From: Nick Rosbrook <enr0n@ubuntu.com>
Date: Fri, 22 Aug 2025 17:36:48 +0000 (-0400)
Subject: test: ensure that reload updates DNSSEC and DNSOverTLS on link scopes
X-Git-Tag: v258-rc4~36
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1be088c2995f6f22767a4a58e7b51c3642930805;p=thirdparty%2Fsystemd.git

test: ensure that reload updates DNSSEC and DNSOverTLS on link scopes
---

diff --git a/test/units/TEST-75-RESOLVED.sh b/test/units/TEST-75-RESOLVED.sh
index 5b0f9e3e618..24c9c8ffac3 100755
--- a/test/units/TEST-75-RESOLVED.sh
+++ b/test/units/TEST-75-RESOLVED.sh
@@ -791,10 +791,62 @@ testcase_08_resolved() {
 }
 
 testcase_09_resolvectl_showcache() {
+    # Cleanup
+    # shellcheck disable=SC2317
+    cleanup() {
+        rm -f /run/systemd/resolved.conf.d/90-resolved.conf
+        rm -f /run/systemd/network/10-dns2.netdev
+        rm -f /run/systemd/network/10-dns2.network
+        networkctl reload
+        systemctl reload systemd-resolved.service
+        resolvectl revert dns0
+    }
+
+    trap cleanup RETURN
+
     ### Test resolvectl show-cache
     run resolvectl show-cache
     run resolvectl show-cache --json=short
     run resolvectl show-cache --json=pretty
+
+    # Use resolvectl show-cache to check that reloding resolved updates scope
+    # DNSSEC and DNSOverTLS modes.
+    {
+        echo "[NetDev]"
+        echo "Name=dns2"
+        echo "Kind=dummy"
+    } > /run/systemd/network/10-dns2.netdev
+    {
+        echo "[Match]"
+        echo "Name=dns2"
+        echo "[Network]"
+        echo "IPv6AcceptRA=no"
+        echo "Address=10.123.0.1/24"
+        echo "DNS=10.0.0.1"
+    } > /run/systemd/network/10-dns2.network
+    networkctl reload
+    networkctl reconfigure dns2
+
+    mkdir -p /run/systemd/resolved.conf.d/
+    {
+        echo "[Resolve]"
+        echo "DNSSEC=no"
+        echo "DNSOverTLS=no"
+    } > /run/systemd/resolved.conf.d/90-resolved.conf
+    systemctl reload systemd-resolved.service
+
+    test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnssec')" == 'no'
+    test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnsOverTLS')" == 'no'
+
+    {
+        echo "[Resolve]"
+        echo "DNSSEC=allow-downgrade"
+        echo "DNSOverTLS=opportunistic"
+    } > /run/systemd/resolved.conf.d/90-resolved.conf
+    systemctl reload systemd-resolved.service
+
+    test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnssec')" == 'allow-downgrade'
+    test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnsOverTLS')" == 'opportunistic'
 }
 
 testcase_10_resolvectl_json() {