4782. [test] dnssec: 'checking positive and negative validation

with negative trust anchors' required more time to complete on some machines. [RT #46386]
2017-10-25 09:13:05 +11:00
parent a94d68ce43
commit 6b8e4d6e69
3 changed files with 8 additions and 4 deletions
--- a/bin/tests/system/dnssec/ns4/named1.conf
+++ b/bin/tests/system/dnssec/ns4/named1.conf
@@ -24,8 +24,8 @@ options {
 	dnssec-must-be-secure mustbesecure.example yes;
 	minimal-responses no;

-	nta-lifetime 10s;
-	nta-recheck 7s;
+	nta-lifetime 12s;
+	nta-recheck 9s;

 	# Note: We only reference the bind.keys file here to confirm that it
 	# is *not* being used.  It contains the real root key, and we're
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -1722,7 +1722,7 @@ echo "I: waiting for NTA rechecks/expirations"
 # fakenode.secure.example should both be lifted, but badds.example
 # should still be going.
 #
-$PERL -e 'my $delay =  '$start' + 8 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
+$PERL -e 'my $delay =  '$start' + 10 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
 $DIG $DIGOPTS b.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.8 || ret=1
 grep "status: SERVFAIL" dig.out.ns4.test$n.8 > /dev/null && ret=1
 grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.8 > /dev/null || ret=1
@@ -1742,7 +1742,7 @@ ret=0
 # it should still be NTA'd, but badds.example used the default
 # lifetime of 10s, so it should revert to SERVFAIL now.
 #
-$PERL -e 'my $delay = '$start' + 11 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
+$PERL -e 'my $delay = '$start' + 13 - time(); select(undef, undef, undef, $delay) if ($delay > 0);'
 # check nta table
 $RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 nta -d > rndc.out.ns4.test$n._11
 lines=`grep " expiry " rndc.out.ns4.test$n._11 | wc -l`