From 62ddc3dca08f94bb47ee4cd14cb0ec39d7fa218a Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Mon, 3 Apr 2023 17:13:34 +0200 Subject: [PATCH] Remove redundant inline-signing lines from tests Now that inline-signing is explicitly set in dnssec-policy, remove the redundant "inline-signing yes;" lines from the system tests. --- .../system/checkconf/good-key-directory.conf | 3 - bin/tests/system/checkconf/good.conf.in | 12 ---- .../system/checkconf/kasp-bad-nsec3-iter.conf | 1 - .../kasp-bad-signatures-refresh.conf | 2 - .../system/checkconf/kasp-ignore-keylen.conf | 1 - bin/tests/system/checkconf/kasp-warning.conf | 3 - bin/tests/system/checkds/ns9/named.conf.in | 33 ----------- bin/tests/system/kasp/ns2/named.conf.in | 1 - bin/tests/system/kasp/ns3/ed25519.conf | 1 - bin/tests/system/kasp/ns3/ed448.conf | 1 - bin/tests/system/kasp/ns3/named-fips.conf.in | 59 ------------------- bin/tests/system/kasp/ns3/named.conf.in | 2 - .../kasp/ns3/policies/kasp-fips.conf.in | 1 + bin/tests/system/kasp/ns4/named.conf.in | 6 -- bin/tests/system/kasp/ns5/named.conf.in | 4 -- bin/tests/system/kasp/ns6/named.conf.in | 5 -- bin/tests/system/kasp/ns6/named2.conf.in | 16 ----- bin/tests/system/nsec3/ns2/named.conf.in | 1 - bin/tests/system/nsec3/ns3/named-fips.conf.in | 10 ---- bin/tests/system/nsec3/ns3/named.conf.in | 4 -- .../system/nsec3/ns3/named2-fips.conf.in | 8 --- bin/tests/system/nsec3/ns3/named2.conf.in | 4 -- 22 files changed, 1 insertion(+), 177 deletions(-) diff --git a/bin/tests/system/checkconf/good-key-directory.conf b/bin/tests/system/checkconf/good-key-directory.conf index 45befffa32..07deb28993 100644 --- a/bin/tests/system/checkconf/good-key-directory.conf +++ b/bin/tests/system/checkconf/good-key-directory.conf @@ -46,7 +46,6 @@ view "localhost" { type primary; file "localhost/example.com.zone"; dnssec-policy "localhost"; - inline-signing yes; }; }; @@ -57,7 +56,6 @@ view "external" { type primary; file "external/example.com.zone"; dnssec-policy "internet"; - inline-signing yes; }; }; @@ -68,6 +66,5 @@ view "internal" { type primary; file "internal/example.com.zone"; dnssec-policy "intranet"; - inline-signing yes; }; }; diff --git a/bin/tests/system/checkconf/good.conf.in b/bin/tests/system/checkconf/good.conf.in index 2ba4a0738e..7d1f6b8576 100644 --- a/bin/tests/system/checkconf/good.conf.in +++ b/bin/tests/system/checkconf/good.conf.in @@ -104,7 +104,6 @@ view "first" { zone "clone" { type primary; file "yyy"; - inline-signing yes; max-ixfr-ratio unlimited; }; dnssec-validation auto; @@ -168,12 +167,10 @@ view "third" { zone "p" { type primary; file "pfile"; - inline-signing yes; }; zone "s" { type secondary; file "sfile"; - inline-signing yes; primaries { 1.2.3.4; }; @@ -185,7 +182,6 @@ view "fourth" { type primary; checkds explicit; file "dnssec-test.db"; - inline-signing yes; parental-agents { 1.2.3.4; 1.2.3.5; @@ -196,7 +192,6 @@ view "fourth" { zone "dnssec-default" { type primary; file "dnssec-default.db"; - inline-signing yes; parental-agents { "parents"; }; @@ -206,7 +201,6 @@ view "fourth" { type primary; checkds no; file "dnssec-inherit.db"; - inline-signing yes; }; zone "dnssec-none" { type primary; @@ -217,13 +211,11 @@ view "fourth" { type primary; checkds yes; file "dnssec-view41.db"; - inline-signing yes; dnssec-policy "test"; }; zone "dnssec-view2" { type primary; file "dnssec-view42.db"; - inline-signing yes; }; zone "dnssec-view3" { type primary; @@ -243,20 +235,17 @@ view "fifth" { zone "dnssec-view1" { type primary; file "dnssec-view51.db"; - inline-signing yes; dnssec-policy "test"; }; zone "dnssec-view2" { type primary; file "dnssec-view52.db"; - inline-signing yes; dnssec-policy "test"; key-directory "keys"; }; zone "dnssec-view3" { type primary; file "dnssec-view53.db"; - inline-signing yes; dnssec-policy "default"; key-directory "keys"; }; @@ -271,7 +260,6 @@ view "chaos" chaos { zone "hostname.bind" chaos { type primary; database "_builtin hostname"; - inline-signing yes; }; }; dyndb "name" "library.so" { diff --git a/bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf b/bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf index a5a71d39bb..8dc710f29c 100644 --- a/bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf +++ b/bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf @@ -57,5 +57,4 @@ zone "example.net" { type primary; file "example.db"; dnssec-policy "default"; - inline-signing yes; }; diff --git a/bin/tests/system/checkconf/kasp-bad-signatures-refresh.conf b/bin/tests/system/checkconf/kasp-bad-signatures-refresh.conf