Merge branch '2668-handle-net-dns-versions-that-don-t-support-nsec3param' into 'main'

Resolve "Handle Net::DNS versions that don't support NSEC3PARAM"

Closes #2668

See merge request isc-projects/bind9!4971

bin/tests/system/nsupdate/tests.sh

@@ -310,7 +310,10 @@ then
     {
       $PERL update_test.pl -s 10.53.0.1 -p ${PORT} update.nil. || ret=1
     } | cat_i
-    grep "updating zone 'update.nil/IN': too many NSEC3 iterations (151)" ns1/named.run > /dev/null || ret=1
+    if $PERL -e 'use Net::DNS; die "Net::DNS too old ($Net::DNS::VERSION < 1.01)" if ($Net::DNS::VERSION < 1.01)' > /dev/null
+    then
+        grep "updating zone 'update.nil/IN': too many NSEC3 iterations (151)" ns1/named.run > /dev/null || ret=1
+    fi
     [ $ret -eq 1 ] && { echo_i "failed"; status=1; }
 else
     echo_i "The second part of this test requires the Net::DNS library." >&2

bin/tests/system/nsupdate/update_test.pl

@@ -410,9 +410,13 @@ test("NOERROR", ["update", rr_add("u.$zone 300 NS ns.u.$zone")]);
 
 test("NOERROR", ["update", rr_del("u.$zone NS ns.u.$zone")]);
 
-section("Excessive NSEC3PARAM iterations");
+if ($Net::DNS::VERSION < 1.01) {
-test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 151 -")]);
+    print "skipped Excessive NSEC3PARAM iterations; Net::DNS too old.\n";
-test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 150 -")]);
+} else {
+    section("Excessive NSEC3PARAM iterations");
+    test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 151 -")]);
+    test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 150 -")]);
+}
 
 if ($failures) {
     print "$failures tests failed.\n";