networkd-test: disable DNSSEC in domain-restricted DNS test

dnsmasq 2.80 changed behaviour when being queried by resolved with
enabled DNSSEC: It returns errors for SOA and DS queries which cause the
entire query to fail. As we don't configure DNSSEC in this test anyway,
just disable it so that we retain compatibility with old and new dnsmasq
versions.

diff --git a/test/networkd-test.py b/test/networkd-test.py
index 7011abc965c63ec5e528e7e9d9306d08a2dada4b..71ee06f279b75e3e5cc2bd17530d69d1e1c095af 100755 (executable)
--- a/test/networkd-test.py
+++ b/test/networkd-test.py
@@ -575,6 +575,13 @@ class DnsmasqClientTest(ClientTestBase, unittest.TestCase):
     def test_resolved_domain_restricted_dns(self):
         '''resolved: domain-restricted DNS servers'''
 
+        # FIXME: resolvectl query fails with enabled DNSSEC against our dnsmasq
+        conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf'
+        os.makedirs(os.path.dirname(conf), exist_ok=True)
+        with open(conf, 'w') as f:
+            f.write('[Resolve]\nDNSSEC=no\n')
+        self.addCleanup(os.remove, conf)
+
         # create interface for generic connections; this will map all DNS names
         # to 192.168.42.1
         self.create_iface(dnsmasq_opts=['--address=/#/192.168.42.1'])