Commit 6c2fb815 authored by Daniel Salzman's avatar Daniel Salzman

tests-extra: add zone backup and verification to some dnssec tests

parent 6ef31038
......@@ -16,7 +16,7 @@ from dnstest.keys import Keymgr
from dnstest.test import Test
# check zone if keys are present and used for signing
def check_zone(server, dnskeys, dnskey_rrsigs, cdnskeys, soa_rrsigs, msg):
def check_zone(server, zone, dnskeys, dnskey_rrsigs, cdnskeys, soa_rrsigs, msg):
qdnskeys = server.dig("example.com", "DNSKEY", bufsize=4096)
found_dnskeys = qdnskeys.count("DNSKEY")
......@@ -52,6 +52,11 @@ def check_zone(server, dnskeys, dnskey_rrsigs, cdnskeys, soa_rrsigs, msg):
detail_log(SEP)
# Valgrind delay breaks the timing!
if not server.valgrind:
server.zone_backup(zone, flush=True)
server.zone_verify(zone)
def wait_for_rrsig_count(t, server, rrtype, rrsig_count, timeout):
rtime = 0
while True:
......@@ -92,7 +97,7 @@ ZONE = "example.com."
t.start()
child.zone_wait(child_zone)
check_zone(child, 2, 1, 1, 1, "initial keys")
check_zone(child, child_zone, 2, 1, 1, 1, "initial keys")
child.dnssec(child_zone).alg = "RSASHA256"
child.gen_confile()
......@@ -101,18 +106,18 @@ child.reload()
child.zone_wait(child_zone)
wait_for_rrsig_count(t, child, "SOA", 2, 20)
check_zone(child, 2, 1, 1, 2, "pre active")
check_zone(child, child_zone, 2, 1, 1, 2, "pre active")
wait_for_rrsig_count(t, child, "DNSKEY", 2, 20)
check_zone(child, 4, 2, 1, 2, "both algorithms active")
check_zone(child, child_zone, 4, 2, 1, 2, "both algorithms active")
CDS1 = str(child.dig(ZONE, "CDS").resp.answer[0].to_rdataset())
t.sleep(3)
while CDS1 == str(child.dig(ZONE, "CDS").resp.answer[0].to_rdataset()):
t.sleep(1)
check_zone(child, 4, 2, 1, 2, "new KSK ready")
check_zone(child, child_zone, 4, 2, 1, 2, "new KSK ready")
cds = child.dig(ZONE, "CDS")
cds_rdata = cds.resp.answer[0].to_rdataset()[0].to_text()
......@@ -122,14 +127,14 @@ up.send("NOERROR")
t.sleep(4)
check_zone(child, 4, 2, 1, 2, "both still active")
check_zone(child, child_zone, 4, 2, 1, 2, "both still active")
wait_for_rrsig_count(t, child, "DNSKEY", 1, 20)
check_zone(child, 2, 1, 1, 2, "post active")
check_zone(child, child_zone, 2, 1, 1, 2, "post active")
wait_for_rrsig_count(t, child, "SOA", 1, 20)
check_zone(child, 2, 1, 1, 1, "old alg removed")
check_zone(child, child_zone, 2, 1, 1, 1, "old alg removed")
t.end()
......@@ -16,7 +16,7 @@ from dnstest.keys import Keymgr
from dnstest.test import Test
# check zone if keys are present and used for signing
def check_zone5(server, min_dnskeys, min_rrsigs, min_cdnskeys, msg):
def check_zone(server, zone, min_dnskeys, min_rrsigs, min_cdnskeys, msg):
dnskeys = server.dig("example.com", "DNSKEY", bufsize=1024)
found_dnskeys = dnskeys.count("DNSKEY")
......@@ -44,6 +44,11 @@ def check_zone5(server, min_dnskeys, min_rrsigs, min_cdnskeys, msg):
detail_log(SEP)
# Valgrind delay breaks the timing!
if not server.valgrind:
server.zone_backup(zone, flush=True)
server.zone_verify(zone)
t = Test()
parent = t.server("knot")
......@@ -79,14 +84,14 @@ ZSK2 = child.key_gen(ZONE, ksk="false", created="-2", publish="-2", ready="+14y"
t.start()
child.zone_wait(child_zone)
check_zone5(child, 4, 1, 1, "only first KSK")
check_zone(child, child_zone, 4, 1, 1, "only first KSK")
CDS1 = str(child.dig(ZONE, "CDS").resp.answer[0].to_rdataset())
t.sleep(3)
while CDS1 == str(child.dig(ZONE, "CDS").resp.answer[0].to_rdataset()):
t.sleep(1)
check_zone5(child, 4, 2, 1, "new KSK ready")
check_zone(child, child_zone, 4, 2, 1, "new KSK ready")
cds = child.dig(ZONE, "CDS")
cds_rdata = cds.resp.answer[0].to_rdataset()[0].to_text()
......@@ -96,6 +101,6 @@ up.send("NOERROR")
t.sleep(40)
check_zone5(child, 2, 1, 1, "old KSK retired")
check_zone(child, child_zone, 2, 1, 1, "old KSK retired")
t.end()
......@@ -17,10 +17,10 @@ def test_update(master, slave, zone):
update = master.update(zone)
update.add("new.example.com.", 3600, "A", addr)
update.send("NOERROR")
#Wait until slave receives update and sets correct SOA
slave.zone_wait(zone, serial+3, equal=True)
#Check that slave was updated and the new entry is signed
response = slave.dig("new.example.com.", "A");
response.check(rcode="NOERROR", rdata=addr);
......@@ -28,6 +28,9 @@ def test_update(master, slave, zone):
#Should get a RRSIG for the new A record and the new NSEC record
response.check_count(2)
slave.zone_backup(zone, flush=True)
slave.zone_verify(zone)
t = Test()
# Create master and slave servers
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment