From: Libor Peltan Date: Fri, 22 Mar 2019 12:28:29 +0000 (+0100) Subject: tests: improved check of NSEC3 update covers adding delegation X-Git-Tag: v2.9.0~286^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e76bdf851bf527a38d73ab040dd0f67a01550fa1;p=thirdparty%2Fknot-dns.git tests: improved check of NSEC3 update covers adding delegation --- diff --git a/tests-extra/tests/dnssec/nsec_update/test.py b/tests-extra/tests/dnssec/nsec_update/test.py index 15609aabc2..a9da903038 100644 --- a/tests-extra/tests/dnssec/nsec_update/test.py +++ b/tests-extra/tests/dnssec/nsec_update/test.py @@ -25,9 +25,8 @@ for zone in zones: master.dnssec(zone).nsec3_opt_out = (random.random() < 0.5) t.start() -t.sleep(4) +master.zones_wait(zones) slave.ctl("zone-refresh") - slave.zones_wait(zones) # initial convenience check @@ -44,14 +43,48 @@ after_update = master.zones_wait(zones) # sync slave with current master's state slave.ctl("zone-refresh") -t.sleep(5) - slave.zones_wait(zones, after_update, equal=True, greater=False) +# flush so that we can do zone_verify +slave.flush() + # re-sign master and check that the re-sign made nothing master.ctl("zone-sign") -master.zones_wait(zones, after_update, equal=False, greater=True) +after_update15 = master.zones_wait(zones, after_update, equal=False, greater=True) t.xfr_diff(master, slave, zones, no_rrsig_rdata=True) +for zone in zones: + slave.zone_verify(zone) + +# sync slave with current master's state +slave.ctl("zone-refresh") +slave.zones_wait(zones, after_update15, equal=True, greater=False) + +# update master by adding delegation with nontrivial NONAUTH nodes +for zone in zones: + up = master.update(zone) + if random.random() < 0.5: + up.add("deleg390280", 3600, "NS", "a.ns.deleg390280") + up.add("a.ns.deleg390280", 3600, "A", "1.2.54.30") + else: + up.add("deleg390281", 3600, "NS", "ns.deleg390280") + up.add("ns.deleg390281", 3600, "A", "1.2.54.31") + up.send("NOERROR") +after_update2 = master.zones_wait(zones, after_update15, equal=False, greater=True) + +# sync slave with current master's state +slave.ctl("zone-refresh") +slave.zones_wait(zones, after_update2, equal=True, greater=False) + +# flush so that we can do zone_verify +slave.flush() + +# re-sign master and check that the re-sign made nothing +master.ctl("zone-sign") +after_update25 = master.zones_wait(zones, after_update2, equal=False, greater=True) + +t.xfr_diff(master, slave, zones, no_rrsig_rdata=True) +for zone in zones: + slave.zone_verify(zone) t.end()