Update hours-vs-days test

This test is outdated because it tested the 'sig-validity-interval' option that has been replaced by dnssec-policy's 'signatures-validity', 'signatures-refresh', and 'signatures-jitter' options. Nevertheless, it tests if the jitter is spread correctly. Update the test to make use of 'signatures-jitter', set the value to 1 day (meaning resign in 499 days since 'signatures-validity' is set to 500 days). Note that this previously changed erroneously the refresh value to 449 days (should have been 499 days, but that is not allowed by checkconf, since it is above 90% of 'signatures-validity').
2025-08-30 14:07:59 +00:00 · 2024-01-31 13:55:29 +01:00
parent a68f8c7cf0
commit 02f5d82333
2 changed files with 3 additions and 3 deletions
--- a/bin/tests/system/dnssec/ns2/named.conf.in
+++ b/bin/tests/system/dnssec/ns2/named.conf.in
@@ -60,10 +60,10 @@ dnssec-policy "not-enough-hours-in-day" {
 		zsk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
 	};

-	/* validity 500 days, resign in 449 days */
+	/* validity 500 days, with one 1 day jitter (resign in 499 days) */
+	signatures-jitter 1d;
 	signatures-validity-dnskey 500d;
 	signatures-validity 500d;
-	signatures-refresh 449d;
 };

 zone "." {
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -4360,7 +4360,7 @@ status=$((status + ret))

 echo_i "checking signatures-validity second field hours vs days ($n)"
 ret=0
-# zone configured with 'signatures-validity 500 499;'
+# zone configured with 'signatures-validity 500d; signatures-refresh 1d'
 # 499 days in the future w/ a 20 minute runtime to now allowance
 min=$(TZ=UTC $PERL -e '@lt=localtime(time() + 499*3600*24 - 20*60); printf "%.4d%0.2d%0.2d%0.2d%0.2d%0.2d\n",$lt[5]+1900,$lt[4]+1,$lt[3],$lt[2],$lt[1],$lt[0];')
 dig_with_opts @10.53.0.2 hours-vs-days AXFR >dig.out.ns2.test$n