mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 01:59:26 +00:00
Remove genrandom command and all usage of specific random files throughout the system test suite
This commit is contained in:
Ondřej Surý
Witold Kręcicki
parent
3a4f820d62
commit
2b8fab6828
@ -46,7 +46,6 @@
|
||||
<command>tsig-keygen</command>
|
||||
<arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-h</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat">name</arg>
|
||||
</cmdsynopsis>
|
||||
<cmdsynopsis sepchar=" ">
|
||||
@ -157,23 +156,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-r <replaceable class="parameter">randomfile</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies a source of random data for generating the
|
||||
authorization. If the operating system does not provide a
|
||||
<filename>/dev/random</filename> or equivalent device, the
|
||||
default source of randomness is keyboard input.
|
||||
<filename>randomdev</filename> specifies the name of a
|
||||
character device or file containing random data to be used
|
||||
instead of the default. The special value
|
||||
<filename>keyboard</filename> indicates that keyboard input
|
||||
should be used.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-s <replaceable class="parameter">name</replaceable></term>
|
||||
<listitem>
|
||||
|
||||
@ -58,7 +58,6 @@
|
||||
<arg choice="opt" rep="norepeat"><option>-h</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
|
||||
@ -191,24 +190,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-r <replaceable class="parameter">randomfile</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies a source of random data for generating the
|
||||
authorization. If the operating
|
||||
system does not provide a <filename>/dev/random</filename>
|
||||
or equivalent device, the default source of randomness
|
||||
is keyboard input. <filename>randomdev</filename>
|
||||
specifies
|
||||
the name of a character device or file containing random
|
||||
data to be used instead of the default. The special value
|
||||
<filename>keyboard</filename> indicates that keyboard
|
||||
input should be used.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-s <replaceable class="parameter">address</replaceable></term>
|
||||
<listitem>
|
||||
|
||||
@ -120,7 +120,6 @@ usage(void) {
|
||||
"(DH only)\n");
|
||||
fprintf(stderr, " -L <ttl>: default key TTL\n");
|
||||
fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n");
|
||||
fprintf(stderr, " -r <randomdev>: DEPRECATED and ignored\n");
|
||||
fprintf(stderr, " -s <strength>: strength value this key signs DNS "
|
||||
"records with (default: 0)\n");
|
||||
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
|
||||
|
||||
@ -81,7 +81,6 @@
|
||||
<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-q</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">key</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
|
||||
@ -349,31 +348,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies a source of randomness. Normally, when generating
|
||||
DNSSEC keys, this option has no effect; the random number
|
||||
generation function provided by the cryptographic library will
|
||||
be used.
|
||||
</para>
|
||||
<para>
|
||||
If that behavior is disabled at compile time, however,
|
||||
the specified file will be used as entropy source
|
||||
for key generation. <filename>randomdev</filename> is
|
||||
the name of a character device or file containing random
|
||||
data to be used. The special value <filename>keyboard</filename>
|
||||
indicates that keyboard input should be used.
|
||||
</para>
|
||||
<para>
|
||||
The default is <filename>/dev/random</filename> if the
|
||||
operating system provides it or an equivalent device;
|
||||
if not, the default source of randomness is keyboard input.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-S <replaceable class="parameter">key</replaceable></term>
|
||||
<listitem>
|
||||
|
||||
@ -3053,8 +3053,6 @@ usage(void) {
|
||||
fprintf(stderr, "\t\tsoa serial format of signed zone file (keep)\n");
|
||||
fprintf(stderr, "\t-D:\n");
|
||||
fprintf(stderr, "\t\toutput only DNSSEC-related records\n");
|
||||
fprintf(stderr, "\t-r randomdev:\n");
|
||||
fprintf(stderr, "\t\ta file containing random data\n");
|
||||
fprintf(stderr, "\t-a:\t");
|
||||
fprintf(stderr, "verify generated signatures\n");
|
||||
fprintf(stderr, "\t-c class (IN)\n");
|
||||
|
||||
@ -78,10 +78,8 @@
|
||||
<arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-P</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-p</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-Q</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-R</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-S</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">ttl</replaceable></option></arg>
|
||||
@ -508,18 +506,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-p</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Use pseudo-random data when signing the zone. This is faster,
|
||||
but less secure, than using real random data. This option
|
||||
may be useful when signing large zones or when the entropy
|
||||
source is limited.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-P</term>
|
||||
<listitem>
|
||||
@ -571,23 +557,6 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies the source of randomness. If the operating
|
||||
system does not provide a <filename>/dev/random</filename>
|
||||
or equivalent device, the default source of randomness
|
||||
is keyboard input. <filename>randomdev</filename>
|
||||
specifies
|
||||
the name of a character device or file containing random
|
||||
data to be used instead of the default. The special value
|
||||
<filename>keyboard</filename> indicates that keyboard
|
||||
input should be used.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-S</term>
|
||||
<listitem>
|
||||
|
||||
@ -70,7 +70,6 @@
|
||||
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-v</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-T</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-P</option></arg>
|
||||
@ -269,22 +268,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-R <replaceable class="parameter">randomdev</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Where to obtain randomness. If the operating system
|
||||
does not provide a <filename>/dev/random</filename> or
|
||||
equivalent device, the default source of randomness is keyboard
|
||||
input. <filename>randomdev</filename> specifies the name of
|
||||
a character device or file containing random data to be used
|
||||
instead of the default. The special value
|
||||
<filename>keyboard</filename> indicates that keyboard input
|
||||
should be used. This option may be specified multiple times.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-t <replaceable class="parameter">timeout</replaceable></term>
|
||||
<listitem>
|
||||
|
||||
@ -49,7 +49,6 @@
|
||||
<arg choice="opt" rep="norepeat"><option>-v</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-z</option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-g <replaceable class="parameter">path</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">path</replaceable></option></arg>
|
||||
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">path</replaceable></option></arg>
|
||||
<arg choice="opt" rep="repeat">zone</arg>
|
||||
</cmdsynopsis>
|
||||
@ -187,18 +186,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specifies a path to a file containing random data.
|
||||
This is passed to the <command>dnssec-keygen</command> binary
|
||||
using its <option>-r</option> option.
|
||||
<!-- TODO: what to do about "-r keyboard"? -->
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-s <replaceable class="parameter">settime-path</replaceable></term>
|
||||
<listitem>
|
||||
|
||||
@ -76,7 +76,7 @@ def parse_args():
|
||||
help='Path to \'dnssec-keygen\'',
|
||||
metavar='path')
|
||||
parser.add_argument('-r', dest='randomdev', type=str, default=None,
|
||||
help='Path to a file containing random data to pass to \'dnssec-keygen\'',
|
||||
help='DEPRECATED',
|
||||
metavar='path')
|
||||
parser.add_argument('-s', dest='settime', default=settime, type=str,
|
||||
help='Path to \'dnssec-settime\'',
|
||||
@ -97,6 +97,9 @@ def parse_args():
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
if args.randomdev:
|
||||
fatal("ERROR: -r option has been deprecated.")
|
||||
|
||||
if args.no_zsk and args.no_ksk:
|
||||
fatal("ERROR: -z and -k cannot be used together.")
|
||||
|
||||
|
||||
1
bin/tests/.gitignore
vendored
1
bin/tests/.gitignore
vendored
@ -1,5 +1,4 @@
|
||||
.libs
|
||||
genrandom
|
||||
headerdep_test.sh
|
||||
nxtify
|
||||
sdig
|
||||
|
||||
@ -20,18 +20,18 @@ infile=root.db.in
|
||||
|
||||
cat $infile ../ns2/dsset-example$TP > $zonefile
|
||||
|
||||
zskact=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
|
||||
zskvanish=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
|
||||
zskdel=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -D now $zone`
|
||||
zskinact=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -I now $zone`
|
||||
zskunpub=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -G $zone`
|
||||
zsksby=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -A none $zone`
|
||||
zskactnowpub1d=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -A now -P +1d $zone`
|
||||
zsknopriv=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
|
||||
zskact=`$KEYGEN -3 -a RSASHA1 -q $zone`
|
||||
zskvanish=`$KEYGEN -3 -a RSASHA1 -q $zone`
|
||||
zskdel=`$KEYGEN -3 -a RSASHA1 -q -D now $zone`
|
||||
zskinact=`$KEYGEN -3 -a RSASHA1 -q -I now $zone`
|
||||
zskunpub=`$KEYGEN -3 -a RSASHA1 -q -G $zone`
|
||||
zsksby=`$KEYGEN -3 -a RSASHA1 -q -A none $zone`
|
||||
zskactnowpub1d=`$KEYGEN -3 -a RSASHA1 -q -A now -P +1d $zone`
|
||||
zsknopriv=`$KEYGEN -3 -a RSASHA1 -q $zone`
|
||||
rm $zsknopriv.private
|
||||
|
||||
ksksby=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -P now -A now+15s -fk $zone`
|
||||
kskrev=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -R now+15s -fk $zone`
|
||||
ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone`
|
||||
kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone`
|
||||
|
||||
cat $ksksby.key | grep -v '^; ' | $PERL -n -e '
|
||||
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
|
||||
|
||||
@ -26,16 +26,16 @@ zonefile="${zone}.db"
|
||||
infile="${zonefile}.in"
|
||||
cat $infile dsset-*.example$TP > $zonefile
|
||||
|
||||
kskname=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone`
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > /dev/null
|
||||
kskname=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
|
||||
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
|
||||
$DSFROMKEY $kskname.key > dsset-${zone}$TP
|
||||
|
||||
# Create keys for a private secure zone.
|
||||
zone=private.secure.example
|
||||
zonefile="${zone}.db"
|
||||
infile="${zonefile}.in"
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone`
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > /dev/null
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
|
||||
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
|
||||
cat $ksk.key | grep -v '^; ' | $PERL -n -e '
|
||||
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
|
||||
local $key = join("", @rest);
|
||||
@ -58,5 +58,5 @@ for i in Xbar.+005+30676.key Xbar.+005+30804.key Xbar.+005+30676.private \
|
||||
do
|
||||
cp $i `echo $i | sed s/X/K/`
|
||||
done
|
||||
$KEYGEN -a RSASHA1 -q -r $RANDFILE $zone > /dev/null
|
||||
$KEYGEN -a RSASHA1 -q $zone > /dev/null
|
||||
$DSFROMKEY Kbar.+005+30804.key > dsset-bar$TP
|
||||
|
||||
@ -30,8 +30,8 @@ setup () {
|
||||
|
||||
setup secure.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -39,8 +39,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup secure.nsec3.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -48,8 +48,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup nsec3.nsec3.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -57,8 +57,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup optout.nsec3.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -66,8 +66,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup nsec3.example
|
||||
cat $infile dsset-*.${zone}$TP > $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -75,9 +75,9 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup autonsec3.example
|
||||
cat $infile > $zonefile
|
||||
ksk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
ksk=`$KEYGEN -G -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
echo $ksk > ../autoksk.key
|
||||
zsk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
|
||||
zsk=`$KEYGEN -G -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
|
||||
echo $zsk > ../autozsk.key
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
@ -86,8 +86,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup secure.optout.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -95,8 +95,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup nsec3.optout.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -104,8 +104,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup optout.optout.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -113,8 +113,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup optout.example
|
||||
cat $infile dsset-*.${zone}$TP > $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -122,8 +122,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup rsasha256.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA256 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA256 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -131,8 +131,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup rsasha512.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA512 -b 2048 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA512 -b 2048 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -140,8 +140,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup nsec.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -150,16 +150,16 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup oldsigs.example
|
||||
cp $infile $zonefile
|
||||
$KEYGEN -q -a RSASHA1 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
|
||||
#
|
||||
# NSEC3->NSEC transition test zone.
|
||||
#
|
||||
setup nsec3-to-nsec.example
|
||||
$KEYGEN -q -a RSASHA512 -b 2048 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA512 -b 2048 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
|
||||
#
|
||||
@ -167,8 +167,8 @@ $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
# keys via nsupdate
|
||||
#
|
||||
setup secure-to-insecure.example
|
||||
$KEYGEN -a RSASHA1 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$SIGNER -S -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
|
||||
#
|
||||
@ -176,9 +176,9 @@ $SIGNER -S -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
# removal of keys on schedule.
|
||||
#
|
||||
setup secure-to-insecure2.example
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
echo $ksk > ../del1.key
|
||||
zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
|
||||
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
|
||||
echo $zsk > ../del2.key
|
||||
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
|
||||
@ -187,8 +187,8 @@ $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
#
|
||||
setup prepub.example
|
||||
infile="secure-to-insecure2.example.db.in"
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
|
||||
#
|
||||
@ -197,35 +197,35 @@ $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
|
||||
|
||||
# no default key TTL; DNSKEY should get SOA TTL
|
||||
setup ttl1.example
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
cp $infile $zonefile
|
||||
|
||||
# default key TTL should be used
|
||||
setup ttl2.example
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -L 60 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 60 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -fk -L 60 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
cp $infile $zonefile
|
||||
|
||||
# mismatched key TTLs, should use shortest
|
||||
setup ttl3.example
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -L 30 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 60 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -fk -L 30 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
cp $infile $zonefile
|
||||
|
||||
# existing DNSKEY RRset, should retain TTL
|
||||
setup ttl4.example
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 30 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -L 30 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
cat ${infile} K${zone}.+*.key > $zonefile
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 180 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -L 180 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
|
||||
#
|
||||
# A zone with a DNSKEY RRset that is published before it's activated
|
||||
#
|
||||
setup delay.example
|
||||
ksk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
ksk=`$KEYGEN -G -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
echo $ksk > ../delayksk.key
|
||||
zsk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
|
||||
zsk=`$KEYGEN -G -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
|
||||
echo $zsk > ../delayzsk.key
|
||||
|
||||
#
|
||||
@ -233,8 +233,8 @@ echo $zsk > ../delayzsk.key
|
||||
# is missing.
|
||||
#
|
||||
setup nozsk.example
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone`
|
||||
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
|
||||
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
|
||||
echo $zsk > ../missingzsk.key
|
||||
rm -f ${zsk}.private
|
||||
@ -244,8 +244,8 @@ rm -f ${zsk}.private
|
||||
# is inactive.
|
||||
#
|
||||
setup inaczsk.example
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone`
|
||||
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
|
||||
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
|
||||
echo $zsk > ../inactivezsk.key
|
||||
$SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
|
||||
@ -255,16 +255,16 @@ $SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
|
||||
#
|
||||
setup reconf.example
|
||||
cp secure.example.db.in $zonefile
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
|
||||
#
|
||||
# A zone which generates CDS and CDNSEY RRsets automatically
|
||||
#
|
||||
setup sync.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -P sync now $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk -P sync now $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
echo ns3/$ksk > ../sync.key
|
||||
|
||||
@ -273,8 +273,8 @@ echo ns3/$ksk > ../sync.key
|
||||
#
|
||||
setup kskonly.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -P sync now $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk -P sync now $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -282,8 +282,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup inacksk2.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -Pnow -A now+3600 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -Pnow -A now+3600 -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -291,8 +291,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup inaczsk2.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a RSASHA1 -3 -q -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -300,9 +300,9 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup inacksk3.example
|
||||
cp $infile $zonefile
|
||||
$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE -P now -A now+3600 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a NSEC3RSASHA1 -3 -q -P now -A now+3600 -fk $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -a NSEC3RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a NSEC3RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
#
|
||||
@ -310,7 +310,7 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
#
|
||||
setup inaczsk3.example
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
ksk=`$KEYGEN -a NSEC3RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
|
||||
$KEYGEN -a NSEC3RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$KEYGEN -a NSEC3RSASHA1 -3 -q -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
|
||||
$DSFROMKEY $ksk.key > dsset-${zone}$TP
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
. ./clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -926,7 +926,7 @@ ret=0
|
||||
oldserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'`
|
||||
oldinception=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u`
|
||||
|
||||
$KEYGEN -a rsasha1 -3 -q -r $RANDFILE -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example > /dev/null
|
||||
$KEYGEN -a rsasha1 -3 -q -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example > /dev/null
|
||||
|
||||
$RNDCCMD 10.53.0.3 sign prepub.example 2>&1 | sed 's/^/ns1 /' | cat_i
|
||||
newserial=$oldserial
|
||||
|
||||
@ -16,15 +16,13 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
touch empty
|
||||
|
||||
Z=cds.test
|
||||
|
||||
keyz=$($KEYGEN -q -r $RANDFILE -a RSASHA256 $Z)
|
||||
key1=$($KEYGEN -q -r $RANDFILE -a RSASHA256 -f KSK $Z)
|
||||
key2=$($KEYGEN -q -r $RANDFILE -a RSASHA256 -f KSK $Z)
|
||||
keyz=$($KEYGEN -q -a RSASHA256 $Z)
|
||||
key1=$($KEYGEN -q -a RSASHA256 -f KSK $Z)
|
||||
key2=$($KEYGEN -q -a RSASHA256 -f KSK $Z)
|
||||
|
||||
idz=$(echo $keyz | sed 's/.*+0*//')
|
||||
id1=$(echo $key1 | sed 's/.*+0*//')
|
||||
@ -85,7 +83,7 @@ sed 's/ add \(.*\) IN DS / add \1 3600 IN DS /' <UP.swap >UP.swapttl
|
||||
|
||||
sign() {
|
||||
cat >db.$1
|
||||
$SIGNER >/dev/null 2>&1 -r $RANDFILE \
|
||||
$SIGNER >/dev/null 2>&1 \
|
||||
-S -O full -o $Z -f sig.$1 db.$1
|
||||
}
|
||||
|
||||
|
||||
@ -15,6 +15,6 @@ SYSTEMTESTTOP=../..
|
||||
zone=example.
|
||||
zonefile=example.db
|
||||
|
||||
ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk -r $RANDFILE $zone`
|
||||
zsk=`$KEYGEN -q -a RSASHA256 -b 1024 -r $RANDFILE $zone`
|
||||
$SIGNER -S -r $RANDFILE -o $zone example.db > /dev/null 2>&1
|
||||
ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk $zone`
|
||||
zsk=`$KEYGEN -q -a RSASHA256 -b 1024 $zone`
|
||||
$SIGNER -S -o $zone example.db > /dev/null 2>&1
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns5/named.conf.in ns5/named.conf
|
||||
|
||||
@ -38,7 +38,6 @@ options {
|
||||
port 5300;
|
||||
querylog yes;
|
||||
recursing-file "named.recursing";
|
||||
random-device "/dev/random";
|
||||
recursive-clients 3000;
|
||||
serial-queries 10;
|
||||
serial-query-rate 100;
|
||||
|
||||
@ -57,7 +57,6 @@ options {
|
||||
pid-file none;
|
||||
port 5300;
|
||||
querylog yes;
|
||||
random-device "/dev/random";
|
||||
recursing-file "named.recursing";
|
||||
recursive-clients 3000;
|
||||
serial-queries 10;
|
||||
|
||||
@ -33,7 +33,6 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
|
||||
DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
|
||||
FEATURETEST=$TOP/bin/tests/system/feature-test
|
||||
FSTRM_CAPTURE=@FSTRM_CAPTURE@
|
||||
GENRANDOM=$TOP/bin/tools/genrandom
|
||||
IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
|
||||
JOURNALPRINT=$TOP/bin/tools/named-journalprint
|
||||
KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
|
||||
@ -59,8 +58,6 @@ TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
|
||||
VERIFY=$TOP/bin/dnssec/dnssec-verify
|
||||
WIRETEST=$TOP/bin/tests/wire_test
|
||||
|
||||
RANDFILE=$TOP/bin/tests/system/random.data
|
||||
|
||||
BIGKEY=$TOP/bin/tests/system/rsabigexponent/bigkey
|
||||
GENCHECK=$TOP/bin/tests/system/rndc/gencheck
|
||||
KEYCREATE=$TOP/bin/tests/system/tkey/keycreate
|
||||
@ -323,7 +320,6 @@ export PK11GEN
|
||||
export PK11LIST
|
||||
export PSSUSPEND
|
||||
export PYTHON
|
||||
export RANDFILE
|
||||
export RESOLVE
|
||||
export RNDC
|
||||
export RRCHECKER
|
||||
|
||||
@ -38,7 +38,6 @@ DNSTAPREAD=$TOP/Build/$VSCONF/dnstap-read@EXEEXT@
|
||||
DSFROMKEY=$TOP/Build/$VSCONF/dnssec-dsfromkey@EXEEXT@
|
||||
FEATURETEST=$TOP/Build/$VSCONF/feature-test@EXEEXT@
|
||||
FSTRM_CAPTURE=@FSTRM_CAPTURE@
|
||||
GENRANDOM=$TOP/Build/$VSCONF/genrandom@EXEEXT@
|
||||
IMPORTKEY=$TOP/Build/$VSCONF/dnssec-importkey@EXEEXT@
|
||||
JOURNALPRINT=$TOP/Build/$VSCONF/named-journalprint@EXEEXT@
|
||||
KEYFRLAB=$TOP/Build/$VSCONF/dnssec-keyfromlabel@EXEEXT@
|
||||
@ -65,9 +64,6 @@ VERIFY=$TOP/Build/$VSCONF/dnssec-verify@EXEEXT@
|
||||
|
||||
# to port WIRETEST=$TOP/Build/$VSCONF/wire_test@EXEEXT@
|
||||
|
||||
# this is given as argument to native WIN32 executables
|
||||
RANDFILE=`cygpath -w $TOP/bin/tests/system/random.data`
|
||||
|
||||
BIGKEY=$TOP/Build/$VSCONF/bigkey@EXEEXT@
|
||||
GENCHECK=$TOP/Build/$VSCONF/gencheck@EXEEXT@
|
||||
KEYCREATE=$TOP/Build/$VSCONF/keycreate@EXEEXT@
|
||||
@ -298,7 +294,6 @@ export PK11GEN
|
||||
export PK11LIST
|
||||
export PSSUSPEND
|
||||
export PYTHON
|
||||
export RANDFILE
|
||||
export RESOLVE
|
||||
export RNDC
|
||||
export RRCHECKER
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
KEYGEN="$KEYGEN -qr $RANDFILE"
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
ln -s $CHECKZONE named-compilezone
|
||||
|
||||
@ -23,12 +23,12 @@ infile=root.db.in
|
||||
zonefile=root.db
|
||||
outfile=root.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -24,12 +24,12 @@ zonefile=druz.db
|
||||
outfile=druz.pre
|
||||
dlvzone=utld.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
$CHECKZONE -q -D -i none druz druz.pre |
|
||||
sed '/IN DNSKEY/s/\([a-z0-9A-Z/]\{10\}\)[a-z0-9A-Z/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
|
||||
|
||||
@ -26,13 +26,13 @@ zonefile=child1.utld.db
|
||||
outfile=child1.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -42,13 +42,13 @@ zonefile=child3.utld.db
|
||||
outfile=child3.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -58,12 +58,12 @@ zonefile=child4.utld.db
|
||||
outfile=child4.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -73,13 +73,13 @@ zonefile=child5.utld.db
|
||||
outfile=child5.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -88,13 +88,13 @@ infile=child.db.in
|
||||
zonefile=child7.utld.db
|
||||
outfile=child7.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -103,12 +103,12 @@ infile=child.db.in
|
||||
zonefile=child8.utld.db
|
||||
outfile=child8.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -118,12 +118,12 @@ zonefile=child9.utld.db
|
||||
outfile=child9.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=child10.utld.
