diff --git a/bin/tests/system/checkds/README b/bin/tests/system/checkds/README index 7fe17db212..ec38140355 100644 --- a/bin/tests/system/checkds/README +++ b/bin/tests/system/checkds/README @@ -12,19 +12,28 @@ information regarding copyright ownership. The test setup for the checkds tests. These servers are parent servers: +- ns1 is the root server. + - ns2 is a primary authoritative server that serves the parent zone for zones configured in ns9. -- ns3 is a resolver that can be configured as a parental agent. - ns4 is the secondary server for ns2. +- ns8 is the secondary server for ns2 that is not part of the NS RRset, + used for testing explicit parental-agents. + - ns5 is a primary authoritative server that serves the parent zone for zones configured in ns9, but this one does not publish DS records (to test cases - where the DS is missing). + where the DS is missing and the DS needs to be withdrawn). +- ns7 is the secondary server for ns5. +- ns10 is the secondary server for ns5 that is not part of the NS RRset, + used for testing explicit parental-agents. + - ns6 is an authoritative server for a different zone, to test badly configured parental agents. -- ns7 is the secondary server for ns5. -Finally, ns9 is the authoritative server for the various DNSSEC enabled test -domains. +- ns3 is a resolver that can be configured as a parental agent. + +- Finally, ns9 is the authoritative server for the various DNSSEC enabled test + domains. We need multiple test cases for testing the "checkds" functionality. Basically, the behavior of "checkds" is of importance in three cases: diff --git a/bin/tests/system/checkds/ns10/named.conf.in b/bin/tests/system/checkds/ns10/named.conf.in new file mode 100644 index 0000000000..a4939920a9 --- /dev/null +++ b/bin/tests/system/checkds/ns10/named.conf.in @@ -0,0 +1,89 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS10 + +options { + query-source address 10.53.0.10; + notify-source 10.53.0.10; + transfer-source 10.53.0.10; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.10; }; + listen-on-v6 { none; }; + allow-transfer { any; }; + recursion no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.10 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "ns2" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns2.db"; +}; + +zone "ns2-4" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns2-4.db"; +}; + +zone "ns2-4-5" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns2-4-5.db"; +}; + +zone "ns2-4-6" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns2-4-6.db"; +}; + +zone "ns2-5-7" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns2-5-7.db"; +}; + +zone "ns5" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns5.db"; +}; + +zone "ns5-6-7" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns5-6-7.db"; +}; + +zone "ns5-7" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns5-7.db"; +}; + +zone "ns6" { + type secondary; + primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; }; + file "ns6.db"; +}; diff --git a/bin/tests/system/checkds/ns2/named.conf.in b/bin/tests/system/checkds/ns2/named.conf.in index 4436fca811..ce2c089c42 100644 --- a/bin/tests/system/checkds/ns2/named.conf.in +++ b/bin/tests/system/checkds/ns2/named.conf.in @@ -42,8 +42,8 @@ zone "." { zone "ns2" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns2.db"; }; @@ -51,8 +51,8 @@ zone "ns2" { zone "ns2-4" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns2-4.db"; }; @@ -60,8 +60,8 @@ zone "ns2-4" { zone "ns2-4-5" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns2-4-5.db"; }; @@ -69,8 +69,8 @@ zone "ns2-4-5" { zone "ns2-4-6" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns2-4-6.db"; }; @@ -78,8 +78,8 @@ zone "ns2-4-6" { zone "ns2-5-7" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns2-5-7.db"; }; @@ -87,8 +87,8 @@ zone "ns2-5-7" { zone "ns5" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns5.db"; }; @@ -96,8 +96,8 @@ zone "ns5" { zone "ns5-6-7" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns5-6-7.db"; }; @@ -105,8 +105,8 @@ zone "ns5-6-7" { zone "ns5-7" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns5-7.db"; }; @@ -114,8 +114,8 @@ zone "ns5-7" { zone "ns6" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.2; 10.53.0.4; }; - also-notify { 10.53.0.4; }; + allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; }; + also-notify { 10.53.0.4; 10.53.0.8; }; dnssec-policy default; file "ns6.db"; }; diff --git a/bin/tests/system/checkds/ns5/named.conf.in b/bin/tests/system/checkds/ns5/named.conf.in index 0d558cd1fa..0648af8c1b 100644 --- a/bin/tests/system/checkds/ns5/named.conf.in +++ b/bin/tests/system/checkds/ns5/named.conf.in @@ -42,8 +42,8 @@ zone "." { zone "ns2" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns2.db"; }; @@ -51,8 +51,8 @@ zone "ns2" { zone "ns2-4" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns2-4.db"; }; @@ -60,8 +60,8 @@ zone "ns2-4" { zone "ns2-4-5" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns2-4-5.db"; }; @@ -69,8 +69,8 @@ zone "ns2-4-5" { zone "ns2-4-6" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns2-4-6.db"; }; @@ -78,8 +78,8 @@ zone "ns2-4-6" { zone "ns2-5-7" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns2-5-7.db"; }; @@ -87,8 +87,8 @@ zone "ns2-5-7" { zone "ns5" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns5.db"; }; @@ -96,8 +96,8 @@ zone "ns5" { zone "ns5-6-7" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns5-6-7.db"; }; @@ -105,8 +105,8 @@ zone "ns5-6-7" { zone "ns5-7" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns5-7.db"; }; @@ -114,8 +114,8 @@ zone "ns5-7" { zone "ns6" { type primary; allow-update { any; }; - allow-transfer { 10.53.0.5; 10.53.0.7; }; - also-notify { 10.53.0.7; }; + allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; }; + also-notify { 10.53.0.7; 10.53.0.10; }; dnssec-policy default; file "ns6.db"; }; diff --git a/bin/tests/system/checkds/ns8/named.conf.in b/bin/tests/system/checkds/ns8/named.conf.in new file mode 100644 index 0000000000..76690949db --- /dev/null +++ b/bin/tests/system/checkds/ns8/named.conf.in @@ -0,0 +1,89 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS8 + +options { + query-source address 10.53.0.8; + notify-source 10.53.0.8; + transfer-source 10.53.0.8; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.8; }; + listen-on-v6 { none; }; + allow-transfer { any; }; + recursion no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.8 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "ns2" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns2.db"; +}; + +zone "ns2-4" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns2-4.db"; +}; + +zone "ns2-4-5" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns2-4-5.db"; +}; + +zone "ns2-4-6" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns2-4-6.db"; +}; + +zone "ns2-5-7" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns2-5-7.db"; +}; + +zone "ns5" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns5.db"; +}; + +zone "ns5-6-7" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns5-6-7.db"; +}; + +zone "ns5-7" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns5-7.db"; +}; + +zone "ns6" { + type secondary; + primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; }; + file "ns6.db"; +}; diff --git a/bin/tests/system/checkds/ns9/named.conf.in b/bin/tests/system/checkds/ns9/named.conf.in index dc6e26ad3c..d983f92b5d 100644 --- a/bin/tests/system/checkds/ns9/named.conf.in +++ b/bin/tests/system/checkds/ns9/named.conf.in @@ -36,8 +36,8 @@ controls { inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; -parental-agents "ns2" port @PORT@ { - 10.53.0.2; +parental-agents "ns8" port @PORT@ { + 10.53.0.8; }; zone "." { @@ -55,7 +55,8 @@ zone "good.explicit.dspublish.ns2" { file "good.explicit.dspublish.ns2.db"; inline-signing yes; dnssec-policy "default"; - parental-agents { 10.53.0.2 port @PORT@; }; + parental-agents { 10.53.0.8 port @PORT@; }; + checkds explicit; }; /* Same as above, but now with a reference