Several BIND 9.11.3 system test fail on Solaris 10 (SunOS 5.10)
### Summary
(Summarize the bug encountered concisely.)
bind 9.11.3 make test failed.
paltform:
SunOS pepper 5.10 Generic_142901-10 i86pc i386 i86pc
config line:
./configure --enable-shared --enable-threads --with-libtool --with-openssl=/usr/local/ssl
openssl,gcc and perl version:
OpenSSL 1.0.2n 7 Dec 2017
This is perl 5, version 24, subversion 0 (v5.24.0) built for i86pc-solaris
gcc (GCC) 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
path etc:
PATH=/usr/local/perl5/bin:/usr/ccs/bin:/usr/local/ssl/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/usr/local/bin
### Steps to reproduce
(How one can reproduce the issue - this is very important.)
run as root.
cd /usr/local/src/bind/bind-9.11.3
./configure --enable-shared --enable-threads --with-libtool --with-openssl=/usr/local/ssl
make depend && make &&
make test
### What is the current *bug* behavior?
(What actually happens.)
no compile error but reports 3 errors (autosign, runtime and sfcache) in test.
results:
I:System test result summary:
I: 3 FAIL
I: 76 PASS
I: 5 SKIPPED
I: 1 UNTESTED
9.9.12 also reports 5 errors with same configuration.
I:System test result summary:
I: 5 FAIL
I: 58 PASS
I: 1 PKCS11ONLY
I: 4 SKIPPED
I: 1 UNTESTED
in 9.9.11-P1, no compile errors and no error reports in test.
### What is the expected *correct* behavior?
(What you should see instead.)
### Relevant configuration files
(Paste any relevant configuration files - please use code blocks (```)
to format console output. If submitting the contents of your
configuration file in a non-confidential Issue, it is advisable to
obscure key secrets: this can be done automatically by using
`named-checkconf -px`.)
### Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console
output, logs, and code, as it's very hard to read otherwise.)
S:autosign:Thu Mar 15 13:41:14 JST 2018
T:autosign:1:A
A:System test autosign
I:generating keys and preparing zones
I:setting up zone: secure.example
I:setting up zone: secure.nsec3.example
I:setting up zone: nsec3.nsec3.example
I:setting up zone: optout.nsec3.example
I:setting up zone: nsec3.example
I:setting up zone: autonsec3.example
I:setting up zone: secure.optout.example
I:setting up zone: nsec3.optout.example
I:setting up zone: optout.optout.example
I:setting up zone: optout.example
I:setting up zone: rsasha256.example
I:setting up zone: rsasha512.example
I:setting up zone: nsec.example
I:setting up zone: oldsigs.example
I:setting up zone: nsec3-to-nsec.example
I:setting up zone: secure-to-insecure.example
I:setting up zone: secure-to-insecure2.example
I:setting up zone: prepub.example
I:setting up zone: ttl1.example
I:setting up zone: ttl2.example
I:setting up zone: ttl3.example
I:setting up zone: ttl4.example
I:setting up zone: delay.example
I:setting up zone: nozsk.example
I:setting up zone: inaczsk.example
I:setting up zone: reconf.example
I:setting up zone: sync.example
I:setting up zone: inacksk2.example
I:setting up zone: inaczsk2.example
I:setting up zone: inacksk3.example
I:setting up zone: inaczsk3.example
I:waiting for autosign changes to take effect
I:waiting ... (1)
I:waiting ... (2)
I:waiting ... (3)
I:done
I:check that zone with active and inactive KSK and active ZSK is properly
I: resigned after the active KSK is deleted - stage 1: Verify that DNSKEY
I: is initially signed with a KSK and not a ZSK. (1)
dnssec-settime: fatal: Invalid keyfile Kinacksk3.example.+007+%05uu: file not found
I:check that zone with active and inactive ZSK and active KSK is properly
I: resigned after the active ZSK is deleted - stage 1: Verify that zone
I: is initially signed with a ZSK and not a KSK. (2)
dnssec-settime: fatal: Invalid keyfile Kinaczsk3.example.+007+%05uu: file not found
