"rpz" system test does not wait until manual-update-rpz is processed
The manual-update-rpz RPZ might not yet be processed by ns3 by the time it receives the first walled.tld2/A query, in which case a false positive for the "rpz" system test would be triggered due to dig receiving an unexpected NXDOMAIN response. See https://gitlab.isc.org/isc-projects/bind9/-/jobs/187560 for an example occurrence of this issue:
-
ns3/named.run:
05-Mar-2019 03:01:09.613 zone manual-update-rpz/IN: loaded serial 1
(...)
05-Mar-2019 03:01:09.639 rpz: manual-update-rpz: reload start
(...)
05-Mar-2019 03:01:09.668 client @0x620000010090 10.53.0.1#49014 (walled.tld2): query (cache) 'walled.tld2/A/IN' approved
(...)
05-Mar-2019 03:01:09.691 rpz: manual-update-rpz: reload done
(...)
05-Mar-2019 03:01:10.822 client @0x620000040090 10.53.0.1#36875 (walled.tld2): query (cache) 'walled.tld2/A/IN' approved-
dig.out.11.before:
; <<>> DiG 9.15.0-dev <<>> -p 11600 @10.53.0.3 walled.tld2
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4962
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6253f4738fe476eff297363c5c7de6752dfeabe783f68759 (good)
;; QUESTION SECTION:
;walled.tld2. IN A
;; AUTHORITY SECTION:
tld2. 60 IN SOA tld2. hostmaster.ns.tld2. 1 3600 1200 604800 60
;; Query time: 65 msec
;; SERVER: 10.53.0.3#11600(10.53.0.3)
;; WHEN: Tue Mar 05 03:01:09 UTC 2019
;; MSG SIZE rcvd: 122
I believe this is just an imperfection in a new test added by commit ce5476ac (part of !1507 (merged)), not a regression or a named bug.
@matthijs, since you appear to have written the failing test, I am assigning this issue to you.