to parental-agents. */ @@ -64,7 +65,8 @@ zone "reference.explicit.dspublish.ns2" { file "reference.explicit.dspublish.ns2.db"; inline-signing yes; dnssec-policy "default"; - parental-agents { "ns2"; }; + parental-agents { "ns8"; }; + checkds explicit; }; /* Same as above, but now with resolver parental agent configured. */ @@ -76,6 +78,7 @@ zone "resolver.explicit.dspublish.ns2" { parental-agents { 10.53.0.3 port @PORT@; }; + checkds explicit; }; /* Same as above, but now with auto parental agents. */ @@ -118,6 +121,7 @@ zone "not-yet.explicit.dspublish.ns5" { parental-agents { 10.53.0.5 port @PORT@; // missing }; + checkds explicit; }; zone "not-yet.yes.dspublish.ns5" { @@ -141,6 +145,7 @@ zone "bad.explicit.dspublish.ns6" { parental-agents { 10.53.0.6 port @PORT@; // bad }; + checkds explicit; }; zone "bad.yes.dspublish.ns6" { @@ -169,9 +174,10 @@ zone "good.explicit.dspublish.ns2-4" { inline-signing yes; dnssec-policy "default"; parental-agents { - 10.53.0.2 port @PORT@; + 10.53.0.8 port @PORT@; 10.53.0.4 port @PORT@; }; + checkds explicit; }; zone "good.yes.dspublish.ns2-4" { @@ -201,10 +207,11 @@ zone "incomplete.explicit.dspublish.ns2-4-5" { inline-signing yes; dnssec-policy "default"; parental-agents { - 10.53.0.2 port @PORT@; + 10.53.0.8 port @PORT@; 10.53.0.4 port @PORT@; 10.53.0.5 port @PORT@; // missing }; + checkds explicit; }; zone "incomplete.yes.dspublish.ns2-4-5" { @@ -226,10 +233,11 @@ zone "bad.explicit.dspublish.ns2-4-6" { inline-signing yes; dnssec-policy "default"; parental-agents { - 10.53.0.2 port @PORT@; + 10.53.0.8 port @PORT@; 10.53.0.4 port @PORT@; 10.53.0.6 port @PORT@; // bad }; + checkds explicit; }; zone "bad.yes.dspublish.ns2-4-6" { @@ -261,7 +269,8 @@ zone "good.explicit.dsremoved.ns5" { file "good.explicit.dsremoved.ns5.db"; inline-signing yes; dnssec-policy "insecure"; - parental-agents { 10.53.0.5 port @PORT@; }; + parental-agents { 10.53.0.10 port @PORT@; }; + checkds explicit; }; zone "resolver.explicit.dsremoved.ns5" { @@ -272,6 +281,7 @@ zone "resolver.explicit.dsremoved.ns5" { parental-agents { 10.53.0.3 port @PORT@; }; + checkds explicit; }; zone "good.yes.dsremoved.ns5" { @@ -311,6 +321,7 @@ zone "still-there.explicit.dsremoved.ns2" { parental-agents { 10.53.0.2 port @PORT@; // still published }; + checkds explicit; }; zone "still-there.yes.dsremoved.ns2" { @@ -334,6 +345,7 @@ zone "bad.explicit.dsremoved.ns6" { parental-agents { 10.53.0.6 port @PORT@; // bad }; + checkds explicit; }; zone "bad.yes.dsremoved.ns6" { @@ -362,9 +374,10 @@ zone "good.explicit.dsremoved.ns5-7" { inline-signing yes; dnssec-policy "insecure"; parental-agents { - 10.53.0.5 port @PORT@; + 10.53.0.10 port @PORT@; 10.53.0.7 port @PORT@; }; + checkds explicit; }; zone "good.yes.dsremoved.ns5-7" { @@ -395,9 +408,10 @@ zone "incomplete.explicit.dsremoved.ns2-5-7" { dnssec-policy "insecure"; parental-agents { 10.53.0.2 port @PORT@; // still published - 10.53.0.5 port @PORT@; + 10.53.0.10 port @PORT@; 10.53.0.7 port @PORT@; }; + checkds explicit; }; zone "incomplete.yes.dsremoved.ns2-5-7" { @@ -419,10 +433,11 @@ zone "bad.explicit.dsremoved.ns5-6-7" { inline-signing yes; dnssec-policy "insecure"; parental-agents { - 10.53.0.5 port @PORT@; + 10.53.0.10 port @PORT@; 10.53.0.7 port @PORT@; 10.53.0.6 port @PORT@; // bad }; + checkds explicit; }; zone "bad.yes.dsremoved.ns5-6-7" { diff --git a/bin/tests/system/checkds/setup.sh b/bin/tests/system/checkds/setup.sh index 2bfc2ca26d..828b2e6ace 100644 --- a/bin/tests/system/checkds/setup.sh +++ b/bin/tests/system/checkds/setup.sh @@ -25,7 +25,9 @@ copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns5/named.conf.in ns5/named.conf copy_setports ns6/named.conf.in ns6/named.conf copy_setports ns7/named.conf.in ns7/named.conf +copy_setports ns8/named.conf.in ns8/named.conf copy_setports ns9/named.conf.in ns9/named.conf +copy_setports ns10/named.conf.in ns10/named.conf # Setup zones ( diff --git a/bin/tests/system/checkds/tests_checkds.py b/bin/tests/system/checkds/tests_checkds.py index 7d8bb65e1d..cd936c88e8 100755 --- a/bin/tests/system/checkds/tests_checkds.py +++ b/bin/tests/system/checkds/tests_checkds.py @@ -249,7 +249,7 @@ def wait_for_log(filename, log): assert found -def checkds_dspublished(named_port, checkds): +def checkds_dspublished(named_port, checkds, addr): # We create resolver instances that will be used to send queries. server = dns.resolver.Resolver() server.nameservers = ["10.53.0.9"] @@ -269,7 +269,7 @@ def checkds_dspublished(named_port, checkds): wait_for_log( "ns9/named.run", "zone good.