Lighten the CI load during the dupsigs test

Previously, an AXFR request would be issued every second while waiting
for the zone to be signed. This might've been the cause of issues in CI
where many tests are running in parallel and any extra load may increase
test instability.

Instead, check for the last NSEC record to have a signature before
commencing the AXFR request to check the zone has been fully signed.

Also increase the time for the zone signing to a total of 60+10 seconds
up from the previous 30.

(cherry picked from commit 3291c891f6a6990f7781aff878e8e51e08044f0b)

diff --git a/bin/tests/system/dupsigs/tests.sh b/bin/tests/system/dupsigs/tests.sh
index cca6734fdd0c368efe2ffe0460184cbb001252c7..dfc88ce80c23464847872641bacb869be6662490 100644 (file)
--- a/bin/tests/system/dupsigs/tests.sh
+++ b/bin/tests/system/dupsigs/tests.sh
@@ -31,7 +31,19 @@ fully_signed () {
              $4 == "RRSIG" {lines++}
              END { if (lines != 1009) exit(1) }' < "dig.out.ns1.axfr"
 }
-retry_quiet 30 fully_signed || status=1
+
+# Wait for the last NSEC record in the zone to be signed. This is a lightweight
+# alternative to avoid many AXFR requests while waiting for the zone to be
+# fully signed.
+_wait_for_last_nsec_signed() {
+        $DIG +dnssec a0499.signing.test -p ${PORT} @10.53.0.1 nsec > "dig.out.ns1.wait" || return 1
+        grep "signing.test\..*IN.*RRSIG.*signing.test" "dig.out.ns1.wait" > /dev/null || return 1
+        return 0
+}
+
+echo_i "wait for the zone to be fully signed"
+retry_quiet 60 _wait_for_last_nsec_signed
+retry_quiet 10 fully_signed || status=1
 if [ $status != 0 ]; then echo_i "failed"; fi
 
 start=`date +%s`