test.py 1.07 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
#!/usr/bin/env python3

'''Test for NSEC and NSEC3 fix after zone update'''

from dnstest.utils import *
from dnstest.test import Test
import random

t = Test()

master = t.server("knot")
slave = t.server("knot")
zones = t.zone_rnd(5, dnssec=False, records=50) + t.zone("records.")

t.link(zones, master, slave)

master.disable_notify = True
slave.disable_notify = True

for zone in zones:
    master.dnssec(zone).enable = True
    master.dnssec(zone).nsec3 = random.choice([True, False])
    master.dnssec(zone).nsec3_iters = 2
    master.dnssec(zone).nsec3_salt_len = 8

t.start()

master.zones_wait(zones)
slave.zones_wait(zones)

# initial convenience check
t.xfr_diff(master, slave, zones)

# update master
master.flush()
t.sleep(2)
for zone in zones:
    master.random_ddns(zone)
39
t.sleep(4) # zones_wait fails if an empty update is generated
40 41 42 43 44

# sync slave with current master's state
slave.ctl("zone-refresh")
t.sleep(5)

45
# re-sign master and check that the re-sign made nothing
46 47 48 49 50 51
master.ctl("zone-sign")
master.zones_wait(zones)

t.xfr_diff(master, slave, zones, no_rrsig_rdata=True)

t.end()