I:checking NSEC->NSEC3 conversion prerequisites (3)
I:checking NSEC3->NSEC conversion prerequisites (4)
I:converting zones from nsec to nsec3
I:preset nsec3param in unsigned zone via nsupdate (5)
I:checking for nsec3param in unsigned zone (5)
I:checking for nsec3param signing record (6)
I:resetting nsec3param via rndc signing (7)
I:signing preset nsec3 zone
I:waiting for changes to take effect
I:converting zone from nsec3 to nsec
I:waiting for change to take effect
I:checking that expired RRSIGs from missing key are not deleted (8)
I:checking that expired RRSIGs from inactive key are not deleted (9)
I:checking that non-replaceable RRSIGs are logged only once (missing private key) (10)
I:checking that non-replaceable RRSIGs are logged only once (inactive private key) (11)
I:dumping zone files
I:checking expired signatures were updated (12)
I:checking NSEC->NSEC3 conversion succeeded (13)
I:checking direct NSEC3 autosigning succeeded (14)
I:checking NSEC->NSEC3 conversion failed with NSEC-only key (15)
I:checking NSEC3->NSEC conversion succeeded (16)
I:checking NSEC3->NSEC conversion with 'rndc signing -nsec3param none' (17)
I:checking TTLs of imported DNSKEYs (no default) (18)
I:checking TTLs of imported DNSKEYs (with default) (19)
I:checking TTLs of imported DNSKEYs (mismatched) (20)
I:checking TTLs of imported DNSKEYs (existing RRset) (21)
I:checking positive validation NSEC (22)
I:checking positive validation NSEC3 (23)
I:checking positive validation OPTOUT (24)
I:checking negative validation NXDOMAIN NSEC (25)
I:checking negative validation NXDOMAIN NSEC3 (26)
I:checking negative validation NXDOMAIN OPTOUT (27)
I:checking negative validation NODATA NSEC (28)
I:checking negative validation NODATA NSEC3 (29)
I:checking negative validation NODATA OPTOUT (30)
I:checking 1-server insecurity proof NSEC (31)
I:checking 1-server negative insecurity proof NSEC (32)
I:checking multi-stage positive validation NSEC/NSEC (33)
I:checking multi-stage positive validation NSEC/NSEC3 (34)
I:checking multi-stage positive validation NSEC/OPTOUT (35)
I:checking multi-stage positive validation NSEC3/NSEC (36)
I:checking multi-stage positive validation NSEC3/NSEC3 (37)
I:checking multi-stage positive validation NSEC3/OPTOUT (38)
I:checking multi-stage positive validation OPTOUT/NSEC (39)
I:checking multi-stage positive validation OPTOUT/NSEC3 (40)
I:checking multi-stage positive validation OPTOUT/OPTOUT (41)
I:checking empty NODATA OPTOUT (42)
I:checking 2-server insecurity proof (43)
I:checking 2-server insecurity proof with a negative answer (44)
I:checking security root query (45)
I:checking positive validation RSASHA256 NSEC (46)
I:checking positive validation RSASHA512 NSEC (47)
I:checking that positive validation in a privately secure zone works (48)
I:checking that negative validation in a privately secure zone works (49)
I:checking privately secure to nxdomain works (50)
I:checking that validation returns insecure due to revoked trusted key (51)
I:checking that revoked key is present (52)
I:checking that revoked key self-signs (53)
I:checking for unpublished key (54)
I:checking for activated but unpublished key (55)
I:checking that standby key does not sign records (56)
I:checking that deactivated key does not sign records (57)
I:checking insertion of public-only key (58)
I:checking key deletion (59)
I:checking secure-to-insecure transition, nsupdate (60)
I:checking secure-to-insecure transition, scheduled (61)
I:checking that serial number and RRSIGs are both updated (rt21045) (62)
I:preparing to test key change corner cases
I:removing a private key file
I:preparing ZSK roll
I:revoking key to duplicated key ID
dnssec-settime: warning: Permissions on the file ns2/Kbar.+005+30676.private have changed from 0644 to 0600 as a result of this operation.
