ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Add regression test for [GL !3735]

Browse Source 
Check that resign interval is actually in days rather than hours
by checking that RRSIGs are all within the allowed day range.

(cherry picked from commit 11ecf7901b)
This commit is contained in:
Mark Andrews
2020-06-25 21:27:29 +10:00
parent 31005d61ae
commit 90154d203b
4 changed files with 193 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
bin/tests/system/dnssec/tests.sh
View File

@@ -4253,5 +4253,16 @@ n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
echo_i "checking sig-validity-interval second field hours vs days ($n)"
ret=0
# zone configured with 'sig-validity-interval 500 499;'
# 499 days in the future w/ a 20 minute runtime to now allowance
min=$(TZ=UTC $PERL -e '@lt=localtime(time() + 499*3600*24 - 20*60); printf "%.4d%0.2d%0.2d%0.2d%0.2d%0.2d\n",$lt[5]+1900,$lt[4]+1,$lt[3],$lt[2],$lt[1],$lt[0];')
dig_with_opts @10.53.0.2 hours-vs-days AXFR > dig.out.ns2.test$n
awk -v min=$min '$4 == "RRSIG" { if ($9 < min) { exit(1); } }' dig.out.ns2.test$n || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1