assert not match, f"{match.group(1)} record found in journal"
-def check_add_zsk(server, zone, keys, expected, zsk, extra):
+def check_add_zsk(server, zone, keys, expected, extra_keys, extra):
isctest.log.info("add dnskey record:")
isctest.log.info(
- f"- zone {zone} {server.identifier}: update zone with ZSK from other provider"
+ f"- zone {zone} {server.identifier}: update zone with ZSK from other providers"
)
- dnskey = zsk.dnskey().split()
- rdata = " ".join(dnskey[4:])
update_msg = dns.update.UpdateMessage(zone)
- update_msg.add(f"{zone}.", TTL, "DNSKEY", rdata)
+ for zsk in extra_keys:
+ dnskey = zsk.dnskey().split()
+ rdata = " ".join(dnskey[4:])
+ update_msg.add(f"{zone}.", TTL, "DNSKEY", rdata)
server.nsupdate(update_msg)
# Check the new DNSKEY RRset.
isctest.log.info(
f"- zone {zone} {server.identifier}: check DNSKEY RRset after update add"
)
- check_dnssec(server, zone, keys + [zsk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Check the logs for find zone keys errors.
isctest.log.info(
# Check again.
isctest.log.info(f"- zone {zone} {server.identifier}: check again after keymgr run")
- check_dnssec(server, zone, keys + [zsk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
server.log.prohibit(f"dns_zone_findkeys: error reading ./K{zone}")
-def check_remove_zsk(server, zone, keys, expected, zsk, extra):
+def check_remove_zsk(server, zone, keys, expected, extra_keys, extra):
isctest.log.info("remove dnskey record:")
isctest.log.info(
isctest.log.info(
f"- zone {zone} {server.identifier}: check DNSKEY RRset after update remove"
)
- check_dnssec(server, zone, keys + [zsk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Trigger keymgr.
with server.watch_log_from_here() as watcher:
# Check again.
isctest.log.info(f"- zone {zone} {server.identifier}: check again after keymgr run")
- check_dnssec(server, zone, keys + [zsk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Remove actual ZSK.
isctest.log.info(
- f"- zone {zone} {server.identifier}: remove ZSK from other provider"
+ f"- zone {zone} {server.identifier}: remove ZSK from other providers"
)
- dnskey = zsk.dnskey().split()
- rdata = " ".join(dnskey[4:])
update_msg = dns.update.UpdateMessage(zone)
- update_msg.delete(f"{zone}.", "DNSKEY", rdata)
+ for zsk in extra_keys:
+ dnskey = zsk.dnskey().split()
+ rdata = " ".join(dnskey[4:])
+ update_msg.delete(f"{zone}.", "DNSKEY", rdata)
server.nsupdate(update_msg)
# We should have only the KSK and ZSK from server.
check_dnssec(server, zone, keys, expected)
-def check_add_cdnskey(server, zone, keys, expected, ksk, extra):
+def check_add_cdnskey(server, zone, keys, expected, extra_keys, extra):
isctest.log.info("add cdnskey record:")
isctest.log.info(
- f"- zone {zone} {server.identifier}: update zone with CDNSKEY from other provider"
+ f"- zone {zone} {server.identifier}: update zone with CDNSKEY from other providers"
)
- # Retrieve CDNSKEY records from the other provider.
- dnskey = ksk.dnskey().split()
- rdata = " ".join(dnskey[4:])
+ # Retrieve CDNSKEY records from the other providers.
update_msg = dns.update.UpdateMessage(zone)
- update_msg.add(f"{zone}.", TTL, "CDNSKEY", rdata)
+ for ksk in extra_keys:
+ dnskey = ksk.dnskey().split()
+ rdata = " ".join(dnskey[4:])
+ update_msg.add(f"{zone}.", TTL, "CDNSKEY", rdata)
server.nsupdate(update_msg)
# Now there should be two CDNSKEY records.
isctest.log.info(
f"- zone {zone} {server.identifier}: check CDNSKEY RRset after update add"
)
- check_dnssec(server, zone, keys + [ksk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Trigger keymgr.
with server.watch_log_from_here() as watcher:
# Check again.
isctest.log.info(f"- zone {zone} {server.identifier}: check again after keymgr run")
- check_dnssec(server, zone, keys + [ksk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
-def check_remove_cdnskey(server, zone, keys, expected, ksk, extra):
+def check_remove_cdnskey(server, zone, keys, expected, extra_keys, extra):
isctest.log.info("remove cdnskey record:")
isctest.log.info(
isctest.log.info(
f"- zone {zone} {server.identifier}: check CDNSKEY RRset after update remove"
)
- check_dnssec(server, zone, keys + [ksk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Trigger keymgr.
with server.watch_log_from_here() as watcher:
# Check again.
isctest.log.info(f"- zone {zone} {server.identifier}: check again after keymgr run")
- check_dnssec(server, zone, keys + [ksk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Remove actual CDNSKEY.
isctest.log.info(
- f"- zone {zone} {server.identifier}: remove CDNSKEY from other provider"
+ f"- zone {zone} {server.identifier}: remove CDNSKEY from other providers"
)
- dnskey = ksk.dnskey().split()
- rdata = " ".join(dnskey[4:])
update_msg = dns.update.UpdateMessage(zone)
- update_msg.delete(f"{zone}.", "CDNSKEY", rdata)
+ for ksk in extra_keys:
+ dnskey = ksk.dnskey().split()
+ rdata = " ".join(dnskey[4:])
+ update_msg.delete(f"{zone}.", "CDNSKEY", rdata)
server.nsupdate(update_msg)
# Now there should be one CDNSKEY record again.
check_dnssec(server, zone, keys, expected)
-def check_add_cds(server, zone, keys, expected, ksk, extra):
+def check_add_cds(server, zone, keys, expected, extra_keys, extra):
isctest.log.info("add cds record:")
isctest.log.info(
- f"- zone {zone} {server.identifier}: update zone with CDS from other provider"
+ f"- zone {zone} {server.identifier}: update zone with CDS from other providers"
)
- # Retrieve CDS records from the other provider.
