Retry the SOA serial check in the rpz test

While a response-policy zone is being (re)loaded it can briefly answer
with no SOA (SERVFAIL/REFUSED), which `dig +short` renders as empty
output.  get_sn() aborted the whole tests.sh on the first such miss,
defeating the retry_quiet() loop in ck_soa() that is meant to wait for
the reload to settle.  Return failure instead so the check is retried.

Assisted-by: Claude:claude-opus-4-8

diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh
index 2b3598d7af51992f422812e18952aee25eca2fe1..2172cec7056ed54b4292208822cda32709fb3bbe 100644 (file)
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@@ -111,8 +111,12 @@ get_sn() {
   $DIG -p "${PORT}" +short +norecurse soa "$1" "@$2" "-b$2" >$DIGNM
   SN=$(awk '{ print $3 }' <$DIGNM)
   [ -n "$SN" ] && return
+  # A policy zone being (re)loaded can briefly answer with no SOA
+  # (SERVFAIL/REFUSED), which +short renders as empty output.  Return
+  # failure rather than aborting so the retry_quiet() in ck_soa() can
+  # probe again instead of dying on a single transient miss.
   echo_i "no serial number from \`dig -p ${PORT} soa $1 @$2\`"
-  exit 1
+  return 1
 }
 
 # check the serial number in an SOA to ensure that a policy zone has
@@ -121,7 +125,7 @@ get_sn() {
 # $2=domain
 # $3=DNS server
 test_soa() {
-  get_sn "$2" "$3"
+  get_sn "$2" "$3" || return 1
   test "$SN" -eq "$1"
 }