mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 16:15:27 +00:00
Code Issues Releases Wiki Activity

Test removing DNSKEYs from other providers

Browse Source 
In a multi-signer setup, removing DNSKEY records from the zone should
not be treated as a key that previously exists in the keyring, thus
blocking the keymgr. Add a test case to make sure.

(cherry picked from commit 5f552293d7)
This commit is contained in:
Matthijs Mekking
2024-08-20 14:38:24 +02:00
parent 7aaa36f09f
commit 25f39228e0
1 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
bin/tests/system/kasp/tests.sh
View File

@@ -2201,16 +2201,23 @@ check_apex
check_subdomain check_subdomain
dnssec_verify dnssec_verify
# Check that the ZSKs from the other provider are published. # Check that the ZSKs from the other providers are published.
zsks_are_published() { zsks_are_published() {
num=$1
dig_with_opts +short "$ZONE" "@${SERVER}" DNSKEY >"dig.out.$DIR.test$n" || return 1 dig_with_opts +short "$ZONE" "@${SERVER}" DNSKEY >"dig.out.$DIR.test$n" || return 1
# We should have three ZSKs. # We should have three ZSKs.
lines=$(grep "256 3 13" dig.out.$DIR.test$n | wc -l) lines=$(grep "256 3 13" dig.out.$DIR.test$n | wc -l)
test "$lines" -eq 3 || return 1 test "$lines" -eq $num || return 1
# And one KSK. # And one KSK.
lines=$(grep "257 3 13" dig.out.$DIR.test$n | wc -l) lines=$(grep "257 3 13" dig.out.$DIR.test$n | wc -l)
test "$lines" -eq 1 || return 1 test "$lines" -eq 1 || return 1
} }
n=$((n + 1))
echo_i "check initial number of ZSKs (one from us and one from another provider) for zone ${ZONE} ($n)"
ret=0
retry_quiet 10 zsks_are_published 2 || ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))
n=$((n + 1)) n=$((n + 1))
echo_i "update zone with ZSK from another provider for zone ${ZONE} ($n)" echo_i "update zone with ZSK from another provider for zone ${ZONE} ($n)"
@@ -2221,7 +2228,21 @@ ret=0
echo update add $(cat "${DIR}/${ZONE}.zsk2") echo update add $(cat "${DIR}/${ZONE}.zsk2")
echo send echo send
) | $NSUPDATE ) | $NSUPDATE
retry_quiet 10 zsks_are_published || ret=1 retry_quiet 10 zsks_are_published 3 || ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))
n=$((n + 1))
echo_i "remove ZSKs from the other providers for zone ${ZONE} ($n)"
ret=0
(
echo zone ${ZONE}
echo server 10.53.0.3 "$PORT"
echo update del $(cat "${DIR}/${ZONE}.zsk1")
echo update del $(cat "${DIR}/${ZONE}.zsk2")
echo send
) | $NSUPDATE
retry_quiet 10 zsks_are_published 1 || ret=1
test "$ret" -eq 0 || echo_i "failed" test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret)) status=$((status + ret))