diff --git a/bin/python/dnssec-checkds.docbook b/bin/python/dnssec-checkds.docbook
index bc18b616f6..b4af540655 100644
--- a/bin/python/dnssec-checkds.docbook
+++ b/bin/python/dnssec-checkds.docbook
@@ -59,9 +59,8 @@
DESCRIPTION
dnssec-checkds
- verifies the correctness of Delegation Signer (DS) or DNSSEC
- Lookaside Validation (DLV) resource records for keys in a specified
- zone.
+ verifies the correctness of Delegation Signer (DS)
+ resource records for keys in a specified zone.
@@ -74,7 +73,7 @@
Specify a digest algorithm to use when converting the
- zone's DNSKEY records to expected DS or DLV records. This
+ zone's DNSKEY records to expected DS records. This
option can be repeated, so that multiple records are
checked for each DNSKEY record.
@@ -98,16 +97,6 @@
-
- -l domain
-
-
- Check for a DLV record in the specified lookaside domain,
- instead of checking for a DS record in the zone's parent.
-
-
-
-
-s file
diff --git a/bin/python/isc/checkds.py.in b/bin/python/isc/checkds.py.in
index f20d6bf564..0d71629436 100644
--- a/bin/python/isc/checkds.py.in
+++ b/bin/python/isc/checkds.py.in
@@ -21,7 +21,7 @@ prog = 'dnssec-checkds'
############################################################################
# SECRR class:
-# Class for DS/DLV resource record
+# Class for DS resource record
############################################################################
class SECRR:
hashalgs = {1: 'SHA-1', 2: 'SHA-256', 3: 'GOST', 4: 'SHA-384'}
@@ -33,7 +33,7 @@ class SECRR:
digest = ''
ttl = 0
- def __init__(self, rrtext, dlvname = None):
+ def __init__(self, rrtext):
if not rrtext:
raise Exception
@@ -45,24 +45,8 @@ class SECRR:
if len(fields) < 7:
raise Exception
- if dlvname:
- self.rrtype = "DLV"
- self.dlvname = dlvname.lower()
- parent = fields[0].lower().strip('.').split('.')
- parent.reverse()
- dlv = dlvname.split('.')
- dlv.reverse()
- while len(dlv) != 0 and len(parent) != 0 and parent[0] == dlv[0]:
- parent = parent[1:]
- dlv = dlv[1:]
- if dlv:
- raise Exception
- parent.reverse()
- self.parent = '.'.join(parent)
- self.rrname = self.parent + '.' + self.dlvname + '.'
- else:
- self.rrtype = "DS"
- self.rrname = fields[0].lower()
+ self.rrtype = "DS"
+ self.rrname = fields[0].lower()
fields = fields[1:]
if fields[0].upper() in ['IN', 'CH', 'HS']:
@@ -91,9 +75,9 @@ class SECRR:
############################################################################
# check:
-# Fetch DS/DLV RRset for the given zone from the DNS; fetch DNSKEY
+# Fetch DS RRset for the given zone from the DNS; fetch DNSKEY
# RRset from the masterfile if specified, or from DNS if not.
-# Generate a set of expected DS/DLV records from the DNSKEY RRset,
+# Generate a set of expected DS records from the DNSKEY RRset,
# and report on congruency.
############################################################################
def check(zone, args):
@@ -101,15 +85,13 @@ def check(zone, args):
if args.dssetfile:
fp = open(args.dssetfile).read()
else:
- cmd = [args.dig, "+noall", "+answer", "-t",
- "dlv" if args.lookaside else "ds", "-q",
- zone + "." + args.lookaside if args.lookaside else zone]
+ cmd = [args.dig, "+noall", "+answer", "-t", "ds", "-q", zone]
fp, _ = Popen(cmd, stdout=PIPE).communicate()
for line in fp.splitlines():
if type(line) is not str:
line = line.decode('ascii')
- rrlist.append(SECRR(line, args.lookaside))
+ rrlist.append(SECRR(line))
rrlist = sorted(rrlist, key=lambda rr: (rr.keyid, rr.keyalg, rr.hashalg))
klist = []
@@ -117,8 +99,6 @@ def check(zone, args):
cmd = [args.dsfromkey]
for algo in args.algo:
cmd += ['-a', algo]
- if args.lookaside:
- cmd += ["-l", args.lookaside]
if args.masterfile:
cmd += ["-f", args.masterfile, zone]
@@ -132,7 +112,7 @@ def check(zone, args):
for line in fp.splitlines():
if type(line) is not str:
line = line.decode('ascii')
- klist.append(SECRR(line, args.lookaside))
+ klist.append(SECRR(line))
if len(klist) < 1:
print("No DNSKEY records found in zone apex")
@@ -182,8 +162,6 @@ def parse_args():
type=str, help='path to \'dnssec-dsfromkey\'')
parser.add_argument('-f', '--file', dest='masterfile', type=str,
help='zone master file')
- parser.add_argument('-l', '--lookaside', dest='lookaside', type=str,
- help='DLV lookaside zone')
parser.add_argument('-s', '--dsset', dest='dssetfile', type=str,
help='prepared DSset file')
parser.add_argument('-v', '--version', action='version',
@@ -191,8 +169,6 @@ def parse_args():
args = parser.parse_args()
args.zone = args.zone.strip('.')
