Commit 1e4e21f0 authored by Mark Karpilovskij's avatar Mark Karpilovskij Committed by Daniel Salzman

tests-extra: initial version of slave signing test

parent 8a534c5b
$TTL 3600
@ SOA (
2010111213 ; serial
6h ; refresh
1h ; retry
1w ; expire
1d ) ; minimum
NS dns1
NS dns2
MX 10 mail
dns1 A
AAAA 2001:DB8::1
dns2 A
AAAA 2001:DB8::2
mail A
AAAA 2001:DB8::3
#!/usr/bin/env python3
'''Test for automatic DNSSEC signing on a slave Knot'''
from dnstest.utils import *
from dnstest.test import Test
serial = 2010111213
addr = ""
def test_update(master, slave, zone):
#Slave zone diverges from master by re-signing
for i in range(2):
#Master zone receives an update
update = master.update(zone)
update.add("", 3600, "A", addr)
#Wait until slave receives update and sets correct SOA
slave.zone_wait(zone, serial+3, equal=True)
#Check that slave was updated and the new entry is signed
response = slave.dig("", "A");
response.check(rcode="NOERROR", rdata=addr);
response = slave.dig("", "RRSIG");
#Should get a RRSIG for the new A record and the new NSEC record
t = Test()
# Create master and slave servers
bind_master = t.server("bind")
knot_master = t.server("knot")
knot_slave1 = t.server("knot")
knot_slave2 = t.server("knot")
zone ="", storage="."), bind_master, knot_slave1, ddns=True), knot_master, knot_slave2, ddns=True)
# Enable autosigning on slave
knot_slave1.dnssec(zone).enable = True
knot_slave2.dnssec(zone).enable = True
test_update(bind_master, knot_slave1, zone)
test_update(knot_master, knot_slave2, zone)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment