bind/bin/tests/system/dnssec/ns3/sign.sh

#!/bin/sh -e
#
# Copyright (C) 2004, 2006-2010  Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002  Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.

# $Id: sign.sh,v 1.33 2011/02/08 03:47:02 marka Exp $

SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh

RANDFILE=../random.data

zone=secure.example.
infile=secure.example.db.in
zonefile=secure.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

zone=bogus.example.
infile=bogus.example.db.in
zonefile=bogus.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db

keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`

cat $infile $keyname1.key $keyname2.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

zone=keyless.example.
infile=keyless.example.db.in
zonefile=keyless.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

# Change the signer field of the a.b.keyless.example SIG A
# to point to a provably nonexistent KEY record.
mv $zonefile.signed $zonefile.tmp
<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/
    if /^a.b.keyless.example/../NXT/;' >$zonefile.signed
rm -f $zonefile.tmp

#
#  NSEC3/NSEC test zone
#
zone=secure.nsec3.example.
infile=secure.nsec3.example.db.in
zonefile=secure.nsec3.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
#  NSEC3/NSEC3 test zone
#
zone=nsec3.nsec3.example.
infile=nsec3.nsec3.example.db.in
zonefile=nsec3.nsec3.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
#  OPTOUT/NSEC3 test zone
#
zone=optout.nsec3.example.
infile=optout.nsec3.example.db.in
zonefile=optout.nsec3.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A nsec3 zone (non-optout).
#
zone=nsec3.example.
infile=nsec3.example.db.in
zonefile=nsec3.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
#  OPTOUT/NSEC test zone
#
zone=secure.optout.example.
infile=secure.optout.example.db.in
zonefile=secure.optout.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
#  OPTOUT/NSEC3 test zone
#
zone=nsec3.optout.example.
infile=nsec3.optout.example.db.in
zonefile=nsec3.optout.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
#  OPTOUT/OPTOUT test zone
#
zone=optout.optout.example.
infile=optout.optout.example.db.in
zonefile=optout.optout.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A optout nsec3 zone.
#
zone=optout.example.
infile=optout.example.db.in
zonefile=optout.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A nsec3 zone (non-optout) with unknown hash algorithm.
#
zone=nsec3-unknown.example.
infile=nsec3-unknown.example.db.in
zonefile=nsec3-unknown.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A optout nsec3 zone.
#
zone=optout-unknown.example.
infile=optout-unknown.example.db.in
zonefile=optout-unknown.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A multiple parameter nsec3 zone.
#
zone=multiple.example.
infile=multiple.example.db.in
zonefile=multiple.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
mv $zonefile.signed $zonefile
$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
mv $zonefile.signed $zonefile
$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
mv $zonefile.signed $zonefile
$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
mv $zonefile.signed $zonefile
$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
mv $zonefile.signed $zonefile
$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A RSASHA256 zone.
#
zone=rsasha256.example.
infile=rsasha256.example.db.in
zonefile=rsasha256.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A RSASHA512 zone.
#
zone=rsasha512.example.
infile=rsasha512.example.db.in
zonefile=rsasha512.example.db

keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone`

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A zone with the DNSKEY set only signed by the KSK
#
zone=kskonly.example.
infile=kskonly.example.db.in
zonefile=kskonly.example.db

kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
zskname=`$KEYGEN -q -r $RANDFILE $zone`
cat $infile $kskname.key $zskname.key >$zonefile
$SIGNER -x -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1

