Regression check for NSEC3 to NSEC3 conversion

author Matthijs Mekking <matthijs@isc.org>

Tue, 19 Dec 2023 12:23:44 +0000 (13:23 +0100)

committer Mark Andrews <marka@isc.org>

Thu, 21 Dec 2023 09:12:09 +0000 (20:12 +1100)
author Matthijs Mekking <matthijs@isc.org>
Tue, 19 Dec 2023 12:23:44 +0000 (13:23 +0100)
committer Mark Andrews <marka@isc.org>
Thu, 21 Dec 2023 09:12:09 +0000 (20:12 +1100)
diff --git a/bin/tests/system/autosign/ns3/keygen.sh b/bin/tests/system/autosign/ns3/keygen.sh

index 47a47e7f5468092eb7cb6e02baf7e7b4c2694d6d..bc4dd5d8c2cf9774bea917822eb352c2a72dfaae 100644 (file)
--- a/bin/tests/system/autosign/ns3/keygen.sh
+++ b/bin/tests/system/autosign/ns3/keygen.sh
@@ -195,6 +195,14 @@ $KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone >kg.out 2>&1 || dumpit kg.out
  $KEYGEN -q -a $DEFAULT_ALGORITHM $zone >kg.out 2>&1 || dumpit kg.out
  $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile >s.out || dumpit s.out
  
+#
+# NSEC3->NSEC3 transition test zone.
+#
+setup nsec3-to-nsec3.example
+$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile >s.out || dumpit s.out
+
  #
  # Introducing a pre-published key test.
  #
diff --git a/bin/tests/system/autosign/ns3/named.conf.in b/bin/tests/system/autosign/ns3/named.conf.in

index bfcccaf001c76c45006bde4c57f49566d3c4adf5..9bc5d655e1650c5ae3707ee00dca7a9eef021e10 100644 (file)
--- a/bin/tests/system/autosign/ns3/named.conf.in
+++ b/bin/tests/system/autosign/ns3/named.conf.in
@@ -265,6 +265,15 @@ zone "nsec3-to-nsec.example" {
         dnssec-policy autosign;
  };
  
+zone "nsec3-to-nsec3.example" {
+       type primary;
+       file "nsec3-to-nsec3.example.db";
+       allow-update { any; };
+       inline-signing no;
+       max-journal-size 10M;
+       dnssec-policy nsec3;
+};
+
  zone "oldsigs.example" {
         type primary;
         file "oldsigs.example.db";
diff --git a/bin/tests/system/autosign/ns3/nsec3-to-nsec3.example.db.in b/bin/tests/system/autosign/ns3/nsec3-to-nsec3.example.db.in

new file mode 100644 (file)

index 0000000..0b11a00
--- /dev/null
+++ b/bin/tests/system/autosign/ns3/nsec3-to-nsec3.example.db.in
@@ -0,0 +1,26 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300       ; 5 minutes
+@                      IN SOA  mname1. . (
+                               2009102722 ; serial
+                               20         ; refresh (20 seconds)
+                               20         ; retry (20 seconds)
+                               1814400    ; expire (3 weeks)
+                               3600       ; minimum (1 hour)
+                               )
+                       NS      ns
+ns                     A       10.53.0.3
+
+a                      A       10.0.0.1
+b                      A       10.0.0.2
+d                      A       10.0.0.4
+x                      CNAME   a
diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh

index 19e95901398b73257a9e245184149e31245411ed..4c2ea9d9b87225df57572004a3ae795a3f54ed45 100755 (executable)
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -890,7 +890,8 @@ checkprivate private.secure.example 10.53.0.3 2 || ret=1 # pre-signed
  checkprivate nsec3.example 10.53.0.3 || ret=1
  checkprivate nsec3.nsec3.example 10.53.0.3 || ret=1
  checkprivate nsec3.optout.example 10.53.0.3 || ret=1
-checkprivate nsec3-to-nsec.example 10.53.0.3 2 || ret=1 # automatically removed
+checkprivate nsec3-to-nsec.example 10.53.0.3 2 || ret=1  # automatically removed
+checkprivate nsec3-to-nsec3.example 10.53.0.3 2 || ret=1 # automatically removed
  if $SHELL ../testcrypto.sh -q RSASHA1; then
    checkprivate nsec-only.example 10.53.0.3 || ret=1
  fi
@@ -1350,5 +1351,19 @@ n=$((n + 1))
  if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
  status=$((status + ret))
  
+echo_i "check that NSEC3 to NSEC3 builds the new NSEC3 chain first ($n)"
+ret=0
+$JOURNALPRINT ns3/nsec3-to-nsec3.example.db.jnl \
+  | awk 'BEGIN { addnsec3param=0; delnsec3param=0; nsec3=0 }
+$1 == "del" && $5 == "SOA" { if (delnsec3param || nsec3 || addnsec3param) { if (delnsec3param && (!nsec3 || !addnsec3param)) { exit(1); } else { exit(0); } } }
+$1 == "del" && $5 == "NSEC3PARAM" { delnsec3param=1 }
+$1 == "add" && $5 == "NSEC3PARAM" { addnsec3param=1 }
+$1 == "add" && $5 == "NSEC3" { nsec3=1 }
+END { if (delnsec3param || nsec3 || addnsec3param) { if (delnsec3param && (!nsec3 || !addnsec3param)) { exit(1); } else { exit(0); } } else { exit(1); } }
+' || ret=1
+n=$((n + 1))
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
  echo_i "exit status: $status"
  [ $status -eq 0 ] || exit 1
author	Matthijs Mekking <matthijs@isc.org>
	Tue, 19 Dec 2023 12:23:44 +0000 (13:23 +0100)
committer	Mark Andrews <marka@isc.org>
	Thu, 21 Dec 2023 09:12:09 +0000 (20:12 +1100)
bin/tests/system/autosign/ns3/keygen.sh		patch \| blob \| blame \| history
bin/tests/system/autosign/ns3/named.conf.in		patch \| blob \| blame \| history
bin/tests/system/autosign/ns3/nsec3-to-nsec3.example.db.in	[new file with mode: 0644]	patch \| blob
bin/tests/system/autosign/tests.sh		patch \| blob \| blame \| history