Check reload of dnssec-policy zone works

diff --git a/bin/tests/system/kasp/ns6/example.db.in b/bin/tests/system/kasp/ns6/example.db.in
new file mode 100644 (file)
index 0000000..1ea5cb2
--- /dev/null
+++ b/bin/tests/system/kasp/ns6/example.db.in
@@ -0,0 +1,24 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@              IN      SOA  mname1. . (
+                       1       ; serial
+                       20      ; refresh (20 seconds)
+                       20      ; retry (20 seconds)
+                       1814400 ; expire (3 weeks)
+                       3600    ; minimum (1 hour)
+                       )
+
+                       NS      ns6
+ns6                    A       10.53.0.6
+
+a                      A       10.0.0.1
+b                      A       10.0.0.2
+c                      A       10.0.0.3

diff --git a/bin/tests/system/kasp/ns6/example2.db.in b/bin/tests/system/kasp/ns6/example2.db.in
new file mode 100644 (file)
index 0000000..479dbd5
--- /dev/null
+++ b/bin/tests/system/kasp/ns6/example2.db.in
@@ -0,0 +1,24 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@              IN      SOA  mname1. . (
+                       2       ; serial
+                       20      ; refresh (20 seconds)
+                       20      ; retry (20 seconds)
+                       1814400 ; expire (3 weeks)
+                       3600    ; minimum (1 hour)
+                       )
+
+                       NS      ns6
+ns6                    A       10.53.0.6
+
+a                      A       10.0.0.1
+b                      A       10.0.0.2
+c                      A       10.0.0.3

diff --git a/bin/tests/system/kasp/ns6/named.conf.in b/bin/tests/system/kasp/ns6/named.conf.in
index d1a15cf2407fa98bcd18da89c9a2a9d232a1139e..29cc010d140365e93bc3d799221324d6329606af 100644 (file)
--- a/bin/tests/system/kasp/ns6/named.conf.in
+++ b/bin/tests/system/kasp/ns6/named.conf.in
@@ -68,3 +68,15 @@ zone "step1.csk-algorithm-roll.kasp" {
        file "step1.csk-algorithm-roll.kasp.db";
        dnssec-policy "csk-algoroll";
 };
+
+dnssec-policy "modified" {
+       keys {
+               csk lifetime unlimited algorithm rsasha256 2048;
+       };
+};
+
+zone example {
+       type primary;
+       dnssec-policy modified;
+       file "example.db";
+};

diff --git a/bin/tests/system/kasp/ns6/named2.conf.in b/bin/tests/system/kasp/ns6/named2.conf.in
index 38f0e92c961346073a5bc31da644da00bc0f74d2..91af68325b00d7d4fc20bb7c094aa02a1269346a 100644 (file)
--- a/bin/tests/system/kasp/ns6/named2.conf.in
+++ b/bin/tests/system/kasp/ns6/named2.conf.in
@@ -145,3 +145,15 @@ zone "step6.csk-algorithm-roll.kasp" {
        file "step6.csk-algorithm-roll.kasp.db";
        dnssec-policy "csk-algoroll";
 };
+
+dnssec-policy "modified" {
+       keys {
+               csk lifetime unlimited algorithm rsasha256 2048;
+       };
+};
+
+zone example {
+       type primary;
+       dnssec-policy modified;
+       file "example.db";
+};

diff --git a/bin/tests/system/kasp/ns6/setup.sh b/bin/tests/system/kasp/ns6/setup.sh
index 6f1d07bf431b0cff3d3389b22d07482e3b5af13d..a666866ebb9c96feaccdd3e456a08026e7b0a1da 100644 (file)
--- a/bin/tests/system/kasp/ns6/setup.sh
+++ b/bin/tests/system/kasp/ns6/setup.sh
@@ -381,3 +381,9 @@ cat template.db.in "${CSK1}.key" "${CSK2}.key" > "$infile"
 private_type_record $zone 5  "$CSK1" >> "$infile"
 private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK2" >> "$infile"
 $SIGNER -S -x -z -s now-1h -e now+2w -o $zone -O full -f $zonefile $infile > signer.out.$zone.1 2>&1
+
+#
+# Reload testing
+#
+echo "example" >> zones
+cp example.db.in example.db

diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh
index 7cfc4d6b62b5310700a569bae414ef8c8e087778..e2c04917999736021fdb0aba01992529d208dc5d 100644 (file)
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@@ -4620,5 +4620,26 @@ dnssec_verify
 # an unlimited lifetime.  Fallback to the default loadkeys interval.
 check_next_key_event 3600
 
+echo_i "Check that 'rndc reload' of just the serial updates the signed instance ($n)"
+TSIG=
+ret=0
+dig_with_opts @10.53.0.6 example SOA > dig.out.ns6.test$n.soa1 || ret=1
+cp ns6/example2.db.in ns6/example.db || ret=1
+nextpart ns6/named.run > /dev/null
+rndccmd 10.53.0.6 reload || ret=1
+wait_for_log 3 "all zones loaded" ns6/named.run
+sleep 1
+dig_with_opts @10.53.0.6 example SOA > dig.out.ns6.test$n.soa2 || ret=1
+soa1=$(awk '$4 == "SOA" { print $7 }' dig.out.ns6.test$n.soa1)
+soa2=$(awk '$4 == "SOA" { print $7 }' dig.out.ns6.test$n.soa2)
+ttl1=$(awk '$4 == "SOA" { print $2 }' dig.out.ns6.test$n.soa1)
+ttl2=$(awk '$4 == "SOA" { print $2 }' dig.out.ns6.test$n.soa2)
+test ${soa1:-1000} -lt ${soa2:-0} || ret=1
+test ${ttl1:-0} -eq 300 || ret=1
+test ${ttl2:-0} -eq 300 || ret=1
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+n=$((n+1))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1