diff --git a/bin/tests/system/dnssec/ns3/dsa.key b/bin/tests/system/dnssec/ns3/dsa.key deleted file mode 100644 index 1dfb289da2..0000000000 --- a/bin/tests/system/dnssec/ns3/dsa.key +++ /dev/null @@ -1 +0,0 @@ -dnskey-unsupported-2.example. IN DNSKEY 257 3 3 BJ0eV4dQC0pihdFXiVdlXjPDkzbv4fC+opEvK0RaDU7LLwFXPAi6DOc6tm7vcSr5Tgdnpoal3S4WqHuVw6I1pzy5mPPIZ3OpLSY/QeOyGc2QRAZtOXxiGxERHRjyAk7emlgGscM0Vty2oJVYRgTPX0lTwKX/V2H+mjEgp7u3tyG3cj5XBUQ8J0KUoqkrn1ZKrizH27aWiDaBUvqxJUcotaDhnydkNtcHoQIedm2b4qbyTQsdRkddJiSWxpveEcj3AMdt2PjU6Q4rgSWOc5ylPnW/O+GqqCEAkalGSF7ud0Nl3FVVR9iGwV/73FHzpBLawfkcHaODFmKRjzGqok8giKCih2vdNsxlx7gdJWJIPYYx/ZqNGc2ewzuAnnleJpZdXFo8uL3HYk6Pl51sSkfVUmcn/SM+ ;{id = 38688 (ksk), size = 768b} diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index d937f26e8d..7555c9fe04 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -216,7 +216,7 @@ $DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE" # # A zone that is signed with an unsupported DNSKEY algorithm (3). -# Algorithm 7 is replaced by 3 in the zone and dsset. +# Algorithm 7 is replaced by 255 in the zone and dsset. # zone=dnskey-unsupported.example. infile=dnskey-unsupported.example.db.in @@ -228,13 +228,13 @@ cat "$infile" "$keyname.key" > "$zonefile" "$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1 -awk '$4 == "DNSKEY" { $7 = 3; print } $4 == "RRSIG" { $6 = 3; print } { print }' ${zonefile}.tmp > ${zonefile}.signed +awk '$4 == "DNSKEY" { $7 = 255; print } $4 == "RRSIG" { $6 = 255; print } { print }' ${zonefile}.tmp > ${zonefile}.signed DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP" $DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE" # -# A zone with a published unsupported DNSKEY algorithm (DSA). +# A zone with a published unsupported DNSKEY algorithm (Reserved). # Different from above because this key is not intended for signing. # zone=dnskey-unsupported-2.example. @@ -244,7 +244,7 @@ zonefile=dnskey-unsupported-2.example.db ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -cat "$infile" "$ksk.key" "$zsk.key" dsa.key > "$zonefile" +cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile" # "$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1 "$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" diff --git a/bin/tests/system/dnssec/ns3/unsupported-algorithm.key b/bin/tests/system/dnssec/ns3/unsupported-algorithm.key new file mode 100644 index 0000000000..cc8bb9a51d --- /dev/null +++ b/bin/tests/system/dnssec/ns3/unsupported-algorithm.key @@ -0,0 +1 @@ +dnskey-unsupported-2.example. IN DNSKEY 257 3 255 BJ0eV4dQC0pihdFXiVdlXjPDkzbv4fC+opEvK0RaDU7LLwFXPAi6DOc6tm7vcSr5Tgdnpoal3S4WqHuVw6I1pzy5mPPIZ3OpLSY/QeOyGc2QRAZtOXxiGxERHRjyAk7emlgGscM0Vty2oJVYRgTPX0lTwKX/V2H+mjEgp7u3tyG3cj5XBUQ8J0KUoqkrn1ZKrizH27aWiDaBUvqxJUcotaDhnydkNtcHoQIedm2b4qbyTQsdRkddJiSWxpveEcj3AMdt2PjU6Q4rgSWOc5ylPnW/O+GqqCEAkalGSF7ud0Nl3FVVR9iGwV/73FHzpBLawfkcHaODFmKRjzGqok8giKCih2vdNsxlx7gdJWJIPYYx/ZqNGc2ewzuAnnleJpZdXFo8uL3HYk6Pl51sSkfVUmcn/SM+ ;{id = 38688 (ksk), size = 768b} diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index cfd3ab0d33..9368f9b912 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -3408,7 +3408,7 @@ echo_i "checking that unsupported DNSKEY algorithm is in DNSKEY RRset ($n)" ret=0 dig_with_opts +noauth +noadd +nodnssec +adflag @10.53.0.3 dnskey-unsupported-2.example DNSKEY > dig.out.test$n grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1 -grep "dnskey-unsupported-2\.example\..*IN.*DNSKEY.*257 3 3" dig.out.test$n > /dev/null || ret=1 +grep "dnskey-unsupported-2\.example\..*IN.*DNSKEY.*257 3 255" dig.out.test$n > /dev/null || ret=1 n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) diff --git a/util/copyrights b/util/copyrights index abbaa662a4..58bea01cc6 100644 --- a/util/copyrights +++ b/util/copyrights @@ -533,8 +533,8 @@ ./bin/tests/system/dnssec/ns1/sign.sh SH 2000,2001,2002,2003,2004,2006,2007,2008,2009,2010,2011,2012,2013,2014,2016,2017,2018 ./bin/tests/system/dnssec/ns2/rfc2335.example.db X 2004,2018 ./bin/tests/system/dnssec/ns2/sign.sh SH 2000,2001,2002,2003,2004,2006,2007,2008,2009,2010,2011,2012,2014,2015,2016,2017,2018 -./bin/tests/system/dnssec/ns3/dsa.key X 2018 ./bin/tests/system/dnssec/ns3/sign.sh SH 2000,2001,2002,2004,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018 +./bin/tests/system/dnssec/ns3/unsupported-algorithm.key X 2018 ./bin/tests/system/dnssec/ns5/.gitignore X 2015,2018 ./bin/tests/system/dnssec/ns5/sign.sh SH 2015,2016,2017,2018 ./bin/tests/system/dnssec/ns6/named.args X 2013,2014,2016,2018