From: Mark Andrews Date: Fri, 10 Apr 2026 07:21:42 +0000 (+1000) Subject: Checking maximal sized compresses bit map works X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abefcf7156be1af40ea5cd81b3c356fe39c9e794;p=thirdparty%2Fbind9.git Checking maximal sized compresses bit map works Add records that will be at end of each compressed bitmap less 1 of the NSEC3 record. Zone verification should still work. (cherry picked from commit e9a58de251e87227d573937d7838544a89c3091e) --- diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 738bc6603c7..56c11dcddb7 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -3420,6 +3420,35 @@ n=$((n + 1)) test "$ret" -eq 0 || echo_i "failed" status=$((status + ret)) +echo_i "checking maximal sized compresses bit map works ($n)" +ret=0 +( + cd signer || exit 0 + key1=$(${KEYGEN} -a "${DEFAULT_ALGORITHM}" -f KSK maxcbm.example) + key2=$(${KEYGEN} -a "${DEFAULT_ALGORITHM}" maxcbm.example) + cat >>maxcbm.example.db <>maxcbm.example.db + type=$((type + 256)) + done + "${SIGNER}" -3 - -o maxcbm.example maxcbm.example.db >signer.out.$n + "${CHECKZONE}" -q -D maxcbm.example maxcbm.example.db.signed \ + | grep '^M7L6E3AJUD7LRVUMMQS595OGHBMT4DFT.*NSEC3.*TYPE65534$' >/dev/null || ret=1 +) || ret=1 +n=$((n + 1)) +if [ "$ret" -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + echo_i "check that 'dnssec-keygen -S' works for all supported algorithms ($n)" ret=0 alg=1 diff --git a/bin/tests/system/dnssec/tests_sh_dnssec.py b/bin/tests/system/dnssec/tests_sh_dnssec.py index 8ce5de630c7..719c319130f 100644 --- a/bin/tests/system/dnssec/tests_sh_dnssec.py +++ b/bin/tests/system/dnssec/tests_sh_dnssec.py @@ -166,6 +166,7 @@ pytestmark = pytest.mark.extra_artifacts( "signer/general/dsset-*", "signer/general/signed.zone", "signer/general/signer.out.*", + "signer/maxcbm.example.db", "signer/nsec3param.out", "signer/prepub.db", "signer/revoke.example.db",