|
||||
@ -132,12 +132,12 @@ zonefile=child10.utld.db
|
||||
outfile=child10.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=child1.druz.
|
||||
@ -147,13 +147,13 @@ outfile=child1.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -164,13 +164,13 @@ outfile=child3.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -181,12 +181,12 @@ outfile=child4.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -197,13 +197,13 @@ outfile=child5.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -213,13 +213,13 @@ zonefile=child7.druz.db
|
||||
outfile=child7.druz.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -228,12 +228,12 @@ infile=child.db.in
|
||||
zonefile=child8.druz.db
|
||||
outfile=child8.druz.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -243,12 +243,12 @@ zonefile=child9.druz.db
|
||||
outfile=child9.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=child10.druz.
|
||||
@ -258,12 +258,12 @@ outfile=child10.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -272,12 +272,12 @@ infile=dlv.db.in
|
||||
zonefile=dlv.utld.db
|
||||
outfile=dlv.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
|
||||
@ -21,12 +21,12 @@ infile=child.db.in
|
||||
zonefile=grand.child1.utld.db
|
||||
outfile=grand.child1.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -36,12 +36,12 @@ zonefile=grand.child3.utld.db
|
||||
outfile=grand.child3.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -51,12 +51,12 @@ zonefile=grand.child4.utld.db
|
||||
outfile=grand.child4.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -66,12 +66,12 @@ zonefile=grand.child5.utld.db
|
||||
outfile=grand.child5.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -81,12 +81,12 @@ zonefile=grand.child7.utld.db
|
||||
outfile=grand.child7.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -96,12 +96,12 @@ zonefile=grand.child8.utld.db
|
||||
outfile=grand.child8.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -111,12 +111,12 @@ zonefile=grand.child9.utld.db
|
||||
outfile=grand.child9.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=grand.child10.utld.
|
||||
@ -125,12 +125,12 @@ zonefile=grand.child10.utld.db
|
||||
outfile=grand.child10.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=grand.child1.druz.
|
||||
@ -138,12 +138,12 @@ infile=child.db.in
|
||||
zonefile=grand.child1.druz.db
|
||||
outfile=grand.child1.druz.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -153,12 +153,12 @@ zonefile=grand.child3.druz.db
|
||||
outfile=grand.child3.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -168,12 +168,12 @@ zonefile=grand.child4.druz.db
|
||||
outfile=grand.child4.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -183,12 +183,12 @@ zonefile=grand.child5.druz.db
|
||||
outfile=grand.child5.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -198,12 +198,12 @@ zonefile=grand.child7.druz.db
|
||||
outfile=grand.child7.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -213,12 +213,12 @@ zonefile=grand.child8.druz.db
|
||||
outfile=grand.child8.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
@ -228,12 +228,12 @@ zonefile=grand.child9.druz.db
|
||||
outfile=grand.child9.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=grand.child10.druz.
|
||||
@ -242,10 +242,10 @@ zonefile=grand.child10.druz.db
|
||||
outfile=grand.child10.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
|
||||
$DDNSCONFGEN -q -z example.nil > ns1/ddns.key
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
|
||||
@ -16,9 +16,9 @@ zone=signed
|
||||
infile=example.db
|
||||
zonefile=signed.db
|
||||
|
||||
key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
|
||||
key1=`$KEYGEN -q -a rsasha256 $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -fk $zone`
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
|
||||
|
||||
@ -27,11 +27,11 @@ cp ../ns2/dsset-in-addr.arpa$TP .
|
||||
grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP
|
||||
cp ../ns6/dsset-optout-tld$TP .
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
|
||||
|
||||
@ -29,12 +29,12 @@ do
|
||||
cp ../ns3/dsset-$subdomain.example$TP .
|
||||
done
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
#
|
||||
# lower/uppercase the signature bits with the exception of the last characters
|
||||
@ -89,11 +89,11 @@ zone=in-addr.arpa.
|
||||
infile=in-addr.arpa.db.in
|
||||
zonefile=in-addr.arpa.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
# Sign the privately secure file
|
||||
|
||||
@ -101,11 +101,11 @@ privzone=private.secure.example.
|
||||
privinfile=private.secure.example.db.in
|
||||
privzonefile=private.secure.example.db
|
||||
|
||||
privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $privzone`
|
||||
privkeyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $privzone`
|
||||
|
||||
cat $privinfile $privkeyname.key >$privzonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $privzone -l dlv $privzonefile > /dev/null
|
||||
$SIGNER -P -g -o $privzone -l dlv $privzonefile > /dev/null
|
||||
|
||||
# Sign the DLV secure zone.
|
||||
|
||||
@ -115,11 +115,11 @@ dlvinfile=dlv.db.in
|
||||
dlvzonefile=dlv.db
|
||||
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
|
||||
|
||||
dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $dlvzone`
|
||||
dlvkeyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $dlvzone`
|
||||
|
||||
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $dlvzone $dlvzonefile > /dev/null
|
||||
$SIGNER -P -g -o $dlvzone $dlvzonefile > /dev/null
|
||||
|
||||
# Sign the badparam secure file
|
||||
|
||||
@ -127,12 +127,12 @@ zone=badparam.
|
||||
infile=badparam.db.in
|
||||
zonefile=badparam.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -H 1 -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -P -3 - -H 1 -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
sed 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' $zonefile.signed > $zonefile.bad
|
||||
|
||||
@ -142,12 +142,12 @@ zone=single-nsec3.
|
||||
infile=single-nsec3.db.in
|
||||
zonefile=single-nsec3.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -A -H 1 -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -P -3 - -A -H 1 -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
#
|
||||
# algroll has just has the old DNSKEY records removed and is waiting
|
||||
@ -158,14 +158,14 @@ zone=algroll.
|
||||
infile=algroll.db.in
|
||||
zonefile=algroll.db
|
||||
|
||||
keyold1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
keyold2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keynew1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -fk $zone`
|
||||
keynew2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyold1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
keyold2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keynew1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -fk $zone`
|
||||
keynew2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keynew1.key $keynew2.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
|
||||
$SIGNER -P -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
|
||||
|
||||
#
|
||||
# Make a zone big enough that it takes several seconds to generate a new
|
||||
@ -183,93 +183,93 @@ ns3 10 A 10.53.0.3
|
||||
EOF
|
||||
awk 'END { for (i = 0; i < 300; i++)
|
||||
print "host" i, 10, "NS", "ns.elsewhere"; }' < /dev/null >> $zonefile
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
cat $key1.key $key2.key >> $zonefile
|
||||
$SIGNER -P -3 - -A -H 1 -g -r $RANDFILE -o $zone -k $key1 $zonefile $key2 > /dev/null
|
||||
$SIGNER -P -3 - -A -H 1 -g -o $zone -k $key1 $zonefile $key2 > /dev/null
|
||||
|
||||
zone=cds.secure
|
||||
infile=cds.secure.db.in
|
||||
zonefile=cds.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
$DSFROMKEY -C $key1.key > $key1.cds
|
||||
cat $infile $key1.key $key2.key $key1.cds >$zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=cds-x.secure
|
||||
infile=cds.secure.db.in
|
||||
zonefile=cds-x.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key3=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key3=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
$DSFROMKEY -C $key2.key > $key2.cds
|
||||
cat $infile $key1.key $key3.key $key2.cds >$zonefile
|
||||
$SIGNER -P -g -x -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -x -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=cds-update.secure
|
||||
infile=cds-update.secure.db.in
|
||||
zonefile=cds-update.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=cds-kskonly.secure
|
||||
infile=cds-kskonly.secure.db.in
|
||||
zonefile=cds-kskonly.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=cds-auto.secure
|
||||
infile=cds-auto.secure.db.in
|
||||
zonefile=cds-auto.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
$DSFROMKEY -C $key1.key > $key1.cds
|
||||
cat $infile $key1.cds > $zonefile.signed
|
||||
|
||||
zone=cdnskey.secure
|
||||
infile=cdnskey.secure.db.in
|
||||
zonefile=cdnskey.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
|
||||
cat $infile $key1.key $key2.key $key1.cds >$zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=cdnskey-x.secure
|
||||
infile=cdnskey.secure.db.in
|
||||
zonefile=cdnskey-x.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key3=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key3=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
|
||||
cat $infile $key2.key $key3.key $key1.cds >$zonefile
|
||||
$SIGNER -P -g -x -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -x -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=cdnskey-update.secure
|
||||
infile=cdnskey-update.secure.db.in
|
||||
zonefile=cdnskey-update.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=cdnskey-kskonly.secure
|
||||
infile=cdnskey-kskonly.secure.db.in
|
||||
zonefile=cdnskey-kskonly.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=cdnskey-auto.secure
|
||||
infile=cdnskey-auto.secure.db.in
|
||||
zonefile=cdnskey-auto.secure.db
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
|
||||
cat $infile $key1.cds > $zonefile.signed
|
||||
|
||||
@ -16,44 +16,44 @@ zone=secure.example.
|
||||
infile=secure.example.db.in
|
||||
zonefile=secure.example.db
|
||||
|
||||
cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
|
||||
dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cnameandkey=`$KEYGEN -T KEY -q -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
|
||||
dnameandkey=`$KEYGEN -T KEY -q -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $cnameandkey.key $dnameandkey.key $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
zone=bogus.example.
|
||||
infile=bogus.example.db.in
|
||||
zonefile=bogus.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
zone=dynamic.example.
|
||||
infile=dynamic.example.db.in
|
||||
zonefile=dynamic.example.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
|
||||
keyname1=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone -f KSK $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
zone=keyless.example.
|
||||
infile=generic.example.db.in
|
||||
zonefile=keyless.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
# Change the signer field of the a.b.keyless.example SIG A
|
||||
# to point to a provably nonexistent KEY record.
|
||||
@ -69,11 +69,11 @@ zone=secure.nsec3.example.
|
||||
infile=secure.nsec3.example.db.in
|
||||
zonefile=secure.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# NSEC3/NSEC3 test zone
|
||||
@ -82,11 +82,11 @@ zone=nsec3.nsec3.example.
|
||||
infile=nsec3.nsec3.example.db.in
|
||||
zonefile=nsec3.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC3 test zone
|
||||
@ -95,11 +95,11 @@ zone=optout.nsec3.example.
|
||||
infile=optout.nsec3.example.db.in
|
||||
zonefile=optout.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A nsec3 zone (non-optout).
|
||||
@ -108,11 +108,11 @@ zone=nsec3.example.
|
||||
infile=nsec3.example.db.in
|
||||
zonefile=nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -g -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC test zone
|
||||
@ -121,11 +121,11 @@ zone=secure.optout.example.
|
||||
infile=secure.optout.example.db.in
|
||||
zonefile=secure.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC3 test zone
|
||||
@ -134,11 +134,11 @@ zone=nsec3.optout.example.
|
||||
infile=nsec3.optout.example.db.in
|
||||
zonefile=nsec3.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# OPTOUT/OPTOUT test zone
|
||||
@ -147,11 +147,11 @@ zone=optout.optout.example.
|
||||
infile=optout.optout.example.db.in
|
||||
zonefile=optout.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A optout nsec3 zone.
|
||||
@ -160,11 +160,11 @@ zone=optout.example.
|
||||
infile=optout.example.db.in
|
||||
zonefile=optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -g -3 - -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U).
|
||||
@ -173,11 +173,11 @@ zone=nsec3-unknown.example.
|
||||
infile=nsec3-unknown.example.db.in
|
||||
zonefile=nsec3-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -U -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A optout nsec3 zone with a unknown nsec3 hash algorithm (-U).
|
||||
@ -186,11 +186,11 @@ zone=optout-unknown.example.
|
||||
infile=optout-unknown.example.db.in
|
||||
zonefile=optout-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -U -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone with a unknown DNSKEY algorithm.
|
||||
@ -200,11 +200,11 @@ zone=dnskey-unknown.example.
|
||||
infile=dnskey-unknown.example.db.in
|
||||
zonefile=dnskey-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
@ -219,11 +219,11 @@ zone=dnskey-nsec3-unknown.example.
|
||||
infile=dnskey-nsec3-unknown.example.db.in
|
||||
zonefile=dnskey-nsec3-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone -U -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone -U -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
@ -237,21 +237,21 @@ zone=multiple.example.
|
||||
infile=multiple.example.db.in
|
||||
zonefile=multiple.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 AAAA -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 BBBB -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 CCCC -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 DDDD -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A RSASHA256 zone.
|
||||
@ -260,11 +260,11 @@ zone=rsasha256.example.
|
||||
infile=rsasha256.example.db.in
|
||||
zonefile=rsasha256.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A RSASHA512 zone.
|
||||
@ -273,11 +273,11 @@ zone=rsasha512.example.
|
||||
infile=rsasha512.example.db.in
|
||||
zonefile=rsasha512.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA512 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone with the DNSKEY set only signed by the KSK
|
||||
@ -286,10 +286,10 @@ zone=kskonly.example.
|
||||
infile=kskonly.example.db.in
|
||||
zonefile=kskonly.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -x -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -x -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone with the expired signatures
|
||||
@ -298,10 +298,10 @@ zone=expired.example.
|
||||
infile=expired.example.db.in
|
||||
zonefile=expired.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -r $RANDFILE -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1
|
||||
rm -f $kskname.* $zskname.*
|
||||
|
||||
#
|
||||
@ -311,10 +311,10 @@ zone=update-nsec3.example.
|
||||
infile=update-nsec3.example.db.in
|
||||
zonefile=update-nsec3.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A NSEC signed zone that will have auto-dnssec enabled and
|
||||
@ -324,12 +324,12 @@ zone=auto-nsec.example.
|
||||
infile=auto-nsec.example.db.in
|
||||
zonefile=auto-nsec.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A NSEC3 signed zone that will have auto-dnssec enabled and
|
||||
@ -339,12 +339,12 @@ zone=auto-nsec3.example.
|
||||
infile=auto-nsec3.example.db.in
|
||||
zonefile=auto-nsec3.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Secure below cname test zone.
|
||||
@ -352,9 +352,9 @@ $SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
zone=secure.below-cname.example.
|
||||
infile=secure.below-cname.example.db.in
|
||||
zonefile=secure.below-cname.example.db
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $keyname.key >$zonefile
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Patched TTL test zone.
|
||||
@ -365,10 +365,10 @@ zonefile=ttlpatch.example.db
|
||||
signedfile=ttlpatch.example.db.signed
|
||||
patchedfile=ttlpatch.example.db.patched
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -f $signedfile -o $zone $zonefile > /dev/null 2>&1
|
||||
$CHECKZONE -D -s full $zone $signedfile 2> /dev/null | \
|
||||
awk '{$2 = "3600"; print}' > $patchedfile
|
||||
|
||||
@ -380,11 +380,11 @@ infile=split-dnssec.example.db.in
|
||||
zonefile=split-dnssec.example.db
|
||||
signedfile=split-dnssec.example.db.signed
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $keyname.key >$zonefile
|
||||
echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
|
||||
: > $signedfile
|
||||
$SIGNER -P -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -D -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Seperate DNSSEC records smart signing.
|
||||
@ -394,11 +394,11 @@ infile=split-smart.example.db.in
|
||||
zonefile=split-smart.example.db
|
||||
signedfile=split-smart.example.db.signed
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cp $infile $zonefile
|
||||
echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
|
||||
: > $signedfile
|
||||
$SIGNER -P -S -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -S -D -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Zone with signatures about to expire, but no private key to replace them
|
||||
@ -407,10 +407,10 @@ zone="expiring.example."
|
||||
infile="expiring.example.db.in"
|
||||
zonefile="expiring.example.db"
|
||||
signedfile="expiring.example.db.signed"
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -S -e now+1mi -o $zone $zonefile > /dev/null 2>&1
|
||||
mv -f ${zskname}.private ${zskname}.private.moved
|
||||
mv -f ${kskname}.private ${kskname}.private.moved
|
||||
|
||||
@ -422,10 +422,10 @@ infile="upper.example.db.in"
|
||||
zonefile="upper.example.db"
|
||||
lower="upper.example.db.lower"
|
||||
signedfile="upper.example.db.signed"
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -P -S -r $RANDFILE -o $zone -f $lower $zonefile > /dev/null 2>/dev/null
|
||||
$SIGNER -P -S -o $zone -f $lower $zonefile > /dev/null 2>/dev/null
|
||||
$CHECKZONE -D upper.example $lower 2>/dev/null | \
|
||||
sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
|
||||
|
||||
@ -437,10 +437,10 @@ zone="LOWER.EXAMPLE."
|
||||
infile="lower.example.db.in"
|
||||
zonefile="lower.example.db"
|
||||
signedfile="lower.example.db.signed"
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -P -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -S -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Zone with signatures about to expire, and dynamic, but configured
|
||||
@ -450,10 +450,10 @@ zone="nosign.example."
|
||||
infile="nosign.example.db.in"
|
||||
zonefile="nosign.example.db"
|
||||
signedfile="nosign.example.db.signed"
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -S -e now+1mi -o $zone $zonefile > /dev/null 2>&1
|
||||
# preserve a normalized copy of the NS RRSIG for comparison later
|
||||
$CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
|
||||
awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \
|
||||
@ -463,8 +463,8 @@ $CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
|
||||
# An inline signing zone
|
||||
#
|
||||
zone=inline.example.
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
|
||||
#
|
||||
# publish a new key while deactivating another key at the same time.
|
||||
@ -473,12 +473,12 @@ zone=publish-inactive.example
|
||||
infile=publish-inactive.example.db.in
|
||||
zonefile=publish-inactive.example.db
|
||||
now=`date -u +%Y%m%d%H%M%S`
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -P $now+90s -A $now+3600s -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -I $now+90s -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -P $now+90s -A $now+3600s -q -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -I $now+90s -q -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -S -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone which will change its sig-validity-interval
|
||||
@ -486,8 +486,8 @@ $SIGNER -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
zone=siginterval.example
|
||||
infile=siginterval.example.db.in
|
||||
zonefile=siginterval.example.db
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
cp $infile $zonefile
|
||||
|
||||
#
|
||||
@ -498,11 +498,11 @@ zone=badds.example.
|
||||
infile=bogus.example.db.in
|
||||
zonefile=badds.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
|
||||
|
||||
#
|
||||
@ -511,10 +511,10 @@ sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
|
||||
zone=future.example
|
||||
infile=future.example.db.in
|
||||
zonefile=future.example.db
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -s +3600 -o $zone $zonefile > /dev/null 2>&1
|
||||
cp -f $kskname.key trusted-future.key
|
||||
|
||||
#
|
||||
@ -523,10 +523,10 @@ cp -f $kskname.key trusted-future.key
|
||||
zone=managed-future.example
|
||||
infile=managed-future.example.db.in
|
||||
zonefile=managed-future.example.db
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -s +3600 -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone with a revoked key
|
||||
@ -535,11 +535,11 @@ zone=revkey.example.
