Change max NSEC3 iterations in system tests to 50

The dnssec and nsupdate system tests need to be adjusted to accept
a lower maximum value for NSEC3 iterations.

bin/tests/system/dnssec/tests.sh

@@ -1467,7 +1467,7 @@ ret=0
 (
   cd signer/general || exit 0
   rm -f signed.zone
-  $SIGNER -f signed.zone -3 - -H 151 -o example.com. test9.zone >signer.out.$n
+  $SIGNER -f signed.zone -3 - -H 51 -o example.com. test9.zone >signer.out.$n
   test -f signed.zone
 ) && ret=1
 n=$((n + 1))
@@ -1492,7 +1492,7 @@ ret=0
 (
   cd signer/general || exit 1
   rm -f signed.zone
-  $SIGNER -f signed.zone -3 - -H 150 -o example.com. test9.zone >signer.out.$n
+  $SIGNER -f signed.zone -3 - -H 50 -o example.com. test9.zone >signer.out.$n
   test -f signed.zone
 ) || ret=1
 n=$((n + 1))
@@ -4317,8 +4317,8 @@ status=$((status + ret))
 
 echo_i "checking excessive NSEC3 iteration warnings in named.run ($n)"
 ret=0
-grep "zone too-many-iterations/IN: excessive NSEC3PARAM iterations [0-9]* > 150" ns2/named.run >/dev/null 2>&1 || ret=1
-grep "zone too-many-iterations/IN: excessive NSEC3PARAM iterations [0-9]* > 150" ns3/named.run >/dev/null 2>&1 || ret=1
+grep "zone too-many-iterations/IN: excessive NSEC3PARAM iterations [0-9]* > 50" ns2/named.run >/dev/null 2>&1 || ret=1
+grep "zone too-many-iterations/IN: excessive NSEC3PARAM iterations [0-9]* > 50" ns3/named.run >/dev/null 2>&1 || ret=1
 n=$((n + 1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status + ret))

bin/tests/system/nsupdate/tests.sh

@@ -433,7 +433,7 @@ if $PERL -e 'use Net::DNS;' 2>/dev/null; then
     n=$((n + 1))
     ret=0
     echo_i "check for too many NSEC3 iterations log ($n)"
-    grep "updating zone 'update.nil/IN': too many NSEC3 iterations (151)" ns1/named.run >/dev/null || ret=1
+    grep "updating zone 'update.nil/IN': too many NSEC3 iterations (51)" ns1/named.run >/dev/null || ret=1
     [ $ret -eq 1 ] && {
       echo_i "failed"
       status=1
@@ -1899,9 +1899,9 @@ echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)
 $NSUPDATE -d <<END >nsupdate.out.test$n 2>&1 && ret=1
 server 10.53.0.3 ${PORT}
 zone example
-update add example 0 in NSEC3PARAM 1 0 151 -
+update add example 0 in NSEC3PARAM 1 0 51 -
 END
-grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out.test$n >/dev/null || ret=1
+grep "NSEC3PARAM has excessive iterations (> 50)" nsupdate.out.test$n >/dev/null || ret=1
 [ $ret = 0 ] || {
   echo_i "failed"
   status=1

bin/tests/system/nsupdate/update_test.pl

@@ -417,8 +417,8 @@ if ($Net::DNS::VERSION < 1.01) {
     print "skipped Excessive NSEC3PARAM iterations; Net::DNS too old.\n";
 } else {
     section("Excessive NSEC3PARAM iterations");
-    test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 151 -")]);
-    test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 150 -")]);
+    test("REFUSED", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 51 -")]);
+    test("NOERROR", ["update", rr_add("$zone 300 NSEC3PARAM 1 0 50 -")]);
 }
 
 if ($failures) {