This test case enables DNSSEC and has a mismatch in policy. Fix the
policy so that it matches the existing key set, and adjust the
expected answer count because no longer a new key is generated.
dnssec-policy "views" {
keys {
ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
- csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+ zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
};
};
dnssec-policy "views" {
keys {
ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
- csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+ zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
};
};
wait_for_signed() {
"$DIG" -p "${PORT}" @10.53.0.2 -b 10.53.0.2 +dnssec DNSKEY inline >dig.out.internal
"$DIG" -p "${PORT}" @10.53.0.2 -b 10.53.0.5 +dnssec DNSKEY inline >dig.out.external
- grep "ANSWER: 4," dig.out.internal >/dev/null || return 1
- grep "ANSWER: 4," dig.out.external >/dev/null || return 1
+ grep "ANSWER: 3," dig.out.internal >/dev/null || return 1
+ grep "ANSWER: 3," dig.out.external >/dev/null || return 1
return 0
}
retry_quiet 10 wait_for_signed || ret=1
projects / thirdparty / bind9.git / commitdiff
