diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index 613c0cd72b..d1efc192d4 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -59,7 +59,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \ acl additional addzone allow-query auth autosign \ builtin cacheclean case catz cds chain \ checkconf checknames checkzone \ - cookie database digdelv dlv dlz dlzexternal \ + cookie database digdelv dlz dlzexternal \ dns64 dscp dsdigest dyndb \ ednscompliance emptyzones \ fetchlimit filter-aaaa formerr forward \ diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh index b0f655b739..0a0509f9be 100644 --- a/bin/tests/system/digdelv/tests.sh +++ b/bin/tests/system/digdelv/tests.sh @@ -55,7 +55,7 @@ check_ttl_range() { # using delv insecure mode as not testing dnssec here delv_with_opts() { - "$DELV" +noroot +nodlv -p "$PORT" "$@" + "$DELV" +noroot -p "$PORT" "$@" } KEYID="$(cat ns2/keyid)" diff --git a/bin/tests/system/dlv/clean.sh b/bin/tests/system/dlv/clean.sh deleted file mode 100644 index 9f3f1cb8c1..0000000000 --- a/bin/tests/system/dlv/clean.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -rm -f ns*/named.run -rm -f ns*/named.conf -rm -f ns1/K* -rm -f ns1/dsset-* -rm -f ns1/*.signed -rm -f ns1/signer.err -rm -f ns1/root.db -rm -f ns1/trusted.conf -rm -f ns2/K* -rm -f ns2/dlvset-* -rm -f ns2/dsset-* -rm -f ns2/*.signed -rm -f ns2/*.pre -rm -f ns2/signer.err -rm -f ns2/druz.db -rm -f ns3/K* -rm -f ns3/*.db -rm -f ns3/*.signed ns3/*.signed.tmp -rm -f ns3/dlvset-* -rm -f ns3/dsset-* -rm -f ns3/keyset-* -rm -f ns3/trusted*.conf -rm -f ns3/signer.err -rm -f ns5/trusted*.conf -rm -f ns6/K* -rm -f ns6/*.db -rm -f ns6/*.signed -rm -f ns6/dsset-* -rm -f ns6/signer.err -rm -f ns7/trusted*.conf ns8/trusted*.conf -rm -f */named.memstats -rm -f dig.out.ns*.test* -rm -f ns*/named.lock -rm -f ns*/managed-keys.bind* diff --git a/bin/tests/system/dlv/ns1/named.conf.in b/bin/tests/system/dlv/ns1/named.conf.in deleted file mode 100644 index e628dbe36d..0000000000 --- a/bin/tests/system/dlv/ns1/named.conf.in +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - query-source address 10.53.0.1; - notify-source 10.53.0.1; - transfer-source 10.53.0.1; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.1; }; - listen-on-v6 { none; }; - recursion no; - notify yes; -}; - -zone "." { type master; file "root.signed"; }; -zone "rootservers.utld" { type master; file "rootservers.utld.db"; }; diff --git a/bin/tests/system/dlv/ns1/root.db.in b/bin/tests/system/dlv/ns1/root.db.in deleted file mode 100644 index f4faa25d3e..0000000000 --- a/bin/tests/system/dlv/ns1/root.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 120 -@ SOA ns.rootservers.utld hostmaster.ns.rootservers.utld ( - 1 3600 1200 604800 60 ) -@ NS ns.rootservers.utld -ns A 10.53.0.1 -; -; A zone that is unsigned (utld=unsigned tld) that will include a second level -; zone that acts as a DLV. -; -utld NS ns.utld -ns.utld A 10.53.0.2 -; -; A zone that has a bad DNSKEY RRset but has good DLV records for its child -; zones. -; -druz NS ns.druz -ns.druz A 10.53.0.2 diff --git a/bin/tests/system/dlv/ns1/rootservers.utld.db b/bin/tests/system/dlv/ns1/rootservers.utld.db deleted file mode 100644 index 8491ed0e30..0000000000 --- a/bin/tests/system/dlv/ns1/rootservers.utld.db +++ /dev/null @@ -1,13 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 120 -@ SOA ns hostmaster.ns 1 3600 1200 604800 60 -@ NS ns -ns A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh deleted file mode 100755 index 487d609a7f..0000000000 --- a/bin/tests/system/dlv/ns1/sign.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh - -SYSTESTDIR=dlv - -(cd ../ns2 && $SHELL -e ./sign.sh || exit 1) - -echo_i "dlv/ns1/sign.sh" - -zone=. -infile=root.db.in -zonefile=root.db -outfile=root.signed - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err - -echo_i "signed $zone" - -keyfile_to_static_keys $keyname2 > trusted.conf -cp trusted.conf ../ns5 -cp trusted.conf ../ns7 -cp trusted.conf ../ns8 diff --git a/bin/tests/system/dlv/ns2/druz.db.in b/bin/tests/system/dlv/ns2/druz.db.in deleted file mode 100644 index 4e0f892a53..0000000000 --- a/bin/tests/system/dlv/ns2/druz.db.in +++ /dev/null @@ -1,47 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 120 -@ SOA ns hostmaster.ns 1 3600 1200 604800 60 -@ NS ns -ns A 10.53.0.2 -; -rootservers NS ns.rootservers -ns.rootservers A 10.53.0.1 -; -; -child1 NS ns.child1 -ns.child1 A 10.53.0.3 -; -child2 NS ns.child2 -ns.child2 A 10.53.0.4 -; -child3 NS ns.child3 -ns.child3 A 10.53.0.3 -; -child4 NS ns.child4 -ns.child4 A 10.53.0.3 -; -child5 NS ns.child5 -ns.child5 A 10.53.0.3 -; -child6 NS ns.child6 -ns.child6 A 10.53.0.4 -; -child7 NS ns.child7 -ns.child7 A 10.53.0.3 -; -child8 NS ns.child8 -ns.child8 A 10.53.0.3 -; -child9 NS ns.child9 -ns.child9 A 10.53.0.3 -; -child10 NS ns.child10 -ns.child10 A 10.53.0.3 diff --git a/bin/tests/system/dlv/ns2/hints b/bin/tests/system/dlv/ns2/hints deleted file mode 100644 index 381e86b152..0000000000 --- a/bin/tests/system/dlv/ns2/hints +++ /dev/null @@ -1,11 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -. 0 NS ns.rootservers.utld. -ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns2/named.conf.in b/bin/tests/system/dlv/ns2/named.conf.in deleted file mode 100644 index e10a9899b2..0000000000 --- a/bin/tests/system/dlv/ns2/named.conf.in +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - query-source address 10.53.0.2; - notify-source 10.53.0.2; - transfer-source 10.53.0.2; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.2; }; - listen-on-v6 { none; }; - recursion no; - notify yes; -}; - -/* Root hints. */ -zone "." { type hint; file "hints"; }; - -/* - * A zone that is unsigned (utld=unsigned tld) that will include a second level - * zone that acts as a DLV. - */ -zone "utld" { type master; file "utld.db"; }; - -/* - * A zone that has a bad DNSKEY RRset but has good DLV records for its child - * zones. - */ -zone "druz" { type master; file "druz.signed"; }; diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh deleted file mode 100755 index 8367725735..0000000000 --- a/bin/tests/system/dlv/ns2/sign.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh - -SYSTESTDIR=dlv - -(cd ../ns3 && $SHELL -e ./sign.sh || exit 1) - -echo_i "dlv/ns2/sign.sh" - -zone=druz. -infile=druz.db.in -zonefile=druz.db -outfile=druz.pre -dlvzone=utld. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err - -$CHECKZONE -q -D -i none druz druz.pre | -sed '/IN DNSKEY/s/\([a-z0-9A-Z+/]\{10\}\)[a-z0-9A-Z+/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed - -echo_i "signed $zone" diff --git a/bin/tests/system/dlv/ns2/utld.db b/bin/tests/system/dlv/ns2/utld.db deleted file mode 100644 index 4369968b0f..0000000000 --- a/bin/tests/system/dlv/ns2/utld.db +++ /dev/null @@ -1,61 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 120 -@ SOA ns hostmaster.ns 1 3600 1200 604800 60 -@ NS ns -ns A 10.53.0.2 -; -rootservers NS ns.rootservers -ns.rootservers A 10.53.0.1 -; -dlv NS ns.dlv -ns.dlv A 10.53.0.3 -; -disabled-algorithm-dlv NS ns.disabled-algorithm-dlv -ns.disabled-algorithm-dlv A 10.53.0.3 -; -unsupported-algorithm-dlv NS ns.unsupported-algorithm-dlv -ns.unsupported-algorithm-dlv A 10.53.0.3 -; -child1 NS ns.child1 -ns.child1 A 10.53.0.3 -; -child2 NS ns.child2 -ns.child2 A 10.53.0.4 -; -child3 NS ns.child3 -ns.child3 A 10.53.0.3 -; -child4 NS ns.child4 -ns.child4 A 10.53.0.3 -; -child5 NS ns.child5 -ns.child5 A 10.53.0.3 -; -child6 NS ns.child6 -ns.child6 A 10.53.0.4 -; -child7 NS ns.child7 -ns.child7 A 10.53.0.3 -; -child8 NS ns.child8 -ns.child8 A 10.53.0.3 -; -child9 NS ns.child9 -ns.child9 A 10.53.0.3 -; -child10 NS ns.child10 -ns.child10 A 10.53.0.3 -; -disabled-algorithm NS ns.disabled-algorithm -ns.disabled-algorithm A 10.53.0.3 -; -unsupported-algorithm NS ns.unsupported-algorithm -ns.unsupported-algorithm A 10.53.0.3 diff --git a/bin/tests/system/dlv/ns3/child.db.in b/bin/tests/system/dlv/ns3/child.db.in deleted file mode 100644 index 11df807ab7..0000000000 --- a/bin/tests/system/dlv/ns3/child.db.in +++ /dev/null @@ -1,17 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 120 -@ SOA ns hostmaster.ns 1 3600 1200 604800 60 -@ NS ns -ns A 10.53.0.3 -foo TXT foo -bar TXT bar -grand NS ns.grand -ns.grand A 10.53.0.6 diff --git a/bin/tests/system/dlv/ns3/dlv.db.in b/bin/tests/system/dlv/ns3/dlv.db.in deleted file mode 100644 index fdc8ce9901..0000000000 --- a/bin/tests/system/dlv/ns3/dlv.db.in +++ /dev/null @@ -1,13 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 120 -@ SOA ns hostmaster.ns 1 3600 1200 604800 60 -@ NS ns -ns A 10.53.0.3 diff --git a/bin/tests/system/dlv/ns3/hints b/bin/tests/system/dlv/ns3/hints deleted file mode 100644 index 381e86b152..0000000000 --- a/bin/tests/system/dlv/ns3/hints +++ /dev/null @@ -1,11 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -. 0 NS ns.rootservers.utld. -ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns3/named.conf.in b/bin/tests/system/dlv/ns3/named.conf.in deleted file mode 100644 index fc42a5571a..0000000000 --- a/bin/tests/system/dlv/ns3/named.conf.in +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - query-source address 10.53.0.3; - notify-source 10.53.0.3; - transfer-source 10.53.0.3; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.3; }; - listen-on-v6 { none; }; - recursion no; - notify yes; -}; - -/* Root hints. */ -zone "." { type hint; file "hints"; }; - -/* DLV zone below unsigned TLD. */ -zone "dlv.utld" { type master; file "dlv.utld.signed"; }; - -/* DLV zone signed with a disabled algorithm below unsigned TLD. */ -zone "disabled-algorithm-dlv.utld." { - type master; - file "disabled-algorithm-dlv.utld.signed"; -}; - -/* DLV zone signed with an unsupported algorithm below unsigned TLD. */ -zone "unsupported-algorithm-dlv.utld." { - type master; - file "unsupported-algorithm-dlv.utld.signed"; -}; - -/* Signed zone below unsigned TLD with DLV entry. */ -zone "child1.utld" { type master; file "child1.signed"; }; - -/* - * Signed zone below unsigned TLD with DLV entry in DLV zone that is signed - * with a disabled algorithm. - */ -zone "child3.utld" { type master; file "child3.signed"; }; - -/* - * Signed zone below unsigned TLD with DLV entry. This one is slightly - * different because its children (the grandchildren) don't have a DS record in - * this zone. The grandchild zones are served by ns6. - * - */ -zone "child4.utld" { type master; file "child4.signed"; }; - -/* - * Signed zone below unsigned TLD with DLV entry in DLV zone that is signed - * with an unsupported algorithm. - */ -zone "child5.utld" { type master; file "child5.signed"; }; - -/* Signed zone below unsigned TLD without DLV entry. */ -zone "child7.utld" { type master; file "child7.signed"; }; - -/* - * Signed zone below unsigned TLD without DLV entry and no DS records for the - * grandchildren. - */ -zone "child8.utld" { type master; file "child8.signed"; }; - -/* Signed zone below unsigned TLD with DLV entry. */ -zone "child9.utld" { type master; file "child9.signed"; }; - -/* Unsigned zone below an unsigned TLD with DLV entry. */ -zone "child10.utld" { type master; file "child.db.in"; }; - -/* - * Zone signed with a disabled algorithm (an algorithm that is disabled in - * one of the test resolvers) with DLV entry. - */ -zone "disabled-algorithm.utld" { - type master; - file "disabled-algorithm.utld.signed"; -}; - -/* Zone signed with an unsupported algorithm with DLV entry. */ -zone "unsupported-algorithm.utld" { - type master; - file "unsupported-algorithm.utld.signed"; -}; - -/* - * Signed zone below signed TLD with good DLV entry but no chain of - * trust. - */ -zone "child1.druz" { type master; file "child1.druz.signed"; }; - -/* - * Signed zone below signed TLD with good DLV entry but no chain of - * trust. The DLV zone is signed with a disabled algorithm. - */ -zone "child3.druz" { type master; file "child3.druz.signed"; }; - -/* - * Signed zone below signed TLD with good DLV entry but no chain of - * trust. Also there are no DS records for the grandchildren. - */ -zone "child4.druz" { type master; file "child4.druz.signed"; }; - -/* - * Signed zone below signed TLD with good DLV entry but no chain of - * trust. The DLV zone is signed with an unsupported algorithm. - */ -zone "child5.druz" { type master; file "child5.druz.signed"; }; - -/* - * Signed zone below signed TLD without DLV entry, and no chain of - * trust. - */ -zone "child7.druz" { type master; file "child7.druz.signed"; }; - -/* - * Signed zone below signed TLD without DLV entry and no DS set. Also DS - * records for the grandchildren are not included in the zone. - */ -zone "child8.druz" { type master; file "child8.druz.signed"; }; - -/* - * Signed zone below signed TLD with good DLV entry but no DS set. Also DS - * records for the grandchildren are not included in the zone. - */ -zone "child9.druz" { type master; file "child9.druz.signed"; }; - -/* - * Unsigned zone below signed TLD with good DLV entry but no chain of - * trust. - */ -zone "child10.druz" { type master; file "child.db.in"; }; diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh deleted file mode 100755 index 3c8fbdc5d0..0000000000 --- a/bin/tests/system/dlv/ns3/sign.sh +++ /dev/null @@ -1,397 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh - -(cd ../ns6 && $SHELL -e ./sign.sh) - -echo_i "dlv/ns3/sign.sh" - -dlvzone="dlv.utld" -dlvsets= -dssets= - -disableddlvzone="disabled-algorithm-dlv.utld" -disableddlvsets= -disableddssets= - -unsupporteddlvzone="unsupported-algorithm-dlv.utld" -unsupporteddlvsets= -unsupporteddssets= - -# Signed zone below unsigned TLD with DLV entry. -zone=child1.utld -infile=child.db.in -zonefile=child1.utld.db -outfile=child1.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -dsfilename=../ns6/dsset-grand.${zone}${TP} -cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed -# with a disabled algorithm. -zone=child3.utld -infile=child.db.in -zonefile=child3.utld.db -outfile=child3.signed -disableddlvsets="$disableddlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -dsfilename=../ns6/dsset-grand.${zone}${TP} -cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile - -$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below unsigned TLD with DLV entry. This one is slightly -# different because its children (the grandchildren) don't have a DS record in -# this zone. The grandchild zones are served by ns6. -zone=child4.utld -infile=child.db.in -zonefile=child4.utld.db -outfile=child4.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed -# with an unsupported algorithm. -zone=child5.utld -infile=child.db.in -zonefile=child5.utld.db -outfile=child5.signed -unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -dsfilename=../ns6/dsset-grand.${zone}${TP} -cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile - -$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - -# Signed zone below unsigned TLD without DLV entry. -zone=child7.utld -infile=child.db.in -zonefile=child7.utld.db -outfile=child7.signed - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -dsfilename=../ns6/dsset-grand.${zone}${TP} -cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile - -$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below unsigned TLD without DLV entry and no DS records for the -# grandchildren. -zone=child8.utld -infile=child.db.in -zonefile=child8.utld.db -outfile=child8.signed - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - -# Signed zone below unsigned TLD with DLV entry. -zone=child9.utld -infile=child.db.in -zonefile=child9.utld.db -outfile=child9.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - -# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign -# the zone to generate the DLV set. -zone=child10.utld -infile=child.db.in -zonefile=child10.utld.db -outfile=child10.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Zone signed with a disabled algorithm (an algorithm that is disabled in -# one of the test resolvers) with DLV entry. -zone=disabled-algorithm.utld -infile=child.db.in -zonefile=disabled-algorithm.utld.db -outfile=disabled-algorithm.utld.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f ${outfile} $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Zone signed with an unsupported algorithm with DLV entry. -zone=unsupported-algorithm.utld -infile=child.db.in -zonefile=unsupported-algorithm.utld.db -outfile=unsupported-algorithm.utld.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err -awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile - -cp ${keyname2}.key ${keyname2}.tmp -awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key -cp dlvset-${zone}${TP} dlvset-${zone}tmp -awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP} - -echo_i "signed $zone" - -# Signed zone below signed TLD with DLV entry and DS set. -zone=child1.druz -infile=child.db.in -zonefile=child1.druz.db -outfile=child1.druz.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" -dssets="$dssets dsset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -dsfilename=../ns6/dsset-grand.${zone}${TP} -cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is -# signed with a disabled algorithm. -zone=child3.druz -infile=child.db.in -zonefile=child3.druz.db -outfile=child3.druz.signed -disableddlvsets="$disableddlvsets dlvset-${zone}${TP}" -disableddssets="$disableddssets dsset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -dsfilename=../ns6/dsset-grand.${zone}${TP} -cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile - -$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below signed TLD with DLV entry and DS set, but missing -# DS records for the grandchildren. -zone=child4.druz -infile=child.db.in -zonefile=child4.druz.db -outfile=child4.druz.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" -dssets="$dssets dsset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is -# signed with an unsupported algorithm algorithm. -zone=child5.druz -infile=child.db.in -zonefile=child5.druz.db -outfile=child5.druz.signed -unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}" -unsupporteddssets="$unsupportedssets dsset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -dsfilename=../ns6/dsset-grand.