]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 74e5889) | patch
Fix dnssec test
authorMatthijs Mekking <matthijs@isc.org>
Thu, 23 Jan 2020 15:04:47 +0000 (16:04 +0100)
committerMatthijs Mekking <matthijs@isc.org>
Mon, 9 Mar 2020 09:16:55 +0000 (10:16 +0100)
commitaebb2aaa0fc275e440c1d31d43d5e832cd8c664d
treefaf8e3715e57f9cb72e137a012ca6b2e8f0f3785tree | snapshot
parent74e5889537261d52087fdf10bc10d4c7ddce2ec3commit | diff
Fix dnssec test

There is a failure mode which gets triggered on heavily loaded
systems. A key change is scheduled in 5 seconds to make ZSK2 inactive
and ZSK3 active, but `named` takes more than 5 seconds to progress
from `rndc loadkeys` to the query check. At this time the SOA RRset
is already signed by the new ZSK which is not expected to be active
at that point yet.

Split up the checks to test the case where RRsets are signed
correctly with the offline KSK (maintained the signature) and
the active ZSK.  First run, RRsets should be signed with the still
active ZSK2, second run RRsets should be signed with the new active
ZSK3.
bin/tests/system/dnssec/tests.sh diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git