|
||||
infile=generic.example.db.in
|
||||
zonefile=revkey.example.db
|
||||
|
||||
ksk1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3fk $zone`
|
||||
ksk1=`$KEYGEN -q -a RSASHA1 -3fk $zone`
|
||||
ksk1=`$REVOKE $ksk1`
|
||||
ksk2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3fk $zone`
|
||||
zsk1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3 $zone`
|
||||
ksk2=`$KEYGEN -q -a RSASHA1 -3fk $zone`
|
||||
zsk1=`$KEYGEN -q -a RSASHA1 -3 $zone`
|
||||
|
||||
cat $infile ${ksk1}.key ${ksk2}.key ${zsk1}.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
@ -16,7 +16,7 @@ zone=.
|
||||
infile=../ns1/root.db.in
|
||||
zonefile=root.db.signed
|
||||
|
||||
keyname=`$KEYGEN -r $RANDFILE -a RSASHA1 -qfk $zone`
|
||||
keyname=`$KEYGEN -a RSASHA1 -qfk $zone`
|
||||
|
||||
# copy the KSK out first, then revoke it
|
||||
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
|
||||
@ -32,6 +32,6 @@ EOF
|
||||
$SETTIME -R now ${keyname}.key > /dev/null
|
||||
|
||||
# create a current set of keys, and sign the root zone
|
||||
$KEYGEN -r $RANDFILE -a RSASHA1 -q $zone > /dev/null
|
||||
$KEYGEN -r $RANDFILE -a RSASHA1 -qfk $zone > /dev/null
|
||||
$SIGNER -S -r $RANDFILE -o $zone -f $zonefile $infile > /dev/null 2>&1
|
||||
$KEYGEN -a RSASHA1 -q $zone > /dev/null
|
||||
$KEYGEN -a RSASHA1 -qfk $zone > /dev/null
|
||||
$SIGNER -S -o $zone -f $zonefile $infile > /dev/null 2>&1
|
||||
|
||||
@ -16,8 +16,8 @@ zone=optout-tld
|
||||
infile=optout-tld.db.in
|
||||
zonefile=optout-tld.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
@ -16,12 +16,12 @@ zone=split-rrsig
|
||||
infile=split-rrsig.db.in
|
||||
zonefile=split-rrsig.db
|
||||
|
||||
k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
k1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
k2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $k1.key $k2.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -A -r $RANDFILE -o $zone -O full -f $zonefile.unsplit -e now-3600 -s now-7200 $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -A -o $zone -O full -f $zonefile.unsplit -e now-3600 -s now-7200 $zonefile > /dev/null 2>&1
|
||||
awk 'BEGIN { r = ""; }
|
||||
$4 == "RRSIG" && $5 == "SOA" && r == "" { r = $0; next; }
|
||||
{ print }
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -1381,8 +1381,8 @@ status=`expr $status + $ret`
|
||||
echo_i "checking that we can sign a zone with out-of-zone records ($n)"
|
||||
ret=0
|
||||
zone=example
|
||||
key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -K signer -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
(
|
||||
cd signer
|
||||
cat example.db.in $key1.key $key2.key > example.db
|
||||
@ -1395,8 +1395,8 @@ status=`expr $status + $ret`
|
||||
echo_i "checking that we can sign a zone (NSEC3) with out-of-zone records ($n)"
|
||||
ret=0
|
||||
zone=example
|
||||
key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -K signer -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
(
|
||||
cd signer
|
||||
cat example.db.in $key1.key $key2.key > example.db
|
||||
@ -1420,8 +1420,8 @@ status=`expr $status + $ret`
|
||||
echo_i "checking NSEC3 signing with empty nonterminals above a delegation ($n)"
|
||||
ret=0
|
||||
zone=example
|
||||
key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -K signer -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
(
|
||||
cd signer
|
||||
cat example.db.in $key1.key $key2.key > example3.db
|
||||
@ -1446,8 +1446,8 @@ status=`expr $status + $ret`
|
||||
echo_i "checking that dnsssec-signzone updates originalttl on ttl changes ($n)"
|
||||
ret=0
|
||||
zone=example
|
||||
key1=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -K signer -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -f KSK -a RSASHA1 -b 1024 -n zone $zone`
|
||||
(
|
||||
cd signer
|
||||
cat example.db.in $key1.key $key2.key > example.db
|
||||
@ -1463,10 +1463,10 @@ status=`expr $status + $ret`
|
||||
echo_i "checking dnssec-signzone keeps valid signatures from removed keys ($n)"
|
||||
ret=0
|
||||
zone=example
|
||||
key1=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key1=`$KEYGEN -K signer -q -f KSK -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -K signer -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyid2=`echo $key2 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'`
|
||||
key3=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key3=`$KEYGEN -K signer -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyid3=`echo $key3 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'`
|
||||
(
|
||||
cd signer
|
||||
@ -2320,7 +2320,7 @@ echo_i "checking that the NSEC3 record for the apex is properly signed when a DN
|
||||
ret=0
|
||||
(
|
||||
cd ns3
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -r $RANDFILE -fk update-nsec3.example`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk update-nsec3.example`
|
||||
(
|
||||
echo zone update-nsec3.example
|
||||
echo server 10.53.0.3 ${PORT}
|
||||
@ -2661,7 +2661,7 @@ status=`expr $status + $ret`
|
||||
# includes it anyway to avoid confusion (RT #21731)
|
||||
echo_i "check dnssec-dsfromkey error message when keyfile is not found ($n)"
|
||||
ret=0
|
||||
key=`$KEYGEN -a RSASHA1 -q -r $RANDFILE example.` || ret=1
|
||||
key=`$KEYGEN -a RSASHA1 -q example.` || ret=1
|
||||
mv $key.key $key
|
||||
$DSFROMKEY $key > dsfromkey.out.$n 2>&1 && ret=1
|
||||
grep "$key.key: file not found" dsfromkey.out.$n > /dev/null || ret=1
|
||||
@ -2748,7 +2748,7 @@ cd ns3
|
||||
for file in K*.moved; do
|
||||
mv $file `basename $file .moved`
|
||||
done
|
||||
$SIGNER -S -r $RANDFILE -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null 2>&1
|
||||
$SIGNER -S -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null 2>&1
|
||||
) || ret=1
|
||||
$RNDCCMD 10.53.0.3 reload expiring.example 2>&1 | sed 's/^/ns3 /' | cat_i
|
||||
|
||||
@ -3115,7 +3115,7 @@ do
|
||||
alg=`expr $alg + 1`
|
||||
continue;;
|
||||
esac
|
||||
key1=`$KEYGEN -a $alg $size -n zone -r $RANDFILE example 2> keygen.err`
|
||||
key1=`$KEYGEN -a $alg $size -n zone example 2> keygen.err`
|
||||
if grep "unsupported algorithm" keygen.err > /dev/null
|
||||
then
|
||||
alg=`expr $alg + 1`
|
||||
@ -3130,7 +3130,7 @@ do
|
||||
continue
|
||||
fi
|
||||
$SETTIME -I now+4d $key1.private > /dev/null
|
||||
key2=`$KEYGEN -v 10 -r $RANDFILE -i 3d -S $key1.private 2> /dev/null`
|
||||
key2=`$KEYGEN -v 10 -i 3d -S $key1.private 2> /dev/null`
|
||||
test -f $key2.key -a -f $key2.private || {
|
||||
ret=1
|
||||
echo_i "'dnssec-keygen -S' failed for algorithm: $alg"
|
||||
@ -3447,8 +3447,8 @@ ret=0
|
||||
# generate signed zone with MX and AAAA records at apex.
|
||||
(
|
||||
cd signer
|
||||
$KEYGEN -q -r $RANDFILE -a RSASHA1 -3 -fK remove > /dev/null
|
||||
$KEYGEN -q -r $RANDFILE -a RSASHA1 -33 remove > /dev/null
|
||||
$KEYGEN -q -a RSASHA1 -3 -fK remove > /dev/null
|
||||
$KEYGEN -q -a RSASHA1 -33 remove > /dev/null
|
||||
echo > remove.db.signed
|
||||
$SIGNER -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n 2>&1
|
||||
)
|
||||
|
||||
@ -21,12 +21,12 @@ zonefile=root.db
|
||||
cp ../ns2/dsset-good$TP .
|
||||
cp ../ns2/dsset-bad$TP .
|
||||
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 2048 -n zone -f KSK $zone`
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 2048 -n zone -f KSK $zone`
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
|
||||
|
||||
@ -19,16 +19,16 @@ zone2=bad.
|
||||
infile2=bad.db.in
|
||||
zonefile2=bad.db
|
||||
|
||||
keyname11=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone1`
|
||||
keyname12=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone -f KSK $zone1`
|
||||
keyname21=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone2`
|
||||
keyname22=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone -f KSK $zone2`
|
||||
keyname11=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone1`
|
||||
keyname12=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone -f KSK $zone1`
|
||||
keyname21=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone2`
|
||||
keyname22=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone -f KSK $zone2`
|
||||
|
||||
cat $infile1 $keyname11.key $keyname12.key >$zonefile1
|
||||
cat $infile2 $keyname21.key $keyname22.key >$zonefile2
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone1 $zonefile1 > /dev/null
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone2 $zonefile2 > /dev/null
|
||||
$SIGNER -P -g -o $zone1 $zonefile1 > /dev/null
|
||||
$SIGNER -P -g -o $zone2 $zonefile2 > /dev/null
|
||||
|
||||
DSFILENAME1=dsset-`echo $zone1 |sed -e "s/\.$//g"`$TP
|
||||
DSFILENAME2=dsset-`echo $zone2 |sed -e "s/\.$//g"`$TP
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -16,13 +16,13 @@ zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a ECDSAP256SHA256 -n zone $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a ECDSAP384SHA384 -n zone -f KSK $zone`
|
||||
key1=`$KEYGEN -q -a ECDSAP256SHA256 -n zone $zone`
|
||||
key2=`$KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -a sha-384 $key2.key > dsset-384
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
|
||||
|
||||
@ -12,6 +12,4 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
@ -16,14 +16,14 @@ zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a ED25519 -n zone $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a ED25519 -n zone -f KSK $zone`
|
||||
#key2=`$KEYGEN -q -r $RANDFILE -a ED448 -n zone -f KSK $zone`
|
||||
key1=`$KEYGEN -q -a ED25519 -n zone $zone`
|
||||
key2=`$KEYGEN -q -a ED25519 -n zone -f KSK $zone`
|
||||
#key2=`$KEYGEN -q -a ED448 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -a sha-256 $key2.key > dsset-256
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
|
||||
|
||||
@ -23,4 +23,4 @@ do
|
||||
cp $i `echo $i | sed s/X/K/`
|
||||
done
|
||||
|
||||
$SIGNER -P -z -s $starttime -e $endtime -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
@ -12,6 +12,4 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
@ -21,10 +21,10 @@ infile=signed.db.in
|
||||
zonefile=signed.db.signed
|
||||
outfile=signed.db.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
@ -21,10 +21,10 @@ infile=signed.db.in
|
||||
zonefile=signed.db.signed
|
||||
outfile=signed.db.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named1.conf.in ns1/named.conf
|
||||
copy_setports ns2/named1.conf.in ns2/named.conf
|
||||
copy_setports ns3/named1.conf.in ns3/named.conf
|
||||
|
||||
@ -16,13 +16,13 @@ zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
|
||||
key1=`$KEYGEN -q -r $RANDFILE -a ECCGOST -n zone $zone`
|
||||
key2=`$KEYGEN -q -r $RANDFILE -a ECCGOST -n zone -f KSK $zone`
|
||||
key1=`$KEYGEN -q -a ECCGOST -n zone $zone`
|
||||
key2=`$KEYGEN -q -a ECCGOST -n zone -f KSK $zone`
|
||||
$DSFROMKEY -a gost $key2.key > dsset-gost
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
|
||||
|
||||
@ -12,6 +12,4 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
@ -15,8 +15,8 @@ SYSTEMTESTTOP=../..
|
||||
zone=.
|
||||
rm -f K.+*+*.key
|
||||
rm -f K.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
|
||||
[ $? = 0 ] || cat signer.out
|
||||
|
||||
|
||||
@ -15,36 +15,36 @@ SYSTEMTESTTOP=../..
|
||||
zone=bits
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=noixfr
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=master
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=dynamic
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=updated
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
|
||||
cp master2.db.in updated.db
|
||||
@ -53,72 +53,72 @@ cp master2.db.in updated.db
|
||||
zone=expired
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
|
||||
|
||||
zone=retransfer
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=nsec3
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=retransfer3
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=inactiveksk
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=inactivezsk
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=removedkeys-primary
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
|
||||
zone=removedkeys-secondary
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
|
||||
for s in a c d h k l m q z
|
||||
do
|
||||
zone=test-$s
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
done
|
||||
|
||||
for s in b f i o p t v
|
||||
do
|
||||
zone=test-$s
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
done
|
||||
|
||||
zone=externalkey
|
||||
@ -134,14 +134,14 @@ do
|
||||
touch $checkfile ;;
|
||||
ECCGOST)
|
||||
fail=0
|
||||
$KEYGEN -q -r $RANDFILE -a eccgost test > /dev/null 2>&1 || fail=1
|
||||
$KEYGEN -q -a eccgost test > /dev/null 2>&1 || fail=1
|
||||
rm -f Ktest*
|
||||
[ $fail != 0 ] && continue
|
||||
checkfile=../checkgost
|
||||
touch $checkfile ;;
|
||||
ECDSAP256SHA256)
|
||||
fail=0
|
||||
$KEYGEN -q -r $RANDFILE -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
|
||||
$KEYGEN -q -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
|
||||
rm -f Ktest*
|
||||
[ $fail != 0 ] && continue
|
||||
$SHELL ../checkdsa.sh 2> /dev/null || continue
|
||||
@ -150,10 +150,10 @@ do
|
||||
*) ;;
|
||||
esac
|
||||
|
||||
k1=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone`
|
||||
k2=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
|
||||
k3=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
|
||||
k4=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone`
|
||||
k1=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone`
|
||||
k2=`$KEYGEN -q -a $alg -b 1024 -n zone $zone`
|
||||
k3=`$KEYGEN -q -a $alg -b 1024 -n zone $zone`
|
||||
k4=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $k4 >> ../ns1/root.db
|
||||
|
||||
# Convert k1 and k2 in to External Keys.
|
||||
|
||||
@ -18,6 +18,6 @@ SYSTEMTESTTOP=../..
|
||||
zone=nsec3-loop
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
|
||||
@ -12,8 +12,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cp ns1/root.db.in ns1/root.db
|
||||
rm -f ns1/root.db.signed
|
||||
|
||||
|
||||
@ -619,8 +619,8 @@ grep "ANSWER: 1," dig.out.ns5.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "setup broken"; fi
|
||||
status=`expr $status + $ret`
|
||||
copy_setports ns5/named.conf.post ns5/named.conf
|
||||
(cd ns5; $KEYGEN -q -a rsasha256 -r $RANDFILE bits) > /dev/null 2>&1
|
||||
(cd ns5; $KEYGEN -q -a rsasha256 -r $RANDFILE -f KSK bits) > /dev/null 2>&1
|
||||
(cd ns5; $KEYGEN -q -a rsasha256 bits) > /dev/null 2>&1
|
||||
(cd ns5; $KEYGEN -q -a rsasha256 -f KSK bits) > /dev/null 2>&1
|
||||
$RNDCCMD 10.53.0.5 reload 2>&1 | sed 's/^/ns5 /' | cat_i
|
||||
for i in 1 2 3 4 5 6 7 8 9 10
|
||||
do
|
||||
@ -922,7 +922,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "testing imported key won't overwrite a private key ($n)"
|
||||
ret=0
|
||||
key=`$KEYGEN -r $RANDFILE -q -a rsasha256 import.example`
|
||||
key=`$KEYGEN -q -a rsasha256 import.example`
|
||||
cp ${key}.key import.key
|
||||
# import should fail
|
||||
$IMPORTKEY -f import.key import.example > /dev/null 2>&1 && ret=1
|
||||
|
||||
@ -17,5 +17,3 @@ $SHELL clean.sh
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
KEYGEN="$KEYGEN -qr $RANDFILE"
|
||||
KEYGEN="$KEYGEN -q"
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
|
||||
@ -38,10 +38,10 @@ for dir in [0-9][0-9]-*; do
|
||||
[ -e "$dir/policy.conf" ] && policy="-c $dir/policy.conf"
|
||||
# run keymgr to update keys
|
||||
if [ "$CYGWIN" ]; then
|
||||
$KEYMGR $policy -K $dir -g `cygpath -w $KEYGEN` -r $RANDFILE \
|
||||
$KEYMGR $policy -K $dir -g `cygpath -w $KEYGEN` \
|
||||
-s `cygpath -w $SETTIME` $kargs > keymgr.$n 2>&1
|
||||
else
|
||||
$KEYMGR $policy -K $dir -g $KEYGEN -r $RANDFILE \
|
||||
$KEYMGR $policy -K $dir -g $KEYGEN \
|
||||
-s $SETTIME $kargs > keymgr.$n 2>&1
|
||||
fi
|
||||
# check that return code matches expectations
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
(cd ns6 && $SHELL -e sign.sh)
|
||||
|
||||
@ -21,9 +21,9 @@ infile=edns512.db.in
|
||||
zonefile=edns512.db
|
||||
outfile=edns512.db.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
@ -21,12 +21,12 @@ infile=edns512-notcp.db.in
|
||||
zonefile=edns512-notcp.db
|
||||
outfile=edns512-notcp.db.signed
|
||||
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
$SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
grep -v '^;' $keyname2.key | $PERL -n -e '
|
||||
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
|
||||
|
||||
@ -26,7 +26,7 @@ SYSTEMTESTTOP=../..
|
||||
../named-compilezone -D -F map -o example.db.map example-map \
|
||||
example.db > /dev/null 2>&1
|
||||
|
||||
$KEYGEN -q -a rsasha256 -r $RANDFILE signed > /dev/null 2>&1
|
||||
$KEYGEN -q -a rsasha256 -r $RANDFILE -fk signed > /dev/null 2>&1
|
||||
$KEYGEN -q -a rsasha256 signed > /dev/null 2>&1
|
||||
$KEYGEN -q -a rsasha256 -fk signed > /dev/null 2>&1
|
||||
$SIGNER -S -f signed.db.signed -o signed signed.db > /dev/null 2>&1
|
||||
../named-compilezone -D -F map -o signed.db.map signed signed.db.signed > /dev/null 2>&1
|
||||
|
||||
@ -10,8 +10,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -14,50 +14,48 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL ./clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
pzone=parent.nil
|
||||
czone=child.parent.nil
|
||||
|
||||
echo_i "generating keys"
|
||||
|
||||
# active zsk
|
||||
zsk=`$KEYGEN -q -a rsasha1 -r $RANDFILE $czone`
|
||||
zsk=`$KEYGEN -q -a rsasha1 $czone`
|
||||
echo $zsk > zsk.key
|
||||
|
||||
# not yet published or active
|
||||
pending=`$KEYGEN -q -a rsasha1 -r $RANDFILE -P none -A none $czone`
|
||||
pending=`$KEYGEN -q -a rsasha1 -P none -A none $czone`
|
||||
echo $pending > pending.key
|
||||
|
||||
# published but not active
|
||||
standby=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A none $czone`
|
||||
standby=`$KEYGEN -q -a rsasha1 -A none $czone`
|
||||
echo $standby > standby.key
|
||||
|
||||
# inactive
|
||||
inact=`$KEYGEN -q -a rsasha1 -r $RANDFILE -P now-24h -A now-24h -I now $czone`
|
||||
inact=`$KEYGEN -q -a rsasha1 -P now-24h -A now-24h -I now $czone`
|
||||
echo $inact > inact.key
|
||||
|
||||
# active ksk
|
||||
ksk=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
|
||||
ksk=`$KEYGEN -q -a rsasha1 -fk $czone`
|
||||
echo $ksk > ksk.key
|
||||
|
||||
# published but not YET active; will be active in 15 seconds
|
||||
rolling=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
|
||||
rolling=`$KEYGEN -q -a rsasha1 -fk $czone`
|
||||
$SETTIME -A now+15s $rolling > /dev/null
|
||||
echo $rolling > rolling.key
|
||||
|
||||
# revoked
|
||||
revoke1=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
|
||||
revoke1=`$KEYGEN -q -a rsasha1 -fk $czone`
|
||||
echo $revoke1 > prerev.key
|
||||
revoke2=`$REVOKE $revoke1`
|
||||
echo $revoke2 | sed -e 's#\./##' -e "s/\.key.*$//" > postrev.key
|
||||
|
||||
pzsk=`$KEYGEN -q -a rsasha1 -r $RANDFILE $pzone`
|
||||
pzsk=`$KEYGEN -q -a rsasha1 $pzone`
|
||||
echo $pzsk > parent.zsk.key
|
||||
|
||||
pksk=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $pzone`
|
||||
pksk=`$KEYGEN -q -a rsasha1 -fk $pzone`
|
||||
echo $pksk > parent.ksk.key
|
||||
|
||||
oldstyle=`$KEYGEN -Cq -a rsasha1 -r $RANDFILE $pzone`
|
||||
oldstyle=`$KEYGEN -Cq -a rsasha1 $pzone`
|
||||
echo $oldstyle > oldstyle.key
|
||||
|
||||
|
||||
@ -29,8 +29,6 @@ rolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key`
|
||||
standby=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < standby.key`
|
||||
zsk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < zsk.key`
|
||||
|
||||
$GENRANDOM 800 $RANDFILE
|
||||
|
||||
echo_i "signing zones"
|
||||
$SIGNER -Sg -o $czone $cfile > /dev/null 2>&1
|
||||
$SIGNER -Sg -o $pzone $pfile > /dev/null 2>&1
|
||||
@ -175,7 +173,7 @@ status=`expr $status + $ret`
|
||||