{}.dspublish.ns2/IN (signed): checkds: " - "DS response from 10.53.0.2".format(checkds), + "DS response from {}".format(checkds, addr), ) keystate_check(parent, "good.{}.dspublish.ns2.".format(checkds), "DSPublish") @@ -317,7 +317,7 @@ def checkds_dspublished(named_port, checkds): wait_for_log( "ns9/named.run", "zone good.{}.dspublish.ns2-4/IN (signed): checkds: " - "DS response from 10.53.0.2".format(checkds), + "DS response from {}".format(checkds, addr), ) wait_for_log( "ns9/named.run", @@ -334,7 +334,7 @@ def checkds_dspublished(named_port, checkds): wait_for_log( "ns9/named.run", "zone incomplete.{}.dspublish.ns2-4-5/IN (signed): checkds: " - "DS response from 10.53.0.2".format(checkds), + "DS response from {}".format(checkds, addr), ) wait_for_log( "ns9/named.run", @@ -357,7 +357,7 @@ def checkds_dspublished(named_port, checkds): wait_for_log( "ns9/named.run", "zone bad.{}.dspublish.ns2-4-6/IN (signed): checkds: " - "DS response from 10.53.0.2".format(checkds), + "DS response from {}".format(checkds, addr), ) wait_for_log( "ns9/named.run", @@ -380,7 +380,7 @@ def checkds_dspublished(named_port, checkds): # TBD: Check with TLS -def checkds_dswithdrawn(named_port, checkds): +def checkds_dswithdrawn(named_port, checkds, addr): # We create resolver instances that will be used to send queries. server = dns.resolver.Resolver() server.nameservers = ["10.53.0.9"] @@ -400,7 +400,7 @@ def checkds_dswithdrawn(named_port, checkds): wait_for_log( "ns9/named.run", "zone good.{}.dsremoved.ns5/IN (signed): checkds: " - "empty DS response from 10.53.0.5".format(checkds), + "empty DS response from {}".format(checkds, addr), ) keystate_check(parent, "good.{}.dsremoved.ns5.".format(checkds), "DSRemoved") @@ -449,7 +449,7 @@ def checkds_dswithdrawn(named_port, checkds): wait_for_log( "ns9/named.run", "zone good.{}.dsremoved.ns5-7/IN (signed): checkds: " - "empty DS response from 10.53.0.5".format(checkds), + "empty DS response from {}".format(checkds, addr), ) wait_for_log( "ns9/named.run", @@ -471,7 +471,7 @@ def checkds_dswithdrawn(named_port, checkds): wait_for_log( "ns9/named.run", "zone incomplete.{}.dsremoved.ns2-5-7/IN (signed): checkds: " - "empty DS response from 10.53.0.5".format(checkds), + "empty DS response from {}".format(checkds, addr), ) wait_for_log( "ns9/named.run", @@ -489,7 +489,7 @@ def checkds_dswithdrawn(named_port, checkds): wait_for_log( "ns9/named.run", "zone bad.{}.dsremoved.ns5-6-7/IN (signed): checkds: " - "empty DS response from 10.53.0.5".format(checkds), + "empty DS response from {}".format(checkds, addr), ) wait_for_log( "ns9/named.run", @@ -524,7 +524,7 @@ def test_checkds_reference(named_port): wait_for_log( "ns9/named.run", "zone reference.explicit.dspublish.ns2/IN (signed): " - "checkds: DS response from 10.53.0.2", + "checkds: DS response from 10.53.0.8", ) keystate_check(parent, "reference.explicit.dspublish.ns2.", "DSPublish") @@ -584,13 +584,13 @@ def test_checkds_no_ent(named_port): def test_checkds_dspublished(named_port): - checkds_dspublished(named_port, "explicit") - checkds_dspublished(named_port, "yes") + checkds_dspublished(named_port, "explicit", "10.53.0.8") + checkds_dspublished(named_port, "yes", "10.53.0.2") def test_checkds_dswithdrawn(named_port): - checkds_dswithdrawn(named_port, "explicit") - checkds_dswithdrawn(named_port, "yes") + checkds_dswithdrawn(named_port, "explicit", "10.53.0.10") + checkds_dswithdrawn(named_port, "yes", "10.53.0.5") def test_checkds_no(named_port):