From 2fdf01573c11ec3cf4105ba15ad42b925dff5cf9 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Tue, 7 Mar 2023 14:03:35 +0000
Subject: [PATCH 1/3] Fail early in doth system test when the expected failure
 doesn't happen

If wait_for_tls_xfer succeeds, while a failure was being expected,
set ret=1 to fail without further checking if the zone file exists.
---
 bin/tests/system/doth/tests.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index d22f0ef649..1e20cf16fe 100644
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -111,7 +111,7 @@ if [ -n "$run_san_tests" ]; then
 	ret=0
 	if retry_quiet 10 wait_for_tls_xfer 2 example3; then
 		grep "^;" "dig.out.ns2.example3.test$n" | cat_i
-		test -f "ns2/example3.db" && ret=1
+		ret=1
 	else
 		echo_i "timed out waiting for zone transfer"
 	fi
@@ -163,7 +163,7 @@ echo_i "testing incoming XoT functionality (from the first secondary, wrong host
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example7; then
 	grep "^;" "dig.out.ns2.example7.test$n" | cat_i
-	test -f "ns2/example7.db" && ret=1
+	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 fi
@@ -175,7 +175,7 @@ echo_i "testing incoming XoT functionality (from the first secondary, expired ce
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example8; then
 	grep "^;" "dig.out.ns2.example8.test$n" | cat_i
-	test -f "ns2/example8.db" && ret=1
+	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 fi
@@ -200,7 +200,7 @@ echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS,
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example10; then
 	grep "^;" "dig.out.ns2.example10.test$n" | cat_i
-	test -f "ns2/example10.db" && ret=1
+	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 fi
@@ -212,7 +212,7 @@ echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS,
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example11; then
 	grep "^;" "dig.out.ns2.example11.test$n" | cat_i
-	test -f "ns2/example11.db" && ret=1
+	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 fi
@@ -237,7 +237,7 @@ echo_i "testing incoming XoT functionality (from the second secondary, mismatchi
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 3 example2; then
 	grep "^;" "dig.out.ns3.example2.test$n" | cat_i
-	test -f "ns3/example2.db" && ret=1
+	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 fi

From 9672b6be574ed35b18f81a302e4ff21f15e59ee2 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Tue, 7 Mar 2023 14:08:52 +0000
Subject: [PATCH 2/3] Fix the placement of printing dig output comments in doth
 system test

There can be comments in dig output for a zone transfer only in case
of an error, so we should print those errors not when wait_for_tls_xfer
succeeds, but when it fails.

Also, there is no point in printing those comments when a failure was
indeed expected.
---
 bin/tests/system/doth/tests.sh | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index 1e20cf16fe..08c5186955 100644
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -96,10 +96,10 @@ n=$((n+1))
 echo_i "testing incoming XoT functionality (from the first secondary) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example; then
-	grep "^;" "dig.out.ns2.example.test$n" | cat_i
 	digcomp example.axfr.good "dig.out.ns2.example.test$n" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example.test$n" | cat_i
 	ret=1
 fi
 if test $ret != 0 ; then echo_i "failed"; fi
@@ -110,7 +110,6 @@ if [ -n "$run_san_tests" ]; then
 	echo_i "testing incoming XoT functionality (from the first secondary, no SubjectAltName, failure expected) ($n)"
 	ret=0
 	if retry_quiet 10 wait_for_tls_xfer 2 example3; then
-		grep "^;" "dig.out.ns2.example3.test$n" | cat_i
 		ret=1
 	else
 		echo_i "timed out waiting for zone transfer"
@@ -123,10 +122,10 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via implicit IP) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example4; then
-	grep "^;" "dig.out.ns2.example4.test$n" | cat_i
 	test -f "ns2/example4.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example4.test$n" | cat_i
 	ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -136,10 +135,10 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv4) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example5; then
-	grep "^;" "dig.out.ns2.example5.test$n" | cat_i
 	test -f "ns2/example5.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example5.test$n" | cat_i
 	ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -149,10 +148,10 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv6) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example6; then
-	grep "^;" "dig.out.ns2.example6.test$n" | cat_i
 	test -f "ns2/example6.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example6.test$n" | cat_i
 	ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -162,7 +161,6 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, wrong hostname, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example7; then
-	grep "^;" "dig.out.ns2.example7.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -174,7 +172,6 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, expired certificate, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example8; then
-	grep "^;" "dig.out.ns2.example8.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -186,10 +183,10 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example9; then
-	grep "^;" "dig.out.ns2.example9.test$n" | cat_i
 	test -f "ns2/example9.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example9.test$n" | cat_i
 	ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -199,7 +196,6 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS, no client cert, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example10; then
-	grep "^;" "dig.out.ns2.example10.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -211,7 +207,6 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS, expired client cert, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example11; then
-	grep "^;" "dig.out.ns2.example11.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -223,10 +218,10 @@ n=$((n+1))
 echo_i "testing incoming XoT functionality (from the second secondary) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 3 example; then
-	grep "^;" "dig.out.ns3.example.test$n" | cat_i
 	digcomp example.axfr.good "dig.out.ns3.example.test$n" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns3.example.test$n" | cat_i
 	ret=1
 fi
 if test $ret != 0 ; then echo_i "failed"; fi
@@ -236,7 +231,6 @@ n=$((n+1))
 echo_i "testing incoming XoT functionality (from the second secondary, mismatching ciphers, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 3 example2; then
-	grep "^;" "dig.out.ns3.example2.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -248,10 +242,10 @@ n=$((n+1))
 echo_i "testing incoming XoT functionality (from the third secondary) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 4 example; then
-	grep "^;" "dig.out.ns4.example.test$n" | cat_i
 	digcomp example.axfr.good "dig.out.ns4.example.test$n" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns4.example.test$n" | cat_i
 	ret=1
 fi
 if test $ret != 0 ; then echo_i "failed"; fi

From 5d5d4b523be029b4781fc53c3c95143d783db39f Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Tue, 7 Mar 2023 14:12:10 +0000
Subject: [PATCH 3/3] Retry multiple times in doth test when checking if the
 zone file exists

Dumping of the freshly transferred zone file can take some time.

Retry 5 times before failing.

The log excerpt below shows such a case, when dumping lasted more than
two seconds.

    06-Mar-2023 09:32:09.973 zone example6/IN: Transfer started.
    06-Mar-2023 09:32:10.301 zone example6/IN: zone transfer finished: success
    06-Mar-2023 09:32:10.301 zone_dump: zone example6/IN: enter
    06-Mar-2023 09:32:11.789 client @0x7fe9ab435d68 10.53.0.10#44113 (example6): AXFR request
    06-Mar-2023 09:32:11.801 client @0x7fe9ab435d68 10.53.0.10#44113 (example6): transfer of 'example6/IN': AXFR ended: 5 messages, 2676 records, 55815 bytes, 0.011 secs (5074090 bytes/sec) (serial 1397051952)
    06-Mar-2023 09:32:12.409 zone_gotwritehandle: zone example6/IN: enter
    06-Mar-2023 09:32:12.421 dump_done: zone example6/IN: enter
    06-Mar-2023 09:32:12.421 zone_journal_compact: zone example6/IN: target journal size 53044
---
 bin/tests/system/doth/tests.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index 08c5186955..eb631319c9 100644
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -122,7 +122,7 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via implicit IP) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example4; then
-	test -f "ns2/example4.db" || ret=1
+	retry_quiet 5 test -f "ns2/example4.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 	grep "^;" "dig.out.ns2.example4.test$n" | cat_i
@@ -135,7 +135,7 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv4) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example5; then
-	test -f "ns2/example5.db" || ret=1
+	retry_quiet 5 test -f "ns2/example5.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 	grep "^;" "dig.out.ns2.example5.test$n" | cat_i
@@ -148,7 +148,7 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv6) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example6; then
-	test -f "ns2/example6.db" || ret=1
+	retry_quiet 5 test -f "ns2/example6.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 	grep "^;" "dig.out.ns2.example6.test$n" | cat_i
@@ -183,7 +183,7 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example9; then
-	test -f "ns2/example9.db" || ret=1
+	retry_quiet 5 test -f "ns2/example9.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
 	grep "^;" "dig.out.ns2.example9.test$n" | cat_i