From: Matthijs Mekking Date: Fri, 19 Aug 2022 12:42:47 +0000 (+0200) Subject: Fix nsec3 system test issues X-Git-Tag: v9.19.5~26^2 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=1c5bbac5089f5404f648fe7b44b2c21576b21c81;p=thirdparty%2Fbind9.git Fix nsec3 system test issues The wait_for_zone_is_signed function was never called, which could lead to test failures due to timing issues (where a zone was not fully signed yet, but the test was trying to verify the zone). Also add two missing set_nsec3param calls to ensure the ITERATIONS value is set for these test cases. --- diff --git a/bin/tests/system/nsec3/tests.sh b/bin/tests/system/nsec3/tests.sh index f5865d5ab17..1d9adbc3a22 100644 --- a/bin/tests/system/nsec3/tests.sh +++ b/bin/tests/system/nsec3/tests.sh @@ -112,7 +112,7 @@ _wait_for_nsec() { wait_for_zone_is_signed() { n=$((n+1)) ret=0 - echo_i "wait for ${ZONE} to be signed ($n)" + echo_i "wait for ${ZONE} to be signed with $1 ($n)" if [ "$1" = "nsec3" ]; then retry_quiet 10 _wait_for_nsec3param || log_error "wait for ${ZONE} to be signed failed" @@ -146,6 +146,8 @@ _check_nsec_nxdomain() { } check_nsec() { + wait_for_zone_is_signed "nsec" + n=$((n+1)) echo_i "check DNSKEY rrset is signed correctly for zone ${ZONE} ($n)" ret=0 @@ -194,6 +196,8 @@ _check_nsec3_nxdomain() { } check_nsec3() { + wait_for_zone_is_signed "nsec3" + n=$((n+1)) echo_i "check that NSEC3PARAM 1 0 ${ITERATIONS} is published zone ${ZONE} ($n)" ret=0 @@ -363,6 +367,7 @@ then # Zone: nsec3-to-rsasha1.kasp. set_zone_policy "nsec3-to-rsasha1.kasp" "rsasha1" 2 3600 + set_nsec3param "1" "0" "0" set_server "ns3" "10.53.0.3" set_key_default_values "KEY1" set_key_states "KEY1" "hidden" "unretentive" "unretentive" "unretentive" "hidden" @@ -374,6 +379,7 @@ then # Zone: nsec3-to-rsasha1-ds.kasp. set_zone_policy "nsec3-to-rsasha1-ds.kasp" "rsasha1" 2 3600 + set_nsec3param "1" "0" "0" set_server "ns3" "10.53.0.3" set_key_default_values "KEY1" set_key_states "KEY1" "hidden" "omnipresent" "omnipresent" "omnipresent" "omnipresent"