Commit 1e4e21f0 authored by Mark Karpilovskij's avatar Mark Karpilovskij Committed by Daniel Salzman

tests-extra: initial version of slave signing test

parent 8a534c5b
$ORIGIN example.com.
$TTL 3600
@ SOA dns1.example.com. hostmaster.example.com. (
2010111213 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS dns1
NS dns2
MX 10 mail
dns1 A 192.0.2.1
AAAA 2001:DB8::1
dns2 A 192.0.2.2
AAAA 2001:DB8::2
mail A 192.0.2.3
AAAA 2001:DB8::3
#!/usr/bin/env python3
'''Test for automatic DNSSEC signing on a slave Knot'''
from dnstest.utils import *
from dnstest.test import Test
serial = 2010111213
addr = "192.0.0.42"
def test_update(master, slave, zone):
#Slave zone diverges from master by re-signing
for i in range(2):
slave.ctl("zone-sign example.com.")
#Master zone receives an update
update = master.update(zone)
update.add("new.example.com.", 3600, "A", addr)
update.send("NOERROR")
#Wait until slave receives update and sets correct SOA
slave.zone_wait(zone, serial+3, equal=True)
#Check that slave was updated and the new entry is signed
response = slave.dig("new.example.com.", "A");
response.check(rcode="NOERROR", rdata=addr);
response = slave.dig("new.example.com.", "RRSIG");
#Should get a RRSIG for the new A record and the new NSEC record
response.check_count(2)
t = Test()
# Create master and slave servers
bind_master = t.server("bind")
knot_master = t.server("knot")
knot_slave1 = t.server("knot")
knot_slave2 = t.server("knot")
zone = t.zone("example.com.", storage=".")
t.link(zone, bind_master, knot_slave1, ddns=True)
t.link(zone, knot_master, knot_slave2, ddns=True)
# Enable autosigning on slave
knot_slave1.dnssec(zone).enable = True
knot_slave2.dnssec(zone).enable = True
t.start()
test_update(bind_master, knot_slave1, zone)
test_update(knot_master, knot_slave2, zone)
t.end()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment