mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 05:57:52 +00:00
remove DLV system tests
This commit is contained in:
Evan Hunt
parent
f9c07c78bc
commit
2c87ab1cca
@ -59,7 +59,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
|
||||
acl additional addzone allow-query auth autosign \
|
||||
builtin cacheclean case catz cds chain \
|
||||
checkconf checknames checkzone \
|
||||
cookie database digdelv dlv dlz dlzexternal \
|
||||
cookie database digdelv dlz dlzexternal \
|
||||
dns64 dscp dsdigest dyndb \
|
||||
ednscompliance emptyzones \
|
||||
fetchlimit filter-aaaa formerr forward \
|
||||
|
||||
@ -55,7 +55,7 @@ check_ttl_range() {
|
||||
|
||||
# using delv insecure mode as not testing dnssec here
|
||||
delv_with_opts() {
|
||||
"$DELV" +noroot +nodlv -p "$PORT" "$@"
|
||||
"$DELV" +noroot -p "$PORT" "$@"
|
||||
}
|
||||
|
||||
KEYID="$(cat ns2/keyid)"
|
||||
|
||||
@ -1,45 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
rm -f ns*/named.run
|
||||
rm -f ns*/named.conf
|
||||
rm -f ns1/K*
|
||||
rm -f ns1/dsset-*
|
||||
rm -f ns1/*.signed
|
||||
rm -f ns1/signer.err
|
||||
rm -f ns1/root.db
|
||||
rm -f ns1/trusted.conf
|
||||
rm -f ns2/K*
|
||||
rm -f ns2/dlvset-*
|
||||
rm -f ns2/dsset-*
|
||||
rm -f ns2/*.signed
|
||||
rm -f ns2/*.pre
|
||||
rm -f ns2/signer.err
|
||||
rm -f ns2/druz.db
|
||||
rm -f ns3/K*
|
||||
rm -f ns3/*.db
|
||||
rm -f ns3/*.signed ns3/*.signed.tmp
|
||||
rm -f ns3/dlvset-*
|
||||
rm -f ns3/dsset-*
|
||||
rm -f ns3/keyset-*
|
||||
rm -f ns3/trusted*.conf
|
||||
rm -f ns3/signer.err
|
||||
rm -f ns5/trusted*.conf
|
||||
rm -f ns6/K*
|
||||
rm -f ns6/*.db
|
||||
rm -f ns6/*.signed
|
||||
rm -f ns6/dsset-*
|
||||
rm -f ns6/signer.err
|
||||
rm -f ns7/trusted*.conf ns8/trusted*.conf
|
||||
rm -f */named.memstats
|
||||
rm -f dig.out.ns*.test*
|
||||
rm -f ns*/named.lock
|
||||
rm -f ns*/managed-keys.bind*
|
||||
@ -1,25 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
query-source address 10.53.0.1;
|
||||
notify-source 10.53.0.1;
|
||||
transfer-source 10.53.0.1;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.1; };
|
||||
listen-on-v6 { none; };
|
||||
recursion no;
|
||||
notify yes;
|
||||
};
|
||||
|
||||
zone "." { type master; file "root.signed"; };
|
||||
zone "rootservers.utld" { type master; file "rootservers.utld.db"; };
|
||||
@ -1,26 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 120
|
||||
@ SOA ns.rootservers.utld hostmaster.ns.rootservers.utld (
|
||||
1 3600 1200 604800 60 )
|
||||
@ NS ns.rootservers.utld
|
||||
ns A 10.53.0.1
|
||||
;
|
||||
; A zone that is unsigned (utld=unsigned tld) that will include a second level
|
||||
; zone that acts as a DLV.
|
||||
;
|
||||
utld NS ns.utld
|
||||
ns.utld A 10.53.0.2
|
||||
;
|
||||
; A zone that has a bad DNSKEY RRset but has good DLV records for its child
|
||||
; zones.
|
||||
;
|
||||
druz NS ns.druz
|
||||
ns.druz A 10.53.0.2
|
||||
@ -1,13 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 120
|
||||
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
|
||||
@ NS ns
|
||||
ns A 10.53.0.1
|
||||
@ -1,38 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
SYSTESTDIR=dlv
|
||||
|
||||
(cd ../ns2 && $SHELL -e ./sign.sh || exit 1)
|
||||
|
||||
echo_i "dlv/ns1/sign.sh"
|
||||
|
||||
zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
outfile=root.signed
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
echo_i "signed $zone"
|
||||
|
||||
keyfile_to_static_keys $keyname2 > trusted.conf
|
||||
cp trusted.conf ../ns5
|
||||
cp trusted.conf ../ns7
|
||||
cp trusted.conf ../ns8
|
||||
@ -1,47 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 120
|
||||
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
|
||||
@ NS ns
|
||||
ns A 10.53.0.2
|
||||
;
|
||||
rootservers NS ns.rootservers
|
||||
ns.rootservers A 10.53.0.1
|
||||
;
|
||||
;
|
||||
child1 NS ns.child1
|
||||
ns.child1 A 10.53.0.3
|
||||
;
|
||||
child2 NS ns.child2
|
||||
ns.child2 A 10.53.0.4
|
||||
;
|
||||
child3 NS ns.child3
|
||||
ns.child3 A 10.53.0.3
|
||||
;
|
||||
child4 NS ns.child4
|
||||
ns.child4 A 10.53.0.3
|
||||
;
|
||||
child5 NS ns.child5
|
||||
ns.child5 A 10.53.0.3
|
||||
;
|
||||
child6 NS ns.child6
|
||||
ns.child6 A 10.53.0.4
|
||||
;
|
||||
child7 NS ns.child7
|
||||
ns.child7 A 10.53.0.3
|
||||
;
|
||||
child8 NS ns.child8
|
||||
ns.child8 A 10.53.0.3
|
||||
;
|
||||
child9 NS ns.child9
|
||||
ns.child9 A 10.53.0.3
|
||||
;
|
||||
child10 NS ns.child10
|
||||
ns.child10 A 10.53.0.3
|
||||
@ -1,11 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
. 0 NS ns.rootservers.utld.