index 197ff17d3f..dd907dddd2 100644 --- a/bin/tests/system/checkconf/kasp-bad-signatures-refresh.conf +++ b/bin/tests/system/checkconf/kasp-bad-signatures-refresh.conf @@ -34,13 +34,11 @@ dnssec-policy "bad-sigrefresh-dnskey" { zone "sigrefresh.example.net" { type primary; file "sigrefresh.example.db"; - inline-signing yes; dnssec-policy "bad-sigrefresh"; }; zone "dnskey.example.net" { type primary; file "dnskey.example.db"; - inline-signing yes; dnssec-policy "bad-sigrefresh-dnskey"; }; diff --git a/bin/tests/system/checkconf/kasp-ignore-keylen.conf b/bin/tests/system/checkconf/kasp-ignore-keylen.conf index c9787d4180..fae3e4120d 100644 --- a/bin/tests/system/checkconf/kasp-ignore-keylen.conf +++ b/bin/tests/system/checkconf/kasp-ignore-keylen.conf @@ -22,6 +22,5 @@ zone "example.net" { type primary; file "example.db"; dnssec-policy "warn-length"; - inline-signing yes; }; diff --git a/bin/tests/system/checkconf/kasp-warning.conf b/bin/tests/system/checkconf/kasp-warning.conf index 41b6d6f27c..4c05b5ad02 100644 --- a/bin/tests/system/checkconf/kasp-warning.conf +++ b/bin/tests/system/checkconf/kasp-warning.conf @@ -42,21 +42,18 @@ dnssec-policy "warn3" { zone "warn1.example.net" { type primary; file "warn1.example.db"; - inline-signing yes; dnssec-policy "warn1"; }; zone "warn2.example.net" { type primary; file "warn2.example.db"; - inline-signing yes; dnssec-policy "warn2"; }; zone "warn3.example.net" { type primary; file "warn3.example.db"; - inline-signing yes; dnssec-policy "warn3"; }; diff --git a/bin/tests/system/checkds/ns9/named.conf.in b/bin/tests/system/checkds/ns9/named.conf.in index 9f3ab8816c..54dea08527 100644 --- a/bin/tests/system/checkds/ns9/named.conf.in +++ b/bin/tests/system/checkds/ns9/named.conf.in @@ -54,7 +54,6 @@ zone "." { zone "good.explicit.dspublish.ns2" { type primary; file "good.explicit.dspublish.ns2.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { 10.53.0.8 port @PORT@; }; }; @@ -63,7 +62,6 @@ zone "good.explicit.dspublish.ns2" { zone "reference.explicit.dspublish.ns2" { type primary; file "reference.explicit.dspublish.ns2.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { "ns8"; }; }; @@ -72,7 +70,6 @@ zone "reference.explicit.dspublish.ns2" { zone "resolver.explicit.dspublish.ns2" { type primary; file "resolver.explicit.dspublish.ns2.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { 10.53.0.3 port @PORT@; @@ -83,7 +80,6 @@ zone "resolver.explicit.dspublish.ns2" { zone "good.yes.dspublish.ns2" { type primary; file "good.yes.dspublish.ns2.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -91,7 +87,6 @@ zone "good.yes.dspublish.ns2" { zone "good.no.dspublish.ns2" { type primary; file "good.no.dspublish.ns2.db"; - inline-signing yes; dnssec-policy "default"; checkds no; }; @@ -100,7 +95,6 @@ zone "good.no.dspublish.ns2" { zone "no-ent.ns2" { type primary; file "no-ent.ns2.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -112,7 +106,6 @@ zone "no-ent.ns2" { zone "not-yet.explicit.dspublish.ns5" { type primary; file "not-yet.explicit.dspublish.ns5.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { 10.53.0.5 port @PORT@; // missing @@ -122,7 +115,6 @@ zone "not-yet.explicit.dspublish.ns5" { zone "not-yet.yes.dspublish.ns5" { type primary; file "not-yet.yes.dspublish.ns5.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -134,7 +126,6 @@ zone "not-yet.yes.dspublish.ns5" { zone "bad.explicit.dspublish.ns6" { type primary; file "bad.explicit.dspublish.ns6.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { 10.53.0.6 port @PORT@; // bad @@ -144,7 +135,6 @@ zone "bad.explicit.dspublish.ns6" { zone "bad.yes.dspublish.ns6" { type primary; file "bad.yes.dspublish.ns6.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -163,7 +153,6 @@ zone "bad.yes.dspublish.ns6" { zone "good.explicit.dspublish.ns2-4" { type primary; file "good.explicit.dspublish.ns2-4.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { 10.53.0.8 port @PORT@; @@ -174,14 +163,12 @@ zone "good.explicit.dspublish.ns2-4" { zone "good.yes.dspublish.ns2-4" { type primary; file "good.yes.dspublish.ns2-4.db"; - inline-signing yes; dnssec-policy "default"; }; zone "good.no.dspublish.ns2-4" { type primary; file "good.no.dspublish.ns2-4.db"; - inline-signing yes; dnssec-policy "default"; checkds no; }; @@ -194,7 +181,6 @@ zone "good.no.dspublish.ns2-4" { zone "incomplete.explicit.dspublish.ns2-4-5" { type primary; file "incomplete.explicit.dspublish.ns2-4-5.