Skip to content

Fix the fully signed zone check in dupsigs test

Tom Krizek requested to merge tkrizek/dupsigs-fully-signed-check-9.16 into bind-9.16

In v9.16, the number of expected signatures for the fully signed dupsigs zone is 1009 rather than 1008, since there is one extra DNSKEY signature. The test itself checks for the correct number, but the barrier which waits for the zone to be fully signed doesn't.

In practice, this had the effect of always waiting the full 30 seconds for the zone to be signed. Afterwards, the wait barrier would fail. However, the return code isn't handled, so the test would proceed and succeed anyway, since 30 seconds was enough time for the zone to get fully signed.

This issue was introduced during a backport in commit 4840d6f9.

Fixes the 9.16-backport of !6998 (merged)

Merge request reports