fix dnssec system tests that fail now that we call dns_zone_cdscheck

author Mark Andrews <marka@isc.org>

Fri, 9 Aug 2019 06:27:55 +0000 (16:27 +1000)

committer Mark Andrews <marka@isc.org>

Wed, 28 Aug 2019 06:14:45 +0000 (16:14 +1000)
author Mark Andrews <marka@isc.org>
Fri, 9 Aug 2019 06:27:55 +0000 (16:27 +1000)
committer Mark Andrews <marka@isc.org>
Wed, 28 Aug 2019 06:14:45 +0000 (16:14 +1000)
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh

index c90f620e862afe427fb83a08958d24af8a6d4190..23964b9818941d09c528880206d83859b778f6ca 100644 (file)
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -245,7 +245,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
  key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
  key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
  "$DSFROMKEY" -C "$key2.key" > "$key2.cds"
-cat "$infile" "$key1.key" "$key3.key" "$key2.cds" > "$zonefile"
+cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key2.cds" > "$zonefile"
  "$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1
  
  zone=cds-update.secure
@@ -269,8 +269,8 @@ infile=cds-auto.secure.db.in
  zonefile=cds-auto.secure.db
  key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
  key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-"$DSFROMKEY" -C "$key1.key" > "$key1.cds"
-cat "$infile" "$key1.cds" > "$zonefile.signed"
+$SETTIME -P sync now "$key1" > /dev/null
+cat "$infile" > "$zonefile.signed"
  
  zone=cdnskey.secure
  infile=cdnskey.secure.db.in
@@ -288,7 +288,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
  key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
  key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
  sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
-cat "$infile" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile"
+cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile"
  "$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1
  
  zone=cdnskey-update.secure
@@ -312,8 +312,8 @@ infile=cdnskey-auto.secure.db.in
  zonefile=cdnskey-auto.secure.db
  key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
  key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
-cat "$infile" "$key1.cds" > "$zonefile.signed"
+$SETTIME -P sync now "$key1" > /dev/null
+cat "$infile" > "$zonefile.signed"
  
  zone=updatecheck-kskonly.secure
  infile=template.secure.db.in
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh

index e847b54846eebcfdb65cce3ba6b342d7cff25089..79f211a1ecfc1c93ef9655928429c3e0659e6dd4 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3312,7 +3312,7 @@ echo_i "check that CDS records are not signed using ZSK by dnssec-signzone -x ($
  ret=0
  dig_with_opts +noall +answer @10.53.0.2 cds cds-x.secure > dig.out.test$n
  lines=$(awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.test$n | wc -l)
-test "$lines" -eq 1 || ret=1
+test "$lines" -eq 2 || ret=1
  n=$((n+1))
  test "$ret" -eq 0 || echo_i "failed"
  status=$((status+ret))
@@ -3464,7 +3464,7 @@ echo_i "check that CDNSKEY records are not signed using ZSK by dnssec-signzone -
  ret=0
  dig_with_opts +noall +answer @10.53.0.2 cdnskey cdnskey-x.secure > dig.out.test$n
  lines=$(awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.test$n | wc -l)
-test "$lines" -eq 1 || ret=1
+test "$lines" -eq 2 || ret=1
  n=$((n+1))
  test "$ret" -eq 0 || echo_i "failed"
  status=$((status+ret))
diff --git a/bin/tests/system/resolver/ns6/delegation-only.db b/bin/tests/system/resolver/ns6/delegation-only.db

index 29e9adbf7a76fb78d3e7448e2d09aee10ffd8f0b..c9a7ad18508ebf32ef76bd45338ffdd416203427 100644 (file)
--- a/bin/tests/system/resolver/ns6/delegation-only.db
+++ b/bin/tests/system/resolver/ns6/delegation-only.db
@@ -17,7 +17,7 @@ $TTL 120
  ;
  @      IN      A       1.2.3.4
  @      IN      AAAA    c::1.2.3.4
-@      IN      CDS     21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
+@      IN      CDS     12023 7 2 36FB69A752615831B47EA6EF9EA4619D0FB08ABDA69EA3ED200F4C02FF4921D4
  @      IN      CDNSKEY 256 3 7 AwEAAY9437GPWJHzBeR4FP6eJAie7gh2QSM6LUnbDAHvHOx8MNqgSVRM PZka2rAgivb65/MkT1lXRUegj91iRFP3iggTpCgvdUbcBjsYrdODsrwF YUMIUl1pU0lH9x7KvfFUOfSmG+Rk5UHUWuRZbNyc65Sq69iFXg5c11+8 MAkRoeDF
  ;
  ;      Delegation only test CDS and CDNSKEY records.  These should be rejected
author	Mark Andrews <marka@isc.org>
	Fri, 9 Aug 2019 06:27:55 +0000 (16:27 +1000)
committer	Mark Andrews <marka@isc.org>
	Wed, 28 Aug 2019 06:14:45 +0000 (16:14 +1000)
bin/tests/system/dnssec/ns2/sign.sh		patch \| blob \| blame \| history
bin/tests/system/dnssec/tests.sh		patch \| blob \| blame \| history
bin/tests/system/resolver/ns6/delegation-only.db		patch \| blob \| blame \| history