[PR #2426] [MERGED] Fix corruption of signature expiration in flaky test #3030

New issue

Closed

opened 2026-03-16 11:21:29 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:21:29 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2426
Author: @divergentdave
Created: 9/5/2024
Status: ✅ Merged
Merged: 9/6/2024
Merged by: @japaric

Base: main ← Head: david/flaky-ede-test

📝 Commits (3)

a0b632d Improve assertion error message
2d8fe8a Add environment variable to skip docker build
ed8d71c Keep seconds in range when corrupting expiration

📊 Changes

3 files changed (+36 additions, -21 deletions)

View changed files

📝 conformance/README.md (+2 -0)
📝 conformance/packages/conformance-tests/src/resolver/dnssec/scenarios/ede.rs (+9 -2)
📝 conformance/packages/dns-test/src/container.rs (+25 -19)

📄 Description

This test has a 1 in 60 chance of corrupting the signature expiration field of RRSIG records to have 99 in the seconds place. This causes BIND to report "out of range" when loading the zone file, and skip the file. This in turn causes a test failure because Unbound can't fetch the corrupted signature, and it reports a different error code.

This PR fixes the issue by extracting the seconds field, and then subtracting 1 mod 60. (This still has a chance of being in the future, not the past, but it should still make the signature bogus no matter what) Closes #2421. I also added an environment variable to skip docker build, so I could get better throughput when running this one test in a bash loop.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2426 **Author:** [@divergentdave](https://github.com/divergentdave) **Created:** 9/5/2024 **Status:** ✅ Merged **Merged:** 9/6/2024 **Merged by:** [@japaric](https://github.com/japaric) **Base:** `main` ← **Head:** `david/flaky-ede-test` --- ### 📝 Commits (3) - [`a0b632d`](https://github.com/hickory-dns/hickory-dns/commit/a0b632dac5a6ee588fbef58d6ecabc09d9d57040) Improve assertion error message - [`2d8fe8a`](https://github.com/hickory-dns/hickory-dns/commit/2d8fe8a74bf3af27e921f8b40297d1bbac968c28) Add environment variable to skip `docker build` - [`ed8d71c`](https://github.com/hickory-dns/hickory-dns/commit/ed8d71cd6694e0fcb3c9b51cc643565350d8560e) Keep seconds in range when corrupting expiration ### 📊 Changes **3 files changed** (+36 additions, -21 deletions) <details> <summary>View changed files</summary> 📝 `conformance/README.md` (+2 -0) 📝 `conformance/packages/conformance-tests/src/resolver/dnssec/scenarios/ede.rs` (+9 -2) 📝 `conformance/packages/dns-test/src/container.rs` (+25 -19) </details> ### 📄 Description This test has a 1 in 60 chance of corrupting the signature expiration field of `RRSIG` records to have `99` in the seconds place. This causes BIND to report "out of range" when loading the zone file, and skip the file. This in turn causes a test failure because Unbound can't fetch the corrupted signature, and it reports a different error code. This PR fixes the issue by extracting the seconds field, and then subtracting 1 mod 60. (This still has a chance of being in the future, not the past, but it should still make the signature bogus no matter what) Closes #2421. I also added an environment variable to skip `docker build`, so I could get better throughput when running this one test in a bash loop. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>