tests: disable dnssec/no_resign for NSEC3

Import zene gets signed in NSEC3 mode because the server maintains the NSEC3PARAM life time.

tests: disable dnssec/no_resign for NSEC3
31c75de2 · Jan Včelák · 398f7ea4 · 31c75de2
Commit 31c75de2 authored 8 years ago by Jan Včelák
--- a/tests-extra/tests/dnssec/no_resign/test.py
+++ b/tests-extra/tests/dnssec/no_resign/test.py
@@ -22,33 +22,30 @@ def only_nsec_changed(server, zone, serial):

 t = Test()

+# Check only static zone and NSEC zone. NSEC3 zone would be immediately
+# re-signed because the server controls the NSEC3PARAM life time.
+
 master = t.server("knot")
 nsec_zone = t.zone_rnd(1, dnssec=True, nsec3=False)
-nsec3_zone = t.zone_rnd(1, dnssec=True, nsec3=True)
 static_zone = t.zone("example.", storage=".")
 t.link(nsec_zone, master)
-t.link(nsec3_zone, master)
 t.link(static_zone, master)

 t.start()

 # Get zone serial.
 old_nsec_serial = master.zone_wait(nsec_zone)
-old_nsec3_serial = master.zone_wait(nsec3_zone)
 old_static_serial = master.zone_wait(static_zone)

 # Enable autosigning.
 master.dnssec(nsec_zone).enable = True
-master.dnssec(nsec3_zone).enable = True
 master.dnssec(static_zone).enable = True
 master.use_keys(nsec_zone)
-master.use_keys(nsec3_zone)
 master.use_keys(static_zone)
 master.gen_confile()
 master.reload()

 new_nsec_serial = master.zone_wait(nsec_zone)
-new_nsec3_serial = master.zone_wait(nsec3_zone)
 new_static_serial = master.zone_wait(static_zone)

 # Check if the zones are resigned.
@@ -56,7 +53,6 @@ if old_nsec_serial != new_nsec_serial:
    if not only_nsec_changed(master, nsec_zone, old_nsec_serial):
        set_err("NSEC zone got resigned")

-compare(old_nsec3_serial, new_nsec3_serial, "NSEC3 zone got resigned")
 compare(old_static_serial, new_static_serial, "static zone got resigned")

 t.stop()