Add test cases for 'checkds no'

Add test cases for when checkds is disabled. Copy the test cases that
would have resulted in a DSPublish or DSRemoved and make sure that
with 'checkds no' the metadata is not set.

diff --git a/bin/tests/system/checkds/ns2/ns2-4.db.in b/bin/tests/system/checkds/ns2/ns2-4.db.in
index 86b050a87218064bcaaa49bbc6f8ca9e8a10b0dc..d5761a52fe940648d2eba956eb9f12b94b8ecb70 100644 (file)
--- a/bin/tests/system/checkds/ns2/ns2-4.db.in
+++ b/bin/tests/system/checkds/ns2/ns2-4.db.in
@@ -30,3 +30,7 @@ ns9.good                      A       10.53.0.9
 $ORIGIN yes.dspublish.ns2-4.
 good                           NS      ns9.good
 ns9.good                       A       10.53.0.9
+
+$ORIGIN no.dspublish.ns2-4.
+good                           NS      ns9.good
+ns9.good                       A       10.53.0.9

diff --git a/bin/tests/system/checkds/ns2/ns2.db.in b/bin/tests/system/checkds/ns2/ns2.db.in
index bd4a635e4f35bcad699179d3442b31580639a2a7..293a4467783670899e3c31c6213646e8d3d735de 100644 (file)
--- a/bin/tests/system/checkds/ns2/ns2.db.in
+++ b/bin/tests/system/checkds/ns2/ns2.db.in
@@ -33,6 +33,10 @@ $ORIGIN yes.dspublish.ns2.
 good                           NS      ns9.good
 ns9.good                       A       10.53.0.9
 
+$ORIGIN no.dspublish.ns2.
+good                           NS      ns9.good
+ns9.good                       A       10.53.0.9
+
 $ORIGIN explicit.dsremoved.ns2.
 still-there                    NS      ns9.still-there
 ns9.still-there                        A       10.53.0.9

diff --git a/bin/tests/system/checkds/ns2/ns5-7.db.in b/bin/tests/system/checkds/ns2/ns5-7.db.in
index 5d66b990b5ded9a3d95f153e57ebef89ed10400e..14e19858d8c09b7ba790a796ee2e38101576c0b9 100644 (file)
--- a/bin/tests/system/checkds/ns2/ns5-7.db.in
+++ b/bin/tests/system/checkds/ns2/ns5-7.db.in
@@ -30,3 +30,7 @@ ns9.good                      A       10.53.0.9
 $ORIGIN yes.dsremoved.ns5-7.
 good                           NS      ns9.good
 ns9.good                       A       10.53.0.9
+
+$ORIGIN no.dsremoved.ns5-7.
+good                           NS      ns9.good
+ns9.good                       A       10.53.0.9

diff --git a/bin/tests/system/checkds/ns2/ns5.db.in b/bin/tests/system/checkds/ns2/ns5.db.in
index 4501776a3e5416c58d5c21d2039a629c9c056029..70f6619e0c8e5369c6d047fbdaf34b2ae84dc388 100644 (file)
--- a/bin/tests/system/checkds/ns2/ns5.db.in
+++ b/bin/tests/system/checkds/ns2/ns5.db.in
@@ -40,3 +40,7 @@ good                          NS      ns9.good
 resolver                       NS      ns9.resolver
 ns9.good                       A       10.53.0.9
 ns9.resolver                   A       10.53.0.9
+
+$ORIGIN no.dsremoved.ns5.
+good                           NS      ns9.good
+ns9.good                       A       10.53.0.9

