mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity

add startup root DNSKEY refresh system test

Browse Source 
Root trust anchors are automatically updated as described in RFC5011.
Add a system test which ensures the root DNSKEYs are always queried by
named during startup.

Because this test uses real internet DNS root servers, it is enabled
only when `CI_ENABLE_LIVE_INTERNET_TESTS` is set.
This commit is contained in:
Colin Vidal 2025-06-24 11:55:42 +02:00
parent 38cc19d756
commit b0a33f77dc
2 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
bin/tests/system/rfc5011/ns1/named.conf.j2 Normal file
View File

@ -0,0 +1,32 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* ns1 is a resolver
*/
options {
pid-file "named.pid";
listen-on port @PORT@ { 10.53.0.1; };
recursion yes;
};
key rndc_key {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
controls {
inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};

32
bin/tests/system/rfc5011/tests_rfc5011.py Normal file
View File

@ -0,0 +1,32 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
import pytest
from isctest.mark import live_internet_test
pytestmark = pytest.mark.extra_artifacts(
[
"ns1/managed-keys.bind.jnl",
]
)
@live_internet_test
def test_rfc5011_rootdnskeyrefresh(servers):
with servers["ns1"].watch_log_from_start() as watcher:
watcher.wait_for_line(
"managed-keys-zone: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 20326 is now trusted, waiving the normal 30-day waiting period"
)
with servers["ns1"].watch_log_from_start() as watcher:
watcher.wait_for_line(
"managed-keys-zone: Initializing automatic trust anchor management for zone '.'; DNSKEY ID 38696 is now trusted, waiving the normal 30-day waiting period"
)