"nextev": TIMEDELTA["PT1H"],
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ with ns3.watch_log_from_start() as watcher:
+ watcher.wait_for_line(
+ f"zone {zone}/IN (signed): dsyncfetch: send NOTIFY(CDS) query to scanner.{tld}"
+ )
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
"verbose": True,
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
"nextev": TIMEDELTA["PT1H"],
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ with ns3.watch_log_from_start() as watcher:
+ watcher.wait_for_line(
+ f"zone {zone}/IN (signed): dsyncfetch: send NOTIFY(CDS) query to scanner.{tld}"
+ )
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
"verbose": True,
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ with ns3.watch_log_from_start() as watcher:
+ watcher.wait_for_line(
+ f"zone {zone}/IN (signed): dsyncfetch: send NOTIFY(CDS) query to scanner.{tld}"
+ )
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
"nextev": None,
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ with ns3.watch_log_from_start() as watcher:
+ watcher.wait_for_line(
+ f"zone {zone}/IN (signed): dsyncfetch: send NOTIFY(CDS) query to scanner.{tld}"
+ )
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
"verbose": True,
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ with ns3.watch_log_from_start() as watcher:
+ watcher.wait_for_line(
+ f"zone {zone}/IN (signed): dsyncfetch: send NOTIFY(CDS) query to scanner.{tld}"
+ )
+
@pytest.mark.parametrize(
"tld",
"nextev": TIMEDELTA["PT1H"],
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
"nextev": None,
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
def test_going_insecure_reconfig_step1(zone, alg, size, ns3):
config = DEFAULT_CONFIG
policy = "insecure"
- zone = f"step1.{zone}"
+ szone = f"step1.{zone}"
- isctest.kasp.wait_keymgr_done(ns3, zone, reconfig=True)
+ isctest.kasp.wait_keymgr_done(ns3, szone, reconfig=True)
# Key goal states should be HIDDEN.
# The DS may be removed if we are going insecure.
step = {
- "zone": zone,
+ "zone": szone,
"cdss": CDSS,
"keyprops": [
f"ksk 0 {alg} {size} goal:hidden dnskey:omnipresent krrsig:omnipresent ds:unretentive offset:{-DURATION['P10D']}",
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+ with ns3.watch_log_from_start() as watcher:
+ if "dynamic" in zone:
+ watcher.wait_for_line(
+ f"zone {szone}/IN: dsyncfetch: send NOTIFY(CDS) query to scanner.kasp"
+ )
+ else:
+ watcher.wait_for_line(
+ f"zone {szone}/IN (signed): dsyncfetch: send NOTIFY(CDS) query to scanner.kasp"
+ )
+
@pytest.mark.parametrize(
"zone",
"check-keytimes": False,
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
expected[1].timing["Removed"] = now + KSK_IPUB + KSK_IRET
isctest.kasp.check_keytimes(keys, expected)
+
+ with ns3.watch_log_from_start() as watcher:
+ watcher.wait_for_line(
+ f"zone {zone}/IN (signed): dsyncfetch: send NOTIFY(CDS) query to scanner.kasp"
+ )
}
isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, policy, step)
+ with ns3.watch_log_from_start() as watcher:
+ watcher.wait_for_line(
+ f"zone {zone}/IN (signed): dsyncfetch: send NOTIFY(CDS) query to scanner.{tld}"
+ )
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
"nextev": None,
}
isctest.kasp.check_rollover_step(ns3, KSK_CONFIG, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
"nextev": None,
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
"nextev": None,
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
"nextev": None,
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
"nextev": None,
}
isctest.kasp.check_rollover_step(ns3, config, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
# Force full resign and check all signatures have been replaced.
with ns3.watch_log_from_here() as watcher:
ns3.rndc(f"sign {zone}")
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
+
@pytest.mark.parametrize(
"tld",
"nextev": None,
}
isctest.kasp.check_rollover_step(ns3, CONFIG, policy, step)
+
+ assert f"zone {zone}/IN (signed): dsyncfetch" not in ns3.log
allow-transfer { any; };
recursion yes;
dnssec-validation @dnssec_validation@;
+ notify-cds yes;
};
key rndc_key {
projects / thirdparty / bind9.git / commitdiff