diff --git a/bin/tests/system/checkds/ns5/ns2-4.db.in b/bin/tests/system/checkds/ns5/ns2-4.db.in
index 86b050a87218064bcaaa49bbc6f8ca9e8a10b0dc..d5761a52fe940648d2eba956eb9f12b94b8ecb70 100644 (file)
--- a/bin/tests/system/checkds/ns5/ns2-4.db.in
+++ b/bin/tests/system/checkds/ns5/ns2-4.db.in
@@ -30,3 +30,7 @@ ns9.good                      A       10.53.0.9
 $ORIGIN yes.dspublish.ns2-4.
 good                           NS      ns9.good
 ns9.good                       A       10.53.0.9
+
+$ORIGIN no.dspublish.ns2-4.
+good                           NS      ns9.good
+ns9.good                       A       10.53.0.9

diff --git a/bin/tests/system/checkds/ns5/ns2.db.in b/bin/tests/system/checkds/ns5/ns2.db.in
index bd4a635e4f35bcad699179d3442b31580639a2a7..293a4467783670899e3c31c6213646e8d3d735de 100644 (file)
--- a/bin/tests/system/checkds/ns5/ns2.db.in
+++ b/bin/tests/system/checkds/ns5/ns2.db.in
@@ -33,6 +33,10 @@ $ORIGIN yes.dspublish.ns2.
 good                           NS      ns9.good
 ns9.good                       A       10.53.0.9
 
+$ORIGIN no.dspublish.ns2.
+good                           NS      ns9.good
+ns9.good                       A       10.53.0.9
+
 $ORIGIN explicit.dsremoved.ns2.
 still-there                    NS      ns9.still-there
 ns9.still-there                        A       10.53.0.9

diff --git a/bin/tests/system/checkds/ns5/ns5-7.db.in b/bin/tests/system/checkds/ns5/ns5-7.db.in
index 5d66b990b5ded9a3d95f153e57ebef89ed10400e..14e19858d8c09b7ba790a796ee2e38101576c0b9 100644 (file)
--- a/bin/tests/system/checkds/ns5/ns5-7.db.in
+++ b/bin/tests/system/checkds/ns5/ns5-7.db.in
@@ -30,3 +30,7 @@ ns9.good                      A       10.53.0.9
 $ORIGIN yes.dsremoved.ns5-7.
 good                           NS      ns9.good
 ns9.good                       A       10.53.0.9
+
+$ORIGIN no.dsremoved.ns5-7.
+good                           NS      ns9.good
+ns9.good                       A       10.53.0.9

diff --git a/bin/tests/system/checkds/ns5/ns5.db.in b/bin/tests/system/checkds/ns5/ns5.db.in
index 4501776a3e5416c58d5c21d2039a629c9c056029..70f6619e0c8e5369c6d047fbdaf34b2ae84dc388 100644 (file)
--- a/bin/tests/system/checkds/ns5/ns5.db.in
+++ b/bin/tests/system/checkds/ns5/ns5.db.in
@@ -40,3 +40,7 @@ good                          NS      ns9.good
 resolver                       NS      ns9.resolver
 ns9.good                       A       10.53.0.9
 ns9.resolver                   A       10.53.0.9
+
+$ORIGIN no.dsremoved.ns5.
+good                           NS      ns9.good
+ns9.good                       A       10.53.0.9

diff --git a/bin/tests/system/checkds/ns9/named.conf.in b/bin/tests/system/checkds/ns9/named.conf.in
index 6697e5fc2e6e88ee30a25a6ba14b0b8957abda07..ad78f620ff3761e4b326423395f6785991a1d68c 100644 (file)
--- a/bin/tests/system/checkds/ns9/named.conf.in
+++ b/bin/tests/system/checkds/ns9/named.conf.in
@@ -87,6 +87,15 @@ zone "good.yes.dspublish.ns2" {
        checkds yes;
 };
 
+/* Same as above, but with checkds disabled. */
+zone "good.no.dspublish.ns2" {
+       type primary;
+       file "good.no.dspublish.ns2.db";
+       inline-signing yes;
+       dnssec-policy "default";
+       checkds no;
+};
+
 /*
  * 1.     Enabling DNSSEC
  * 1.1    - With one parental agent
@@ -164,6 +173,14 @@ zone "good.yes.dspublish.ns2-4" {
        checkds yes;
 };
 
