[Opendnssec-commits] matthijs r7112 - in branches/OpenDNSSEC-1.4: . signer/doc signer/src/signer testing/test-cases.d/signer.zones.validate_many_zones

commits at svn.opendnssec.org commits at svn.opendnssec.org
Mon Apr 22 14:21:46 CEST 2013


Author: matthijs
Date: Mon Apr 22 14:21:46 2013
New Revision: 7112
URL: http://fisheye.opendnssec.org/changelog/opendnssec?cs=7112

Log:
OPENDNSSEC-247: Now also for NSEC3

Modified:
   branches/OpenDNSSEC-1.4/NEWS
   branches/OpenDNSSEC-1.4/signer/doc/Changelog
   branches/OpenDNSSEC-1.4/signer/src/signer/signconf.c
   branches/OpenDNSSEC-1.4/testing/test-cases.d/signer.zones.validate_many_zones/test.sh

Modified: branches/OpenDNSSEC-1.4/NEWS
==============================================================================
--- branches/OpenDNSSEC-1.4/NEWS	Mon Apr 22 13:12:12 2013	(r7111)
+++ branches/OpenDNSSEC-1.4/NEWS	Mon Apr 22 14:21:46 2013	(r7112)
@@ -3,6 +3,9 @@
 
 OpenDNSSEC 1.4.1
 
+* OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA
+  Minimum change.
+
 
 OpenDNSSEC 1.4.0 - 2013-04-22
 

Modified: branches/OpenDNSSEC-1.4/signer/doc/Changelog
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/doc/Changelog	Mon Apr 22 13:12:12 2013	(r7111)
+++ branches/OpenDNSSEC-1.4/signer/doc/Changelog	Mon Apr 22 14:21:46 2013	(r7112)
@@ -1,3 +1,6 @@
+22 April 2013: Matthijs
+- OPENDNSSEC-247: TTL NSEC3 was not updated on SOA Minimum change.
+
 15 February 2013: Matthijs
 - Coverity report
 

Modified: branches/OpenDNSSEC-1.4/signer/src/signer/signconf.c
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/src/signer/signconf.c	Mon Apr 22 13:12:12 2013	(r7111)
+++ branches/OpenDNSSEC-1.4/signer/src/signer/signconf.c	Mon Apr 22 14:21:46 2013	(r7112)
@@ -369,20 +369,20 @@
     ods_log_assert(a);
     ods_log_assert(b);
 
-   if (a->nsec_type != b->nsec_type) {
-       new_task = TASK_NSECIFY;
-   } else if (a->nsec_type == LDNS_RR_TYPE_NSEC3) {
-       if ((ods_strcmp(a->nsec3_salt, b->nsec3_salt) != 0) ||
-           (a->nsec3_algo != b->nsec3_algo) ||
-           (a->nsec3_iterations != b->nsec3_iterations) ||
-           (a->nsec3_optout != b->nsec3_optout)) {
+    if (duration_compare(a->soa_min, b->soa_min)) {
+        new_task = TASK_NSECIFY;
+    } else if (a->nsec_type != b->nsec_type) {
+        new_task = TASK_NSECIFY;
+    } else if (a->nsec_type == LDNS_RR_TYPE_NSEC3) {
+        if ((ods_strcmp(a->nsec3_salt, b->nsec3_salt) != 0) ||
+            (a->nsec3_algo != b->nsec3_algo) ||
+            (a->nsec3_iterations != b->nsec3_iterations) ||
+            (a->nsec3_optout != b->nsec3_optout)) {
 
-           new_task = TASK_NSECIFY;
-       }
-   } else if (duration_compare(a->soa_min, b->soa_min)) {
-       new_task = TASK_NSECIFY;
-   }
-   return new_task;
+            new_task = TASK_NSECIFY;
+        }
+    }
+    return new_task;
 }
 
 

Modified: branches/OpenDNSSEC-1.4/testing/test-cases.d/signer.zones.validate_many_zones/test.sh
==============================================================================
--- branches/OpenDNSSEC-1.4/testing/test-cases.d/signer.zones.validate_many_zones/test.sh	Mon Apr 22 13:12:12 2013	(r7111)
+++ branches/OpenDNSSEC-1.4/testing/test-cases.d/signer.zones.validate_many_zones/test.sh	Mon Apr 22 14:21:46 2013	(r7112)
@@ -62,7 +62,7 @@
 $GREP -q -- "^test.example.com..*86400.*IN.*NS.*ns2.example.com." "$INSTALL_ROOT/var/opendnssec/signed/example.com" &&
 $GREP -q -- "^test1.test.example.com..*86400.*IN.*NS.*ns2.example.com." "$INSTALL_ROOT/var/opendnssec/signed/example.com" &&
 
-#OPENDSNSEC-290 - Update the zone by changing a CNAME record to an A record. 
+#OPENDSNSEC-290 - Update the zone by changing a CNAME record to an A record.
 ods_setup_zone test/all.rr.org &&
 log_this_timeout ods-update-zone 10 ods-signer sign all.rr.org &&
 
@@ -72,19 +72,15 @@
 #OPENDNSSEC-247 - Update the SOA minimum in the policy and make sure the NSEC TTL changes.
 $GREP -q -- "<Minimum>PT300S</Minimum>" "$INSTALL_ROOT/var/opendnssec/signconf/all.rr.org" &&
 $GREP -q -- "300.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
-mv kasp.xml kasp.xml_orig &&
+cp kasp.xml kasp.xml_orig &&
 cp test/kasp.xml kasp.xml &&
 log_this ods-update-policy ods_setup_conf kasp.xml &&
 log_this_timeout ods-update-policy 10 ods-ksmutil update kasp &&
 syslog_waitfor 60 'ods-enforcerd: .*Called signer engine:.*ods-signer update all.rr.org' &&
 $GREP -q -- "<Minimum>PT600S</Minimum>" "$INSTALL_ROOT/var/opendnssec/signconf/all.rr.org" &&
-# SAD -> MM: This is only logged when using SQLite...
-#syslog_waitfor 60 'ods-signerd: .*zone all.rr.org set soa ttl to 600' &&
-
 syslog_waitfor_count 60 3 'ods-signerd: .*\[STATS\] all.rr.org' &&
 test -f "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
-# SAD -> MM: This check fails...
-#$GREP -q -- "600.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
+$GREP -q -- "600.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
 
 #########################################################################
 
@@ -92,12 +88,12 @@
 syslog_waitfor 60 'ods-enforcerd: .*all done' &&
 syslog_waitfor 60 'ods-signerd: .*\[engine\] signer shutdown' &&
 
-mv kasp.xml_orig kasp.xml &&
+cp kasp.xml_orig kasp.xml &&
 return 0
 
 echo '*********** ERROR **********'
 ods_kill
-mv kasp.xml_orig kasp.xml
+cp kasp.xml_orig kasp.xml
 return 1
 
 



More information about the Opendnssec-commits mailing list