3102. [func] New 'dnssec-loadkeys-interval' option configures

how often, in minutes, to check the key repository for updates when using automatic key maintenance. Default is every 60 minutes (formerly hard-coded to 12 hours). [RT #23744] 3101. [bug] Zones using automatic key maintenance could fail to check the key repository for updates. [RT #23744]
2011-04-29 21:37:15 +00:00
parent a1813ce2c3
commit 39f2d1a96a
11 changed files with 161 additions and 46 deletions
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: tests.sh,v 1.20 2011/03/25 23:53:02 each Exp $
+# $Id: tests.sh,v 1.21 2011/04/29 21:37:14 each Exp $

 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -879,6 +879,43 @@ grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || lret=1
 n=`expr $n + 1`
 if [ $lret != 0 ]; then echo "I:not yet implemented"; fi

+echo "I:checking key event timers are always set ($n)"
+# this is a regression test for a bug in which the next key event could
+# be scheduled for the present moment, and then never fire.  check for
+# visible evidence of this error in the logs:
+awk '/next key event/ {if ($1 == $8 && $2 == $9) exit 1}' */named.run || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# this confirms that key events are never scheduled more than
+# 'dnssec-loadkeys-interval' minutes in the future, and that the 
+# last event scheduled is precisely that far in the future.
+check_interval () {
+        awk '/next key event/ {print $2 ":" $9}' $1/named.run |
+            awk -F: -vinterval=$2 '
+                     {
+                       if ($6 == 0)
+                         $6 = 25;
+                       x = ($6+ $5*60 + $4*3600) - ($3 + $2*60 + $1*3600);
+                       if (x != int(x))
+                         x = int(x + 1);
+                       if (x > interval)
+                         exit (1);
+                     }
+                     END { if (x != interval) exit(1) }'
+        return $?
+}
+
+echo "I:checking automatic key reloading interval ($n)"
+ret=0
+check_interval ns1 3600 || ret=1
+check_interval ns2 1800 || ret=1
+check_interval ns3 600 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"

 exit $status