From: Nicki Křížek <nicki@isc.org>
Date: Fri, 25 Jul 2025 15:21:56 +0000 (+0200)
Subject: Various TTL fixes in dnssec tests
X-Git-Tag: v9.21.11~13^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0e2487ab6b6adf0c4b20c5bd97b97c34eb23501;p=thirdparty%2Fbind9.git

Various TTL fixes in dnssec tests

Make sure the various TTL checks are using a lower bound as well and use
a common TTL of 5 min.
---

diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in
index 6531ae6649b..47c2eb7f0eb 100644
--- a/bin/tests/system/dnssec/ns2/example.db.in
+++ b/bin/tests/system/dnssec/ns2/example.db.in
@@ -9,7 +9,7 @@
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 
-$TTL 3600	; 1 hour
+$TTL 300	; 5 minutes
 @			IN SOA	mname1. . (
 				2000042407 ; serial
 				20	   ; refresh (20 seconds)
diff --git a/bin/tests/system/dnssec/ns2/template.db.in b/bin/tests/system/dnssec/ns2/template.db.in
index 43ad12bb7c7..a84b75b618e 100644
--- a/bin/tests/system/dnssec/ns2/template.db.in
+++ b/bin/tests/system/dnssec/ns2/template.db.in
@@ -9,7 +9,7 @@
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 
-$TTL 3600
+$TTL 300	; 5 minutes
 @	SOA	ns2.example. . 1 3600 1200 86400 1200
 @	NS	ns2
 ns2	A	10.53.0.2
diff --git a/bin/tests/system/dnssec/tests_delv.py b/bin/tests/system/dnssec/tests_delv.py
index 6ed76fe90fe..2e6f2f26c9b 100644
--- a/bin/tests/system/dnssec/tests_delv.py
+++ b/bin/tests/system/dnssec/tests_delv.py
@@ -75,12 +75,12 @@ def test_positive_validation_delv():
     # check positive validation NSEC
     response = delv("a", "a.example")
     assert grep_c("a.example..*10.0.0.1", response)
-    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)
 
     # check positive validation NSEC (trsuted-keys)
     response = delv("a", "a.example", tkeys=True)
     assert grep_c("a.example..*10.0.0.1", response)
-    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)
 
     # check positive validation NSEC3
     response = delv("a", "a.nsec3.example")
@@ -95,7 +95,7 @@ def test_positive_validation_delv():
     # check positive wildcard validation NSEC
     response = delv("a", "a.wild.example")
     assert grep_c("a.wild.example..*10.0.0.27", response)
-    assert grep_c("a.wild.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response)
+    assert grep_c("a.wild.example..*.RRSIG.A [0-9][0-9]* 2 300 .*", response)
 
     # check positive wildcard validation NSEC3
     response = delv("a", "a.wild.nsec3.example")
diff --git a/bin/tests/system/dnssec/tests_validation.py b/bin/tests/system/dnssec/tests_validation.py
index 917d517043b..0e923a3440c 100644
--- a/bin/tests/system/dnssec/tests_validation.py
+++ b/bin/tests/system/dnssec/tests_validation.py
@@ -721,7 +721,7 @@ def test_cache(servers):
     isctest.check.rr_count_eq(res1.answer, 2)
     isctest.check.rr_count_eq(res2.answer, 2)
     for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 3000 <= rrset.ttl <= 3600
     for rrset in res2.answer:
         assert rrset.ttl <= 300
 
@@ -1157,7 +1157,7 @@ def test_expired_signatures(servers):
     msg = isctest.query.create("expiring.example", "SOA")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.answer:
         assert rrset.ttl <= 60
 
@@ -1168,7 +1168,7 @@ def test_expired_signatures(servers):
     msg = isctest.query.create("expiring.example", "NS")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.additional:
         assert rrset.ttl <= 60
 
@@ -1179,7 +1179,7 @@ def test_expired_signatures(servers):
     msg = isctest.query.create("expiring.example", "MX")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.additional:
         assert rrset.ttl <= 60
 
diff --git a/bin/tests/system/dnssec/tests_validation_accept_expired.py b/bin/tests/system/dnssec/tests_validation_accept_expired.py
index dc80695f669..207fba1d00d 100644
--- a/bin/tests/system/dnssec/tests_validation_accept_expired.py
+++ b/bin/tests/system/dnssec/tests_validation_accept_expired.py
@@ -34,7 +34,7 @@ def test_accept_expired(servers):
     msg = isctest.query.create("expiring.example", "SOA")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.answer:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.answer:
         assert rrset.ttl <= 120
 
@@ -47,7 +47,7 @@ def test_accept_expired(servers):
     msg = isctest.query.create("expiring.example", "MX")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.additional:
         assert rrset.ttl <= 120
 
@@ -59,6 +59,6 @@ def test_accept_expired(servers):
     msg = isctest.query.create("expired.example", "SOA")
     res2 = isctest.query.tcp(msg, "10.53.0.4")
     for rrset in res1.additional:
-        assert rrset.ttl <= 3600
+        assert 240 <= rrset.ttl <= 300
     for rrset in res2.additional:
         assert rrset.ttl <= 120