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { 10.53.0.8 port @PORT@; @@ -206,7 +192,6 @@ zone "incomplete.explicit.dspublish.ns2-4-5" { zone "incomplete.yes.dspublish.ns2-4-5" { type primary; file "incomplete.yes.dspublish.ns2-4-5.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -218,7 +203,6 @@ zone "incomplete.yes.dspublish.ns2-4-5" { zone "bad.explicit.dspublish.ns2-4-6" { type primary; file "bad.explicit.dspublish.ns2-4-6.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { 10.53.0.8 port @PORT@; @@ -230,7 +214,6 @@ zone "bad.explicit.dspublish.ns2-4-6" { zone "bad.yes.dspublish.ns2-4-6" { type primary; file "bad.yes.dspublish.ns2-4-6.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -253,7 +236,6 @@ zone "bad.yes.dspublish.ns2-4-6" { zone "good.explicit.dsremoved.ns5" { type primary; file "good.explicit.dsremoved.ns5.db"; - inline-signing yes; dnssec-policy "insecure"; parental-agents { 10.53.0.10 port @PORT@; }; }; @@ -261,7 +243,6 @@ zone "good.explicit.dsremoved.ns5" { zone "resolver.explicit.dsremoved.ns5" { type primary; file "resolver.explicit.dsremoved.ns5.db"; - inline-signing yes; dnssec-policy "default"; parental-agents { 10.53.0.3 port @PORT@; @@ -271,14 +252,12 @@ zone "resolver.explicit.dsremoved.ns5" { zone "good.yes.dsremoved.ns5" { type primary; file "good.yes.dsremoved.ns5.db"; - inline-signing yes; dnssec-policy "insecure"; }; zone "good.no.dsremoved.ns5" { type primary; file "good.no.dsremoved.ns5.db"; - inline-signing yes; dnssec-policy "insecure"; checkds no; }; @@ -286,7 +265,6 @@ zone "good.no.dsremoved.ns5" { zone "no-ent.ns5" { type primary; file "no-ent.ns5.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -298,7 +276,6 @@ zone "no-ent.ns5" { zone "still-there.explicit.dsremoved.ns2" { type primary; file "still-there.explicit.dsremoved.ns2.db"; - inline-signing yes; dnssec-policy "insecure"; parental-agents { 10.53.0.2 port @PORT@; // still published @@ -308,7 +285,6 @@ zone "still-there.explicit.dsremoved.ns2" { zone "still-there.yes.dsremoved.ns2" { type primary; file "still-there.yes.dsremoved.ns2.db"; - inline-signing yes; dnssec-policy "insecure"; }; @@ -320,7 +296,6 @@ zone "still-there.yes.dsremoved.ns2" { zone "bad.explicit.dsremoved.ns6" { type primary; file "bad.explicit.dsremoved.ns6.db"; - inline-signing yes; dnssec-policy "insecure"; parental-agents { 10.53.0.6 port @PORT@; // bad @@ -330,7 +305,6 @@ zone "bad.explicit.dsremoved.ns6" { zone "bad.yes.dsremoved.ns6" { type primary; file "bad.yes.dsremoved.ns6.db"; - inline-signing yes; dnssec-policy "insecure"; }; @@ -349,7 +323,6 @@ zone "bad.yes.dsremoved.ns6" { zone "good.explicit.dsremoved.ns5-7" { type primary; file "good.explicit.dsremoved.ns5-7.db"; - inline-signing yes; dnssec-policy "insecure"; parental-agents { 10.53.0.10 port @PORT@; @@ -360,14 +333,12 @@ zone "good.explicit.dsremoved.ns5-7" { zone "good.yes.dsremoved.ns5-7" { type primary; file "good.yes.dsremoved.ns5-7.db"; - inline-signing yes; dnssec-policy "insecure"; }; zone "good.no.dsremoved.ns5-7" { type primary; file "good.no.dsremoved.ns5-7.db"; - inline-signing yes; dnssec-policy "insecure"; checkds no; }; @@ -380,7 +351,6 @@ zone "good.no.dsremoved.ns5-7" { zone "incomplete.explicit.dsremoved.ns2-5-7" { type primary; file "incomplete.explicit.dsremoved.ns2-5-7.db"; - inline-signing yes; dnssec-policy "insecure"; parental-agents { 10.53.0.2 port @PORT@; // still published @@ -392,7 +362,6 @@ zone "incomplete.explicit.dsremoved.ns2-5-7" { zone "incomplete.yes.dsremoved.ns2-5-7" { type primary; file "incomplete.yes.dsremoved.ns2-5-7.db"; - inline-signing yes; dnssec-policy "insecure"; }; @@ -404,7 +373,6 @@ zone "incomplete.yes.dsremoved.ns2-5-7" { zone "bad.explicit.dsremoved.ns5-6-7" { type primary; file "bad.explicit.dsremoved.ns5-6-7.db"; - inline-signing yes; dnssec-policy "insecure"; parental-agents { 10.53.0.10 port @PORT@; @@ -416,7 +384,6 @@ zone "bad.explicit.dsremoved.ns5-6-7" { zone "bad.yes.dsremoved.ns5-6-7" { type primary; file "bad.yes.dsremoved.ns5-6-7.db"; - inline-signing yes; dnssec-policy "insecure"; }; diff --git a/bin/tests/system/kasp/ns2/named.conf.in b/bin/tests/system/kasp/ns2/named.conf.in index bdbacc2c3d..b23b9d565f 100644 --- a/bin/tests/system/kasp/ns2/named.conf.in +++ b/bin/tests/system/kasp/ns2/named.conf.in @@ -49,7 +49,6 @@ zone "signed.tld" { type primary; file "signed.tld.db"; dnssec-policy "default"; - inline-signing yes; }; /* Primary service for ns3 */ diff --git a/bin/tests/system/kasp/ns3/ed25519.conf b/bin/tests/system/kasp/ns3/ed25519.conf index 999fa2f657..b64c0c8471 100644 --- a/bin/tests/system/kasp/ns3/ed25519.conf +++ b/bin/tests/system/kasp/ns3/ed25519.conf @@ -24,6 +24,5 @@ dnssec-policy "ed25519" { zone "ed25519.kasp" { type primary; file "ed25519.kasp.db"; - inline-signing yes; dnssec-policy "ed25519"; }; diff --git a/bin/tests/system/kasp/ns3/ed448.conf b/bin/tests/system/kasp/ns3/ed448.conf index e9c8312a43..ee4c494892 100644 --- a/bin/tests/system/kasp/ns3/ed448.conf +++ b/bin/tests/system/kasp/ns3/ed448.conf @@ -24,6 +24,5 @@ dnssec-policy "ed448" { zone "ed448.kasp" { type primary; file "ed448.kasp.db"; - inline-signing yes; dnssec-policy "ed448"; }; diff --git a/bin/tests/system/kasp/ns3/named-fips.conf.in b/bin/tests/system/kasp/ns3/named-fips.conf.in index 61cc6d410d..0f1d2c1e2e 100644 --- a/bin/tests/system/kasp/ns3/named-fips.conf.in +++ b/bin/tests/system/kasp/ns3/named-fips.conf.in @@ -45,7 +45,6 @@ controls { zone "default.kasp" { type primary; file "default.kasp.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -53,7 +52,6 @@ zone "default.kasp" { zone "checkds-ksk.kasp" { type primary; file "checkds-ksk.kasp.db"; - inline-signing yes; dnssec-policy "checkds-ksk"; }; @@ -61,7 +59,6 @@ zone "checkds-ksk.kasp" { zone "checkds-doubleksk.kasp" { type primary; file "checkds-doubleksk.kasp.db"; - inline-signing yes; dnssec-policy "checkds-doubleksk"; }; @@ -69,7 +66,6 @@ zone "checkds-doubleksk.kasp" { zone "checkds-csk.kasp" { type primary; file "checkds-csk.kasp.db"; - inline-signing yes; dnssec-policy "checkds-csk"; }; @@ -77,7 +73,6 @@ zone "checkds-csk.kasp" { zone "unlimited.kasp" { type primary; file "unlimited.kasp.db"; - inline-signing yes; dnssec-policy "unlimited"; }; @@ -85,14 +80,12 @@ zone "unlimited.kasp" { zone "manual-rollover.kasp" { type primary; file "manual-rollover.kasp.db"; - inline-signing yes; dnssec-policy "manual-rollover"; }; /* A zone that inherits dnssec-policy. */ zone "inherit.kasp" { type primary; - inline-signing yes; file "inherit.kasp.db"; }; @@ -100,7 +93,6 @@ zone "inherit.kasp" { zone "unsigned.kasp" { type primary; file "unsigned.kasp.db"; - inline-signing yes; dnssec-policy "none"; }; @@ -108,7 +100,6 @@ zone "unsigned.kasp" { zone "insecure.kasp" { type primary; file "insecure.kasp.db"; - inline-signing yes; dnssec-policy "insecure"; }; @@ -116,7 +107,6 @@ zone "insecure.kasp" { zone "dnssec-keygen.kasp" { type primary; file "dnssec-keygen.kasp.db"; - inline-signing yes; dnssec-policy "rsasha256"; }; @@ -125,7 +115,6 @@ zone "secondary.kasp" { type secondary; primaries { 10.53.0.2; }; file "secondary.kasp.db"; - inline-signing yes; dnssec-policy "rsasha256"; }; @@ -143,7 +132,6 @@ zone "dynamic-inline-signing.kasp" { file "dynamic-inline-signing.kasp.db"; dnssec-policy "default"; allow-update { any; }; - inline-signing yes; }; /* An inline-signed zone with dnssec-policy. */ @@ -151,7 +139,6 @@ zone "inline-signing.kasp" { type primary; file "inline-signing.kasp.db"; dnssec-policy "default"; - inline-signing yes; }; /* @@ -160,7 +147,6 @@ zone "inline-signing.kasp" { zone "some-keys.kasp" { type primary; file "some-keys.kasp.db"; - inline-signing yes; dnssec-policy "rsasha256"; }; @@ -170,7 +156,6 @@ zone "some-keys.kasp" { zone "legacy-keys.kasp" { type primary; file "legacy-keys.kasp.db"; - inline-signing yes; dnssec-policy "migrate-to-dnssec-policy"; }; @@ -180,7 +165,6 @@ zone "legacy-keys.kasp" { zone "pregenerated.kasp" { type primary; file "pregenerated.kasp.db"; - inline-signing yes; dnssec-policy "rsasha256"; }; @@ -191,7 +175,6 @@ zone "pregenerated.kasp" { zone "rumoured.kasp" { type primary; file "rumoured.kasp.db"; - inline-signing yes; dnssec-policy "rsasha256"; }; @@ -209,25 +192,21 @@ zone "multisigner-model2.kasp" { zone "rsasha256.kasp" { type primary; file "rsasha256.kasp.db"; - inline-signing yes; dnssec-policy "rsasha256"; }; zone "rsasha512.kasp" { type primary; file "rsasha512.kasp.db"; - inline-signing yes; dnssec-policy "rsasha512"; }; zone "ecdsa256.kasp" { type primary; file "ecdsa256.kasp.db"; - inline-signing yes; dnssec-policy "ecdsa256"; }; zone "ecdsa384.kasp" { type primary; file "ecdsa384.kasp.db"; - inline-signing yes; dnssec-policy "ecdsa384"; }; @@ -237,7 +216,6 @@ zone "ecdsa384.kasp" { zone "max-zone-ttl.kasp" { type primary; file "max-zone-ttl.kasp.db"; - inline-signing yes; dnssec-policy "ttl"; }; @@ -262,7 +240,6 @@ zone "three-is-a-crowd.kasp" { zone "expired-sigs.autosign" { type primary; file "expired-sigs.autosign.db"; - inline-signing yes; dnssec-policy "autosign"; }; @@ -272,7 +249,6 @@ zone "expired-sigs.autosign" { zone "fresh-sigs.autosign" { type