list[Zone]:
if reconfig:
# Step 2:
zonename = f"step2.{zone}"
zones.append(
Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))
)
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# The DS was withdrawn from the parent zone 26 hours ago.
TremN = "now-26h"
@ -1647,7 +1645,7 @@ def configure_straight2none(tld: str) -> list[Zone]:
keytimes = f"-P {TpubN} -A {TpubN} -P sync {TsbmN}"
zonename = f"going-straight-to-none.{tld}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Key generation.
csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
@ -1664,9 +1662,7 @@ def configure_straight2none(tld: str) -> list[Zone]:
render_and_sign_zone(zonename, [csk_name], extra_options="-z")
zonename = f"going-straight-to-none-dynamic.{tld}"
zones.append(
Zone(zonename, f"{zonename}.db.signed", Nameserver("ns3", "10.53.0.3"))
)
zones.append(Zone(zonename, NS3, filename=f"{zonename}.db.signed"))
isctest.log.info(f"setup {zonename}")
# Key generation.
csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
@ -1696,7 +1692,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]:
# Step 1:
# Introduce the first key. This will immediately be active.
zonename = f"step1.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Timing metadata.
TactN = "now-7d"
@ -1724,7 +1720,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]:
# Step 2:
# It is time to introduce the new KSK.
zonename = f"step2.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Lksk: 60d
# Dreg: n/a
@ -1766,7 +1762,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]:
# Step 3:
# It is time to submit the DS.
zonename = f"step3.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
# Iret = DprpP + TTLds (+retire-safety)
@ -1829,7 +1825,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]:
# Step 4:
# The DS should be swapped now.
zonename = f"step4.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Tpub(N) = now - Lksk - Iret = now - 60d - 50h
# = now - 1440h - 50h = now - 1490h
@ -1891,7 +1887,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]:
# Step 5:
# The predecessor DNSKEY is removed long enough that is has become HIDDEN.
zonename = f"step5.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract DNSKEY TTL + zone-propagation-delay from all the times (3h).
# Tpub(N) = now - 1490h - 3h = now - 1493h
@ -1950,7 +1946,7 @@ def configure_ksk_doubleksk(tld: str) -> list[Zone]:
# Step 6:
# The predecessor DNSKEY can be purged.
zonename = f"step6.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract purge-keys interval from all the times (1h).
TpubN = "now-1494h"
@ -2019,7 +2015,7 @@ def configure_ksk_3crowd(tld: str) -> list[Zone]:
# Set up a zone that has a KSK (KEY1) and have the successor key (KEY2)
# published as well.
zonename = f"three-is-a-crowd.{tld}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# These times are the same as step3.ksk-doubleksk.autosign.
TpubN = "now-60d"
@ -2080,7 +2076,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]:
# Step 1:
# Introduce the first key. This will immediately be active.
zonename = f"step1.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Timing metadata.
TactN = "now-7d"
@ -2108,7 +2104,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]:
# Step 2:
# It is time to pre-publish the successor ZSK.
zonename = f"step2.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
# Tact(N) = now + Ipub - Lzsk = now + 26h - 30d
@ -2139,7 +2135,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]:
# After the publication interval has passed the DNSKEY of the successor ZSK
# is OMNIPRESENT and the zone can thus be signed with the successor ZSK.
zonename = f"step3.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# According to RFC 7583:
# Tpub(N+1) <= Tact(N) + Lzsk - Ipub
@ -2190,7 +2186,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]:
# After the retire interval has passed the predecessor DNSKEY can be
# removed from the zone.
zonename = f"step4.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Lzsk: 30d
# Ipub: 26h
@ -2249,7 +2245,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]:
# Step 5:
# The predecessor DNSKEY is removed long enough that is has become HIDDEN.
zonename = f"step5.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract DNSKEY TTL + zone-propagation-delay from all the times (2h).
# Tact(N) = now - 961h - 2h = now - 963h
@ -2296,7 +2292,7 @@ def configure_zsk_prepub(tld: str) -> list[Zone]:
# Step 6:
# The predecessor DNSKEY can be purged.
zonename = f"step6.{zone}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
zones.append(Zone(zonename, NS3))
isctest.log.info(f"setup {zonename}")
# Subtract purge-keys interval from all the times (1h).
TactN = "now-964h"

4
bin/tests/system/rollover/tests_rollover_manual.py
View file

@ -19,7 +19,7 @@ from isctest.kasp import (
private_type_record,
)
from isctest.run import EnvCmd
from isctest.template import Nameserver, Zone
from isctest.template import NS3, Zone
from isctest.vars.algorithms import Algorithm
from rollover.setup import configure_root, configure_tld, setkeytimes
@ -67,7 +67,7 @@ def setup_zone(zone, ksk_time, ksk_timings, zsk_time, zsk_timings) -> Zone:
templates.render(f"ns3/{outfile}", tdata, template=f"ns3/{template}")
signer(f"-P -x -O raw -o {zone} -f {outfile}.signed {outfile}", cwd="ns3")
return Zone(zone, outfile, Nameserver("ns3", "10.53.0.3"))
return Zone(zone, NS3)
def bootstrap():