to follow up from IRC. Hopping, for better coordination, instead of stepping on each other's toes, on DNSSEC test clean ups. My current issue is difference between two KVM runs, testing.libreswan.org and swantest.libreswan.fi/s2/. I am not comparing namespace output here. My kvm run output [1].
the issues raced irc: cagney> https://testing.libreswan.org/v3.30-92-g453384a8eb-master/ikev2-55-ipseckey-06/OUTPUT/nic.console.diff seems to be something wrong with ipseckey Something is odd. I can run the same test on my KVM setup without any issues. First I thought testing is not upto date. Then cagney said it is. Now I don't know why ikev2-55-ipseckey-06 fails. I need to gather more info. current verbose logs do not tell much. Also I would like to clarify the follow up comment. LetoTo> but antony has been rewriting the nsd config to answer on a LetoTo> different port, so libreswan talks directly to nsd. The ipseckey* and dnsoe* tests have been running with nsd! Atlest the tests I know. Now I am working to make it possible to choose between nsd or unbound. While at it add namespace support. starting unbound offline with additional root anchors is tricky. Tuomo mentioned we may need more config. It was unstable and takes long to startup. I think now it is fixed, LetoTo commited some changes a while ago. It was still unstable. My plan is when it is one swan-prep --dnssec will use nsd on 5353 + unbound port 53 swan-prep --nsd will use only nsd on 53. I know there are strong opinions against this idea. I would recommend keep those for another thred. My argument this is the fastest and stable to run dnssec and it just works. We have been using this. However short not about dnssec tests and namespaces, I am not yet committing console output from namespaces as reference outputs. I mean sometimes I do by accident, then I try go back to use testing.libreswan.org produced output as reference. There are a few, minor and annoying, differences, between kvm and namespace outputs. It is a topic of its own:) I feel it is time to start thread on differences between namespace run and kvm runs. [1] https://swantest.libreswan.fi/s2/v3.30-75-gdb6e6e5de0-testrun-master/ikev2-55-ipseckey-06/OUTPUT/ cagney: 192.1.3.0/24 dev eth1 proto kernel scope link src 192.1.3.33 north # + ../bin/xfrmcheck.sh +north # In this case, I forgot to update the output. empty xfrmcheck.sh is good there. I will get around it soon. _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
