From: Mark Andrews Date: Thu, 26 Mar 2026 02:05:18 +0000 (+1100) Subject: Checking maximal sized compresses bit map works X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9a58de251e87227d573937d7838544a89c3091e;p=thirdparty%2Fbind9.git Checking maximal sized compresses bit map works Add records that will be at end of each compressed bitmap less 1 of the NSEC3 record. Zone verification should still work. --- diff --git a/bin/tests/system/dnssectools/tests.sh b/bin/tests/system/dnssectools/tests.sh index f8e836c8ecc..666c6ebe855 100644 --- a/bin/tests/system/dnssectools/tests.sh +++ b/bin/tests/system/dnssectools/tests.sh @@ -906,6 +906,35 @@ n=$((n + 1)) if [ "$ret" -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) +echo_i "checking maximal sized compresses bit map works ($n)" +ret=0 +( + cd signer || exit 0 + key1=$(${KEYGEN} -a "${DEFAULT_ALGORITHM}" -f KSK maxcbm.example) + key2=$(${KEYGEN} -a "${DEFAULT_ALGORITHM}" maxcbm.example) + cat >>maxcbm.example.db <>maxcbm.example.db + type=$((type + 256)) + done + "${SIGNER}" -3 - -o maxcbm.example maxcbm.example.db >signer.out.$n + "${CHECKZONE}" -q -D maxcbm.example maxcbm.example.db.signed \ + | grep '^M7L6E3AJUD7LRVUMMQS595OGHBMT4DFT.*NSEC3.*TYPE65534$' >/dev/null || ret=1 +) || ret=1 +n=$((n + 1)) +if [ "$ret" -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + echo_i "check that 'dnssec-keygen -S' works for all supported algorithms ($n)" ret=0 alg=1 diff --git a/bin/tests/system/dnssectools/tests_sh_dnssectools.py b/bin/tests/system/dnssectools/tests_sh_dnssectools.py index fe70cf52c40..3837da290da 100644 --- a/bin/tests/system/dnssectools/tests_sh_dnssectools.py +++ b/bin/tests/system/dnssectools/tests_sh_dnssectools.py @@ -41,6 +41,7 @@ pytestmark = pytest.mark.extra_artifacts( "signer/general/signed.expect", "signer/general/signed.zone", "signer/general/signer.out.*", + "signer/maxcbm.example.db", "signer/nsec3param.out", "signer/prepub.db", "signer/revoke.example.db",