When a zone is converted from NSEC to NSEC3, the private record at zone
apex indicating that NSEC3 chain creation is in progress may be removed
during a different (later) zone_nsec3chain() call than the one which
adds the NSEC3PARAM record. The "delzsk.example" zone check only waits
for the NSEC3PARAM record to start appearing in dig output while private
records at zone apex directly affect "rndc signing -list" output. This
may trigger false positives for the "autosign" system test as the output
of the "rndc signing -list" command used for checking ZSK deletion
progress may contain extra lines which are not accounted for. Ensure
the private record is removed from zone apex before triggering ZSK
deletion in the aforementioned check.
Also future-proof the ZSK deletion progress check by making it only look
at lines it should care about.
(cherry picked from commit
e02de04e9723156003d4f52cb4cef282186f5bf7)
$DIG $DIGOPTS delzsk.example NSEC3PARAM @10.53.0.3 > dig.out.ns3.1.test$n 2>&1 || ret=1
grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1
if [ $? -eq 0 ]; then
- _ret=0
- break
+ $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1
+ grep "Creating NSEC3 chain " signing.out.2.test$n > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ _ret=0
+ break
+ fi
fi
sleep 1
done
$RNDCCMD 10.53.0.3 loadkeys delzsk.example 2>&1 | sed 's/^/ns3 /' | cat_i
for i in 0 1 2 3 4 5 6 7 8 9; do
_ret=1
- $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1
- grep "Signing " signing.out.2.test$n > /dev/null 2>&1
+ $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.3.test$n 2>&1
+ grep "Signing " signing.out.3.test$n > /dev/null 2>&1
if [ $? -ne 0 ]; then
- if [ `cat signing.out.2.test$n | wc -l` -eq 2 ]; then
+ if [ `grep "Done signing " signing.out.3.test$n | wc -l` -eq 2 ]; then
_ret=0
break
fi
projects / thirdparty / bind9.git / commitdiff