${zone}${TP} -cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile - -$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below signed TLD without DLV entry, but with normal DS set. -zone=child7.druz -infile=child.db.in -zonefile=child7.druz.db -outfile=child7.druz.signed -dssets="$dssets dsset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -dsfilename=../ns6/dsset-grand.${zone}${TP} -cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile - -$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below signed TLD without DLV entry and no DS set. Also DS -# records for the grandchildren are not included in the zone. -zone=child8.druz -infile=child.db.in -zonefile=child8.druz.db -outfile=child8.druz.signed - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Signed zone below signed TLD with DLV entry but no DS set. Also DS -# records for the grandchildren are not included in the zone. -zone=child9.druz -infile=child.db.in -zonefile=child9.druz.db -outfile=child9.druz.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -# Unsigned zone below signed TLD with DLV entry and DS set. We still need to -# sign the zone to generate the DS sets. -zone=child10.druz -infile=child.db.in -zonefile=child10.druz.db -outfile=child10.druz.signed -dlvsets="$dlvsets dlvset-${zone}${TP}" -dssets="$dssets dsset-${zone}${TP}" - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - -cp $dssets ../ns2 -cp $disableddssets ../ns2 -cp $unsupporteddssets ../ns2 - -# DLV zones -infile=dlv.db.in -for zone in dlv.utld disabled-algorithm-dlv.utld unsupported-algorithm-dlv.utld -do - zonefile="${zone}.db" - outfile="${zone}.signed" - - case $zone in - "dlv.utld") - algorithm=$DEFAULT_ALGORITHM - bits=$DEFAULT_BITS - dlvfiles=$dlvsets - ;; - "disabled-algorithm-dlv.utld") - algorithm=$DISABLED_ALGORITHM - bits=$DISABLED_BITS - dlvfiles=$disableddlvsets - ;; - "unsupported-algorithm-dlv.utld") - algorithm=$DEFAULT_ALGORITHM - bits=$DEFAULT_BITS - dlvfiles=$unsupporteddlvsets - ;; - esac - - keyname1=`$KEYGEN -a $algorithm -b $bits -n zone $zone 2> /dev/null` - keyname2=`$KEYGEN -f KSK -a $algorithm -b $bits -n zone $zone 2> /dev/null` - - cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile - - case $zone in - "dlv.utld") - $SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err - keyfile_to_static_keys $keyname2 > ../ns5/trusted-dlv.conf - ;; - "disabled-algorithm-dlv.utld") - $SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err - keyfile_to_static_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf - ;; - "unsupported-algorithm-dlv.utld") - cp ${keyname2}.key ${keyname2}.tmp - $SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err - awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile - awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key - keyfile_to_static_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf - ;; - esac - - echo_i "signed $zone" -done diff --git a/bin/tests/system/dlv/ns4/child.db b/bin/tests/system/dlv/ns4/child.db deleted file mode 100644 index c123f70a95..0000000000 --- a/bin/tests/system/dlv/ns4/child.db +++ /dev/null @@ -1,34 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 120 -@ SOA ns hostmaster.ns 1 3600 1200 604800 60 -@ NS ns -ns A 10.53.0.3 -; -rootservers NS ns.rootservers -ns.rootservers A 10.53.0.1 -; -child1 NS ns.child1 -ns.child1 A 10.53.0.3 -; -child2 NS ns.child2 -ns.child2 A 10.53.0.4 -; -child3 NS ns.child3 -ns.child3 A 10.53.0.3 -; -child4 NS ns.child4 -ns.child4 A 10.53.0.3 -; -child5 NS ns.child5 -ns.child5 A 10.53.0.3 -; -child6 NS ns.child5 -ns.child6 A 10.53.0.4 diff --git a/bin/tests/system/dlv/ns4/hints b/bin/tests/system/dlv/ns4/hints deleted file mode 100644 index 381e86b152..0000000000 --- a/bin/tests/system/dlv/ns4/hints +++ /dev/null @@ -1,11 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -. 0 NS ns.rootservers.utld. -ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns4/named.conf.in b/bin/tests/system/dlv/ns4/named.conf.in deleted file mode 100644 index a98dd6b92b..0000000000 --- a/bin/tests/system/dlv/ns4/named.conf.in +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - query-source address 10.53.0.4; - notify-source 10.53.0.4; - transfer-source 10.53.0.4; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.4; }; - listen-on-v6 { none; }; - recursion no; - notify yes; -}; - -zone "." { type hint; file "hints"; }; -zone "child2.utld" { type master; file "child.db"; }; -zone "child6.utld" { type master; file "child.db"; }; diff --git a/bin/tests/system/dlv/ns5/hints b/bin/tests/system/dlv/ns5/hints deleted file mode 100644 index 381e86b152..0000000000 --- a/bin/tests/system/dlv/ns5/hints +++ /dev/null @@ -1,11 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -. 0 NS ns.rootservers.utld. -ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns5/named.conf.in b/bin/tests/system/dlv/ns5/named.conf.in deleted file mode 100644 index 88ef997771..0000000000 --- a/bin/tests/system/dlv/ns5/named.conf.in +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -include "trusted.conf"; -include "trusted-dlv.conf"; - -options { - query-source address 10.53.0.5; - notify-source 10.53.0.5; - transfer-source 10.53.0.5; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.5; }; - listen-on-v6 { none; }; - recursion yes; - notify yes; - dnssec-validation yes; - dnssec-lookaside "." trust-anchor "dlv.utld"; - disable-algorithms "utld." { @DISABLED_ALGORITHM@; }; -}; - -zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/dlv/ns5/rndc.conf b/bin/tests/system/dlv/ns5/rndc.conf deleted file mode 100644 index 02bce92708..0000000000 --- a/bin/tests/system/dlv/ns5/rndc.conf +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -key "cc64b3d1db63fc88d7cb5d2f9f57d258" { - algorithm hmac-sha256; - secret "34f88008d07deabbe65bd01f1d233d47"; -}; - -options { - default-server 10.53.0.5; - default-port 5353; -}; diff --git a/bin/tests/system/dlv/ns6/child.db.in b/bin/tests/system/dlv/ns6/child.db.in deleted file mode 100644 index 09a942ed5f..0000000000 --- a/bin/tests/system/dlv/ns6/child.db.in +++ /dev/null @@ -1,15 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 120 -@ SOA ns hostmaster.ns6 1 3600 1200 604800 60 -@ NS ns -ns A 10.53.0.6 -foo TXT foo -bar TXT bar diff --git a/bin/tests/system/dlv/ns6/hints b/bin/tests/system/dlv/ns6/hints deleted file mode 100644 index 381e86b152..0000000000 --- a/bin/tests/system/dlv/ns6/hints +++ /dev/null @@ -1,11 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -. 0 NS ns.rootservers.utld. -ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns6/named.conf.in b/bin/tests/system/dlv/ns6/named.conf.in deleted file mode 100644 index 15583c2a4c..0000000000 --- a/bin/tests/system/dlv/ns6/named.conf.in +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - query-source address 10.53.0.6; - notify-source 10.53.0.6; - transfer-source 10.53.0.6; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.6; }; - listen-on-v6 { none; }; - recursion no; - notify yes; -}; - -zone "." { type hint; file "hints"; }; -zone "grand.child1.utld" { type master; file "grand.child1.signed"; }; -zone "grand.child3.utld" { type master; file "grand.child3.signed"; }; -zone "grand.child4.utld" { type master; file "grand.child4.signed"; }; -zone "grand.child5.utld" { type master; file "grand.child5.signed"; }; -zone "grand.child7.utld" { type master; file "grand.child7.signed"; }; -zone "grand.child8.utld" { type master; file "grand.child8.signed"; }; -zone "grand.child9.utld" { type master; file "grand.child9.signed"; }; -zone "grand.child10.utld" { type master; file "grand.child10.signed"; }; -zone "grand.child1.druz" { type master; file "grand.child1.druz.signed"; }; -zone "grand.child3.druz" { type master; file "grand.child3.druz.signed"; }; -zone "grand.child4.druz" { type master; file "grand.child4.druz.signed"; }; -zone "grand.child5.druz" { type master; file "grand.child5.druz.signed"; }; -zone "grand.child7.druz" { type master; file "grand.child7.druz.signed"; }; -zone "grand.child8.druz" { type master; file "grand.child8.druz.signed"; }; -zone "grand.child9.druz" { type master; file "grand.child9.druz.signed"; }; -zone "grand.child10.druz" { type master; file "grand.child10.druz.signed"; }; diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh deleted file mode 100755 index 65f5f5d42b..0000000000 --- a/bin/tests/system/dlv/ns6/sign.sh +++ /dev/null @@ -1,251 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh - -SYSTESTDIR=dlv - -echo_i "dlv/ns6/sign.sh" - -zone=grand.child1.utld. -infile=child.db.in -zonefile=grand.child1.utld.db -outfile=grand.child1.signed - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child3.utld. -infile=child.db.in -zonefile=grand.child3.utld.db -outfile=grand.child3.signed -dlvzone=dlv.utld. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child4.utld. -infile=child.db.in -zonefile=grand.child4.utld.db -outfile=grand.child4.signed -dlvzone=dlv.utld. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child5.utld. -infile=child.db.in -zonefile=grand.child5.utld.db -outfile=grand.child5.signed -dlvzone=dlv.utld. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child7.utld. -infile=child.db.in -zonefile=grand.child7.utld.db -outfile=grand.child7.signed -dlvzone=dlv.utld. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child8.utld. -infile=child.db.in -zonefile=grand.child8.utld.db -outfile=grand.child8.signed -dlvzone=dlv.utld. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child9.utld. -infile=child.db.in -zonefile=grand.child9.utld.db -outfile=grand.child9.signed -dlvzone=dlv.utld. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - -zone=grand.child10.utld. -infile=child.db.in -zonefile=grand.child10.utld.db -outfile=grand.child10.signed -dlvzone=dlv.utld. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - -zone=grand.child1.druz. -infile=child.db.in -zonefile=grand.child1.druz.db -outfile=grand.child1.druz.signed - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child3.druz. -infile=child.db.in -zonefile=grand.child3.druz.db -outfile=grand.child3.druz.signed -dlvzone=dlv.druz. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child4.druz. -infile=child.db.in -zonefile=grand.child4.druz.db -outfile=grand.child4.druz.signed -dlvzone=dlv.druz. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child5.druz. -infile=child.db.in -zonefile=grand.child5.druz.db -outfile=grand.child5.druz.signed -dlvzone=dlv.druz. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child7.druz. -infile=child.db.in -zonefile=grand.child7.druz.db -outfile=grand.child7.druz.signed -dlvzone=dlv.druz. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child8.druz. -infile=child.db.in -zonefile=grand.child8.druz.db -outfile=grand.child8.druz.signed -dlvzone=dlv.druz. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - - -zone=grand.child9.druz. -infile=child.db.in -zonefile=grand.child9.druz.db -outfile=grand.child9.druz.signed -dlvzone=dlv.druz. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - -zone=grand.child10.druz. -infile=child.db.in -zonefile=grand.child10.druz.db -outfile=grand.child10.druz.signed -dlvzone=dlv.druz. - -keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" diff --git a/bin/tests/system/dlv/ns7/hints b/bin/tests/system/dlv/ns7/hints deleted file mode 100644 index cdf0f26f78..0000000000 --- a/bin/tests/system/dlv/ns7/hints +++ /dev/null @@ -1,12 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -. 0 NS ns.rootservers.utld. -ns.rootservers.utld. 0 A 10.53.0.1 - diff --git a/bin/tests/system/dlv/ns7/named.conf.in b/bin/tests/system/dlv/ns7/named.conf.in deleted file mode 100644 index fd9c7c8aaa..0000000000 --- a/bin/tests/system/dlv/ns7/named.conf.in +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -include "trusted.conf"; -include "trusted-dlv-unsupported.conf"; - -options { - query-source address 10.53.0.7; - notify-source 10.53.0.7; - transfer-source 10.53.0.7; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.7; }; - listen-on-v6 { none; }; - recursion yes; - notify yes; - dnssec-enable yes; - dnssec-validation yes; - dnssec-lookaside "." trust-anchor "unsupported-algorithm-dlv.utld"; -}; - -zone "." { type hint; file "hints"; }; - diff --git a/bin/tests/system/dlv/ns8/hints b/bin/tests/system/dlv/ns8/hints deleted file mode 100644 index cdf0f26f78..0000000000 --- a/bin/tests/system/dlv/ns8/hints +++ /dev/null @@ -1,12 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -. 