I:waiting for changes to take effect
I:checking former standby key is now active (63)
I:checking former standby key has only signed incrementally (64)
I:checking that signing records have been marked as complete (65)
I:forcing full sign
I:waiting for change to take effect
I:checking former standby key has now signed fully (66)
I:checking SOA serial number has been incremented (67)
I:checking delayed key publication/activation (68)
I:checking scheduled key publication, not activation (69)
I:waiting for changes to take effect
I:checking scheduled key activation (70)
I:waiting for changes to take effect
I:checking former active key was removed (71)
I:checking private key file removal caused no immediate harm (72)
I:checking revoked key with duplicate key ID (failure expected) (73)
I:not yet implemented
I:checking key event timers are always set (74)
I:checking automatic key reloading interval (75)
I:checking for key reloading loops (76)
I:forcing full sign with unreadable keys (77)
I:test turning on auto-dnssec during reconfig (78)
I:ns3 zone 'reconf.example' reconfigured.
I:test CDS and CDNSKEY auto generation (79)
I:setting CDS and CDNSKEY deletion times and calling 'rndc loadkeys'
ns3/Ksync.example.+007+13704.key
ns3/Ksync.example.+007+13704.private
I:waiting for deletion to occur
I:checking that the CDS and CDNSKEY are deleted (80)
I:check that dnssec-settime -p Dsync works (81)
I:check that dnssec-settime -p Psync works (82)
I:check that zone with inactive KSK and active ZSK is properly autosigned (83)
I:check that zone with inactive ZSK and active KSK is properly autosigned (84)
I:check that zone with active and inactive KSK and active ZSK is properly
I: resigned after the active KSK is deleted - stage 2: Verify that DNSKEY
I: is now signed with the ZSK. (85)
I:failed
I:check that zone with active and inactive ZSK and active KSK is properly
I: resigned after the active ZSK is deleted - stage 2: Verify that zone
I: is now signed with the KSK. (86)
I:failed
I:exit status: 2
R:FAIL
E:autosign:Thu Mar 15 13:43:40 JST 2018
S:runtime:Thu Mar 15 14:16:31 JST 2018
T:runtime:1:A
A:System test runtime
I:verifying that named started normally (1)
I:verifying that named checks for conflicting listeners (2)
I:verifying that named checks for conflicting named processes (3)
I:verifying that 'lock-file none' disables process check (4)
I: checking that named refuses to reconfigure if managed-keys-directory is set and not writable (5)
I:failed
I: checking that named refuses to reconfigure if managed-keys-directory is unset and working directory is not writable (6)
I:failed
I: checking that named reconfigures if working directory is not writable but managed-keys-directory is (7)
I: shutting down existing named
I: checking that named refuses to start if managed-keys-directory is set and not writable (8)
I:failed
I: checking that named refuses to start if managed-keys-directory is unset and working directory is not writable (9)
I: checking that named starts if managed-keys-directory is writable and working directory is not writable (10)
I:exit status: 3
R:FAIL
E:runtime:Thu Mar 15 14:16:47 JST 2018
S:sfcache:Thu Mar 15 14:16:47 JST 2018
T:sfcache:1:A
A:System test sfcache
I:checking DNSSEC SERVFAIL is cached (0)
I:checking SERVFAIL is returned from cache (1)
I:checking that +cd bypasses cache check (2)
I:disabling server to force non-dnssec SERVFAIL
I:checking SERVFAIL is cached (3)
I:checking SERVFAIL is returned from cache (4)
I:checking with +cd query (5)
I:failed
I:checking with +dnssec query (6)
I:failed
I:exit status: 2
R:FAIL
E:sfcache:Thu Mar 15 14:16:54 JST 2018
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)