Skip to content

Fix intermittent kasp test failure

Matthijs Mekking requested to merge 2624-kasp-test-failure-job-1630205-v9_16 into v9_16

The kasp system test performs for each zone a couple of checks to make sure the zone is signed correctly. To avoid test failures caused by timing issues, there is first a check to ensure the zone is done signing, 'wait_for_done_signing'. This function waits with the DNSSEC checks until a "zone_rekey done" log message is seen for a specific key.

Unfortunately this is not sufficient to avoid test failures due to timing issues, because there is a small amount of time in between this log message and the newly signed zone actually being served.

Therefore, in 'check_apex', retry for three seconds the DNSKEY query check. After that, additional checks should pass without retries, because at that point we know for sure the zone has been resigned with the expected keys.

Also reduce the number of redundant 'check_signatures'

(cherry picked from commit 572f421d)

Closes #2624 (closed)

Merge request reports