Add regression test for [GL !3735]

author Mark Andrews <marka@isc.org>

Thu, 25 Jun 2020 11:27:29 +0000 (21:27 +1000)

committer Mark Andrews <marka@isc.org>

Tue, 14 Jul 2020 02:11:42 +0000 (12:11 +1000)
author Mark Andrews <marka@isc.org>
Thu, 25 Jun 2020 11:27:29 +0000 (21:27 +1000)
committer Mark Andrews <marka@isc.org>
Tue, 14 Jul 2020 02:11:42 +0000 (12:11 +1000)
diff --git a/bin/tests/system/dnssec/ns2/hours-vs-days.db.in b/bin/tests/system/dnssec/ns2/hours-vs-days.db.in

new file mode 100644 (file)

index 0000000..2545faf
--- /dev/null
+++ b/bin/tests/system/dnssec/ns2/hours-vs-days.db.in
@@ -0,0 +1,165 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300       ; 5 minutes
+@                      IN SOA  mname1. . (
+                               2000042407 ; serial
+                               20         ; refresh (20 seconds)
+                               20         ; retry (20 seconds)
+                               1814400    ; expire (3 weeks)
+                               3600       ; minimum (1 hour)
+                               )
+                       NS      ns2
+                       NS      ns3
+ns2                    A       10.53.0.2
+ns3                    A       10.53.0.3
+
+a                      A       10.0.0.1
+b                      A       10.0.0.2
+d                      A       10.0.0.4
+
+; Used for testing ANY queries
+foo                    TXT     "testing"
+foo                    A       10.0.1.0
+
+bad-cname              CNAME   a
+bad-dname              DNAME   @
+
+; Used for testing CNAME queries
+cname1                 CNAME   cname1-target
+cname1-target          TXT     "testing cname"
+
+cname2                 CNAME   cname2-target
+cname2-target          TXT     "testing cname"
+
+; Used for testing DNAME queries
+dname1                 DNAME   dname1-target
+foo.dname1-target      TXT     "testing dname"
+
+dname2                 DNAME   dname2-target
+foo.dname2-target      TXT     "testing dname"
+
+; A secure subdomain
+secure                 NS      ns3.secure
+ns3.secure             A       10.53.0.3
+
+; An insecure subdomain
+insecure               NS      ns.insecure
+ns.insecure            A       10.53.0.3
+
+; A secure subdomain we're going to inject bogus data into
+bogus                  NS      ns.bogus
+ns.bogus               A       10.53.0.3
+
+; A subdomain with a corrupt DS
+badds                  NS      ns.badds
+ns.badds               A       10.53.0.3
+
+; A dynamic secure subdomain
+dynamic                        NS      dynamic
+dynamic                        A       10.53.0.3
+
+; A insecure subdomain
+mustbesecure           NS      ns.mustbesecure
+ns.mustbesecure                A       10.53.0.3
+
+; A subdomain with expired signatures
+expired                        NS      ns.expired
+ns.expired             A       10.53.0.3
+
+; A rfc2535 signed zone w/ CNAME
+rfc2535                        NS      ns.rfc2535
+ns.rfc2535             A       10.53.0.3
+
+z                      A       10.0.0.26
+
+keyless                        NS      ns.keyless
+ns.keyless             A       10.53.0.3
+
+nsec3                  NS      ns.nsec3
+ns.nsec3               A       10.53.0.3
+
+optout                 NS      ns.optout
+ns.optout              A       10.53.0.3
+
+nsec3-unknown          NS      ns.nsec3-unknown
+ns.nsec3-unknown       A       10.53.0.3
+
+optout-unknown         NS      ns.optout-unknown
+ns.optout-unknown      A       10.53.0.3
+
+dnskey-unknown         NS      ns.dnskey-unknown
+ns.dnskey-unknown      A       10.53.0.3
+
+dnskey-unsupported     NS      ns.dnskey-unsupported
+ns.dnskey-unsupported  A       10.53.0.3
+
+dnskey-nsec3-unknown   NS      ns.dnskey-nsec3-unknown
+ns.dnskey-nsec3-unknown        A       10.53.0.3
+
+multiple               NS      ns.multiple
+ns.multiple            A       10.53.0.3
+
+*.wild                 A       10.0.0.27
+
+rsasha256              NS      ns.rsasha256
+ns.rsasha256           A       10.53.0.3
+
+rsasha512              NS      ns.rsasha512
+ns.rsasha512           A       10.53.0.3
+
+kskonly                        NS      ns.kskonly
+ns.kskonly             A       10.53.0.3
+
+update-nsec3           NS      ns.update-nsec3
+ns.update-nsec3                A       10.53.0.3
+
+auto-nsec              NS      ns.auto-nsec
+ns.auto-nsec           A       10.53.0.3
+
+auto-nsec3             NS      ns.auto-nsec3
+ns.auto-nsec3          A       10.53.0.3
+
+
+below-cname            CNAME   some.where.else.
+
+insecure.below-cname   NS      ns.insecure.below-cname
+ns.insecure.below-cname        A       10.53.0.3
+
+secure.below-cname     NS      ns.secure.below-cname
+ns.secure.below-cname  A       10.53.0.3
+
+ttlpatch               NS      ns.ttlpatch
+ns.ttlpatch            A       10.53.0.3
+
+split-dnssec           NS      ns.split-dnssec
+ns.split-dnssec                A       10.53.0.3
+
+split-smart            NS      ns.split-smart
+ns.split-smart         A       10.53.0.3
+
+upper                  NS      ns.upper
+ns.upper               A       10.53.0.3
+
+LOWER                  NS      NS.LOWER
+NS.LOWER               A       10.53.0.3
+
+expiring                 NS      ns.expiring
+ns.expiring              A       10.53.0.3
+
+future                 NS      ns.future
+ns.future              A       10.53.0.3
+
+managed-future         NS      ns.managed-future
+ns.managed-future      A       10.53.0.3
+
+revkey                 NS      ns.revkey
+ns.revkey              A       10.53.0.3
+
+dname-at-apex-nsec3    NS      ns3
diff --git a/bin/tests/system/dnssec/ns2/named.conf.in b/bin/tests/system/dnssec/ns2/named.conf.in