0 NS ns.rootservers.utld. -ns.rootservers.utld. 0 A 10.53.0.1 - diff --git a/bin/tests/system/dlv/ns8/named.conf.in b/bin/tests/system/dlv/ns8/named.conf.in deleted file mode 100644 index 6e58019fe1..0000000000 --- a/bin/tests/system/dlv/ns8/named.conf.in +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -include "trusted.conf"; -include "trusted-dlv-disabled.conf"; - -options { - query-source address 10.53.0.8; - notify-source 10.53.0.8; - transfer-source 10.53.0.8; - port @PORT@; - pid-file "named.pid"; - listen-on { 10.53.0.8; }; - listen-on-v6 { none; }; - recursion yes; - notify yes; - dnssec-enable yes; - dnssec-validation yes; - dnssec-lookaside "." trust-anchor "disabled-algorithm-dlv.utld"; - disable-algorithms "disabled-algorithm-dlv.utld." { @DISABLED_ALGORITHM@; }; -}; - -zone "." { type hint; file "hints"; }; - diff --git a/bin/tests/system/dlv/setup.sh b/bin/tests/system/dlv/setup.sh deleted file mode 100644 index e1bd565745..0000000000 --- a/bin/tests/system/dlv/setup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh - -$SHELL clean.sh - -copy_setports ns1/named.conf.in ns1/named.conf -copy_setports ns2/named.conf.in ns2/named.conf -copy_setports ns3/named.conf.in ns3/named.conf -copy_setports ns4/named.conf.in ns4/named.conf -copy_setports ns5/named.conf.in ns5/named.conf -copy_setports ns6/named.conf.in ns6/named.conf -copy_setports ns7/named.conf.in ns7/named.conf -copy_setports ns8/named.conf.in ns8/named.conf - -(cd ns1 && $SHELL -e sign.sh) diff --git a/bin/tests/system/dlv/tests.sh b/bin/tests/system/dlv/tests.sh deleted file mode 100644 index a3046303a7..0000000000 --- a/bin/tests/system/dlv/tests.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh -# -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh - -status=0 -n=0 - -rm -f dig.out.* - -DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" - -echo_i "checking that unsigned TLD zone DNSKEY referenced by DLV validates as secure ($n)" -ret=0 -$DIG $DIGOPTS child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1 -grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 -n=`expr $n + 1` -if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` - -echo_i "checking that unsigned TLD child zone DNSKEY referenced by DLV validates as secure ($n)" -ret=0 -$DIG $DIGOPTS grand.child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1 -grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 -n=`expr $n + 1` -if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` - -echo_i "checking that no chain of trust SOA referenced by DLV validates as secure ($n)" -ret=0 -$DIG $DIGOPTS child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 -grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 -n=`expr $n + 1` -if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` - -echo_i "checking that no chain of trust child SOA referenced by DLV validates as secure ($n)" -ret=0 -$DIG $DIGOPTS grand.child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 -grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 -n=`expr $n + 1` -if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` - -# Test that a child zone that is signed with an unsupported algorithm, -# referenced by a good DLV zone, yields an insecure response. -echo_i "checking that unsupported algorithm TXT referenced by DLV validates as insecure ($n)" -ret=0 -$DIG $DIGOPTS foo.unsupported-algorithm.utld txt @10.53.0.3 > dig.out.ns3.test$n || ret=1 -$DIG $DIGOPTS foo.unsupported-algorithm.utld txt @10.53.0.5 > dig.out.ns5.test$n || ret=1 -grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1 -grep -q "foo\.unsupported-algorithm\.utld\..*TXT.*\"foo\"" dig.out.ns5.test$n || ret=1 -n=`expr $n + 1` -if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` - -# Test that a child zone that is signed with a disabled algorithm, -# referenced by a good DLV zone, yields an insecure response. -echo_i "checking that disabled algorithm TXT referenced by DLV validates as insecure ($n)" -ret=0 -$DIG $DIGOPTS foo.disabled-algorithm.utld txt @10.53.0.3 > dig.out.ns3.test$n || ret=1 -$DIG $DIGOPTS foo.disabled-algorithm.utld txt @10.53.0.5 > dig.out.ns5.test$n || ret=1 -grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null && ret=1 -grep -q "foo\.disabled-algorithm\.utld\..*TXT.*\"foo\"" dig.out.ns5.test$n || ret=1 -n=`expr $n + 1` -if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` - -# Test that a child zone that is signed with a known algorithm, referenced by -# a DLV zone that is signed with a disabled algorithm, yields a bogus -# response. -echo_i "checking that good signed TXT referenced by disabled algorithm DLV validates as bogus ($n)" -ret=0 -$DIG $DIGOPTS foo.child3.utld txt @10.53.0.8 > dig.out.ns8.test$n || ret=1 -grep "status: SERVFAIL" dig.out.ns8.test$n > /dev/null || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns8.test$n > /dev/null && ret=1 -grep -q "foo\.child3\.utld\..*TXT.*\"foo\"" dig.out.ns8.test$n && ret=1 -n=`expr $n + 1` -if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` - -# Test that a child zone that is signed with a known algorithm, referenced by -# a DLV zone that is signed with an unsupported algorithm, yields a bogus -# response. -echo_i "checking that good signed TXT referenced by unsupported algorithm DLV validates as bogus ($n)" -ret=0 -$DIG $DIGOPTS foo.child5.utld txt @10.53.0.7 > dig.out.ns7.test$n || ret=1 -grep "status: SERVFAIL" dig.out.ns7.test$n > /dev/null || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns7.test$n > /dev/null && ret=1 -grep -q "foo\.child5\.utld\..*TXT.