|
||||
ns.rootservers.utld. 0 A 10.53.0.1
|
||||
@ -1,37 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
query-source address 10.53.0.2;
|
||||
notify-source 10.53.0.2;
|
||||
transfer-source 10.53.0.2;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.2; };
|
||||
listen-on-v6 { none; };
|
||||
recursion no;
|
||||
notify yes;
|
||||
};
|
||||
|
||||
/* Root hints. */
|
||||
zone "." { type hint; file "hints"; };
|
||||
|
||||
/*
|
||||
* A zone that is unsigned (utld=unsigned tld) that will include a second level
|
||||
* zone that acts as a DLV.
|
||||
*/
|
||||
zone "utld" { type master; file "utld.db"; };
|
||||
|
||||
/*
|
||||
* A zone that has a bad DNSKEY RRset but has good DLV records for its child
|
||||
* zones.
|
||||
*/
|
||||
zone "druz" { type master; file "druz.signed"; };
|
||||
@ -1,37 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
SYSTESTDIR=dlv
|
||||
|
||||
(cd ../ns3 && $SHELL -e ./sign.sh || exit 1)
|
||||
|
||||
echo_i "dlv/ns2/sign.sh"
|
||||
|
||||
zone=druz.
|
||||
infile=druz.db.in
|
||||
zonefile=druz.db
|
||||
outfile=druz.pre
|
||||
dlvzone=utld.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
||||
$CHECKZONE -q -D -i none druz druz.pre |
|
||||
sed '/IN DNSKEY/s/\([a-z0-9A-Z+/]\{10\}\)[a-z0-9A-Z+/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
|
||||
|
||||
echo_i "signed $zone"
|
||||
@ -1,61 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 120
|
||||
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
|
||||
@ NS ns
|
||||
ns A 10.53.0.2
|
||||
;
|
||||
rootservers NS ns.rootservers
|
||||
ns.rootservers A 10.53.0.1
|
||||
;
|
||||
dlv NS ns.dlv
|
||||
ns.dlv A 10.53.0.3
|
||||
;
|
||||
disabled-algorithm-dlv NS ns.disabled-algorithm-dlv
|
||||
ns.disabled-algorithm-dlv A 10.53.0.3
|
||||
;
|
||||
unsupported-algorithm-dlv NS ns.unsupported-algorithm-dlv
|
||||
ns.unsupported-algorithm-dlv A 10.53.0.3
|
||||
;
|
||||
child1 NS ns.child1
|
||||
ns.child1 A 10.53.0.3
|
||||
;
|
||||
child2 NS ns.child2
|
||||
ns.child2 A 10.53.0.4
|
||||
;
|
||||
child3 NS ns.child3
|
||||
ns.child3 A 10.53.0.3
|
||||
;
|
||||
child4 NS ns.child4
|
||||
ns.child4 A 10.53.0.3
|
||||
;
|
||||
child5 NS ns.child5
|
||||
ns.child5 A 10.53.0.3
|
||||
;
|
||||
child6 NS ns.child6
|
||||
ns.child6 A 10.53.0.4
|
||||
;
|
||||
child7 NS ns.child7
|
||||
ns.child7 A 10.53.0.3
|
||||
;
|
||||
child8 NS ns.child8
|
||||
ns.child8 A 10.53.0.3
|
||||
;
|
||||
child9 NS ns.child9
|
||||
ns.child9 A 10.53.0.3
|
||||
;
|
||||
child10 NS ns.child10
|
||||
ns.child10 A 10.53.0.3
|
||||
;
|
||||
disabled-algorithm NS ns.disabled-algorithm
|
||||
ns.disabled-algorithm A 10.53.0.3
|
||||
;
|
||||
unsupported-algorithm NS ns.unsupported-algorithm
|
||||
ns.unsupported-algorithm A 10.53.0.3
|
||||
@ -1,17 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 120
|
||||
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
|
||||
@ NS ns
|
||||
ns A 10.53.0.3
|
||||
foo TXT foo
|
||||
bar TXT bar
|
||||
grand NS ns.grand
|
||||
ns.grand A 10.53.0.6
|
||||
@ -1,13 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 120
|
||||
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
|
||||
@ NS ns
|
||||
ns A 10.53.0.3
|
||||
@ -1,11 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
. 0 NS ns.rootservers.utld.
|
||||
ns.rootservers.utld. 0 A 10.53.0.1
|
||||
@ -1,141 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
query-source address 10.53.0.3;
|
||||
notify-source 10.53.0.3;
|
||||
transfer-source 10.53.0.3;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.3; };
|
||||
listen-on-v6 { none; };
|
||||
recursion no;
|
||||
notify yes;
|
||||
};
|
||||
|
||||
/* Root hints. */
|
||||
zone "." { type hint; file "hints"; };
|
||||
|
||||
/* DLV zone below unsigned TLD. */
|
||||
zone "dlv.utld" { type master; file "dlv.utld.signed"; };
|
||||
|
||||
/* DLV zone signed with a disabled algorithm below unsigned TLD. */
|
||||
zone "disabled-algorithm-dlv.utld." {
|
||||
type master;
|
||||
file "disabled-algorithm-dlv.utld.signed";
|
||||
};
|
||||
|
||||
/* DLV zone signed with an unsupported algorithm below unsigned TLD. */
|
||||
zone "unsupported-algorithm-dlv.utld." {
|
||||
type master;
|
||||
file "unsupported-algorithm-dlv.utld.signed";
|
||||
};
|
||||
|
||||
/* Signed zone below unsigned TLD with DLV entry. */
|
||||
zone "child1.utld" { type master; file "child1.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||
* with a disabled algorithm.
|
||||
*/
|
||||
zone "child3.utld" { type master; file "child3.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below unsigned TLD with DLV entry. This one is slightly
|
||||
* different because its children (the grandchildren) don't have a DS record in
|
||||
* this zone. The grandchild zones are served by ns6.
|
||||
*
|
||||
*/
|
||||
zone "child4.utld" { type master; file "child4.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||
* with an unsupported algorithm.
|
||||
*/
|
||||
zone "child5.utld" { type master; file "child5.signed"; };
|
||||
|
||||
/* Signed zone below unsigned TLD without DLV entry. */
|
||||
zone "child7.utld" { type master; file "child7.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below unsigned TLD without DLV entry and no DS records for the
|
||||
* grandchildren.
|
||||
*/
|
||||
zone "child8.utld" { type master; file "child8.signed"; };
|
||||
|
||||
/* Signed zone below unsigned TLD with DLV entry. */
|
||||
zone "child9.utld" { type master; file "child9.signed"; };
|
||||
|
||||
/* Unsigned zone below an unsigned TLD with DLV entry. */
|
||||
zone "child10.utld" { type master; file "child.db.in"; };
|
||||
|
||||
/*
|
||||
* Zone signed with a disabled algorithm (an algorithm that is disabled in
|
||||
* one of the test resolvers) with DLV entry.
|
||||
*/
|
||||
zone "disabled-algorithm.utld" {
|
||||
type master;
|
||||
file "disabled-algorithm.utld.signed";
|
||||
};
|
||||
|
||||
/* Zone signed with an unsupported algorithm with DLV entry. */
|
||||
zone "unsupported-algorithm.utld" {
|
||||
type master;
|
||||
file "unsupported-algorithm.utld.signed";
|
||||
};
|
||||
|
||||
/*
|
||||
* Signed zone below signed TLD with good DLV entry but no chain of
|
||||
* trust.
|
||||
*/
|
||||
zone "child1.druz" { type master; file "child1.druz.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below signed TLD with good DLV entry but no chain of
|
||||
* trust. The DLV zone is signed with a disabled algorithm.
|
||||
*/
|
||||
zone "child3.druz" { type master; file "child3.druz.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below signed TLD with good DLV entry but no chain of
|
||||
* trust. Also there are no DS records for the grandchildren.
|
||||
*/
|
||||
zone "child4.druz" { type master; file "child4.druz.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below signed TLD with good DLV entry but no chain of
|
||||
* trust. The DLV zone is signed with an unsupported algorithm.
|
||||
*/
|
||||
zone "child5.druz" { type master; file "child5.druz.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below signed TLD without DLV entry, and no chain of
|
||||
* trust.
|
||||
*/
|
||||
zone "child7.druz" { type master; file "child7.druz.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below signed TLD without DLV entry and no DS set. Also DS
|
||||
* records for the grandchildren are not included in the zone.
|
||||
*/
|
||||
zone "child8.druz" { type master; file "child8.druz.signed"; };
|
||||
|
||||
/*
|
||||
* Signed zone below signed TLD with good DLV entry but no DS set. Also DS
|
||||
* records for the grandchildren are not included in the zone.
|
||||
*/
|
||||
zone "child9.druz" { type master; file "child9.druz.signed"; };
|
||||
|
||||
/*
|
||||
* Unsigned zone below signed TLD with good DLV entry but no chain of
|
||||
* trust.
|
||||
*/
|
||||
zone "child10.druz" { type master; file "child.db.in"; };
|
||||
@ -1,397 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
(cd ../ns6 && $SHELL -e ./sign.sh)
|
||||
|
||||
echo_i "dlv/ns3/sign.sh"
|
||||
|
||||
dlvzone="dlv.utld"
|
||||
dlvsets=
|
||||
dssets=
|
||||
|
||||
disableddlvzone="disabled-algorithm-dlv.utld"
|
||||
disableddlvsets=
|
||||
disableddssets=
|
||||
|
||||
unsupporteddlvzone="unsupported-algorithm-dlv.utld"
|
||||
unsupporteddlvsets=
|
||||
unsupporteddssets=
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry.
|
||||
zone=child1.utld
|
||||
infile=child.db.in
|
||||
zonefile=child1.utld.db
|
||||
outfile=child1.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||
# with a disabled algorithm.
|
||||
zone=child3.utld
|
||||
infile=child.db.in
|
||||
zonefile=child3.utld.db
|
||||
outfile=child3.signed
|
||||
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry. This one is slightly
|
||||
# different because its children (the grandchildren) don't have a DS record in
|
||||
# this zone. The grandchild zones are served by ns6.
|
||||
zone=child4.utld
|
||||
infile=child.db.in
|
||||
zonefile=child4.utld.db
|
||||
outfile=child4.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||
# with an unsupported algorithm.
|
||||
zone=child5.utld
|
||||
infile=child.db.in
|
||||
zonefile=child5.utld.db
|
||||
outfile=child5.signed
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD without DLV entry.
|
||||
zone=child7.utld
|
||||
infile=child.db.in
|
||||
zonefile=child7.utld.db
|
||||
outfile=child7.signed
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below unsigned TLD without DLV entry and no DS records for the
|
||||
# grandchildren.
|
||||
zone=child8.utld
|
||||
infile=child.db.in
|
||||
zonefile=child8.utld.db
|
||||
outfile=child8.signed
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry.
|
||||
zone=child9.utld
|
||||
infile=child.db.in
|
||||
zonefile=child9.utld.db
|
||||
outfile=child9.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign
|
||||
# the zone to generate the DLV set.
|
||||
zone=child10.utld
|
||||
infile=child.db.in
|
||||
zonefile=child10.utld.db
|
||||
outfile=child10.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Zone signed with a disabled algorithm (an algorithm that is disabled in
|
||||
# one of the test resolvers) with DLV entry.
|
||||
zone=disabled-algorithm.utld
|
||||
infile=child.db.in
|
||||
zonefile=disabled-algorithm.utld.db
|
||||
outfile=disabled-algorithm.utld.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f ${outfile} $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Zone signed with an unsupported algorithm with DLV entry.
|
||||
zone=unsupported-algorithm.utld
|
||||
infile=child.db.in
|
||||
zonefile=unsupported-algorithm.utld.db
|
||||
outfile=unsupported-algorithm.utld.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
|
||||
|
||||
cp ${keyname2}.key ${keyname2}.tmp
|
||||
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
|
||||
cp dlvset-${zone}${TP} dlvset-${zone}tmp
|
||||
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP}
|
||||
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set.
|
||||
zone=child1.druz
|
||||
infile=child.db.in
|
||||
zonefile=child1.druz.db
|
||||
outfile=child1.druz.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
||||
# signed with a disabled algorithm.
|
||||
zone=child3.druz
|
||||
infile=child.db.in
|
||||
zonefile=child3.druz.db
|
||||
outfile=child3.druz.signed
|
||||
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
|
||||
disableddssets="$disableddssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set, but missing
|
||||
# DS records for the grandchildren.
|
||||
zone=child4.druz
|
||||
infile=child.db.in
|
||||
zonefile=child4.druz.db
|
||||
outfile=child4.druz.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
||||
# signed with an unsupported algorithm algorithm.
|
||||
zone=child5.druz
|
||||
infile=child.db.in
|
||||
zonefile=child5.druz.db
|
||||
outfile=child5.druz.signed
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
|
||||
unsupporteddssets="$unsupportedssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below signed TLD without DLV entry, but with normal DS set.
|
||||
zone=child7.druz
|
||||
infile=child.db.in
|
||||
zonefile=child7.druz.db
|
||||
outfile=child7.druz.signed
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below signed TLD without DLV entry and no DS set. Also DS
|
||||
# records for the grandchildren are not included in the zone.
|
||||
zone=child8.druz
|
||||
infile=child.db.in
|
||||
zonefile=child8.druz.db
|
||||
outfile=child8.druz.signed
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below signed TLD with DLV entry but no DS set. Also DS
|
||||
# records for the grandchildren are not included in the zone.
|
||||
zone=child9.druz
|
||||
infile=child.db.in
|
||||
zonefile=child9.druz.db
|
||||
outfile=child9.druz.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
# Unsigned zone below signed TLD with DLV entry and DS set. We still need to
|
||||
# sign the zone to generate the DS sets.
|
||||
zone=child10.druz
|
||||
infile=child.db.in
|
||||
zonefile=child10.druz.db
|
||||
outfile=child10.druz.signed
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
cp $dssets ../ns2
|
||||
cp $disableddssets ../ns2
|
||||
cp $unsupporteddssets ../ns2
|
||||
|
||||
# DLV zones
|
||||
infile=dlv.db.in
|
||||
for zone in dlv.utld disabled-algorithm-dlv.utld unsupported-algorithm-dlv.utld
|
||||
do
|
||||
zonefile="${zone}.db"
|
||||
outfile="${zone}.signed"
|
||||
|
||||
case $zone in
|
||||
"dlv.utld")
|
||||
algorithm=$DEFAULT_ALGORITHM
|
||||
bits=$DEFAULT_BITS
|
||||
dlvfiles=$dlvsets
|
||||
;;
|
||||
"disabled-algorithm-dlv.utld")
|
||||
algorithm=$DISABLED_ALGORITHM
|
||||
bits=$DISABLED_BITS
|
||||
dlvfiles=$disableddlvsets
|
||||
;;
|
||||
"unsupported-algorithm-dlv.utld")
|
||||
algorithm=$DEFAULT_ALGORITHM
|
||||
bits=$DEFAULT_BITS
|
||||
dlvfiles=$unsupporteddlvsets
|
||||
;;
|
||||
esac
|
||||
|
||||
keyname1=`$KEYGEN -a $algorithm -b $bits -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $algorithm -b $bits -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
case $zone in
|
||||
"dlv.utld")
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
keyfile_to_static_keys $keyname2 > ../ns5/trusted-dlv.conf
|
||||
;;
|
||||
"disabled-algorithm-dlv.utld")
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
keyfile_to_static_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
|
||||
;;
|
||||
"unsupported-algorithm-dlv.utld")
|
||||
cp ${keyname2}.key ${keyname2}.tmp
|
||||
$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
|
||||
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
|
||||
keyfile_to_static_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf
|
||||
;;
|
||||
esac
|
||||
|
||||
echo_i "signed $zone"
|
||||
done
|
||||
@ -1,34 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 120
|
||||
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
|
||||
@ NS ns
|
||||
ns A 10.53.0.3
|
||||
;
|
||||
rootservers NS ns.rootservers
|
||||
ns.rootservers A 10.53.0.1
|
||||
;
|
||||
child1 NS ns.child1
|
||||
ns.child1 A 10.53.0.3
|
||||
;
|
||||
child2 NS ns.child2
|
||||
ns.child2 A 10.53.0.4
|
||||
;
|
||||
child3 NS ns.child3
|
||||
ns.child3 A 10.53.0.3
|
||||
;
|
||||
child4 NS ns.child4
|
||||
ns.child4 A 10.53.0.3
|
||||
;
|
||||
child5 NS ns.child5
|
||||
ns.child5 A 10.53.0.3
|
||||
;
|
||||
child6 NS ns.child5
|
||||
ns.child6 A 10.53.0.4
|
||||
@ -1,11 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
. 0 NS ns.rootservers.utld.
|
||||
ns.rootservers.utld. 0 A 10.53.0.1
|
||||
@ -1,26 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
query-source address 10.53.0.4;
|
||||
notify-source 10.53.0.4;
|
||||
transfer-source 10.53.0.4;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.4; };
|
||||
listen-on-v6 { none; };
|
||||
recursion no;
|
||||
notify yes;
|
||||
};
|
||||
|
||||
zone "." { type hint; file "hints"; };
|
||||
zone "child2.utld" { type master; file "child.db"; };
|
||||
zone "child6.utld" { type master; file "child.db"; };
|
||||
@ -1,11 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
. 0 NS ns.rootservers.utld.
|
||||
ns.rootservers.utld. 0 A 10.53.0.1
|
||||
@ -1,30 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
include "trusted.conf";
|
||||
include "trusted-dlv.conf";
|
||||
|
||||
options {
|
||||
query-source address 10.53.0.5;
|
||||
notify-source 10.53.0.5;
|
||||
transfer-source 10.53.0.5;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.5; };
|
||||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
notify yes;
|
||||
dnssec-validation yes;
|
||||
dnssec-lookaside "." trust-anchor "dlv.utld";
|
||||
disable-algorithms "utld." { @DISABLED_ALGORITHM@; };
|
||||
};
|
||||
|
||||
zone "." { type hint; file "hints"; };
|
||||
@ -1,20 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
key "cc64b3d1db63fc88d7cb5d2f9f57d258" {
|
||||
algorithm hmac-sha256;
|
||||
secret "34f88008d07deabbe65bd01f1d233d47";
|
||||
};
|
||||
|
||||
options {
|
||||
default-server 10.53.0.5;
|
||||
default-port 5353;
|
||||
};
|
||||
@ -1,15 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 120
|
||||
@ SOA ns hostmaster.ns6 1 3600 1200 604800 60
|
||||
@ NS ns
|
||||
ns A 10.53.0.6
|
||||
foo TXT foo
|
||||
bar TXT bar
|
||||
@ -1,11 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
. 0 NS ns.rootservers.utld.
|
||||
ns.rootservers.utld. 0 A 10.53.0.1
|
||||
@ -1,40 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
query-source address 10.53.0.6;
|
||||
notify-source 10.53.0.6;
|
||||
transfer-source 10.53.0.6;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.6; };
|
||||
listen-on-v6 { none; };
|
||||
recursion no;
|
||||
notify yes;
|
||||
};
|
||||
|
||||
zone "." { type hint; file "hints"; };
|
||||
zone "grand.child1.utld" { type master; file "grand.child1.signed"; };
|
||||
zone "grand.child3.utld" { type master; file "grand.child3.signed"; };
|
||||
zone "grand.child4.utld" { type master; file "grand.child4.signed"; };
|
||||
zone "grand.child5.utld" { type master; file "grand.child5.signed"; };
|
||||
zone "grand.child7.utld" { type master; file "grand.child7.signed"; };
|
||||
zone "grand.child8.utld" { type master; file "grand.child8.signed"; };
|
||||
zone "grand.child9.utld" { type master; file "grand.child9.signed"; };
|
||||
zone "grand.child10.utld" { type master; file "grand.child10.signed"; };
|
||||
zone "grand.child1.druz" { type master; file "grand.child1.druz.signed"; };
|
||||
zone "grand.child3.druz" { type master; file "grand.child3.druz.signed"; };
|
||||
zone "grand.child4.druz" { type master; file "grand.child4.druz.signed"; };
|
||||
zone "grand.child5.druz" { type master; file "grand.child5.druz.signed"; };
|
||||
zone "grand.child7.druz" { type master; file "grand.child7.druz.signed"; };
|
||||
zone "grand.child8.druz" { type master; file "grand.child8.druz.signed"; };
|
||||
zone "grand.child9.druz" { type master; file "grand.child9.druz.signed"; };
|
||||
zone "grand.child10.druz" { type master; file "grand.child10.druz.signed"; };
|
||||
@ -1,251 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
SYSTESTDIR=dlv
|
||||
|
||||
echo_i "dlv/ns6/sign.sh"
|
||||
|
||||
zone=grand.child1.utld.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child1.utld.db
|
||||
outfile=grand.child1.signed
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child3.utld.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child3.utld.db
|
||||
outfile=grand.child3.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child4.utld.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child4.utld.db
|
||||
outfile=grand.child4.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child5.utld.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child5.utld.db
|
||||
outfile=grand.child5.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child7.utld.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child7.utld.db
|
||||
outfile=grand.child7.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child8.utld.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child8.utld.db
|
||||
outfile=grand.child8.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child9.utld.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child9.utld.db
|
||||
outfile=grand.child9.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=grand.child10.utld.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child10.utld.db
|
||||
outfile=grand.child10.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=grand.child1.druz.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child1.druz.db
|
||||
outfile=grand.child1.druz.signed
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child3.druz.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child3.druz.db
|
||||
outfile=grand.child3.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child4.druz.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child4.druz.db
|
||||
outfile=grand.child4.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child5.druz.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child5.druz.db
|
||||
outfile=grand.child5.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child7.druz.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child7.druz.db
|
||||
outfile=grand.child7.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child8.druz.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child8.druz.db
|
||||
outfile=grand.child8.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
|
||||
zone=grand.child9.druz.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child9.druz.db
|
||||
outfile=grand.child9.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=grand.child10.druz.
|
||||
infile=child.db.in
|
||||
zonefile=grand.child10.druz.db
|
||||
outfile=grand.child10.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
@ -1,12 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
. 0 NS ns.rootservers.utld.
|
||||
ns.rootservers.utld. 0 A 10.53.0.1
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
include "trusted.conf";
|
||||
include "trusted-dlv-unsupported.conf";
|
||||
|
||||
options {
|
||||
query-source address 10.53.0.7;
|
||||
notify-source 10.53.0.7;
|
||||
transfer-source 10.53.0.7;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.7; };
|
||||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
notify yes;
|
||||
dnssec-enable yes;
|
||||
dnssec-validation yes;
|
||||
dnssec-lookaside "." trust-anchor "unsupported-algorithm-dlv.utld";
|
||||
};
|
||||
|
||||
zone "." { type hint; file "hints"; };
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
. 0 NS ns.rootservers.utld.
|
||||
ns.rootservers.utld. 0 A 10.53.0.1
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
include "trusted.conf";
|
||||
include "trusted-dlv-disabled.conf";
|
||||
|
||||
options {
|
||||
query-source address 10.53.0.8;
|
||||
notify-source 10.53.0.8;
|
||||
transfer-source 10.53.0.8;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.8; };
|
||||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
notify yes;
|
||||
dnssec-enable yes;
|
||||
dnssec-validation yes;
|
||||
dnssec-lookaside "." trust-anchor "disabled-algorithm-dlv.utld";
|
||||
disable-algorithms "disabled-algorithm-dlv.utld." { @DISABLED_ALGORITHM@; };
|
||||
};
|
||||
|
||||
zone "." { type hint; file "hints"; };
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
copy_setports ns2/named.conf.in ns2/named.conf
|
||||
copy_setports ns3/named.conf.in ns3/named.conf
|
||||
copy_setports ns4/named.conf.in ns4/named.conf
|
||||
copy_setports ns5/named.conf.in ns5/named.conf
|
||||
copy_setports ns6/named.conf.in ns6/named.conf
|
||||
copy_setports ns7/named.conf.in ns7/named.conf
|
||||
copy_setports ns8/named.conf.in ns8/named.conf
|
||||
|
||||
(cd ns1 && $SHELL -e sign.sh)
|
||||
@ -1,111 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
status=0
|
||||
n=0
|
||||
|
||||
rm -f dig.out.*
|
||||
|
||||
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
|
||||
|
||||
echo_i "checking that unsigned TLD zone DNSKEY referenced by DLV validates as secure ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo_i "checking that unsigned TLD child zone DNSKEY referenced by DLV validates as secure ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS grand.child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo_i "checking that no chain of trust SOA referenced by DLV validates as secure ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo_i "checking that no chain of trust child SOA referenced by DLV validates as secure ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS grand.child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Test that a child zone that is signed with an unsupported algorithm,
|
||||
# referenced by a good DLV zone, yields an insecure response.
|
||||
echo_i "checking that unsupported algorithm TXT referenced by DLV validates as insecure ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS foo.unsupported-algorithm.utld txt @10.53.0.3 > dig.out.ns3.test$n || ret=1
|
||||
$DIG $DIGOPTS foo.unsupported-algorithm.utld txt @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
|
||||
grep -q "foo\.unsupported-algorithm\.utld\..*TXT.*\"foo\"" dig.out.ns5.test$n || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Test that a child zone that is signed with a disabled algorithm,
|
||||
# referenced by a good DLV zone, yields an insecure response.
|
||||
echo_i "checking that disabled algorithm TXT referenced by DLV validates as insecure ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS foo.disabled-algorithm.utld txt @10.53.0.3 > dig.out.ns3.test$n || ret=1
|
||||
$DIG $DIGOPTS foo.disabled-algorithm.utld txt @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1
|
||||
grep -q "foo\.disabled-algorithm\.utld\..*TXT.*\"foo\"" dig.out.ns5.test$n || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Test that a child zone that is signed with a known algorithm, referenced by
|
||||
# a DLV zone that is signed with a disabled algorithm, yields a bogus
|
||||
# response.
|
||||
echo_i "checking that good signed TXT referenced by disabled algorithm DLV validates as bogus ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS foo.child3.utld txt @10.53.0.8 > dig.out.ns8.test$n || ret=1
|
||||
grep "status: SERVFAIL" dig.out.ns8.test$n > /dev/null || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns8.test$n > /dev/null && ret=1
|
||||
grep -q "foo\.child3\.utld\..*TXT.*\"foo\"" dig.out.ns8.test$n && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
# Test that a child zone that is signed with a known algorithm, referenced by
|
||||
# a DLV zone that is signed with an unsupported algorithm, yields a bogus
|
||||
# response.
|
||||
echo_i "checking that good signed TXT referenced by unsupported algorithm DLV validates as bogus ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS foo.child5.utld txt @10.53.0.7 > dig.out.ns7.test$n || ret=1
|
||||
grep "status: SERVFAIL" dig.out.ns7.test$n > /dev/null || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns7.test$n > /dev/null && ret=1
|
||||
grep -q "foo\.child5\.utld\..*TXT.*\"foo\"" dig.out.ns7.test$n && ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo_i "exit status: $status"
|
||||
[ $status -eq 0 ] || exit 1
|
||||
@ -14,9 +14,12 @@ for the root.
|
||||
ns5 is a caching-only server, configured with the an incorrect trusted
|
||||
key for the root. It is used for testing failure cases.
|
||||
|
||||
ns6 is a caching-only server configured to use DLV.
|
||||
ns6 is an caching and authoritative server used for testing unusual
|
||||
server behaviors such as disabled DNSSEC algorithms.
|
||||
|
||||
ns7 is used for checking non-cacheable answers.
|
||||
|
||||
ns8 is a caching-only server, configured with unsupported and disabled
|
||||
algorithms. It is used for testing failure cases.
|
||||
|
||||
ns9 is a forwarding-only server.
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
|
||||
set -e
|
||||
|
||||
rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/dlvset-* ./*/signedkey-* ./*/*.signed
|
||||
rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/signedkey-* ./*/*.signed
|
||||
rm -f ./*/example.bk
|
||||
rm -f ./*/named.conf
|
||||
rm -f ./*/named.memstats
|
||||
@ -44,10 +44,8 @@ rm -f ./ns2/cds-auto.secure.db ./ns2/cds-auto.secure.db.jnl
|
||||
rm -f ./ns2/cds-kskonly.secure.db
|
||||
rm -f ./ns2/cds-update.secure.db ./ns2/cds-update.secure.db.jnl
|
||||
rm -f ./ns2/cds.secure.db ./ns2/cds-x.secure.db
|
||||
rm -f ./ns2/dlv.db
|
||||
rm -f ./ns2/in-addr.arpa.db
|
||||
rm -f ./ns2/nsec3chain-test.db
|
||||
rm -f ./ns2/private.secure.example.db
|
||||
rm -f ./ns2/single-nsec3.db
|
||||
rm -f ./ns2/updatecheck-kskonly.secure.*
|
||||
rm -f ./ns3/secure.example.db ./ns3/*.managed.db ./ns3/*.trusted.db
|
||||
|
||||
@ -20,8 +20,6 @@ a.root-servers.nil. A 10.53.0.1
|
||||
|
||||
example. NS ns2.example.
|
||||
ns2.example. A 10.53.0.2
|
||||
dlv. NS ns2.dlv.
|
||||
ns2.dlv. A 10.53.0.2
|
||||
algroll. NS ns2.algroll.
|
||||
ns2.algroll. A 10.53.0.2
|
||||
managed. NS ns2.managed.
|
||||
|
||||
@ -25,7 +25,6 @@ zonefile=root.db
|
||||
echo_i "ns1/sign.sh"
|
||||
|
||||
cp "../ns2/dsset-example$TP" .
|
||||
cp "../ns2/dsset-dlv$TP" .
|
||||
cp "../ns2/dsset-in-addr.arpa$TP" .
|
||||
|
||||
grep "$DEFAULT_ALGORITHM_NUMBER [12] " "../ns2/dsset-algroll$TP" > "dsset-algroll$TP"
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 300 ; 5 minutes
|
||||
@ IN SOA mname1. . (
|
||||
2000042407 ; serial
|
||||
20 ; refresh (20 seconds)
|
||||
20 ; retry (20 seconds)
|
||||
1814400 ; expire (3 weeks)
|
||||
3600 ; minimum (1 hour)
|
||||
)
|
||||
NS ns2
|
||||
ns2 A 10.53.0.2
|
||||
@ -40,11 +40,6 @@ zone "." {
|
||||
file "../../common/root.hint";
|
||||
};
|
||||
|
||||
zone "dlv" {
|
||||
type master;
|
||||
file "dlv.db.signed";
|
||||
};
|
||||
|
||||
zone "trusted" {
|
||||
type master;
|
||||
file "trusted.db.signed";
|
||||
@ -61,12 +56,6 @@ zone "example" {
|
||||
allow-update { any; };
|
||||
};
|
||||
|
||||
zone "private.secure.example" {
|
||||
type master;
|
||||
file "private.secure.example.db.signed";
|
||||
allow-update { any; };
|
||||
};
|
||||
|
||||
zone "insecure.secure.example" {
|
||||
type master;
|
||||
file "insecure.secure.example.db";
|
||||
|
||||
@ -136,31 +136,6 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1
|
||||
|
||||
# Sign the privately secure file
|
||||
|
||||
privzone=private.secure.example
|
||||
privinfile=private.secure.example.db.in
|
||||
privzonefile=private.secure.example.db
|
||||
|
||||
privkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$privzone")
|
||||
|
||||
cat "$privinfile" "$privkeyname.key" > "$privzonefile"
|
||||
|
||||
"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null 2>&1
|
||||
|
||||
# Sign the DLV secure zone.
|
||||
|
||||
dlvzone=dlv.
|
||||
dlvinfile=dlv.db.in
|
||||
dlvzonefile=dlv.db
|
||||
dlvsetfile="dlvset-${privzone}${TP}"
|
||||
|
||||
dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
|
||||
|
||||
cat "$dlvinfile" "$dlvkeyname.key" "$dlvsetfile" > "$dlvzonefile"
|
||||
|
||||
"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null 2>&1
|
||||
|
||||
# Sign the badparam secure file
|
||||
|
||||
zone=badparam.
|
||||
|
||||
@ -23,7 +23,6 @@ options {
|
||||
notify yes;
|
||||
disable-algorithms . { @ALTERNATIVE_ALGORITHM@; };
|
||||
dnssec-validation yes;
|
||||
dnssec-lookaside . trust-anchor dlv;
|
||||
};
|
||||
|
||||
zone "." {
|
||||
|
||||
@ -1212,34 +1212,6 @@ n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
echo_i "checking that positive validation in a privately secure zone works ($n)"
|
||||
ret=0
|
||||
dig_with_opts +noauth a.private.secure.example. a @10.53.0.2 \
|
||||
> dig.out.ns2.test$n || ret=1
|
||||
dig_with_opts +noauth a.private.secure.example. a @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
echo_i "checking that negative validation in a privately secure zone works ($n)"
|
||||
ret=0
|
||||
dig_with_opts +noauth q.private.secure.example. a @10.53.0.2 \
|
||||
> dig.out.ns2.test$n || ret=1
|
||||
dig_with_opts +noauth q.private.secure.example. a @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
|
||||
grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
echo_i "checking that lookups succeed after disabling an algorithm ($n)"
|
||||
ret=0
|
||||
dig_with_opts +noauth example. SOA @10.53.0.2 \
|
||||
@ -1253,28 +1225,6 @@ n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
echo_i "checking privately secure to nxdomain works ($n)"
|
||||
ret=0
|
||||
dig_with_opts +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
echo_i "checking privately secure wildcard to nxdomain works ($n)"
|
||||
ret=0
|
||||
dig_with_opts +noauth a.wild.private.secure.example. SOA @10.53.0.4 \
|
||||
> dig.out.ns4.test$n || ret=1
|
||||
grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
|
||||
# Note - this is looking for failure, hence the &&
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
echo_i "checking a non-cachable NODATA works ($n)"
|
||||
ret=0
|
||||
dig_with_opts +noauth a.nosoa.secure.example. txt @10.53.0.7 \
|
||||
@ -1299,21 +1249,6 @@ n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
#
|
||||
# private.secure.example is served by the same server as its
|
||||
# grand parent and there is not a secure delegation from secure.example
|
||||
# to private.secure.example. In addition secure.example is using a
|
||||
# algorithm which the validation does not support.
|
||||
#
|
||||
echo_i "checking dnssec-lookaside-validation works ($n)"
|
||||
ret=0
|
||||
dig_with_opts private.secure.example. SOA @10.53.0.6 \
|
||||
> dig.out.ns6.test$n || ret=1
|
||||
grep "flags:.*ad.*QUERY" dig.out.ns6.test$n > /dev/null || ret=1
|
||||
n=$((n+1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status+ret))
|
||||
|
||||
echo_i "checking that we can load a rfc2535 signed zone ($n)"
|
||||
ret=0
|
||||
dig_with_opts rfc2535.example. SOA @10.53.0.2 \
|
||||
@ -2433,7 +2368,7 @@ status=$((status+ret))
|
||||
echo_i "checking that DS at a RFC 1918 empty zone lookup succeeds ($n)"
|
||||
ret=0
|
||||
dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.2 >dig.out.ns2.test$n || ret=1
|
||||
dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.6 >dig.out.ns6.test$n || ret=1
|
||||
dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.4 >dig.out.ns6.test$n || ret=1
|
||||
digcomp dig.out.ns2.test$n dig.out.ns6.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1
|
||||
n=$((n+1))
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=../..
|
||||
|
||||
SYSTESTDIR=filter-aaaa
|
||||
|
||||
dlvsets=
|
||||
|
||||
zone=signed.
|
||||
infile=signed.db.in
|
||||
zonefile=signed.db.signed
|
||||
|
||||
@ -14,8 +14,6 @@ SYSTEMTESTTOP=../..
|
||||
|
||||
SYSTESTDIR=filter-aaaa
|
||||
|
||||
dlvsets=
|
||||
|
||||
zone=signed.
|
||||
infile=signed.db.in
|
||||
zonefile=signed.db.signed
|
||||
|
||||
@ -24,8 +24,6 @@ options {
|
||||
|
||||
zone "." { type master; file "root.db.signed"; };
|
||||
|
||||
zone "dlv" { type master; file "dlv.db.signed"; };
|
||||
|
||||
zone "nsec" { type master; file "nsec.db.signed"; };
|
||||
zone "private.nsec" { type master; file "private.nsec.db.signed"; };
|
||||
|
||||
|
||||
@ -11,6 +11,5 @@ $TTL 120
|
||||
@ SOA a.root-servers.nil hostmaster.root-servers.nil 1 1800 900 604800 86400
|
||||
@ NS a.root-servers.nil
|
||||
a.root-servers.nil A 10.53.0.1
|
||||
dlv NS a.root-servers.nil
|
||||
nsec NS a.root-servers.nil
|
||||
nsec3 NS a.root-servers.nil
|
||||
|
||||
@ -16,20 +16,6 @@ SYSTESTDIR=wildcard
|
||||
|
||||
dssets=
|
||||
|
||||
zone=dlv
|
||||
infile=dlv.db.in
|
||||
zonefile=dlv.db
|
||||
outfile=dlv.db.signed
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key > $zonefile
|
||||
|
||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=nsec
|
||||
infile=nsec.db.in
|
||||
zonefile=nsec.db
|
||||
|
||||
@ -20,7 +20,6 @@ options {
|
||||
recursion yes;
|
||||
dnssec-validation yes;
|
||||
notify yes;
|
||||
dnssec-lookaside . trust-anchor dlv;
|
||||
};
|
||||
|
||||
include "../ns1/trusted.conf";
|
||||
|
||||
@ -502,13 +502,6 @@
|
||||
./bin/tests/system/digdelv/setup.sh SH 2018,2019
|
||||
./bin/tests/system/digdelv/tests.sh SH 2015,2016,2017,2018,2019
|
||||
./bin/tests/system/ditch.pl PERL 2015,2016,2018,2019
|
||||
./bin/tests/system/dlv/clean.sh SH 2004,2007,2010,2011,2012,2014,2016,2018,2019
|
||||
./bin/tests/system/dlv/ns1/sign.sh SH 2011,2012,2014,2016,2018,2019
|
||||
./bin/tests/system/dlv/ns2/sign.sh SH 2011,2012,2014,2016,2018,2019
|
||||
./bin/tests/system/dlv/ns3/sign.sh SH 2004,2007,2009,2010,2011,2012,2014,2016,2018,2019
|
||||
./bin/tests/system/dlv/ns6/sign.sh SH 2010,2011,2012,2014,2016,2018,2019
|
||||
./bin/tests/system/dlv/setup.sh SH 2004,2007,2009,2011,2012,2014,2016,2017,2018,2019
|
||||
./bin/tests/system/dlv/tests.sh SH 2004,2007,2010,2011,2012,2016,2018,2019
|
||||
./bin/tests/system/dlz/clean.sh SH 2010,2012,2014,2016,2018,2019
|
||||
./bin/tests/system/dlz/ns1/dns-root/com/broken/dns.d/@/DNAME=10=example.net.= TXT.BRIEF 2015,2016,2018,2019
|
||||
./bin/tests/system/dlz/ns1/dns-root/com/broken/dns.d/@/NS=10=example.com.= TXT.BRIEF 2015,2016,2018,2019
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user