+4782. [test] dnssec: 'checking positive and negative validation
+ with negative trust anchors' required more time to
+ complete on some machines. [RT #46386]
+
4781. [maint] B.ROOT-SERVERS.NET is now 199.9.14.201. [RT #45889]
4780. [bug] When answering ANY queries, don't include the NS
dnssec-must-be-secure mustbesecure.example yes;
minimal-responses no;
- nta-lifetime 10s;
- nta-recheck 7s;
+ nta-lifetime 12s;
+ nta-recheck 9s;
# Note: We only reference the bind.keys file here to confirm that it
# is *not* being used. It contains the real root key, and we're
# fakenode.secure.example should both be lifted, but badds.example
# should still be going.
#
-$PERL -e 'my $delay = '$start' + 8 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
+$PERL -e 'my $delay = '$start' + 10 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
$DIG $DIGOPTS b.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.8 || ret=1
grep "status: SERVFAIL" dig.out.ns4.test$n.8 > /dev/null && ret=1
grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.8 > /dev/null || ret=1
# it should still be NTA'd, but badds.example used the default
# lifetime of 10s, so it should revert to SERVFAIL now.
#
-$PERL -e 'my $delay = '$start' + 11 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
+$PERL -e 'my $delay = '$start' + 13 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
# check nta table
$RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n._11
lines=`grep " expiry " rndc.out.ns4.test$n._11 | wc -l`
projects / thirdparty / bind9.git / commitdiff