echo_i "checking warning about delete date < inactive date with dnssec-keygen ($n)"
|
||||
ret=0
|
||||
# keygen should print a warning about delete < inactive
|
||||
$KEYGEN -q -a rsasha1 -r $RANDFILE -I now+15s -D now $czone > tmp.out 2>&1 || ret=1
|
||||
$KEYGEN -q -a rsasha1 -I now+15s -D now $czone > tmp.out 2>&1 || ret=1
|
||||
grep "warning" tmp.out > /dev/null 2>&1 || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
@ -183,15 +181,15 @@ status=`expr $status + $ret`
|
||||
|
||||
echo_i "checking correct behavior setting activation without publication date ($n)"
|
||||
ret=0
|
||||
key=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A +1w $czone`
|
||||
key=`$KEYGEN -q -a rsasha1 -A +1w $czone`
|
||||
pub=`$SETTIME -upP $key | awk '{print $2}'`
|
||||
act=`$SETTIME -upA $key | awk '{print $2}'`
|
||||
[ $pub -eq $act ] || ret=1
|
||||
key=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A +1w -i 1d $czone`
|
||||
key=`$KEYGEN -q -a rsasha1 -A +1w -i 1d $czone`
|
||||
pub=`$SETTIME -upP $key | awk '{print $2}'`
|
||||
act=`$SETTIME -upA $key | awk '{print $2}'`
|
||||
[ $pub -lt $act ] || ret=1
|
||||
key=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A +1w -P never $czone`
|
||||
key=`$KEYGEN -q -a rsasha1 -A +1w -P never $czone`
|
||||
pub=`$SETTIME -upP $key | awk '{print $2}'`
|
||||
[ $pub = "UNSET" ] || ret=1
|
||||
n=`expr $n + 1`
|
||||
@ -200,8 +198,8 @@ status=`expr $status + $ret`
|
||||
|
||||
echo_i "checking calculation of dates for a successor key ($n)"
|
||||
ret=0
|
||||
oldkey=`$KEYGEN -a RSASHA1 -q -r $RANDFILE $czone`
|
||||
newkey=`$KEYGEN -a RSASHA1 -q -r $RANDFILE $czone`
|
||||
oldkey=`$KEYGEN -a RSASHA1 -q $czone`
|
||||
newkey=`$KEYGEN -a RSASHA1 -q $czone`
|
||||
$SETTIME -A -2d -I +2d $oldkey > settime1.test$n 2>&1 || ret=1
|
||||
$SETTIME -i 1d -S $oldkey $newkey > settime2.test$n 2>&1 || ret=1
|
||||
$SETTIME -pA $newkey | grep "1970" > /dev/null && ret=1
|
||||
|
||||
@ -15,10 +15,10 @@ SYSTEMTESTTOP=../..
|
||||
zone=.
|
||||
zonefile=root.db
|
||||
|
||||
keyname=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE $zone`
|
||||
zskkeyname=`$KEYGEN -a rsasha256 -q -r $RANDFILE $zone`
|
||||
keyname=`$KEYGEN -a rsasha256 -qfk $zone`
|
||||
zskkeyname=`$KEYGEN -a rsasha256 -q $zone`
|
||||
|
||||
$SIGNER -Sg -r $RANDFILE -o $zone $zonefile > /dev/null 2>/dev/null
|
||||
$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
|
||||
|
||||
# Configure the resolving server with a managed trusted key.
|
||||
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
|
||||
|
||||
@ -14,9 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
|
||||
copy_setports ns1/named1.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -129,7 +129,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "check new trust anchor can be added ($n)"
|
||||
ret=0
|
||||
standby1=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE -K ns1 .`
|
||||
standby1=`$KEYGEN -a rsasha256 -qfk -K ns1 .`
|
||||
mkeys_loadkeys_on 1
|
||||
mkeys_refresh_on 2
|
||||
mkeys_status_on 2 > rndc.out.$n 2>&1
|
||||
@ -348,7 +348,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "revoke original key, add new standby ($n)"
|
||||
ret=0
|
||||
standby2=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE -K ns1 .`
|
||||
standby2=`$KEYGEN -a rsasha256 -qfk -K ns1 .`
|
||||
$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null
|
||||
mkeys_loadkeys_on 1
|
||||
mkeys_refresh_on 2
|
||||
@ -380,7 +380,7 @@ status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
echo_i "revoke standby before it is trusted ($n)"
|
||||
ret=0
|
||||
standby3=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE -K ns1 .`
|
||||
standby3=`$KEYGEN -a rsasha256 -qfk -K ns1 .`
|
||||
mkeys_loadkeys_on 1
|
||||
mkeys_refresh_on 2
|
||||
mkeys_status_on 2 > rndc.out.a.$n 2>&1
|
||||
@ -474,7 +474,7 @@ echo_i "reset the root server"
|
||||
$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null
|
||||
$SETTIME -D now -K ns1 $standby1 > /dev/null
|
||||
$SETTIME -D now -K ns1 $standby2 > /dev/null
|
||||
$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -o . ns1/root.db > /dev/null 2>/dev/null
|
||||
$SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null
|
||||
copy_setports ns1/named2.conf.in ns1/named.conf
|
||||
rm -f ns1/root.db.signed.jnl
|
||||
mkeys_reconfig_on 1
|
||||
@ -508,7 +508,7 @@ rm -f ns1/root.db.signed.jnl
|
||||
# but we actually do want post-sign verification to happen to ensure the zone
|
||||
# is correct before we break it on purpose.
|
||||
$SETTIME -R none -D none -K ns1 $standby1 > /dev/null
|
||||
$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -O full -o . -f signer.out.$n ns1/root.db > /dev/null 2>/dev/null
|
||||
$SIGNER -Sg -K ns1 -N unixtime -O full -o . -f signer.out.$n ns1/root.db > /dev/null 2>/dev/null
|
||||
cp -f ns1/root.db.signed ns1/root.db.tmp
|
||||
BADSIG="SVn2tLDzpNX2rxR4xRceiCsiTqcWNKh7NQ0EQfCrVzp9WEmLw60sQ5kP xGk4FS/xSKfh89hO2O/H20Bzp0lMdtr2tKy8IMdU/mBZxQf2PXhUWRkg V2buVBKugTiOPTJSnaqYCN3rSfV1o7NtC1VNHKKK/D5g6bpDehdn5Gaq kpBhN+MSCCh9OZP2IT20luS1ARXxLlvuSVXJ3JYuuhTsQXUbX/SQpNoB Lo6ahCE55szJnmAxZEbb2KOVnSlZRA6ZBHDhdtO0S4OkvcmTutvcVV+7 w53CbKdaXhirvHIh0mZXmYk2PbPLDY7PU9wSH40UiWPOB9f00wwn6hUe uEQ1Qg=="
|
||||
# Less than a second may have passed since ns1 was started. If we call
|
||||
@ -560,7 +560,7 @@ $SETTIME -D now -K ns1 $standby1 > /dev/null
|
||||
# "nanoseconds" field of isc_time_t, due to zone load time being seemingly
|
||||
# equal to master file modification time.
|
||||
sleep 1
|
||||
$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -o . ns1/root.db > /dev/null 2>/dev/null
|
||||
$SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null
|
||||
mkeys_reload_on 1
|
||||
mkeys_flush_on 2
|
||||
$DIG $DIGOPTS +noauth example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
|
||||
@ -650,7 +650,7 @@ n=`expr $n + 1`
|
||||
echo_i "restore root server, check validation succeeds again ($n)"
|
||||
ret=0
|
||||
rm -f ns1/root.db.signed.jnl
|
||||
$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -o . ns1/root.db > /dev/null 2>/dev/null
|
||||
$SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null
|
||||
mkeys_reload_on 1
|
||||
mkeys_refresh_on 2
|
||||
mkeys_status_on 2 > rndc.out.$n 2>&1
|
||||
|
||||
@ -16,31 +16,31 @@ zone=nsec3param.test.
|
||||
infile=nsec3param.test.db.in
|
||||
zonefile=nsec3param.test.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -H 1 -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -P -3 - -H 1 -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
zone=dnskey.test.
|
||||
infile=dnskey.test.db.in
|
||||
zonefile=dnskey.test.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
zone=delegation.test.
|
||||
infile=delegation.test.db.in
|
||||
zonefile=delegation.test.db
|
||||
|
||||
keyname1=`$KEYGEN -q -a RSASHA256 -r $RANDFILE -3 -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a RSASHA256 -r $RANDFILE -3 $zone`
|
||||
keyname1=`$KEYGEN -q -a RSASHA256 -3 -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a RSASHA256 -3 $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -A -3 - -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -A -3 - -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
$SHELL clean.sh
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
@ -56,14 +54,14 @@ ns1.update.nil. A 10.53.0.2
|
||||
ns2.update.nil. AAAA ::1
|
||||
EOF
|
||||
|
||||
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
|
||||
$DDNSCONFGEN -q -z example.nil > ns1/ddns.key
|
||||
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key
|
||||
$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key
|
||||
$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
||||
$DDNSCONFGEN -q -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
|
||||
$DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
||||
$DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
||||
$DDNSCONFGEN -q -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key
|
||||
$DDNSCONFGEN -q -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key
|
||||
|
||||
(cd ns3; $SHELL -e sign.sh)
|
||||
|
||||
|
||||
@ -196,7 +196,7 @@ grep "mx03.update.nil/MX:.*MX is an address" ns1/named.run > /dev/null 2>&1 || r
|
||||
|
||||
ret=0
|
||||
echo_i "check SIG(0) key is accepted"
|
||||
key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -T KEY -n ENTITY xxx`
|
||||
key=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -T KEY -n ENTITY xxx`
|
||||
echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1
|
||||
[ $ret = 0 ] || { echo_i "failed"; status=1; }
|
||||
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -21,11 +21,11 @@ zonefile=root.db
|
||||
cp ../ns2/dsset-example$TP .
|
||||
cp ../ns2/dsset-example.com$TP .
