1. 05 Feb, 2020 1 commit
  2. 13 Dec, 2019 1 commit
    • Mark Andrews's avatar
      Fix autosign system test issues. · 17d25dbf
      Mark Andrews authored
      * report when NSEC3PARAM is not yet present
      * allow more time for NSEC3PARAM to become present
      * adjust frequency failure message
      17d25dbf
  3. 09 Dec, 2019 3 commits
    • Matthijs Mekking's avatar
      bd403590
    • Matthijs Mekking's avatar
      Fix race in autosign test · 2e4273b5
      Matthijs Mekking authored
      The autosign test has a test case where a DNSSEC maintaiend zone
      has a set of DNSSEC keys without any timing metadata set.  It
      tests if named picks up the key for publication and signing if a
      delayed dnssec-settime/loadkeys event has occured.
      
      The test failed intermittently despite the fact it sleeps for 5
      seconds but the triggered key reconfigure action should happen after
      3 seconds.
      
      However, the test output showed that the test query came in before
      the key reconfigure action was complete (see excerpts below).
      
      The loadkeys command is received:
      
      15:38:36 received control channel command 'loadkeys delay.example.'
      
      The reconfiguring zone keys action is triggered after 3 seconds:
      
      15:38:39 zone delay.example/IN: reconfiguring zone keys
      15:38:39 DNSKEY delay.example/NSEC3RSASHA1/7484 (ZSK) is now published
      15:38:39 DNSKEY delay.example/NSEC3RSASHA1/7455 (KSK) is now published
      15:38:39 writing to journal
      
      Two seconds later the test query comes in:
      
      15:38:41 client @0x7f1b8c0562b0 10.53.0.1#44177: query
      15:38:41 client @0x7f1b8c0562b0 10.53.0.1#44177: endrequest
      
      And 6 more seconds later the reconfigure keys action is complete:
      
      15:38:47 zone delay.example/IN: next key event: 05-Dec-2019 15:48:39
      
      This commit fixes the test by checking the "next key event" log has
      been seen before executing the test query, making sure that the
      reconfigure keys action has been complete.
      
      This commit however does not fix, nor explain why it took such a long
      time (8 seconds) to reconfigure the keys.
      2e4273b5
    • Matthijs Mekking's avatar
      Save settime output · 6b4a17ef
      Matthijs Mekking authored
      6b4a17ef
  4. 26 Nov, 2019 4 commits
  5. 08 Nov, 2019 4 commits
  6. 07 Nov, 2019 1 commit
  7. 06 Nov, 2019 1 commit
    • Matthijs Mekking's avatar
      Test jitter distribution · 540b90fd
      Matthijs Mekking authored
      Test jitter distribution in NSEC3 dynamic zone and for a zone that has old
      signatures.  In both cases the generated signatures should be spread nicely.
      540b90fd
  8. 30 Jul, 2019 1 commit
    • Michał Kępień's avatar
      Make "autosign" system test work with BusyBox awk · ad008f7d
      Michał Kępień authored
      The BusyBox version of awk treats some variables which other awk
      implementations consider to be decimal values as octal values.  This
      intermittently breaks key event interval calculations in the "autosign"
      system test, trigger false positives for it.  Prevent the problem from
      happening by stripping leading zeros from the affected awk variables.
      ad008f7d
  9. 28 Jun, 2019 1 commit
    • Michał Kępień's avatar
      Add and use keyfile_to_key_id() helper function · 7d6eaad1
      Michał Kępień authored
      When trying to extract the key ID from a key file name, some test code
      incorrectly attempts to strip all leading zeros.  This breaks tests when
      keys with ID 0 are generated.  Add a new helper shell function,
      keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
      test code whenever a key ID needs to be extracted from a key file name.
      7d6eaad1
  10. 11 Apr, 2019 1 commit
  11. 11 Mar, 2019 1 commit
    • Michał Kępień's avatar
      Stabilize "delzsk.example" zone checks · e02de04e
      Michał Kępień authored
      When a zone is converted from NSEC to NSEC3, the private record at zone
      apex indicating that NSEC3 chain creation is in progress may be removed
      during a different (later) zone_nsec3chain() call than the one which
      adds the NSEC3PARAM record.  The "delzsk.example" zone check only waits
      for the NSEC3PARAM record to start appearing in dig output while private
      records at zone apex directly affect "rndc signing -list" output.  This
      may trigger false positives for the "autosign" system test as the output
      of the "rndc signing -list" command used for checking ZSK deletion
      progress may contain extra lines which are not accounted for.  Ensure
      the private record is removed from zone apex before triggering ZSK
      deletion in the aforementioned check.
      
      Also future-proof the ZSK deletion progress check by making it only look
      at lines it should care about.
      e02de04e
  12. 31 Jan, 2019 1 commit
  13. 19 Dec, 2018 1 commit
  14. 10 Dec, 2018 2 commits
  15. 07 Dec, 2018 1 commit
  16. 07 Nov, 2018 1 commit
  17. 31 Aug, 2018 1 commit
  18. 16 May, 2018 1 commit
  19. 27 Feb, 2018 1 commit
    • Evan Hunt's avatar
      clean up test output · 0e52fbd0
      Evan Hunt authored
      - removed a few remaing places where output wasn't being passed
        through echo_i or cat_i
      - added a "digcomp" function to conf.sh.in to send digcomp.pl output
        through cat_i and return the correct exit value
      - set SYSTESTDIR when calling echo_i from nsX directories, so that
        the test name will always be printed correctly
      - fixed a test name typo in conf.sh.in
      0e52fbd0
  20. 23 Feb, 2018 2 commits
  21. 22 Feb, 2018 1 commit
  22. 08 Dec, 2017 1 commit
  23. 06 Dec, 2017 1 commit
  24. 05 Dec, 2017 3 commits
  25. 04 Dec, 2017 2 commits
  26. 13 Sep, 2017 1 commit
  27. 31 Aug, 2017 1 commit
    • Evan Hunt's avatar
      [master] remove default algorithm in dnssec-keygen · 45afdb26
      Evan Hunt authored
      4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
      			the signing algorithm must be specified on
      			the command line with the "-a" option.  Signing
      			scripts that rely on the existing default behavior
      			will break; use "dnssec-keygen -a RSASHA1" to
      			repair them. (The goal of this change is to make
      			it easier to find scripts using RSASHA1 so they
      			can be changed in the event of that algorithm
      			being deprecated in the future.) [RT #44755]
      45afdb26