The "exceeded time limit waiting for literal 'too many DNS UPDATEs
queued' in ns1/named.run" is prone to fail due to a timing issue.
Despite out efforts to stabilize it, the check still often fails on
FreeBSD in our CI. Allow the test to be re-run on this platform.
(cherry picked from commit 124882476b)
This test has been unstable for a long while, especially the check
"statistics:verifying active sockets output in named.stats". Allow the
statistics test to be re-run to avoid frequent false positives.
This file was missing explicit dnssec-validation. Seems like it was
missed in our previous efforts, probably because of the different
filename / extension. Rename it to end with *.in to reflect that it is a
template file used by copy_setports.
(cherry picked from commit 68234372a5)
This is a followup for !8063, which backported !7999. The configuration
file layout for these files have changed (main branch has
named-fips.conf), which is probably why these bits were missed during a
backport.
In Net::DNS 1.42 $ns->main_loop no longer loops. Use current methods
for starting the server, wait for SIGTERM then cleanup child processes
using $ns->stop_server(), then remove the pid file.
(cherry picked from commit c2c59dea60)
When transitioning from one NSEC3 chain to another it is legal for
there to be multiple complete chains in the zone with multiple
NSEC3PARAM records. Handle this intermediate state by checking
for the expected length in the loop.
When changing the NSEC3 chain, the new NSEC3 chain must be built before
the old NSEC3PARAM is removed. Check each delta in the conversion to
ensure this ordering is met.
(cherry picked from commit 1d6b892e04)
When transitioning from NSEC3 to NSEC the NSEC3 must be built before
the NSEC3PARAM is removed. Check each delta in the conversion to
ensure this ordering is met.
(cherry picked from commit 7d90c056b0)
When transitioning from NSEC3 to NSEC the added records where not
being signed because the wrong time was being used to determine if
a key should be used or not. Check that these records are actually
signed.
(cherry picked from commit bdb42d3838)
The check_loaded() function compares the zone's loadtime value and
an expected loadtime value, which is based on the zone file's mtime
extracted from the filesystem.
For the secondary zones there may be cases, when the zone file isn't
ready yet before the zone transfer is complete and the zone file is
dumped to the disk, so a so zero value mtime is retrieved.
In such cases wait one second and retry until timeout. Also modify
the affected check to allow a possible difference of the same amount
of seconds as the chosen timeout value.
(cherry picked from commit 4e94ff2541)
these options control default timing of retries in the resolver
for experimental purposes; they are not known to useful in production
environments. they will be removed in the future; for now, we
only log a warning if they are used.
(cherry picked from commit 4aaa4f7dca)
This commit extends the 'doth' system tests with additional secondary
NS instance that reuses the same 'tls' entry for connecting the the
primary to download zones. This configurations were known to crash
secondaries in some cases.
(cherry picked from commit 10e626111f)
Create a utility package for code shared by the python tests. The
utility functions should use reasonable defaults and be split up into
modules according to their functionality.
Ensure assert rewriting is enabled for the modules to get the most
useful output from pytest.
(cherry picked from commit cba5a1d62c)
The ports fixture provides the required port numbers already and there's
no need to get the port number from environment.
(cherry picked from commit f0481c8600)
By default, the useful assertion message rewrite is used by pytest for
test modules only. Since another module is imported with shared
functionality, ensure it has pytest's assertion message rewriting
enabled to obtain more debug information in case it fails.
(cherry picked from commit a57af8163a)
This file is executed outside of pytest with pure python, which doesn't
do any AssertionError message rewriting like pytest. Ensure the assert
messages in this file provide a useful debug message.
(cherry picked from commit 767f4670c6)
This enables the "logfileconfig" and "rpzextra" system tests to pass
when named is started under the supervision of rr (USE_RR=1).
(cherry picked from commit 422286e9c2)
When all the servers are exhausted for UDP setup emit "no servers
could be reached" in udp_ready(). This message can also be emitted
for a recv_done() error and for TCP connection failure similarly.
(cherry picked from commit 4d529ee12a)
When all the servers are exhausted for TCP emit "no servers could
be reached" in tcp_connected. This message is already emitted for
UDP.
(cherry picked from commit 831efa40d6)