primary; file "fresh-sigs.autosign.db"; - inline-signing yes; dnssec-policy "autosign"; }; @@ -282,7 +258,6 @@ zone "fresh-sigs.autosign" { zone "unfresh-sigs.autosign" { type primary; file "unfresh-sigs.autosign.db"; - inline-signing yes; dnssec-policy "autosign"; }; @@ -292,7 +267,6 @@ zone "unfresh-sigs.autosign" { zone "ksk-missing.autosign" { type primary; file "ksk-missing.autosign.db"; - inline-signing yes; dnssec-policy "autosign"; }; @@ -302,7 +276,6 @@ zone "ksk-missing.autosign" { zone "zsk-missing.autosign" { type primary; file "zsk-missing.autosign.db"; - inline-signing yes; dnssec-policy "autosign"; }; @@ -312,7 +285,6 @@ zone "zsk-missing.autosign" { zone "zsk-retired.autosign" { type primary; file "zsk-retired.autosign.db"; - inline-signing yes; dnssec-policy "autosign"; }; @@ -322,25 +294,21 @@ zone "zsk-retired.autosign" { zone "step1.enable-dnssec.autosign" { type primary; file "step1.enable-dnssec.autosign.db"; - inline-signing yes; dnssec-policy "enable-dnssec"; }; zone "step2.enable-dnssec.autosign" { type primary; file "step2.enable-dnssec.autosign.db"; - inline-signing yes; dnssec-policy "enable-dnssec"; }; zone "step3.enable-dnssec.autosign" { type primary; file "step3.enable-dnssec.autosign.db"; - inline-signing yes; dnssec-policy "enable-dnssec"; }; zone "step4.enable-dnssec.autosign" { type primary; file "step4.enable-dnssec.autosign.db"; - inline-signing yes; dnssec-policy "enable-dnssec"; }; @@ -350,37 +318,31 @@ zone "step4.enable-dnssec.autosign" { zone "step1.zsk-prepub.autosign" { type primary; file "step1.zsk-prepub.autosign.db"; - inline-signing yes; dnssec-policy "zsk-prepub"; }; zone "step2.zsk-prepub.autosign" { type primary; file "step2.zsk-prepub.autosign.db"; - inline-signing yes; dnssec-policy "zsk-prepub"; }; zone "step3.zsk-prepub.autosign" { type primary; file "step3.zsk-prepub.autosign.db"; - inline-signing yes; dnssec-policy "zsk-prepub"; }; zone "step4.zsk-prepub.autosign" { type primary; file "step4.zsk-prepub.autosign.db"; - inline-signing yes; dnssec-policy "zsk-prepub"; }; zone "step5.zsk-prepub.autosign" { type primary; file "step5.zsk-prepub.autosign.db"; - inline-signing yes; dnssec-policy "zsk-prepub"; }; zone "step6.zsk-prepub.autosign" { type primary; file "step6.zsk-prepub.autosign.db"; - inline-signing yes; dnssec-policy "zsk-prepub"; }; @@ -390,37 +352,31 @@ zone "step6.zsk-prepub.autosign" { zone "step1.ksk-doubleksk.autosign" { type primary; file "step1.ksk-doubleksk.autosign.db"; - inline-signing yes; dnssec-policy "ksk-doubleksk"; }; zone "step2.ksk-doubleksk.autosign" { type primary; file "step2.ksk-doubleksk.autosign.db"; - inline-signing yes; dnssec-policy "ksk-doubleksk"; }; zone "step3.ksk-doubleksk.autosign" { type primary; file "step3.ksk-doubleksk.autosign.db"; - inline-signing yes; dnssec-policy "ksk-doubleksk"; }; zone "step4.ksk-doubleksk.autosign" { type primary; file "step4.ksk-doubleksk.autosign.db"; - inline-signing yes; dnssec-policy "ksk-doubleksk"; }; zone "step5.ksk-doubleksk.autosign" { type primary; file "step5.ksk-doubleksk.autosign.db"; - inline-signing yes; dnssec-policy "ksk-doubleksk"; }; zone "step6.ksk-doubleksk.autosign" { type primary; file "step6.ksk-doubleksk.autosign.db"; - inline-signing yes; dnssec-policy "ksk-doubleksk"; }; @@ -430,91 +386,76 @@ zone "step6.ksk-doubleksk.autosign" { zone "step1.csk-roll.autosign" { type primary; file "step1.csk-roll.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll"; }; zone "step2.csk-roll.autosign" { type primary; file "step2.csk-roll.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll"; }; zone "step3.csk-roll.autosign" { type primary; file "step3.csk-roll.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll"; }; zone "step4.csk-roll.autosign" { type primary; file "step4.csk-roll.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll"; }; zone "step5.csk-roll.autosign" { type primary; file "step5.csk-roll.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll"; }; zone "step6.csk-roll.autosign" { type primary; file "step6.csk-roll.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll"; }; zone "step7.csk-roll.autosign" { type primary; file "step7.csk-roll.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll"; }; zone "step8.csk-roll.autosign" { type primary; file "step8.csk-roll.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll"; }; zone "step1.csk-roll2.autosign" { type primary; file "step1.csk-roll2.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll2"; }; zone "step2.csk-roll2.autosign" { type primary; file "step2.csk-roll2.