index ebef86da9c860bda1de1efa93c5f11a87c042953..34f3475e7784787b9813b4a4b68e5ba5d0f711e5 100644 (file)
--- a/bin/tests/system/dnssec/ns2/named.conf.in
+++ b/bin/tests/system/dnssec/ns2/named.conf.in
@@ -182,4 +182,13 @@ zone "corp" {
         file "corp.db";
  };
  
+zone "hours-vs-days" {
+       type master;
+       file "hours-vs-days.db.signed";
+       auto-dnssec maintain;
+       /* validity 500 days, resign in 499 days */
+       sig-validity-interval 500 499;
+       allow-update { any; };
+};
+
  include "trusted.conf";
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh

index 8bb113cf39c34dfd41840667951d60c09b6132e0..c99f7a537ce092a61552cf7bdaf2d20d91469668 100644 (file)
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -308,3 +308,11 @@ sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cdnskey"
  cat "$infile" "$key1.key" "$key2.key" "$key1.cdnskey" "$key1.cds" > "$zonefile"
  # Don't sign, let auto-dnssec maintain do it.
  mv $zonefile "$zonefile.signed"
+
+zone=hours-vs-days
+infile=hours-vs-days.db.in
+zonefile=hours-vs-days.db
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+$SETTIME -P sync now "$key1" > /dev/null
+cat "$infile" > "$zonefile.signed"
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh

index 2b768296620d42f57931bf6f7a787b76af918b93..d30609828425d618dd18ec99ac1d8811a603713a 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -4253,5 +4253,16 @@ n=$((n+1))
  test "$ret" -eq 0 || echo_i "failed"
  status=$((status+ret))
  
+echo_i "checking sig-validity-interval second field hours vs days ($n)"
+ret=0
+# zone configured with 'sig-validity-interval 500 499;'
+# 499 days in the future w/ a 20 minute runtime to now allowance
+min=$(TZ=UTC $PERL -e '@lt=localtime(time() + 499*3600*24 - 20*60); printf "%.4d%0.2d%0.2d%0.2d%0.2d%0.2d\n",$lt[5]+1900,$lt[4]+1,$lt[3],$lt[2],$lt[1],$lt[0];')
+dig_with_opts @10.53.0.2 hours-vs-days AXFR > dig.out.ns2.test$n
+awk -v min=$min '$4 == "RRSIG" { if ($9 < min) { exit(1); } }' dig.out.ns2.test$n || ret=1
+n=$((n+1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
  echo_i "exit status: $status"
  [ $status -eq 0 ] || exit 1
author	Mark Andrews <marka@isc.org>
	Thu, 25 Jun 2020 11:27:29 +0000 (21:27 +1000)
committer	Mark Andrews <marka@isc.org>
	Tue, 14 Jul 2020 02:11:42 +0000 (12:11 +1000)
bin/tests/system/dnssec/ns2/hours-vs-days.db.in	[new file with mode: 0644]	patch \| blob
bin/tests/system/dnssec/ns2/named.conf.in		patch \| blob \| blame \| history
bin/tests/system/dnssec/ns2/sign.sh		patch \| blob \| blame \| history
bin/tests/system/dnssec/tests.sh		patch \| blob \| blame \| history