#
# A zone with the expired signatures
#
zone=expired.example.
infile=expired.example.db.in
zonefile=expired.example.db

kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
zskname=`$KEYGEN -q -r $RANDFILE $zone`
cat $infile $kskname.key $zskname.key >$zonefile
$SIGNER -P -r $RANDFILE -o $zone -s -3h -e +1h $zonefile > /dev/null 2>&1
rm -f $kskname.* $zskname.*
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system test. [RT #20453] 2009-10-27 22:25:37 +00:00			`#!/bin/sh -e`
Add copyright entries 2000-05-19 22:45:47 +00:00			`#`
update copyright notice 2010-01-18 23:48:40 +00:00			`# Copyright (C) 2004, 2006-2010 Internet Systems Consortium, Inc. ("ISC")`
copyrights 2002-02-20 03:35:59 +00:00			`# Copyright (C) 2000-2002 Internet Software Consortium.`
Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your own CVS tree will help minimize CVS conflicts. Maybe not. Blame Graff for getting me to trim all trailing whitespace. 2000-08-01 01:33:37 +00:00			`#`
update copyright notice 2007-06-18 23:47:57 +00:00			`# Permission to use, copy, modify, and/or distribute this software for any`
Add copyright entries 2000-05-19 22:45:47 +00:00			`# purpose with or without fee is hereby granted, provided that the above`
			`# copyright notice and this permission notice appear in all copies.`
Trailing whitespace trimmed. Perhaps running "perl util/spacewhack.pl in your own CVS tree will help minimize CVS conflicts. Maybe not. Blame Graff for getting me to trim all trailing whitespace. 2000-08-01 01:33:37 +00:00			`#`
update copyright notice 2004-03-05 05:14:21 +00:00			`# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH`
			`# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY`
			`# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,`
			`# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM`
			`# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE`
			`# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR`
			`# PERFORMANCE OF THIS SOFTWARE.`
word wrap copyright notice at column 70 2000-07-27 09:55:03 +00:00
Regression test for: 3018. [bug] Named failed to check for the "none;" acl when deciding if a zone may need to be re-signed. [RT #23120] 2011-02-08 03:47:02 +00:00			`# $Id: sign.sh,v 1.33 2011/02/08 03:47:02 marka Exp $`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`SYSTEMTESTTOP=../..`
			`. $SYSTEMTESTTOP/conf.sh`
add RCS id string 2000-06-22 22:00:42 +00:00
Match output format to what scripts expect 2000-06-12 20:32:47 +00:00			`RANDFILE=../random.data`