*\"foo\"" dig.out.ns7.test$n && ret=1 -n=`expr $n + 1` -if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` - -echo_i "exit status: $status" -[ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dnssec/README b/bin/tests/system/dnssec/README index df83eb14e2..ecc503a780 100644 --- a/bin/tests/system/dnssec/README +++ b/bin/tests/system/dnssec/README @@ -14,9 +14,12 @@ for the root. ns5 is a caching-only server, configured with the an incorrect trusted key for the root. It is used for testing failure cases. -ns6 is a caching-only server configured to use DLV. +ns6 is an caching and authoritative server used for testing unusual +server behaviors such as disabled DNSSEC algorithms. ns7 is used for checking non-cacheable answers. ns8 is a caching-only server, configured with unsupported and disabled algorithms. It is used for testing failure cases. + +ns9 is a forwarding-only server. diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index bee3bbfd62..6745d436d2 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -11,7 +11,7 @@ set -e -rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/dlvset-* ./*/signedkey-* ./*/*.signed +rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/signedkey-* ./*/*.signed rm -f ./*/example.bk rm -f ./*/named.conf rm -f ./*/named.memstats @@ -44,10 +44,8 @@ rm -f ./ns2/cds-auto.secure.db ./ns2/cds-auto.secure.db.jnl rm -f ./ns2/cds-kskonly.secure.db rm -f ./ns2/cds-update.secure.db ./ns2/cds-update.secure.db.jnl rm -f ./ns2/cds.secure.db ./ns2/cds-x.secure.db -rm -f ./ns2/dlv.db rm -f ./ns2/in-addr.arpa.db rm -f ./ns2/nsec3chain-test.db -rm -f ./ns2/private.secure.example.db rm -f ./ns2/single-nsec3.db rm -f ./ns2/updatecheck-kskonly.secure.* rm -f ./ns3/secure.example.db ./ns3/*.managed.db ./ns3/*.trusted.db diff --git a/bin/tests/system/dnssec/ns1/root.db.in b/bin/tests/system/dnssec/ns1/root.db.in index 7fdbab9c4e..a446619cae 100644 --- a/bin/tests/system/dnssec/ns1/root.db.in +++ b/bin/tests/system/dnssec/ns1/root.db.in @@ -20,8 +20,6 @@ a.root-servers.nil. A 10.53.0.1 example. NS ns2.example. ns2.example. A 10.53.0.2 -dlv. NS ns2.dlv. -ns2.dlv. A 10.53.0.2 algroll. NS ns2.algroll. ns2.algroll. A 10.53.0.2 managed. NS ns2.managed. diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index 631411a9f2..385d3100a7 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -25,7 +25,6 @@ zonefile=root.db echo_i "ns1/sign.sh" cp "../ns2/dsset-example$TP" . -cp "../ns2/dsset-dlv$TP" . cp "../ns2/dsset-in-addr.arpa$TP" . grep "$DEFAULT_ALGORITHM_NUMBER [12] " "../ns2/dsset-algroll$TP" > "dsset-algroll$TP" diff --git a/bin/tests/system/dnssec/ns2/dlv.db.in b/bin/tests/system/dnssec/ns2/dlv.db.in deleted file mode 100644 index 836359dc56..0000000000 --- a/bin/tests/system/dnssec/ns2/dlv.db.in +++ /dev/null @@ -1,19 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, You can obtain one at http://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns2 -ns2 A 10.53.0.2 diff --git a/bin/tests/system/dnssec/ns2/named.conf.in b/bin/tests/system/dnssec/ns2/named.conf.in index 7a4bcf0cdc..ebef86da9c 100644 --- a/bin/tests/system/dnssec/ns2/named.conf.in +++ b/bin/tests/system/dnssec/ns2/named.conf.in @@ -40,11 +40,6 @@ zone "." { file "../../common/root.hint"; }; -zone "dlv" { - type master; - file "dlv.db.signed"; -}; - zone "trusted" { type master; file "trusted.db.signed"; @@ -61,12 +56,6 @@ zone "example" { allow-update { any; }; }; -zone "private.secure.example" { - type master; - file "private.secure.example.db.signed"; - allow-update { any; }; -}; - zone "insecure.secure.example" { type master; file "insecure.secure.example.db"; diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index c90f620e86..7413d7e3e1 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -136,31 +136,6 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile" "$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1 -# Sign the privately secure file - -privzone=private.secure.example -privinfile=private.secure.example.db.in -privzonefile=private.secure.example.db - -privkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$privzone") - -cat "$privinfile" "$privkeyname.key" > "$privzonefile" - -"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null 2>&1 - -# Sign the DLV secure zone. - -dlvzone=dlv. -dlvinfile=dlv.db.in -dlvzonefile=dlv.db -dlvsetfile="dlvset-${privzone}${TP}" - -dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone") - -cat "$dlvinfile" "$dlvkeyname.key" "$dlvsetfile" > "$dlvzonefile" - -"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null 2>&1 - # Sign the badparam secure file zone=badparam. diff --git a/bin/tests/system/dnssec/ns6/named.conf.in b/bin/tests/system/dnssec/ns6/named.conf.in index 61a7cce5a4..29279c2f98 100644 --- a/bin/tests/system/dnssec/ns6/named.conf.in +++ b/bin/tests/system/dnssec/ns6/named.conf.in @@ -23,7 +23,6 @@ options { notify yes; disable-algorithms . { @ALTERNATIVE_ALGORITHM@; }; dnssec-validation yes; - dnssec-lookaside . trust-anchor dlv; }; zone "." { diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 243b0a6426..54be389d55 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -1212,34 +1212,6 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -echo_i "checking that positive validation in a privately secure zone works ($n)" -ret=0 -dig_with_opts +noauth a.private.secure.example. a @10.53.0.2 \ - > dig.out.ns2.test$n || ret=1 -dig_with_opts +noauth a.private.secure.example. a @10.53.0.4 \ - > dig.out.ns4.test$n || ret=1 -digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 -grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 -# Note - this is looking for failure, hence the && -grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 -n=$((n+1)) -test "$ret" -eq 0 || echo_i "failed" -status=$((status+ret)) - -echo_i "checking that negative validation in a privately secure zone works ($n)" -ret=0 -dig_with_opts +noauth q.private.secure.example. a @10.53.0.2 \ - > dig.out.ns2.test$n || ret=1 -dig_with_opts +noauth q.private.secure.example. a @10.53.0.4 \ - > dig.out.ns4.test$n || ret=1 -digcomp dig.out.ns2.test$n dig.out.ns4.test$n || ret=1 -grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -# Note - this is looking for failure, hence the && -grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 -n=$((n+1)) -test "$ret" -eq 0 || echo_i "failed" -status=$((status+ret)) - echo_i "checking that lookups succeed after disabling an algorithm ($n)" ret=0 