- if args.lookaside:
- args.lookaside = args.lookaside.strip('.')
return args
diff --git a/bin/tests/system/checkds/dig.bat b/bin/tests/system/checkds/dig.bat
index bf07a4f153..9465a46025 100755
--- a/bin/tests/system/checkds/dig.bat
+++ b/bin/tests/system/checkds/dig.bat
@@ -9,8 +9,6 @@ if "%arg:~0,1%" == "+" goto next
if "%arg%" == "-t" goto next
if "%arg%" == "ds" goto ds
if "%arg%" == "DS" goto ds
-if "%arg%" == "dlv" goto dlv
-if "%arg%" == "DLV" goto dlv
if "%arg%" == "dnskey" goto dnskey
if "%arg%" == "DNSKEY" goto dnskey
set file=%arg%
@@ -20,10 +18,6 @@ goto next
set ext=ds
goto next
-:dlv
-set ext=dlv
-goto next
-
:dnskey
set ext=dnskey
goto next
diff --git a/bin/tests/system/checkds/dig.pl b/bin/tests/system/checkds/dig.pl
index 35cf973e5d..7312f02421 100644
--- a/bin/tests/system/checkds/dig.pl
+++ b/bin/tests/system/checkds/dig.pl
@@ -24,10 +24,6 @@ foreach $arg (@ARGV) {
$ext = "ds";
next;
}
- if ($arg =~ /^dlv$/i) {
- $ext = "dlv";
- next;
- }
if ($arg =~ /^dnskey$/i) {
$ext = "dnskey";
next;
diff --git a/bin/tests/system/checkds/dig.sh b/bin/tests/system/checkds/dig.sh
index 41354fa627..e6fd84e2f0 100755
--- a/bin/tests/system/checkds/dig.sh
+++ b/bin/tests/system/checkds/dig.sh
@@ -14,7 +14,6 @@ while [ "$#" != 0 ]; do
+*) shift ;;
-t) shift ;;
DS|ds) ext=ds ; shift ;;
- DLV|dlv) ext=dlv ; shift ;;
DNSKEY|dnskey) ext=dnskey ; shift ;;
*) file=$1 ; shift ;;
esac
diff --git a/bin/tests/system/checkds/missing.example.dlv.example.dlv.db b/bin/tests/system/checkds/missing.example.dlv.example.dlv.db
deleted file mode 100644
index 5dd94621c6..0000000000
--- a/bin/tests/system/checkds/missing.example.dlv.example.dlv.db
+++ /dev/null
@@ -1,2 +0,0 @@
-missing.example.dlv.example. 3600 IN DLV 12892 5 1 9D4CD60491D372207FA584D2EE460CC51D7FF8A7
-missing.example.dlv.example. 3600 IN DLV 12892 5 2 EF59E5C70BC4153B7DB4C11F9C36B729577DA71474E0A5C9B8875173 6E583200
diff --git a/bin/tests/system/checkds/none.example.dlv.example.dlv.db b/bin/tests/system/checkds/none.example.dlv.example.dlv.db
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/bin/tests/system/checkds/ok.example.dlv.example.dlv.db b/bin/tests/system/checkds/ok.example.dlv.example.dlv.db
deleted file mode 100644
index 5896bcc7b4..0000000000
--- a/bin/tests/system/checkds/ok.example.dlv.example.dlv.db
+++ /dev/null
@@ -1,2 +0,0 @@
-ok.example.dlv.example. 3600 IN DLV 12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390
-ok.example.dlv.example. 3600 IN DLV 12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13
diff --git a/bin/tests/system/checkds/tests.sh b/bin/tests/system/checkds/tests.sh
index 1d46bc53c4..b205d25cde 100644
--- a/bin/tests/system/checkds/tests.sh
+++ b/bin/tests/system/checkds/tests.sh
@@ -43,24 +43,6 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
-echo_i "checking for correct DLV, looking up key via 'dig' ($n)"
-ret=0
-$CHECKDS -l dlv.example ok.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
-echo_i "checking for correct DLV, obtaining key from file ($n)"
-ret=0
-$CHECKDS -l dlv.example -f ok.example.dnskey.db ok.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
echo_i "checking for incorrect DS, looking up key via 'dig' ($n)"
ret=0
$CHECKDS wrong.example > checkds.out.$n 2>&1 || ret=1
@@ -79,24 +61,6 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
-echo_i "checking for incorrect DLV, looking up key via 'dig' ($n)"
-ret=0
-$CHECKDS -l dlv.example wrong.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
-echo_i "checking for incorrect DLV, obtaining key from file ($n)"
-ret=0
-$CHECKDS -l dlv.example -f wrong.example.dnskey.db wrong.example > checkds.out.$n 2>&1 || ret=1
-grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
