[Swan-dev] dnsec and namespaces tests
andrew.cagney at gmail.com
Sun Feb 23 01:06:26 UTC 2020
On Sat, 22 Feb 2020 at 13:49, Antony Antony <antony at phenome.org> wrote:
> to follow up from IRC. Hopping, for better coordination, instead of stepping
> on each other's toes, on DNSSEC test clean ups. My current issue is
> difference between two KVM runs, testing.libreswan.org and
> swantest.libreswan.fi/s2/. I am not comparing namespace output here. My kvm
> run output .
> the issues raced irc:
> seems to be something wrong with ipseckey
> Something is odd. I can run the same test on my KVM setup without any issues.
> First I thought testing is not upto date. Then cagney said it is. Now I
> don't know why ikev2-55-ipseckey-06 fails. I need to gather more info.
> current verbose logs do not tell much.
Yea, even on testing the results flip flop. Perhaps it just has to
try for longer?
> Also I would like to clarify the follow up comment.
> LetoTo> but antony has been rewriting the nsd config to answer on a
> LetoTo> different port, so libreswan talks directly to nsd.
> The ipseckey* and dnsoe* tests have been running with nsd! Atlest the tests
> I know. Now I am working to make it possible to choose between nsd or
> unbound. While at it add namespace support.
> starting unbound offline with additional root anchors is tricky. Tuomo
> mentioned we may need more config.
> It was unstable and takes long to startup. I think now it is fixed, LetoTo
> commited some changes a while ago. It was still unstable.
> My plan is when it is one
> swan-prep --dnssec will use nsd on 5353 + unbound port 53
> swan-prep --nsd will use only nsd on 53. I know there are strong opinions
> against this idea. I would recommend keep those for another thred. My
> argument this is the fastest and stable to run dnssec and it just works.
> We have been using this.
> However short not about dnssec tests and namespaces, I am not yet committing
> console output from namespaces as reference outputs. I mean sometimes I do
> by accident, then I try go back to use testing.libreswan.org produced output
> as reference. There are a few, minor and annoying, differences, between kvm
> and namespace outputs. It is a topic of its own:) I feel it is time to start
> thread on differences between namespace run and kvm runs.
> 18.104.22.168/24 dev eth1 proto kernel scope link src 22.214.171.124
> north #
> + ../bin/xfrmcheck.sh
> +north #
> In this case,
> I forgot to update the output. empty xfrmcheck.sh is good there. I will get
> around it soon.
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
More information about the Swan-dev