# an unlimited lifetime. Fallback to the default loadkeys interval.
check_next_key_event 3600
-_check_soa_ttl() {
- dig_with_opts @10.53.0.6 example SOA >dig.out.ns6.test$n.soa2 || return 1
- soa1=$(awk '$4 == "SOA" { print $7 }' dig.out.ns6.test$n.soa1)
- soa2=$(awk '$4 == "SOA" { print $7 }' dig.out.ns6.test$n.soa2)
- ttl1=$(awk '$4 == "SOA" { print $2 }' dig.out.ns6.test$n.soa1)
- ttl2=$(awk '$4 == "SOA" { print $2 }' dig.out.ns6.test$n.soa2)
- test ${soa1:-1000} -lt ${soa2:-0} || return 1
- test ${ttl1:-0} -eq $1 || return 1
- test ${ttl2:-0} -eq $2 || return 1
-}
-
-n=$((n + 1))
-echo_i "Check that 'rndc reload' of just the serial updates the signed instance ($n)"
-TSIG=
-ret=0
-dig_with_opts @10.53.0.6 example SOA >dig.out.ns6.test$n.soa1 || ret=1
-cp ns6/example2.db.in ns6/example.db || ret=1
-nextpart ns6/named.run >/dev/null
-rndccmd 10.53.0.6 reload || ret=1
-wait_for_log 3 "all zones loaded" ns6/named.run || ret=1
-# Check that the SOA SERIAL increases and check the TTLs (should be 300 as
-# defined in ns6/example2.db.in).
-retry_quiet 10 _check_soa_ttl 300 300 || ret=1
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "Check that restart with zone changes and deleted journal works ($n)"
-TSIG=
-ret=0
-dig_with_opts @10.53.0.6 example SOA >dig.out.ns6.test$n.soa1 || ret=1
-stop_server --use-rndc --port ${CONTROLPORT} ns6
-# TTL of all records change from 300 to 400
-cp ns6/example3.db.in ns6/example.db || ret=1
-rm ns6/example.db.jnl
-nextpart ns6/named.run >/dev/null
-start_server --noclean --restart --port ${PORT} ns6
-wait_for_log 3 "all zones loaded" ns6/named.run || ret=1
-# Check that the SOA SERIAL increases and check the TTLs (should be changed
-# from 300 to 400 as defined in ns6/example3.db.in).
-retry_quiet 10 _check_soa_ttl 300 400 || ret=1
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status + ret))
-
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
msg = f"zone {zone}/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing"
server.log.prohibit(msg)
+
+
+def test_kasp_reload_restart(servers):
+ server = servers["ns6"]
+ zone = "example"
+
+ def query_soa(qname):
+ fqdn = dns.name.from_text(qname)
+ qtype = dns.rdatatype.SOA
+ query = dns.message.make_query(fqdn, qtype, use_edns=True, want_dnssec=True)
+ try:
+ response = isctest.query.tcp(query, server.ip, server.ports.dns, timeout=3)
+ except dns.exception.Timeout:
+ isctest.log.debug(f"query timeout for query {qname} SOA to {server.ip}")
+ return 0, 0
+
+ assert response.rcode() == dns.rcode.NOERROR
+
+ for rr in response.answer:
+ if rr.match(fqdn, dns.rdataclass.IN, dns.rdatatype.RRSIG, qtype):
+ continue
+
+ assert rr.match(fqdn, dns.rdataclass.IN, qtype, dns.rdatatype.NONE)
+ assert len(rr) == 1
+ return rr[0].serial, rr.ttl
+
+ return 0, 0
+
+ def check_soa_ttl():
+ soa2, ttl2 = query_soa(zone)
+ return soa1 < soa2 and ttl2 == newttl
+
+ # Check that the SOA SERIAL increases and check the TTLs (should be 300 as
+ # defined in ns6/example2.db.in).
+ soa1, ttl1 = query_soa(zone)
+ assert ttl1 == 300
+
+ shutil.copyfile(f"ns6/{zone}2.db.in", f"ns6/{zone}.db")
+ with server.watch_log_from_here() as watcher:
+ server.rndc("reload", log=False)
+ watcher.wait_for_line("all zones loaded")
+
+ newttl = 300
+ isctest.run.retry_with_timeout(check_soa_ttl, timeout=10)
+
+ # Check that the SOA SERIAL increases and check the TTLs (should be changed
+ # from 300 to 400 as defined in ns6/example3.db.in).
+ soa1, ttl1 = query_soa(zone)
+ assert ttl1 == 300
+
+ server.stop()
+ shutil.copyfile(f"ns6/{zone}3.db.in", f"ns6/{zone}.db")
+ os.unlink(f"ns6/{zone}.db.jnl")
+ with server.watch_log_from_here() as watcher:
+ server.start(["--noclean", "--restart", "--port", os.environ["PORT"]])
+ watcher.wait_for_line("all zones loaded")
+
+ newttl = 400
+ isctest.run.retry_with_timeout(check_soa_ttl, timeout=10)
projects / thirdparty / bind9.git / commitdiff