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll2"; }; zone "step3.csk-roll2.autosign" { type primary; file "step3.csk-roll2.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll2"; }; zone "step4.csk-roll2.autosign" { type primary; file "step4.csk-roll2.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll2"; }; zone "step5.csk-roll2.autosign" { type primary; file "step5.csk-roll2.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll2"; }; zone "step6.csk-roll2.autosign" { type primary; file "step6.csk-roll2.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll2"; }; zone "step7.csk-roll2.autosign" { type primary; file "step7.csk-roll2.autosign.db"; - inline-signing yes; dnssec-policy "csk-roll2"; }; diff --git a/bin/tests/system/kasp/ns3/named.conf.in b/bin/tests/system/kasp/ns3/named.conf.in index 92e007d1e7..921ecc89d1 100644 --- a/bin/tests/system/kasp/ns3/named.conf.in +++ b/bin/tests/system/kasp/ns3/named.conf.in @@ -18,13 +18,11 @@ include "named-fips.conf"; zone "rsasha1.kasp" { type primary; file "rsasha1.kasp.db"; - inline-signing yes; dnssec-policy "rsasha1"; }; zone "rsasha1-nsec3.kasp" { type primary; file "rsasha1-nsec3.kasp.db"; - inline-signing yes; dnssec-policy "rsasha1-nsec3"; }; diff --git a/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in b/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in index 320f221252..6778bac4d3 100644 --- a/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in +++ b/bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in @@ -34,6 +34,7 @@ dnssec-policy "manual-rollover" { dnssec-policy "multisigner-model2" { dnskey-ttl 3600; + inline-signing no; keys { ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@; diff --git a/bin/tests/system/kasp/ns4/named.conf.in b/bin/tests/system/kasp/ns4/named.conf.in index 0871546af5..dd245ca919 100644 --- a/bin/tests/system/kasp/ns4/named.conf.in +++ b/bin/tests/system/kasp/ns4/named.conf.in @@ -76,14 +76,12 @@ view "inherit" { zone "inherit.inherit.signed" { type primary; file "inherit.inherit.signed.db"; - inline-signing yes; }; /* Override dnssec-policy */ zone "override.inherit.signed" { type primary; file "override.inherit.signed.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -103,14 +101,12 @@ view "override" { zone "inherit.override.signed" { type primary; file "inherit.override.signed.db"; - inline-signing yes; }; /* Override dnssec-policy */ zone "override.override.signed" { type primary; file "override.override.signed.db"; - inline-signing yes; dnssec-policy "test"; }; @@ -136,7 +132,6 @@ view "none" { zone "override.none.signed" { type primary; file "override.none.signed.db"; - inline-signing yes; dnssec-policy "test"; }; @@ -166,7 +161,6 @@ view "example2" { zone "example.net" { type primary; file "example2.db"; - inline-signing yes; }; }; diff --git a/bin/tests/system/kasp/ns5/named.conf.in b/bin/tests/system/kasp/ns5/named.conf.in index 44855b92d5..643e6494c6 100644 --- a/bin/tests/system/kasp/ns5/named.conf.in +++ b/bin/tests/system/kasp/ns5/named.conf.in @@ -67,7 +67,6 @@ view "inherit" { zone "override.inherit.unsigned" { type primary; file "override.inherit.unsigned.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -87,14 +86,12 @@ view "override" { zone "inherit.override.unsigned" { type primary; file "inherit.override.unsigned.db"; - inline-signing yes; }; /* Override dnssec-policy */ zone "override.override.unsigned" { type primary; file "override.override.unsigned.db"; - inline-signing yes; dnssec-policy "test"; }; @@ -120,7 +117,6 @@ view "none" { zone "override.none.unsigned" { type primary; file "override.none.unsigned.db"; - inline-signing yes; dnssec-policy "test"; }; diff --git a/bin/tests/system/kasp/ns6/named.conf.in b/bin/tests/system/kasp/ns6/named.conf.in index a4b9ef8af7..3a3536de97 100644 --- a/bin/tests/system/kasp/ns6/named.conf.in +++ b/bin/tests/system/kasp/ns6/named.conf.in @@ -51,7 +51,6 @@ zone "dynamic2inline.kasp" { zone "step1.going-insecure.kasp" { type primary; file "step1.going-insecure.kasp.db"; - inline-signing yes; dnssec-policy "unsigning"; }; @@ -66,7 +65,6 @@ zone "step1.going-insecure-dynamic.kasp" { zone "step1.going-straight-to-none.kasp" { type primary; file "step1.going-straight-to-none.kasp.db"; - inline-signing yes; dnssec-policy "default"; }; @@ -82,14 +80,12 @@ zone "step1.going-straight-to-none-dynamic.kasp" { zone "step1.algorithm-roll.kasp" { type primary; file "step1.algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "rsasha256"; }; zone "step1.csk-algorithm-roll.kasp" { type primary; file "step1.csk-algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "csk-algoroll"; }; @@ -102,6 +98,5 @@ dnssec-policy "modified" { zone example { type primary; file "example.db"; - inline-signing yes; dnssec-policy modified; }; diff --git a/bin/tests/system/kasp/ns6/named2.conf.in b/bin/tests/system/kasp/ns6/named2.conf.in index 5edcbcbe77..9a1be143b6 100644 --- a/bin/tests/system/kasp/ns6/named2.conf.in +++ b/bin/tests/system/kasp/ns6/named2.conf.in @@ -43,7 +43,6 @@ zone "dynamic2inline.kasp" { type primary; file "dynamic2inline.kasp.db"; allow-update { any; }; - inline-signing yes; dnssec-policy "default"; }; @@ -51,14 +50,12 @@ zone "dynamic2inline.kasp" { zone "step1.going-insecure.kasp" { type primary; file "step1.going-insecure.kasp.db"; - inline-signing yes; dnssec-policy "insecure"; }; zone "step2.going-insecure.kasp" { type primary; file "step2.going-insecure.kasp.db"; - inline-signing yes; dnssec-policy "insecure"; }; @@ -98,42 +95,36 @@ zone "step1.going-straight-to-none-dynamic.kasp" { zone "step1.algorithm-roll.kasp" { type primary; file "step1.algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "ecdsa256"; }; zone "step2.algorithm-roll.kasp" { type primary; file "step2.algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "ecdsa256"; }; zone "step3.algorithm-roll.kasp" { type primary; file "step3.algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "ecdsa256"; }; zone "step4.algorithm-roll.kasp" { type primary; file "step4.algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "ecdsa256"; }; zone "step5.algorithm-roll.kasp" { type primary; file "step5.algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "ecdsa256"; }; zone "step6.algorithm-roll.kasp" { type primary; file "step6.algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "ecdsa256"; }; @@ -143,42 +134,36 @@ zone "step6.algorithm-roll.kasp" { zone "step1.csk-algorithm-roll.kasp" { type primary; file "step1.csk-algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "csk-algoroll"; }; zone "step2.csk-algorithm-roll.kasp" { type primary; file "step2.csk-algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "csk-algoroll"; }; zone "step3.csk-algorithm-roll.kasp" { type primary; file "step3.csk-algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "csk-algoroll"; }; zone "step4.csk-algorithm-roll.kasp" { type primary; file "step4.csk-algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "csk-algoroll"; }; zone "step5.csk-algorithm-roll.kasp" { type primary; file "step5.csk-algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "csk-algoroll"; }; zone "step6.csk-algorithm-roll.kasp" { type primary; file "step6.csk-algorithm-roll.kasp.db"; - inline-signing yes; dnssec-policy "csk-algoroll"; }; @@ -191,6 +176,5 @@ dnssec-policy "modified" { zone example { type primary; file "example.db"; - inline-signing yes; dnssec-policy modified; }; diff --git a/bin/tests/system/nsec3/ns2/named.conf.in b/bin/tests/system/nsec3/ns2/named.conf.in index f4cc1b0e5c..924e9d26cb 100644 --- a/bin/tests/system/nsec3/ns2/named.conf.in +++ b/bin/tests/system/nsec3/ns2/named.conf.in @@ -42,6 +42,5 @@ controls { zone "nsec3-xfr-inline.kasp" { type primary; file "nsec3-xfr-inline.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; diff --git a/bin/tests/system/nsec3/ns3/named-fips.conf.in b/bin/tests/system/nsec3/ns3/named-fips.conf.in index 14c09ebe88..7890d4aa6d 100644 --- a/bin/tests/system/nsec3/ns3/named-fips.conf.in +++ b/bin/tests/system/nsec3/ns3/named-fips.conf.in @@ -56,7 +56,6 @@ controls { zone "nsec-to-nsec3.kasp" { type primary; file "nsec-to-nsec3.kasp.db"; - inline-signing yes; dnssec-policy "nsec"; }; @@ -64,7 +63,6 @@ zone "nsec-to-nsec3.kasp" { zone "nsec3.kasp" { type primary; file "nsec3.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; @@ -79,7 +77,6 @@ zone "nsec3-dynamic.kasp" { zone "nsec3-other.kasp" { type primary; file "nsec3-other.kasp.db"; - inline-signing yes; dnssec-policy "nsec3-other"; }; @@ -87,7 +84,6 @@ zone "nsec3-other.kasp" { zone "nsec3-change.kasp" { type primary; file "nsec3-change.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; @@ -103,7 +99,6 @@ zone "nsec3-dynamic-change.kasp" { zone "nsec3-to-optout.kasp" { type primary; file "nsec3-to-optout.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; @@ -111,7 +106,6 @@ zone "nsec3-to-optout.kasp" { zone "nsec3-from-optout.kasp" { type primary; file "nsec3-from-optout.kasp.db"; - inline-signing yes; dnssec-policy "optout"; }; @@ -119,7 +113,6 @@ zone "nsec3-from-optout.kasp" { zone "nsec3-to-nsec.kasp" { type primary; file "nsec3-to-nsec.