Report information
The Basics
Id:
46386
Status:
resolved
Priority:
Low/Low
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Mark Andrews <marka@isc.org>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.11.3, 9.12.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
bug
Dates
Created:Tue, 24 Oct 2017 04:18:03 -0400
Updated:Tue, 24 Oct 2017 18:24:42 -0400
Closed:Tue, 24 Oct 2017 18:14:37 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Tue, 24 Oct 2017 04:18:03 -0400 Mark Andrews <marka@isc.org> - Ticket created
Subject: dnssec: system test failed: checking positive and negative validation with negative trust anchors
To: bind9-public@isc.org
Date: Mon, 23 Oct 2017 22:18:03 -1000
From: marka@isc.org

It looks like nta-recheck (7s) in the system test is too small for this system. Note the time stamp in ns4/named.secroots is already past 14:48:26.000 which is when badds.example/_default expires. I:checking positive and negative validation with negative trust anchors (123) I:ns4 Negative trust anchor added: bogus.example/_default, expires 24-Oct-2017 04:48:36.000 I:ns4 Negative trust anchor added: badds.example/_default, expires 24-Oct-2017 04:48:26.000 I:ns4 Negative trust anchor added: secure.example/_default, expires 24-Oct-2017 04:48:32.000 I:ns4 Negative trust anchor added: fakenode.secure.example/_default, expires 24-Oct-2017 04:48:32.000 server reload successful I: dumping secroots I:failed - with NTA's in place failed I: waiting for NTA rechecks/expirations I:failed - checking that default nta's were lifted due to recheck I:failed - checking that default nta's were lifted due to lifetime more ns4/named.secroots secure roots as of 24-Oct-2017 04:48:26.412: Start view _default Secure roots: ./RSAMD5/48623 ; trusted Negative trust anchors: bogus.example: expiry 24-Oct-2017 04:48:36.000 secure.example: expiry 24-Oct-2017 04:48:32.000 fakenode.secure.example: expiry 24-Oct-2017 04:48:32.000
  Tue, 24 Oct 2017 04:28:58 -0400 Mark Andrews <marka@isc.org> - Correspondence added

ready for review. Allow a additional 2 seconds.
Tue, 24 Oct 2017 04:28:58 -0400 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'review'
  Tue, 24 Oct 2017 15:43:10 -0400 Evan Hunt <Evan_Hunt@isc.org> - Correspondence added

This looks fine.
Tue, 24 Oct 2017 15:43:11 -0400 Evan Hunt <Evan_Hunt@isc.org> - Given to Mark Andrews <marka@isc.org>
  Tue, 24 Oct 2017 18:14:37 -0400 Mark Andrews <marka@isc.org> - Correspondence added

4782. [test] dnssec: 'checking positive and negative validation with negative trust anchors' required more time to complete on some machines. [RT #46386]
Tue, 24 Oct 2017 18:14:37 -0400 Mark Andrews <marka@isc.org> - Status changed from 'review' to 'resolved'
Tue, 24 Oct 2017 18:24:33 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.11.3, 9.12.0 added
Tue, 24 Oct 2017 18:24:42 -0400 Mark Andrews <marka@isc.org> - Untaken