dig_with_opts +noauth example. SOA @10.53.0.2 \ @@ -1253,28 +1225,6 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -echo_i "checking privately secure to nxdomain works ($n)" -ret=0 -dig_with_opts +noauth private2secure-nxdomain.private.secure.example. SOA @10.53.0.4 \ - > dig.out.ns4.test$n || ret=1 -grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -# Note - this is looking for failure, hence the && -grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 -n=$((n+1)) -test "$ret" -eq 0 || echo_i "failed" -status=$((status+ret)) - -echo_i "checking privately secure wildcard to nxdomain works ($n)" -ret=0 -dig_with_opts +noauth a.wild.private.secure.example. SOA @10.53.0.4 \ - > dig.out.ns4.test$n || ret=1 -grep "NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 -# Note - this is looking for failure, hence the && -grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null && ret=1 -n=$((n+1)) -test "$ret" -eq 0 || echo_i "failed" -status=$((status+ret)) - echo_i "checking a non-cachable NODATA works ($n)" ret=0 dig_with_opts +noauth a.nosoa.secure.example. txt @10.53.0.7 \ @@ -1299,21 +1249,6 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -# -# private.secure.example is served by the same server as its -# grand parent and there is not a secure delegation from secure.example -# to private.secure.example. In addition secure.example is using a -# algorithm which the validation does not support. -# -echo_i "checking dnssec-lookaside-validation works ($n)" -ret=0 -dig_with_opts private.secure.example. SOA @10.53.0.6 \ - > dig.out.ns6.test$n || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns6.test$n > /dev/null || ret=1 -n=$((n+1)) -test "$ret" -eq 0 || echo_i "failed" -status=$((status+ret)) - echo_i "checking that we can load a rfc2535 signed zone ($n)" ret=0 dig_with_opts rfc2535.example. SOA @10.53.0.2 \ @@ -2433,7 +2368,7 @@ status=$((status+ret)) echo_i "checking that DS at a RFC 1918 empty zone lookup succeeds ($n)" ret=0 dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.2 >dig.out.ns2.test$n || ret=1 -dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.6 >dig.out.ns6.test$n || ret=1 +dig_with_opts +noauth 10.in-addr.arpa ds @10.53.0.4 >dig.out.ns6.test$n || ret=1 digcomp dig.out.ns2.test$n dig.out.ns6.test$n || ret=1 grep "status: NOERROR" dig.out.ns6.test$n > /dev/null || ret=1 n=$((n+1)) diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh index b1b17e1a9d..44e27ed488 100755 --- a/bin/tests/system/filter-aaaa/ns1/sign.sh +++ b/bin/tests/system/filter-aaaa/ns1/sign.sh @@ -14,8 +14,6 @@ SYSTEMTESTTOP=../.. SYSTESTDIR=filter-aaaa -dlvsets= - zone=signed. infile=signed.db.in zonefile=signed.db.signed diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh index 20cc4a3f1b..a5019690b2 100755 --- a/bin/tests/system/filter-aaaa/ns4/sign.sh +++ b/bin/tests/system/filter-aaaa/ns4/sign.sh @@ -14,8 +14,6 @@ SYSTEMTESTTOP=../.. SYSTESTDIR=filter-aaaa -dlvsets= - zone=signed. infile=signed.db.in zonefile=signed.db.signed diff --git a/bin/tests/system/wildcard/ns1/named.conf.in b/bin/tests/system/wildcard/ns1/named.conf.in index 092ae79fde..bfe8251c40 100644 --- a/bin/tests/system/wildcard/ns1/named.conf.in +++ b/bin/tests/system/wildcard/ns1/named.conf.in @@ -24,8 +24,6 @@ options { zone "." { type master; file "root.db.signed"; }; -zone "dlv" { type master; file "dlv.db.signed"; }; - zone "nsec" { type master; file "nsec.db.signed"; }; zone "private.nsec" { type master; file "private.nsec.db.signed"; }; diff --git a/bin/tests/system/wildcard/ns1/root.db.in b/bin/tests/system/wildcard/ns1/root.db.in index 493140f203..3fcc8a11e1 100644 --- a/bin/tests/system/wildcard/ns1/root.db.in +++ b/bin/tests/system/wildcard/ns1/root.db.in @@ -11,6 +11,5 @@ $TTL 120 @ SOA a.root-servers.nil hostmaster.root-servers.nil 1 1800 900 604800 86400 @ NS a.root-servers.nil a.root-servers.nil A 10.53.0.1 -dlv NS a.root-servers.nil nsec NS a.root-servers.nil nsec3 NS a.root-servers.nil diff --git a/bin/tests/system/wildcard/ns1/sign.sh b/bin/tests/system/wildcard/ns1/sign.sh index de80eb7922..b89331ce3e 100755 --- a/bin/tests/system/wildcard/ns1/sign.sh +++ b/bin/tests/system/wildcard/ns1/sign.sh @@ -16,20 +16,6 @@ SYSTESTDIR=wildcard dssets= -zone=dlv -infile=dlv.db.in -zonefile=dlv.db -outfile=dlv.db.signed -dssets="$dssets dsset-${zone}${TP}" - -keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` - -cat $infile $keyname1.key $keyname2.key > $zonefile - -$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err -echo_i "signed $zone" - zone=nsec infile=nsec.db.in zonefile=nsec.db diff --git a/bin/tests/system/wildcard/ns5/named.conf.in b/bin/tests/system/wildcard/ns5/named.conf.in index c54ed2ea19..abe2d5d020 100644 --- a/bin/tests/system/wildcard/ns5/named.conf.in +++ b/bin/tests/system/wildcard/ns5/named.conf.in @@ -20,7 +20,6 @@ options { recursion yes; dnssec-validation yes; notify yes; - dnssec-lookaside . trust-anchor dlv; }; include "../ns1/trusted.conf"; diff --git a/util/copyrights b/util/copyrights index 2c84376481..62b2d3719a 100644 --- a/util/copyrights +++ b/util/copyrights @@ -502,13 +502,6 @@ ./bin/tests/system/digdelv/setup.sh SH 2018,2019 ./bin/tests/system/digdelv/tests.sh SH 2015,2016,2017,2018,2019 ./bin/tests/system/ditch.pl PERL 2015,2016,2018,2019 -./bin/tests/system/dlv/clean.sh SH 2004,2007,2010,2011,2012,2014,2016,2018,2019 -./bin/tests/system/dlv/ns1/sign.sh SH 2011,2012,2014,2016,2018,2019 -./bin/tests/system/dlv/ns2/sign.sh SH 2011,2012,2014,2016,2018,2019 -./bin/tests/system/dlv/ns3/sign.sh SH 2004,2007,2009,2010,2011,2012,2014,2016,2018,2019 -./bin/tests/system/dlv/ns6/sign.sh SH 2010,2011,2012,2014,2016,2018,2019 -./bin/tests/system/dlv/setup.sh SH 2004,2007,2009,2011,2012,2014,2016,2017,2018,2019 -./bin/tests/system/dlv/tests.sh SH 2004,2007,2010,2011,2012,2016,2018,2019 ./bin/tests/system/dlz/clean.sh SH 2010,2012,2014,2016,2018,2019 ./bin/tests/system/dlz/ns1/dns-root/com/broken/dns.d/@/DNAME=10=example.net.= TXT.BRIEF 2015,2016,2018,2019 ./bin/tests/system/dlz/ns1/dns-root/com/broken/dns.d/@/NS=10=example.com.= TXT.BRIEF 2015,2016,2018,2019