- ds = dsfromkey(ksk)
- rdata = " ".join(ds[4:])
+ # Retrieve CDS records from the other providers.
update_msg = dns.update.UpdateMessage(zone)
- update_msg.add(f"{zone}.", TTL, "CDS", rdata)
+ for ksk in extra_keys:
+ ds = dsfromkey(ksk)
+ rdata = " ".join(ds[4:])
+ update_msg.add(f"{zone}.", TTL, "CDS", rdata)
server.nsupdate(update_msg)
# Now there should be two CDS records.
isctest.log.info(
f"- zone {zone} {server.identifier}: check CDS RRset after update add"
)
- check_dnssec(server, zone, keys + [ksk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Trigger keymgr.
with server.watch_log_from_here() as watcher:
# Check again.
isctest.log.info(f"- zone {zone} {server.identifier}: check again after keymgr run")
- check_dnssec(server, zone, keys + [ksk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
-def check_remove_cds(server, zone, keys, expected, ksk, extra):
+def check_remove_cds(server, zone, keys, expected, extra_keys, extra):
isctest.log.info("remove cds record:")
isctest.log.info(
isctest.log.info(
f"- zone {zone} {server.identifier}: check CDS RRset after update remove"
)
- check_dnssec(server, zone, keys + [ksk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Trigger keymgr.
with server.watch_log_from_here() as watcher:
# Check again.
isctest.log.info(f"- zone {zone} {server.identifier}: check again after keymgr run")
- check_dnssec(server, zone, keys + [ksk], expected + extra)
+ check_dnssec(server, zone, keys + extra_keys, expected + extra)
# Remove actual CDS.
isctest.log.info(
- f"- zone {zone} {server.identifier}: remove CDS from other provider"
+ f"- zone {zone} {server.identifier}: remove CDS from other providers"
)
- ds = dsfromkey(ksk)
- rdata = " ".join(ds[4:])
update_msg = dns.update.UpdateMessage(zone)
- update_msg.delete(f"{zone}.", "CDS", rdata)
+ for ksk in extra_keys:
+ ds = dsfromkey(ksk)
+ rdata = " ".join(ds[4:])
+ update_msg.delete(f"{zone}.", "CDS", rdata)
server.nsupdate(update_msg)
# Now there should be one CDS record again.
extra[0].private = False # noqa
extra[0].legacy = True # noqa
- check_add_zsk(ns3, zone, keys3, expected3, zsks4[0], extra)
- check_add_zsk(ns4, zone, keys4, expected4, zsks3[0], extra)
+ check_add_zsk(ns3, zone, keys3, expected3, [zsks4[0]], extra)
+ check_add_zsk(ns4, zone, keys4, expected4, [zsks3[0]], extra)
check_no_dnssec_in_journal(ns4, zone)
# Remove DNSKEY from RRset.
- check_remove_zsk(ns3, zone, keys3, expected3, zsks4[0], extra)
- check_remove_zsk(ns4, zone, keys4, expected4, zsks3[0], extra)
+ check_remove_zsk(ns3, zone, keys3, expected3, [zsks4[0]], extra)
+ check_remove_zsk(ns4, zone, keys4, expected4, [zsks3[0]], extra)
check_no_dnssec_in_journal(ns4, zone)
# Add CDNSKEY RRset.
extra[0].private = False # noqa
extra[0].legacy = True # noqa
- check_add_cdnskey(ns3, zone, keys3, expected3, ksks4[0], extra)
- check_add_cdnskey(ns4, zone, keys4, expected4, ksks3[0], extra)
+ check_add_cdnskey(ns3, zone, keys3, expected3, [ksks4[0]], extra)
+ check_add_cdnskey(ns4, zone, keys4, expected4, [ksks3[0]], extra)
check_no_dnssec_in_journal(ns4, zone)
# Remove CDNSKEY RRset.
- check_remove_cdnskey(ns3, zone, keys3, expected3, ksks4[0], extra)
- check_remove_cdnskey(ns4, zone, keys4, expected4, ksks3[0], extra)
+ check_remove_cdnskey(ns3, zone, keys3, expected3, [ksks4[0]], extra)
+ check_remove_cdnskey(ns4, zone, keys4, expected4, [ksks3[0]], extra)
check_no_dnssec_in_journal(ns4, zone)
# Update CDS RRset.
- check_add_cds(ns3, zone, keys3, expected3, ksks4[0], extra)
- check_add_cds(ns4, zone, keys4, expected4, ksks3[0], extra)
+ check_add_cds(ns3, zone, keys3, expected3, [ksks4[0]], extra)
+ check_add_cds(ns4, zone, keys4, expected4, [ksks3[0]], extra)
check_no_dnssec_in_journal(ns4, zone)
# Remove CDS RRset.
- check_remove_cds(ns3, zone, keys3, expected3, ksks4[0], extra)
- check_remove_cds(ns4, zone, keys4, expected4, ksks3[0], extra)
+ check_remove_cds(ns3, zone, keys3, expected3, [ksks4[0]], extra)
+ check_remove_cds(ns4, zone, keys4, expected4, [ksks3[0]], extra)
check_no_dnssec_in_journal(ns4, zone)
projects / thirdparty / bind9.git / commitdiff
