On Sat, 22 Feb 2020 at 13:49, Antony Antony <[email protected]> wrote: > > to follow up from IRC. Hopping, for better coordination, instead of stepping > on each other's toes, on DNSSEC test clean ups. My current issue is > difference between two KVM runs, testing.libreswan.org and > swantest.libreswan.fi/s2/. I am not comparing namespace output here. My kvm > run output [1]. > > the issues raced irc: > cagney> > https://testing.libreswan.org/v3.30-92-g453384a8eb-master/ikev2-55-ipseckey-06/OUTPUT/nic.console.diff > seems to be something wrong with ipseckey > > Something is odd. I can run the same test on my KVM setup without any issues. > First I thought testing is not upto date. Then cagney said it is. Now I > don't know why ikev2-55-ipseckey-06 fails. I need to gather more info. > current verbose logs do not tell much.
Yea, even on testing the results flip flop. Perhaps it just has to try for longer? > Also I would like to clarify the follow up comment. > > LetoTo> but antony has been rewriting the nsd config to answer on a > LetoTo> different port, so libreswan talks directly to nsd. > > The ipseckey* and dnsoe* tests have been running with nsd! Atlest the tests > I know. Now I am working to make it possible to choose between nsd or > unbound. While at it add namespace support. > > starting unbound offline with additional root anchors is tricky. Tuomo > mentioned we may need more config. > It was unstable and takes long to startup. I think now it is fixed, LetoTo > commited some changes a while ago. It was still unstable. > > My plan is when it is one > swan-prep --dnssec will use nsd on 5353 + unbound port 53 > > swan-prep --nsd will use only nsd on 53. I know there are strong opinions > against this idea. I would recommend keep those for another thred. My > argument this is the fastest and stable to run dnssec and it just works. > We have been using this. > > However short not about dnssec tests and namespaces, I am not yet committing > console output from namespaces as reference outputs. I mean sometimes I do > by accident, then I try go back to use testing.libreswan.org produced output > as reference. There are a few, minor and annoying, differences, between kvm > and namespace outputs. It is a topic of its own:) I feel it is time to start > thread on differences between namespace run and kvm runs. > > [1] > https://swantest.libreswan.fi/s2/v3.30-75-gdb6e6e5de0-testrun-master/ikev2-55-ipseckey-06/OUTPUT/ > > cagney: > 192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.33 > north # > + ../bin/xfrmcheck.sh > +north # > > In this case, > I forgot to update the output. empty xfrmcheck.sh is good there. I will get > around it soon. > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