echo_i "checking for partially missing DS, looking up key via 'dig' ($n)"
ret=0
$CHECKDS missing.example > checkds.out.$n 2>&1 && ret=1
@@ -119,28 +83,6 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
-echo_i "checking for partially missing DLV, looking up key via 'dig' ($n)"
-ret=0
-$CHECKDS -l dlv.example missing.example > checkds.out.$n 2>&1 && ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
-echo_i "checking for partially missing DLV, obtaining key from file ($n)"
-ret=0
-$CHECKDS -l dlv.example -f missing.example.dnskey.db missing.example > checkds.out.$n 2>&1 && ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1
-grep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
echo_i "checking for entirely missing DS, looking up key via 'dig' ($n)"
ret=0
$CHECKDS none.example > checkds.out.$n 2>&1 && ret=1
@@ -159,24 +101,6 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
-echo_i "checking for entirely missing DLV, looking up key via 'dig' ($n)"
-ret=0
-$CHECKDS -l dlv.example none.example > checkds.out.$n 2>&1 && ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 && ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 && ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
-echo_i "checking for entirely missing DLV, obtaining key from file ($n)"
-ret=0
-$CHECKDS -l dlv.example -f none.example.dnskey.db none.example > checkds.out.$n 2>&1 && ret=1
-grep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 && ret=1
-grep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 && ret=1
-n=`expr $n + 1`
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
-
echo_i "checking with prepared dsset file ($n)"
ret=0
$CHECKDS -f prep.example.db -s prep.example.ds.db prep.example > checkds.out.$n 2>&1 || ret=1
diff --git a/bin/tests/system/checkds/wrong.example.dlv.example.dlv.db b/bin/tests/system/checkds/wrong.example.dlv.example.dlv.db
deleted file mode 100644
index 096969b415..0000000000
--- a/bin/tests/system/checkds/wrong.example.dlv.example.dlv.db
+++ /dev/null
@@ -1,2 +0,0 @@
-wrong.example.dlv.example. 3600 IN DLV 1192 5 1 684BB5119673C9272A0A7582AF8576561B5D80EC
-wrong.example.dlv.example. 3600 IN DLV 1192 5 2 14E4A873360E512CD2E8C2C331C4472F5EDAB0736669901F4D42E976 3D7B1F5C
diff --git a/util/copyrights b/util/copyrights
index ce505528e3..2c84376481 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -426,20 +426,16 @@
./bin/tests/system/checkds/dig.bat BAT 2016,2018,2019
./bin/tests/system/checkds/dig.pl PERL 2014,2016,2017,2018,2019
./bin/tests/system/checkds/dig.sh SH 2012,2013,2016,2017,2018,2019
-./bin/tests/system/checkds/missing.example.dlv.example.dlv.db X 2012,2018,2019
./bin/tests/system/checkds/missing.example.dnskey.db X 2012,2018,2019
./bin/tests/system/checkds/missing.example.ds.db X 2012,2018,2019
-./bin/tests/system/checkds/none.example.dlv.example.dlv.db X 2012,2018,2019
./bin/tests/system/checkds/none.example.dnskey.db X 2012,2018,2019
./bin/tests/system/checkds/none.example.ds.db X 2012,2018,2019
-./bin/tests/system/checkds/ok.example.dlv.example.dlv.db X 2012,2018,2019
./bin/tests/system/checkds/ok.example.dnskey.db X 2012,2018,2019
./bin/tests/system/checkds/ok.example.ds.db X 2012,2018,2019
./bin/tests/system/checkds/prep.example.db X 2017,2018,2019
./bin/tests/system/checkds/prep.example.ds.db X 2017,2018,2019
./bin/tests/system/checkds/setup.sh SH 2012,2013,2014,2016,2018,2019
./bin/tests/system/checkds/tests.sh SH 2012,2013,2014,2016,2017,2018,2019
-./bin/tests/system/checkds/wrong.example.dlv.example.dlv.db X 2012,2018,2019
./bin/tests/system/checkds/wrong.example.dnskey.db X 2012,2018,2019
./bin/tests/system/checkds/wrong.example.ds.db X 2012,2018,2019
./bin/tests/system/checknames/clean.sh SH 2004,2007,2012,2014,2015,2016,2018,2019