mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Fix view-related issues in the "keymgr2kasp" test

Browse Source 
Due to the lack of "match-clients" clauses in ns4/named2.conf.in, the
same view is incorrectly chosen for all queries received by ns4 in the
"keymgr2kasp" system test.  This causes only one version of the
"view-rsasha256.kasp" zone to actually be checked.  Add "match-clients"
clauses to ns4/named2.conf.in to ensure the test really checks what it
claims to.

Use identical view names ("ext", "int") in ns4/named.conf.in and
ns4/named2.conf.in so that it is easier to quickly identify the
differences between these two files.

Update tests.sh to account for the above changes.  Also fix a copy-paste
error in a comment to prevent confusion.
This commit is contained in:
Matthijs Mekking
2021-04-14 15:23:41 +02:00
parent ee02453a2e
commit 0de5a576c5
3 changed files with 23 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
bin/tests/system/keymgr2kasp/ns4/named2.conf.in
View File

@@ -33,16 +33,6 @@ controls {
inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
key "external" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
dnssec-policy "rsasha256" {
keys {
zsk key-directory lifetime P3M algorithm 8 1024;
@@ -64,7 +54,19 @@ dnssec-policy "rsasha256" {
parent-propagation-delay 3h;
};
view "external-view" {
key "external" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
view "ext" {
match-clients { key "external"; };
zone "view-rsasha256.kasp" {
type master;
file "view-rsasha256.kasp.ext.db";
@@ -72,7 +74,9 @@ view "external-view" {
};
};
view "internal-view" {
view "int" {
match-clients { key "internal"; };
zone "view-rsasha256.kasp" {
type master;
file "view-rsasha256.kasp.int.db";

6
bin/tests/system/keymgr2kasp/tests.sh
View File

@@ -866,7 +866,7 @@ set_keystate "KEY3" "STATE_ZRRSIG" "hidden"
TSIG="hmac-sha1:external:$VIEW1"
check_keys
wait_for_done_signing
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "external-view"
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "ext"
set_keytimes_view_migration
# Set expected key times:
@@ -923,11 +923,11 @@ check_keytimes
check_apex
dnssec_verify
# Various signing policy checks (external).
# Various signing policy checks (internal).
TSIG="hmac-sha1:internal:$VIEW2"
check_keys
wait_for_done_signing
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "internal-view"
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "int"
set_keytimes_view_migration
check_keytimes
check_apex