From: Kees Monshouwer Date: Fri, 28 Feb 2014 00:19:38 +0000 (+0100) Subject: workaround for ldns-verify-zone nsec3 bug in regression tests X-Git-Tag: rec-3.6.0-rc1~156^2^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8ded0828d3017af6048eeab5e5c21727c61b46b8;p=thirdparty%2Fpdns.git workaround for ldns-verify-zone nsec3 bug in regression tests --- diff --git a/.travis.yml b/.travis.yml index af71eb7428..f630190e7b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -46,7 +46,8 @@ script: - ./runtests recursor - cd ../regression-tests - touch tests/verify-dnssec-zone/allow-missing - - touch tests/verify-dnssec-zone/skip.optout # some (travis) tools in this test are unable to handle optout zones + - touch tests/verify-dnssec-zone/skip.nsec3 # some (travis) tools in this test are unable to handle nsec3 zones + - touch tests/verify-dnssec-zone/skip.optout - ./start-test-stop 5300 bind-both - ./start-test-stop 5300 bind-dnssec-both - ./start-test-stop 5300 bind-dnssec-nsec3-both diff --git a/regression-tests/tests/verify-dnssec-zone/command b/regression-tests/tests/verify-dnssec-zone/command index 0d66669eb0..f9c11a7143 100755 --- a/regression-tests/tests/verify-dnssec-zone/command +++ b/regression-tests/tests/verify-dnssec-zone/command @@ -23,7 +23,7 @@ do fi RETVAL=$? echo RETVAL: $RETVAL - if [ $RETVAL -gt 0 ] && { [[ $validator != ldns-verify-zone* ]] || [[ $skipreasons != *optout* ]]; } + if [ $RETVAL -gt 0 ] && { [[ $validator != ldns-verify-zone* ]] || { [[ $skipreasons != *nsec3* ]] && [[ $skipreasons != *optout* ]]; }; } then echo $validator reported error, full zone content: echo --- diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3 b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3 new file mode 100644 index 0000000000..8cacd78b2d --- /dev/null +++ b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3 @@ -0,0 +1,139 @@ +--- ldns-verify-zone -V2 test.com +RETVAL: 0 + +--- validns test.com +RETVAL: 0 + +--- jdnssec-verifyzone test.com +zone verified. +RETVAL: 0 + +--- named-checkzone test.com +zone test.com/IN: test.com/MX 'smtp-servers.test.com' has no address records (A or AAAA) +zone test.com/IN: sub.test.test.com/NS 'ns-test.example.net.test.com' has no address records (A or AAAA) +zone test.com/IN: loaded serial 2005092501 (DNSSEC signed) +OK +RETVAL: 0 + +--- ldns-verify-zone -V2 test.dyndns +RETVAL: 0 + +--- validns test.dyndns +RETVAL: 0 + +--- jdnssec-verifyzone test.dyndns +zone verified. +RETVAL: 0 + +--- named-checkzone test.dyndns +zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed) +OK +RETVAL: 0 + +--- ldns-verify-zone -V2 wtest.com +RETVAL: 0 + +--- validns wtest.com +RETVAL: 0 + +--- jdnssec-verifyzone wtest.com +zone verified. +RETVAL: 0 + +--- named-checkzone wtest.com +zone wtest.com/IN: wtest.com/MX 'smtp-servers.wtest.com' is a CNAME (illegal) +zone wtest.com/IN: loaded serial 2005092501 (DNSSEC signed) +OK +RETVAL: 0 + +--- ldns-verify-zone -V2 dnssec-parent.com +original of NSEC3 hashed name could not be found at 49 +RETVAL: 1 + +--- validns dnssec-parent.com +RETVAL: 0 + +--- jdnssec-verifyzone dnssec-parent.com +zone verified. +RETVAL: 0 + +--- named-checkzone dnssec-parent.com +zone dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) +OK +RETVAL: 0 + +--- ldns-verify-zone -V2 delegated.dnssec-parent.com +RETVAL: 0 + +--- validns delegated.dnssec-parent.com +RETVAL: 0 + +--- jdnssec-verifyzone delegated.dnssec-parent.com +zone verified. +RETVAL: 0 + +--- named-checkzone delegated.dnssec-parent.com +zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) +OK +RETVAL: 0 + +--- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com +RETVAL: 0 + +--- validns secure-delegated.dnssec-parent.com +RETVAL: 0 + +--- jdnssec-verifyzone secure-delegated.dnssec-parent.com +zone verified. +RETVAL: 0 + +--- named-checkzone secure-delegated.dnssec-parent.com +zone secure-delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) +OK +RETVAL: 0 + +--- ldns-verify-zone -V2 minimal.com +RETVAL: 0 + +--- validns minimal.com +RETVAL: 0 + +--- jdnssec-verifyzone minimal.com +zone verified. +RETVAL: 0 + +--- named-checkzone minimal.com +zone minimal.com/IN: loaded serial 2000081501 (DNSSEC signed) +OK +RETVAL: 0 + +--- ldns-verify-zone -V2 tsig.com +RETVAL: 0 + +--- validns tsig.com +RETVAL: 0 + +--- jdnssec-verifyzone tsig.com +zone verified. +RETVAL: 0 + +--- named-checkzone tsig.com +zone tsig.com/IN: loaded serial 2000081501 (DNSSEC signed) +OK +RETVAL: 0 + +--- ldns-verify-zone -V2 stest.com +RETVAL: 0 + +--- validns stest.com +RETVAL: 0 + +--- jdnssec-verifyzone stest.com +zone verified. +RETVAL: 0 + +--- named-checkzone stest.com +zone stest.com/IN: loaded serial 2000081501 (DNSSEC signed) +OK +RETVAL: 0 + diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout index a91f021e2a..e1949f58ed 100644 --- a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout +++ b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout @@ -47,7 +47,8 @@ OK RETVAL: 0 --- ldns-verify-zone -V2 dnssec-parent.com -Error: there is no NSEC(3) for ent.dnssec-parent.com. +Error: there is no NSEC(3) for ent.auth-ent.dnssec-parent.com. +Error: there is no NSEC(3) for ent.ent.auth-ent.dnssec-parent.com. There were errors in the zone RETVAL: 11