[Opendnssec-commits] matthijs r7111 - in trunk/OpenDNSSEC: . signer/doc signer/src/signer testing/test-cases.d/signer.zones.validate_many_zones

commits at svn.opendnssec.org commits at svn.opendnssec.org
Mon Apr 22 13:12:12 CEST 2013


Author: matthijs
Date: Mon Apr 22 13:12:12 2013
New Revision: 7111
URL: http://fisheye.opendnssec.org/changelog/opendnssec?cs=7111

Log:
OPENDNSSEC-247: Now also for NSEC3

Modified:
   trunk/OpenDNSSEC/NEWS
   trunk/OpenDNSSEC/signer/doc/Changelog
   trunk/OpenDNSSEC/signer/src/signer/signconf.c
   trunk/OpenDNSSEC/testing/test-cases.d/signer.zones.validate_many_zones/test.sh

Modified: trunk/OpenDNSSEC/NEWS
==============================================================================
--- trunk/OpenDNSSEC/NEWS	Mon Apr 22 11:54:54 2013	(r7110)
+++ trunk/OpenDNSSEC/NEWS	Mon Apr 22 13:12:12 2013	(r7111)
@@ -3,6 +3,9 @@
 
 OpenDNSSEC 2.0.0-trunk
 
+* OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA
+  Minimum change.
+
 
 OpenDNSSEC 1.4.0 - 2013-04-22
 

Modified: trunk/OpenDNSSEC/signer/doc/Changelog
==============================================================================
--- trunk/OpenDNSSEC/signer/doc/Changelog	Mon Apr 22 11:54:54 2013	(r7110)
+++ trunk/OpenDNSSEC/signer/doc/Changelog	Mon Apr 22 13:12:12 2013	(r7111)
@@ -1,3 +1,6 @@
+22 April 2013: Matthijs
+- OPENDNSSEC-247: TTL NSEC3 was not updated on SOA Minimum change.
+
 15 February 2013: Matthijs
 - Coverity report
 

Modified: trunk/OpenDNSSEC/signer/src/signer/signconf.c
==============================================================================
--- trunk/OpenDNSSEC/signer/src/signer/signconf.c	Mon Apr 22 11:54:54 2013	(r7110)
+++ trunk/OpenDNSSEC/signer/src/signer/signconf.c	Mon Apr 22 13:12:12 2013	(r7111)
@@ -369,7 +369,9 @@
     ods_log_assert(a);
     ods_log_assert(b);
 
-   if (a->nsec_type != b->nsec_type) {
+   if (duration_compare(a->soa_min, b->soa_min)) {
+       new_task = TASK_NSECIFY;
+   } else if (a->nsec_type != b->nsec_type) {
        new_task = TASK_NSECIFY;
    } else if (a->nsec_type == LDNS_RR_TYPE_NSEC3) {
        if ((ods_strcmp(a->nsec3_salt, b->nsec3_salt) != 0) ||
@@ -379,8 +381,6 @@
 
            new_task = TASK_NSECIFY;
        }
-   } else if (duration_compare(a->soa_min, b->soa_min)) {
-       new_task = TASK_NSECIFY;
    }
    return new_task;
 }

Modified: trunk/OpenDNSSEC/testing/test-cases.d/signer.zones.validate_many_zones/test.sh
==============================================================================
--- trunk/OpenDNSSEC/testing/test-cases.d/signer.zones.validate_many_zones/test.sh	Mon Apr 22 11:54:54 2013	(r7110)
+++ trunk/OpenDNSSEC/testing/test-cases.d/signer.zones.validate_many_zones/test.sh	Mon Apr 22 13:12:12 2013	(r7111)
@@ -13,7 +13,6 @@
                 ;;
 esac
 
-
 if [ -n "$HAVE_MYSQL" ]; then
 	ods_setup_conf conf.xml conf-mysql.xml
 fi &&
@@ -62,7 +61,7 @@
 $GREP -q -- "^test.example.com..*86400.*IN.*NS.*ns2.example.com." "$INSTALL_ROOT/var/opendnssec/signed/example.com" &&
 $GREP -q -- "^test1.test.example.com..*86400.*IN.*NS.*ns2.example.com." "$INSTALL_ROOT/var/opendnssec/signed/example.com" &&
 
-#OPENDSNSEC-290 - Update the zone by changing a CNAME record to an A record. 
+#OPENDSNSEC-290 - Update the zone by changing a CNAME record to an A record.
 ods_setup_zone test/all.rr.org &&
 log_this_timeout ods-update-zone 10 ods-signer sign all.rr.org &&
 
@@ -72,19 +71,15 @@
 #OPENDNSSEC-247 - Update the SOA minimum in the policy and make sure the NSEC TTL changes.
 $GREP -q -- "<Minimum>PT300S</Minimum>" "$INSTALL_ROOT/var/opendnssec/signconf/all.rr.org" &&
 $GREP -q -- "300.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
-mv kasp.xml kasp.xml_orig &&
+cp kasp.xml kasp.xml_orig &&
 cp test/kasp.xml kasp.xml &&
 log_this ods-update-policy ods_setup_conf kasp.xml &&
 log_this_timeout ods-update-policy 10 ods-ksmutil update kasp &&
 syslog_waitfor 60 'ods-enforcerd: .*Called signer engine:.*ods-signer update all.rr.org' &&
 $GREP -q -- "<Minimum>PT600S</Minimum>" "$INSTALL_ROOT/var/opendnssec/signconf/all.rr.org" &&
-# SAD -> MM: This is only logged when using SQLite...
-#syslog_waitfor 60 'ods-signerd: .*zone all.rr.org set soa ttl to 600' &&
-
 syslog_waitfor_count 60 3 'ods-signerd: .*\[STATS\] all.rr.org' &&
 test -f "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
-# SAD -> MM: This check fails...
-#$GREP -q -- "600.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
+$GREP -q -- "600.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
 
 #########################################################################
 
@@ -92,7 +87,7 @@
 syslog_waitfor 60 'ods-enforcerd: .*all done' &&
 syslog_waitfor 60 'ods-signerd: .*\[engine\] signer shutdown' &&
 
-mv kasp.xml_orig kasp.xml &&
+cp kasp.xml_orig kasp.xml &&
 return 0
 
 echo '*********** ERROR **********'



More information about the Opendnssec-commits mailing list