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -f KSK -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a RSASHA256 -b 2048 -f KSK -n zone $zone`
|
||||
cat $infile $keyname1.key $keyname2.key > $zonefile
|
||||
|
||||
$SIGNER -g -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
|
||||
|
||||
@ -17,12 +17,12 @@ for domain in example example.com; do
|
||||
infile=${domain}.db.in
|
||||
zonefile=${domain}.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key > $zonefile
|
||||
|
||||
$SIGNER -3 bebe -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -3 bebe -o $zone $zonefile > /dev/null 2>&1
|
||||
done
|
||||
|
||||
# remove "removed" record from example.com, causing the server to
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -19,7 +19,7 @@ status=0
|
||||
|
||||
echo_i "check pipelined TCP queries"
|
||||
ret=0
|
||||
$PIPEQUERIES -r $RANDFILE -p ${PORT} < input > raw || ret=1
|
||||
$PIPEQUERIES -p ${PORT} < input > raw || ret=1
|
||||
awk '{ print $1 " " $5 }' < raw > output
|
||||
sort < output > output-sorted
|
||||
diff ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; }
|
||||
@ -43,7 +43,7 @@ status=`expr $status + $ret`
|
||||
|
||||
echo_i "check keep-response-order"
|
||||
ret=0
|
||||
$PIPEQUERIES -r $RANDFILE -p ${PORT} ++ < inputb > rawb || ret=1
|
||||
$PIPEQUERIES -p ${PORT} ++ < inputb > rawb || ret=1
|
||||
awk '{ print $1 " " $5 }' < rawb > outputb
|
||||
diff refb outputb || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
||||
@ -33,7 +33,7 @@ if [ "x$have_rsa" != "x" ]; then
|
||||
-l "object=robie-rsa-ksk;pin-source=$PWD/pin" rsa.example`
|
||||
|
||||
cat $infile $rsazsk1.key $rsaksk.key > $zonefile
|
||||
$SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
|
||||
$SIGNER -a -P -g -o $zone $zonefile \
|
||||
> /dev/null 2> signer.err || cat signer.err
|
||||
cp $rsazsk2.key ns1/rsa.key
|
||||
mv Krsa* ns1
|
||||
@ -58,7 +58,7 @@ if [ "x$have_ecc" != "x" ]; then
|
||||
-l "object=robie-ecc-ksk;pin-source=$PWD/pin" ecc.example`
|
||||
|
||||
cat $infile $ecczsk1.key $eccksk.key > $zonefile
|
||||
$SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
|
||||
$SIGNER -a -P -g -o $zone $zonefile \
|
||||
> /dev/null 2> signer.err || cat signer.err
|
||||
cp $ecczsk2.key ns1/ecc.key
|
||||
mv Kecc* ns1
|
||||
@ -86,7 +86,7 @@ if [ "x$have_ecx" != "x" ]; then
|
||||
# -l "object=robie-ecx-ksk;pin-source=$PWD/pin" ecx.example`
|
||||
|
||||
cat $infile $ecxzsk1.key $ecxksk.key > $zonefile
|
||||
$SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
|
||||
$SIGNER -a -P -g -o $zone $zonefile \
|
||||
> /dev/null 2> signer.err || cat signer.err
|
||||
cp $ecxzsk2.key ns1/ecx.key
|
||||
mv Kecx* ns1
|
||||
|
||||
@ -32,7 +32,7 @@ rsaksk=`$KEYFRLAB -a RSASHA1 -f ksk \
|
||||
-l "robie-rsa-ksk" rsa.example`
|
||||
|
||||
cat $infile $rsazsk1.key $rsaksk.key > $zonefile
|
||||
$SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
|
||||
$SIGNER -a -P -g -o $zone $zonefile \
|
||||
> /dev/null 2> signer.err || cat signer.err
|
||||
cp $rsazsk2.key ns1/rsa.key
|
||||
mv Krsa* ns1
|
||||
|
||||
@ -16,20 +16,20 @@ zone=signed
|
||||
infile=example.db
|
||||
zonefile=signed.db
|
||||
|
||||
key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
|
||||
key1=`$KEYGEN -q -a rsasha256 $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -fk $zone`
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=nsec3
|
||||
infile=example.db
|
||||
zonefile=nsec3.db
|
||||
|
||||
key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE -3 $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -3 -fk $zone`
|
||||
key1=`$KEYGEN -q -a rsasha256 -3 $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -3 -fk $zone`
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -3 - -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -3 - -g -o $zone $zonefile > /dev/null
|
||||
|
||||
@ -16,20 +16,20 @@ zone=signed
|
||||
infile=example.db
|
||||
zonefile=signed.db
|
||||
|
||||
key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
|
||||
key1=`$KEYGEN -q -a rsasha256 $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -fk $zone`
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
zone=nsec3
|
||||
infile=example.db
|
||||
zonefile=nsec3.db
|
||||
|
||||
key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE -3 $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -3 -fk $zone`
|
||||
key1=`$KEYGEN -q -a rsasha256 -3 $zone`
|
||||
key2=`$KEYGEN -q -a rsasha256 -3 -fk $zone`
|
||||
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
|
||||
$SIGNER -P -3 - -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -3 - -g -o $zone $zonefile > /dev/null
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -16,19 +16,19 @@ zone=ds.example.net
|
||||
zonefile="${zone}.db"
|
||||
infile="${zonefile}.in"
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
|
||||
zsk=`$KEYGEN -q -a rsasha256 -r $RANDFILE -b 2048 $zone`
|
||||
ksk=`$KEYGEN -q -a rsasha256 -fk $zone`
|
||||
zsk=`$KEYGEN -q -a rsasha256 -b 2048 $zone`
|
||||
cat $ksk.key $zsk.key >> $zonefile
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
zone=example.net
|
||||
zonefile="${zone}.db"
|
||||
infile="${zonefile}.in"
|
||||
cp $infile $zonefile
|
||||
ksk=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
|
||||
zsk=`$KEYGEN -q -a rsasha256 -r $RANDFILE $zone`
|
||||
ksk=`$KEYGEN -q -a rsasha256 -fk $zone`
|
||||
zsk=`$KEYGEN -q -a rsasha256 $zone`
|
||||
cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
# Configure a trusted key statement (used by delve)
|
||||
cat $ksk.key | grep -v '^; ' | $PERL -n -e '
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cp ns4/tld1.db ns4/tld.db
|
||||
cp ns6/to-be-removed.tld.db.in ns6/to-be-removed.tld.db
|
||||
cp ns7/server.db.in ns7/server.db
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
$SHELL ../genzone.sh 2 >ns2/nil.db
|
||||
$SHELL ../genzone.sh 2 >ns2/other.db
|
||||
$SHELL ../genzone.sh 2 >ns2/static.db
|
||||
@ -31,7 +29,7 @@ copy_setports ns5/named.conf.in ns5/named.conf
|
||||
copy_setports ns6/named.conf.in ns6/named.conf
|
||||
|
||||
make_key () {
|
||||
$RNDCCONFGEN -r $RANDFILE -k key$1 -A $3 -s 10.53.0.4 -p $2 \
|
||||
$RNDCCONFGEN -k key$1 -A $3 -s 10.53.0.4 -p $2 \
|
||||
> ns4/key${1}.conf 2> /dev/null
|
||||
egrep -v '(^# Start|^# End|^# Use|^[^#])' ns4/key$1.conf | cut -c3- | \
|
||||
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
||||
|
||||
@ -16,7 +16,7 @@ zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyid=`expr ${keyname} : 'K.+008+\(.*\)'`
|
||||
|
||||
(cd ../ns2 && $SHELL sign.sh ${keyid:-00000} )
|
||||
@ -25,7 +25,7 @@ cp ../ns2/dsset-example$TP .
|
||||
|
||||
cat $infile $keyname.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
|
||||
|
||||
@ -22,8 +22,8 @@ zone=example.
|
||||
infile=example.db.in
|
||||
zonefile=example.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >> $zonefile
|
||||
@ -37,4 +37,4 @@ echo new-not-ta CNAME root-key-sentinel-not-ta-$newid >> $zonefile
|
||||
echo bad-is-ta CNAME root-key-sentinel-is-ta-$badid >> $zonefile
|
||||
echo bad-not-ta CNAME root-key-sentinel-not-ta-$badid >> $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -62,12 +62,9 @@ for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wild
|
||||
sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db
|
||||
done
|
||||
|
||||
# sign the root and a zone in ns2
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
# $1=directory, $2=domain name, $3=input zone file, $4=output file
|
||||
signzone () {
|
||||
KEYNAME=`$KEYGEN -q -a rsasha256 -r $RANDFILE -K $1 $2`
|
||||
KEYNAME=`$KEYGEN -q -a rsasha256 -K $1 $2`
|
||||
cat $1/$3 $1/$KEYNAME.key > $1/tmp
|
||||
$SIGNER -Pp -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
|
||||
sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
|
||||
|
||||
@ -18,11 +18,11 @@ zonefile=root.db
|
||||
|
||||
cp ../ns2/dsset-example.in dsset-example$TP
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
|
||||
|
||||
@ -22,6 +22,6 @@ do
|
||||
cp $i `echo $i | sed s/X/K/`
|
||||
done
|
||||
|
||||
$SIGNER -r $RANDFILE -g -s 20000101000000 -e 20361231235959 -o $zone \
|
||||
$SIGNER -g -s 20000101000000 -e 20361231235959 -o $zone \
|
||||
$infile Kexample.+005+51829 Kexample.+005+51829 \
|
||||
> /dev/null 2> signer.err
|
||||
|
||||
@ -12,8 +12,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
if $BIGKEY > /dev/null 2>&1
|
||||
then
|
||||
rm -f Kexample.*
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
|
||||
@ -20,11 +20,11 @@ zonefile=root.db
|
||||
|
||||
cp ../ns2/dsset-example$TP .
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key > $zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
|
||||
# Configure the resolving server with a trusted key.
|
||||
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
|
||||
|
||||
@ -16,9 +16,9 @@ zone=example.
|
||||
infile=example.db.in
|
||||
zonefile=example.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
@ -12,9 +12,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
$GENRANDOM 800 $RANDFILE
|
||||
|
||||
if $KEYGEN -q -a RSAMD5 -b 1024 -n zone -r $RANDFILE foo > /dev/null 2>&1
|
||||
if $KEYGEN -q -a RSAMD5 -b 1024 -n zone foo > /dev/null 2>&1
|
||||
then
|
||||
rm -f Kfoo*
|
||||
else
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns5/named.conf.in ns5/named.conf
|
||||
|
||||
@ -13,5 +13,3 @@ SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user