+zone "good.no.dspublish.ns2-4" {
+       type primary;
+       file "good.no.dspublish.ns2-4.db";
+       inline-signing yes;
+       dnssec-policy "default";
+       checkds no;
+};
+
 /*
  * 1.     Enabling DNSSEC
  * 1.2    - With multiple parental agent
@@ -256,6 +273,14 @@ zone "good.yes.dsremoved.ns5" {
        checkds yes;
 };
 
+zone "good.no.dsremoved.ns5" {
+       type primary;
+       file "good.no.dsremoved.ns5.db";
+       inline-signing yes;
+       dnssec-policy "insecure";
+       checkds no;
+};
+
 /*
  * 2.     Going insecure
  * 2.1    - With one parental agent
@@ -333,6 +358,14 @@ zone "good.yes.dsremoved.ns5-7" {
        checkds yes;
 };
 
+zone "good.no.dsremoved.ns5-7" {
+       type primary;
+       file "good.no.dsremoved.ns5-7.db";
+       inline-signing yes;
+       dnssec-policy "insecure";
+       checkds no;
+};
+
 /*
  * 2.     Going insecure
  * 2.2.    - With multiple parental agents

diff --git a/bin/tests/system/checkds/ns9/setup.sh b/bin/tests/system/checkds/ns9/setup.sh
index a83a8cb633259a968c78f883d77cbfd9d038ec21..3bfdfe921d415b30599af5567e4e11936c97ea81 100644 (file)
--- a/bin/tests/system/checkds/ns9/setup.sh
+++ b/bin/tests/system/checkds/ns9/setup.sh
@@ -33,7 +33,7 @@ T="now-30d"
 Y="now-1y"
 
 # DS Publication.
-for checkds in explicit yes
+for checkds in explicit yes no
 do
        for zn in \
                good.${checkds}.dspublish.ns2 \
@@ -60,7 +60,7 @@ do
 done
 
 # DS Withdrawal.
-for checkds in explicit yes
+for checkds in explicit yes no
 do
        for zn in \
                good.${checkds}.dsremoved.ns5 \

diff --git a/bin/tests/system/checkds/tests_checkds.py b/bin/tests/system/checkds/tests_checkds.py
index fff3c49e2818fecfe3c94dace906bafb9e29b251..757e58113f2aec210c960528d3940403cd970df8 100755 (executable)
--- a/bin/tests/system/checkds/tests_checkds.py
+++ b/bin/tests/system/checkds/tests_checkds.py
@@ -563,3 +563,26 @@ def test_checkds_dspublished(named_port):
 def test_checkds_dswithdrawn(named_port):
     checkds_dswithdrawn(named_port, "explicit")
     checkds_dswithdrawn(named_port, "yes")
+
+
+def test_checkds_no(named_port):
+    # We create resolver instances that will be used to send queries.
+    server = dns.resolver.Resolver()
+    server.nameservers = ["10.53.0.9"]
+    server.port = named_port
+
+    parent = dns.resolver.Resolver()
+    parent.nameservers = ["10.53.0.2"]
+    parent.port = named_port
+
+    zone_check(server, "good.no.dspublish.ns2.")
+    keystate_check(parent, "good.no.dspublish.ns2.", "!DSPublish")
+
+    zone_check(server, "good.no.dspublish.ns2-4.")
+    keystate_check(parent, "good.no.dspublish.ns2-4.", "!DSPublish")
+
+    zone_check(server, "good.no.dsremoved.ns5.")
+    keystate_check(parent, "good.no.dsremoved.ns5.", "!DSRemoved")
+
+    zone_check(server, "good.no.dsremoved.ns5-7.")
+    keystate_check(parent, "good.no.dsremoved.ns5-7.", "!DSRemoved")