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; @@ -143,7 +136,6 @@ zone "nsec3-dynamic-to-inline.kasp" { zone "nsec3-inline-to-dynamic.kasp" { type primary; file "nsec3-inline-to-dynamic.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; @@ -151,7 +143,6 @@ zone "nsec3-inline-to-dynamic.kasp" { zone "nsec3-dynamic-update-inline.kasp" { type primary; file "nsec3-dynamic-update-inline.kasp.db"; - inline-signing yes; allow-update { any; }; dnssec-policy "nsec"; }; @@ -159,7 +150,6 @@ zone "nsec3-dynamic-update-inline.kasp" { zone "nsec3-xfr-inline.kasp" { type secondary; file "nsec3-xfr-inline.kasp.db"; - inline-signing yes; dnssec-policy "nsec"; primaries { 10.53.0.2; }; }; diff --git a/bin/tests/system/nsec3/ns3/named.conf.in b/bin/tests/system/nsec3/ns3/named.conf.in index 74a8924d38..9b1235e36f 100644 --- a/bin/tests/system/nsec3/ns3/named.conf.in +++ b/bin/tests/system/nsec3/ns3/named.conf.in @@ -29,7 +29,6 @@ dnssec-policy "rsasha1" { zone "rsasha1-to-nsec3.kasp" { type primary; file "rsasha1-to-nsec3.kasp.db"; - inline-signing yes; dnssec-policy "rsasha1"; }; @@ -41,7 +40,6 @@ zone "rsasha1-to-nsec3.kasp" { zone "rsasha1-to-nsec3-wait.kasp" { type primary; file "rsasha1-to-nsec3-wait.kasp.db"; - inline-signing yes; dnssec-policy "rsasha1"; }; @@ -53,7 +51,6 @@ zone "rsasha1-to-nsec3-wait.kasp" { zone "nsec3-to-rsasha1.kasp" { type primary; file "nsec3-to-rsasha1.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; @@ -66,6 +63,5 @@ zone "nsec3-to-rsasha1.kasp" { zone "nsec3-to-rsasha1-ds.kasp" { type primary; file "nsec3-to-rsasha1-ds.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; diff --git a/bin/tests/system/nsec3/ns3/named2-fips.conf.in b/bin/tests/system/nsec3/ns3/named2-fips.conf.in index 1ff5925d46..87e87f2e17 100644 --- a/bin/tests/system/nsec3/ns3/named2-fips.conf.in +++ b/bin/tests/system/nsec3/ns3/named2-fips.conf.in @@ -56,7 +56,6 @@ controls { zone "nsec-to-nsec3.kasp" { type primary; file "nsec-to-nsec3.kasp.db"; - inline-signing yes; //dnssec-policy "nsec"; dnssec-policy "nsec3"; }; @@ -65,7 +64,6 @@ zone "nsec-to-nsec3.kasp" { zone "nsec3.kasp" { type primary; file "nsec3.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; }; @@ -80,7 +78,6 @@ zone "nsec3-dynamic.kasp" { zone "nsec3-other.kasp" { type primary; file "nsec3-other.kasp.db"; - inline-signing yes; dnssec-policy "nsec3-other"; }; @@ -88,7 +85,6 @@ zone "nsec3-other.kasp" { zone "nsec3-change.kasp" { type primary; file "nsec3-change.kasp.db"; - inline-signing yes; //dnssec-policy "nsec3"; dnssec-policy "nsec3-other"; }; @@ -106,7 +102,6 @@ zone "nsec3-dynamic-change.kasp" { zone "nsec3-to-optout.kasp" { type primary; file "nsec3-to-optout.kasp.db"; - inline-signing yes; //dnssec-policy "nsec3"; dnssec-policy "optout"; }; @@ -115,7 +110,6 @@ zone "nsec3-to-optout.kasp" { zone "nsec3-from-optout.kasp" { type primary; file "nsec3-from-optout.kasp.db"; - inline-signing yes; //dnssec-policy "optout"; dnssec-policy "nsec3"; }; @@ -124,7 +118,6 @@ zone "nsec3-from-optout.kasp" { zone "nsec3-to-nsec.kasp" { type primary; file "nsec3-to-nsec.kasp.db"; - inline-signing yes; //dnssec-policy "nsec3"; dnssec-policy "nsec"; }; @@ -141,7 +134,6 @@ zone "nsec3-fails-to-load.kasp" { zone "nsec3-dynamic-to-inline.kasp" { type primary; file "nsec3-dynamic-to-inline.kasp.db"; - inline-signing yes; dnssec-policy "nsec3"; allow-update { any; }; }; diff --git a/bin/tests/system/nsec3/ns3/named2.conf.in b/bin/tests/system/nsec3/ns3/named2.conf.in index 81f6c49be1..a883940f31 100644 --- a/bin/tests/system/nsec3/ns3/named2.conf.in +++ b/bin/tests/system/nsec3/ns3/named2.conf.in @@ -29,7 +29,6 @@ dnssec-policy "rsasha1" { zone "rsasha1-to-nsec3.kasp" { type primary; file "rsasha1-to-nsec3.kasp.db"; - inline-signing yes; //dnssec-policy "rsasha1"; dnssec-policy "nsec3"; }; @@ -42,7 +41,6 @@ zone "rsasha1-to-nsec3.kasp" { zone "rsasha1-to-nsec3-wait.kasp" { type primary; file "rsasha1-to-nsec3-wait.kasp.db"; - inline-signing yes; //dnssec-policy "rsasha1"; dnssec-policy "nsec3"; }; @@ -55,7 +53,6 @@ zone "rsasha1-to-nsec3-wait.kasp" { zone "nsec3-to-rsasha1.kasp" { type primary; file "nsec3-to-rsasha1.kasp.db"; - inline-signing yes; //dnssec-policy "nsec3"; dnssec-policy "rsasha1"; }; @@ -69,7 +66,6 @@ zone "nsec3-to-rsasha1.kasp" { zone "nsec3-to-rsasha1-ds.kasp" { type primary; file "nsec3-to-rsasha1-ds.kasp.db"; - inline-signing yes; //dnssec-policy "nsec3"; dnssec-policy "rsasha1"; };