From 6df9d13401857715256063c456935ed3653dd09e Mon Sep 17 00:00:00 2001
From: Daniel Salzman <daniel.salzman@nic.cz>
Date: Tue, 11 Jun 2019 16:17:30 +0200
Subject: [PATCH] tests-extra: add ldns-verify-zone to Zonefile.dnssec_verify()
---
tests-extra/README | 1 +
.../tests/dnssec/key_rollovers/test.py | 2 +-
tests-extra/tools/dnstest/server.py | 4 +--
tests-extra/tools/dnstest/zonefile.py | 33 ++++++++++++-------
4 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/tests-extra/README b/tests-extra/README
index 2951c0e61e..80ee6edcbe 100644
--- a/tests-extra/README
+++ b/tests-extra/README
@@ -7,6 +7,7 @@ python3-psutil
dnssec-signzone
dnssec-keygen
dnssec-verify
+ldnsutils
Bind >= 9.11
lsof
gawk
diff --git a/tests-extra/tests/dnssec/key_rollovers/test.py b/tests-extra/tests/dnssec/key_rollovers/test.py
index cf19830fc6..0e66c6014d 100644
--- a/tests-extra/tests/dnssec/key_rollovers/test.py
+++ b/tests-extra/tests/dnssec/key_rollovers/test.py
@@ -70,7 +70,7 @@ def check_zone(server, zone, slave, dnskeys, dnskey_rrsigs, cdnskeys, soa_rrsigs
t.xfr_diff(server, slave, zone)
server.zone_backup(zone, flush=True)
- server.zone_verify(zone)
+ server.zone_verify(zone, ldns_check=False) # ldns-verify-zone complains about RRSIG without corresponding DNSKEY
def wait_for_rrsig_count(t, server, rrtype, rrsig_count, timeout):
rtime = 0
diff --git a/tests-extra/tools/dnstest/server.py b/tests-extra/tools/dnstest/server.py
index 6700f68c30..80cf8ef316 100644
--- a/tests-extra/tools/dnstest/server.py
+++ b/tests-extra/tools/dnstest/server.py
@@ -657,10 +657,10 @@ class Server(object):
self.zones[zone.name].zfile.backup()
- def zone_verify(self, zone):
+ def zone_verify(self, zone, bind_check=None, ldns_check=None):
zone = zone_arg_check(zone)
- self.zones[zone.name].zfile.dnssec_verify()
+ self.zones[zone.name].zfile.dnssec_verify(bind_check, ldns_check)
def check_nsec(self, zone, nsec3=False, nonsec=False):
zone = zone_arg_check(zone)
diff --git a/tests-extra/tools/dnstest/zonefile.py b/tests-extra/tools/dnstest/zonefile.py
index eb16010bd3..c35ea3e782 100644
--- a/tests-extra/tools/dnstest/zonefile.py
+++ b/tests-extra/tools/dnstest/zonefile.py
@@ -115,21 +115,32 @@ class ZoneFile(object):
except OSError:
raise Exception("Can't create zone file '%s'" % self.path)
- def dnssec_verify(self):
+ def dnssec_verify(self, bind_check=True, ldns_check=True):
'''Call dnssec-verify on the zone file.'''
check_log("DNSSEC VERIFY for %s (%s)" % (self.name, self.path))
- # note: convert origin to lower case due to a bug in dnssec-verify
- origin = self.name.lower()
- cmd = Popen(["dnssec-verify", "-z", "-o", origin, self.path],
- stdout=PIPE, stderr=PIPE, universal_newlines=True)
- (out, err) = cmd.communicate()
-
- if cmd.returncode != 0:
- set_err("DNSSEC VERIFY")
- detail_log(err.strip())
- self.backup()
+ if bind_check:
+ # note: convert origin to lower case due to a bug in dnssec-verify
+ origin = self.name.lower()
+ cmd = Popen(["dnssec-verify", "-z", "-o", origin, self.path],
+ stdout=PIPE, stderr=PIPE, universal_newlines=True)
+ (out, err) = cmd.communicate()
+
+ if cmd.returncode != 0:
+ set_err("DNSSEC VERIFY")
+ detail_log("dnssec-verify:\n" + err.strip())
+ self.backup()
+
+ if ldns_check:
+ cmd = Popen(["ldns-verify-zone", self.path],
+ stdout=PIPE, stderr=PIPE, universal_newlines=True)
+ (out, err) = cmd.communicate()
+
+ if cmd.returncode != 0:
+ set_err("LDNS VERIFY")
+ detail_log("ldns-verify-zone:\n" + err.strip())
+ self.backup()
detail_log(SEP)
--
GitLab