added system tests 2000-05-15 22:53:15 +00:00			`zone=secure.example.`
			`infile=secure.example.db.in`
			`zonefile=secure.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
added system tests 2000-05-15 22:53:15 +00:00
be compatible with new dnssec tool command line argument usage; bug fixes 2000-05-16 01:22:45 +00:00			`cat $infile $keyname.key >$zonefile`
added system tests 2000-05-15 22:53:15 +00:00
2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
added system tests 2000-05-15 22:53:15 +00:00
Addition of test suite. 2000-05-17 22:10:42 +00:00			`zone=bogus.example.`
			`infile=bogus.example.db.in`
			`zonefile=bogus.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
Addition of test suite. 2000-05-17 22:10:42 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
Added RT #1763 regression test 2001-09-19 21:19:52 +00:00
Added RT #2399 regression test 2002-01-22 22:27:29 +00:00			`zone=dynamic.example.`
			`infile=dynamic.example.db.in`
			`zonefile=dynamic.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
			keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
Added RT #2399 regression test 2002-01-22 22:27:29 +00:00
2001. [func] Check the KSK flag when updating a secure dynamic zone. New zone option "update-check-ksk yes;". [RT #15817] 2006-03-06 01:27:52 +00:00			`cat $infile $keyname1.key $keyname2.key >$zonefile`
Added RT #2399 regression test 2002-01-22 22:27:29 +00:00
2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
Added RT #2399 regression test 2002-01-22 22:27:29 +00:00
Added RT #1763 regression test 2001-09-19 21:19:52 +00:00			`zone=keyless.example.`
			`infile=keyless.example.db.in`
			`zonefile=keyless.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
Added RT #1763 regression test 2001-09-19 21:19:52 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
Added RT #1763 regression test 2001-09-19 21:19:52 +00:00
			`# Change the signer field of the a.b.keyless.example SIG A`
			`# to point to a provably nonexistent KEY record.`
			`mv $zonefile.signed $zonefile.tmp`
			`<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/`
			`if /^a.b.keyless.example/../NXT/;' >$zonefile.signed`
			`rm -f $zonefile.tmp`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# NSEC3/NSEC test zone`
			`#`
			`zone=secure.nsec3.example.`
			`infile=secure.nsec3.example.db.in`
			`zonefile=secure.nsec3.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# NSEC3/NSEC3 test zone`
			`#`
			`zone=nsec3.nsec3.example.`
			`infile=nsec3.nsec3.example.db.in`
			`zonefile=nsec3.nsec3.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# OPTOUT/NSEC3 test zone`
			`#`
			`zone=optout.nsec3.example.`
			`infile=optout.nsec3.example.db.in`
			`zonefile=optout.nsec3.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# A nsec3 zone (non-optout).`
			`#`
			`zone=nsec3.example.`
			`infile=nsec3.example.db.in`
			`zonefile=nsec3.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# OPTOUT/NSEC test zone`
			`#`
			`zone=secure.optout.example.`
			`infile=secure.optout.example.db.in`
			`zonefile=secure.optout.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# OPTOUT/NSEC3 test zone`
			`#`
			`zone=nsec3.optout.example.`
			`infile=nsec3.optout.example.db.in`
			`zonefile=nsec3.optout.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# OPTOUT/OPTOUT test zone`
			`#`
			`zone=optout.optout.example.`
			`infile=optout.optout.example.db.in`
			`zonefile=optout.optout.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# A optout nsec3 zone.`
			`#`
			`zone=optout.example.`
			`infile=optout.example.db.in`
			`zonefile=optout.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# A nsec3 zone (non-optout) with unknown hash algorithm.`
			`#`
			`zone=nsec3-unknown.example.`
			`infile=nsec3-unknown.example.db.in`
			`zonefile=nsec3-unknown.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# A optout nsec3 zone.`
			`#`
			`zone=optout-unknown.example.`
			`infile=optout-unknown.example.db.in`
			`zonefile=optout-unknown.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`#`
			`# A multiple parameter nsec3 zone.`
			`#`
			`zone=multiple.example.`
			`infile=multiple.example.db.in`
			`zonefile=multiple.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00			`mv $zonefile.signed $zonefile`
2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00			`mv $zonefile.signed $zonefile`
2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00			`mv $zonefile.signed $zonefile`
2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00			`mv $zonefile.signed $zonefile`
2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00			`mv $zonefile.signed $zonefile`
2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system test. [RT #20453] 2009-10-27 22:25:37 +00:00
			`#`
			`# A RSASHA256 zone.`
			`#`
			`zone=rsasha256.example.`
			`infile=rsasha256.example.db.in`
			`zonefile=rsasha256.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system test. [RT #20453] 2009-10-27 22:25:37 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system test. [RT #20453] 2009-10-27 22:25:37 +00:00
			`#`
			`# A RSASHA512 zone.`
			`#`
			`zone=rsasha512.example.`
			`infile=rsasha512.example.db.in`
			`zonefile=rsasha512.example.db`

2741. [func] Allow the dnssec-keygen progress messages to be suppressed (dnssec-keygen -q). Automatically suppress the progress messages when stdin is not a tty. [RT #20474] 2009-10-28 00:27:10 +00:00			keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone`
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system test. [RT #20453] 2009-10-27 22:25:37 +00:00
			`cat $infile $keyname.key >$zonefile`

2841. [func] Added "smartsign" and improved "autosign" and "dnssec" regression tests. [RT #20865] 2010-01-18 19:19:31 +00:00			`$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`

			`#`
			`# A zone with the DNSKEY set only signed by the KSK`
			`#`
			`zone=kskonly.example.`
			`infile=kskonly.example.db.in`
			`zonefile=kskonly.example.db`

			kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
			zskname=`$KEYGEN -q -r $RANDFILE $zone`
			`cat $infile $kskname.key $zskname.key >$zonefile`
			`$SIGNER -x -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1`
Regression test for: 3018. [bug] Named failed to check for the "none;" acl when deciding if a zone may need to be re-signed. [RT #23120] 2011-02-08 03:47:02 +00:00
			`#`
			`# A zone with the expired signatures`
			`#`
			`zone=expired.example.`
			`infile=expired.example.db.in`
			`zonefile=expired.example.db`

			kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
			zskname=`$KEYGEN -q -r $RANDFILE $zone`
			`cat $infile $kskname.key $zskname.key >$zonefile`
			`$SIGNER -P -r $RANDFILE -o $zone -s -3h -e +1h $zonefile > /dev/null 2>&1`
			`rm -f $kskname.* $zskname.*`