Various TTL fixes in dnssec tests

Make sure the various TTL checks are using a lower bound as well and use
a common TTL of 5 min.

diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in
index 6531ae6649bd9891855f327171d5f813dcd26eff..47c2eb7f0eb6b6183f58f286bd336c449cfb5741 100644 (file)
--- a/bin/tests/system/dnssec/ns2/example.db.in
+++ b/bin/tests/system/dnssec/ns2/example.db.in
@@ -9,7 +9,7 @@
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 
-$TTL 3600      ; 1 hour
+$TTL 300       ; 5 minutes
 @                      IN SOA  mname1. . (
                                2000042407 ; serial
                                20         ; refresh (20 seconds)

diff --git a/bin/tests/system/dnssec/ns2/template.db.in b/bin/tests/system/dnssec/ns2/template.db.in
index 43ad12bb7c7fbb7cd2e1c8ea534c4966ff49a2be..a84b75b618ebf409ad34fd739a8474552637fb78 100644 (file)
--- a/bin/tests/system/dnssec/ns2/template.db.in
+++ b/bin/tests/system/dnssec/ns2/template.db.in
@@ -9,7 +9,7 @@
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 
-$TTL 3600
+$TTL 300       ; 5 minutes
 @      SOA     ns2.example. . 1 3600 1200 86400 1200
 @      NS      ns2
 ns2    A       10.53.0.2

diff --git a/bin/tests/system/dnssec/tests_delv.py b/bin/tests/system/dnssec/tests_delv.py
index 6ed76fe90fec427aafaabda30991aba4646763bb..2e6f2f26c9b934b0633f4ea2cb770167d9188c0a 100644 (file)
--- a/bin/tests/system/dnssec/tests_delv.py
+++ b/bin/tests/system/dnssec/tests_delv.py
@@ -75,12 +75,12 @@ def test_positive_validation_delv():
     # check positive validation NSEC
     response = delv("a", "a.example")
     assert grep_c("a.example..*10.0.0.1", response)
-    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)
 
     # check positive validation NSEC (trsuted-keys)
     response = delv("a", "a.example", tkeys=True)
     assert grep_c("a.example..*10.0.0.1", response)
-    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)
 
     # check positive validation NSEC3
     response = delv("a", "a.nsec3.example")
@@ -95,7 +95,7 @@ def test_positive_validation_delv():
     # check positive wildcard validation NSEC
     response = delv("a", "a.wild.example")
     assert grep_c("a.wild.example..*10.0.0.27", response)
-    assert grep_c("a.wild.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.wild.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)
 
     # check positive wildcard validation NSEC3
     response = delv("a", "a.wild.nsec3.example")

diff --git a/bin/tests/system/dnssec/tests_validation.py b/bin/tests/system/dnssec/tests_validation.py
index 917d517043b422596c717ef56d114d453ecfaad4..0e923a3440c0c813ce23020d628bbf947fb2d907 100644 (file)
--- a/bin/tests/system/dnssec/tests_validation.py
+++ b/bin/tests/system/dnssec/tests_validation.py
@@ -721,7 +721,7 @@ def test_cache(servers):
     isctest.check.rr_count_eq(res1.answer, 2)
     isctest.check.rr_count_eq(res2.answer, 2)
     for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 3000 <= rrset.ttl <= 3600
     for rrset in res2.answer:
         assert rrset.ttl <= 300
 
@@ -1157,7 +1157,7 @@ def test_expired_signatures(servers):
     msg = isctest.query.create("expiring.example", "SOA")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.answer:
         assert rrset.ttl <= 60
 
@@ -1168,7 +1168,7 @@ def test_expired_signatures(servers):
     msg = isctest.query.create("expiring.example", "NS")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.additional:
         assert rrset.ttl <= 60
 
@@ -1179,7 +1179,7 @@ def test_expired_signatures(servers):
     msg = isctest.query.create("expiring.example", "MX")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.additional:
         assert rrset.ttl <= 60
 

diff --git a/bin/tests/system/dnssec/tests_validation_accept_expired.py b/bin/tests/system/dnssec/tests_validation_accept_expired.py
index dc80695f669b9351a00eaf88bc43cb61f6b33f1d..207fba1d00dd3ee336d5da453afa1700f74ab511 100644 (file)
--- a/bin/tests/system/dnssec/tests_validation_accept_expired.py
+++ b/bin/tests/system/dnssec/tests_validation_accept_expired.py
@@ -34,7 +34,7 @@ def test_accept_expired(servers):
     msg = isctest.query.create("expiring.example", "SOA")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.answer:
         assert rrset.ttl <= 120
 
@@ -47,7 +47,7 @@ def test_accept_expired(servers):
     msg = isctest.query.create("expiring.example", "MX")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.additional:
         assert rrset.ttl <= 120
 
@@ -59,6 +59,6 @@ def test_accept_expired(servers):
     msg = isctest.query.create("expired.example", "SOA")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.additional:
         assert rrset.ttl <= 120