mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Remove redundant inline-signing lines from tests

Browse Source 
Now that inline-signing is explicitly set in dnssec-policy, remove
the redundant "inline-signing yes;" lines from the system tests.
This commit is contained in:
Matthijs Mekking
2023-04-03 17:13:34 +02:00
parent 495597a91b
commit 62ddc3dca0
22 changed files with 1 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tests/system/checkconf/good-key-directory.conf
View File

@@ -46,7 +46,6 @@ view "localhost" {
type primary;
file "localhost/example.com.zone";
dnssec-policy "localhost";
inline-signing yes;
};
};
@@ -57,7 +56,6 @@ view "external" {
type primary;
file "external/example.com.zone";
dnssec-policy "internet";
inline-signing yes;
};
};
@@ -68,6 +66,5 @@ view "internal" {
type primary;
file "internal/example.com.zone";
dnssec-policy "intranet";
inline-signing yes;
};
};

12
bin/tests/system/checkconf/good.conf.in
View File

@@ -104,7 +104,6 @@ view "first" {
zone "clone" {
type primary;
file "yyy";
inline-signing yes;
max-ixfr-ratio unlimited;
};
dnssec-validation auto;
@@ -168,12 +167,10 @@ view "third" {
zone "p" {
type primary;
file "pfile";
inline-signing yes;
};
zone "s" {
type secondary;
file "sfile";
inline-signing yes;
primaries {
1.2.3.4;
};
@@ -185,7 +182,6 @@ view "fourth" {
type primary;
checkds explicit;
file "dnssec-test.db";
inline-signing yes;
parental-agents {
1.2.3.4;
1.2.3.5;
@@ -196,7 +192,6 @@ view "fourth" {
zone "dnssec-default" {
type primary;
file "dnssec-default.db";
inline-signing yes;
parental-agents {
"parents";
};
@@ -206,7 +201,6 @@ view "fourth" {
type primary;
checkds no;
file "dnssec-inherit.db";
inline-signing yes;
};
zone "dnssec-none" {
type primary;
@@ -217,13 +211,11 @@ view "fourth" {
type primary;
checkds yes;
file "dnssec-view41.db";
inline-signing yes;
dnssec-policy "test";
};
zone "dnssec-view2" {
type primary;
file "dnssec-view42.db";
inline-signing yes;
};
zone "dnssec-view3" {
type primary;
@@ -243,20 +235,17 @@ view "fifth" {
zone "dnssec-view1" {
type primary;
file "dnssec-view51.db";
inline-signing yes;
dnssec-policy "test";
};
zone "dnssec-view2" {
type primary;
file "dnssec-view52.db";
inline-signing yes;
dnssec-policy "test";
key-directory "keys";
};
zone "dnssec-view3" {
type primary;
file "dnssec-view53.db";
inline-signing yes;
dnssec-policy "default";
key-directory "keys";
};
@@ -271,7 +260,6 @@ view "chaos" chaos {
zone "hostname.bind" chaos {
type primary;
database "_builtin hostname";
inline-signing yes;
};
};
dyndb "name" "library.so" {

1
bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf
View File

@@ -57,5 +57,4 @@ zone "example.net" {
type primary;
file "example.db";
dnssec-policy "default";
inline-signing yes;
};

2
bin/tests/system/checkconf/kasp-bad-signatures-refresh.conf
View File

@@ -34,13 +34,11 @@ dnssec-policy "bad-sigrefresh-dnskey" {
zone "sigrefresh.example.net" {
type primary;
file "sigrefresh.example.db";
inline-signing yes;
dnssec-policy "bad-sigrefresh";
};
zone "dnskey.example.net" {
type primary;
file "dnskey.example.db";
inline-signing yes;
dnssec-policy "bad-sigrefresh-dnskey";
};

1
bin/tests/system/checkconf/kasp-ignore-keylen.conf
View File

@@ -22,6 +22,5 @@ zone "example.net" {
type primary;
file "example.db";
dnssec-policy "warn-length";
inline-signing yes;
};

3
bin/tests/system/checkconf/kasp-warning.conf
View File

@@ -42,21 +42,18 @@ dnssec-policy "warn3" {
zone "warn1.example.net" {
type primary;
file "warn1.example.db";
inline-signing yes;
dnssec-policy "warn1";
};
zone "warn2.example.net" {
type primary;
file "warn2.example.db";
inline-signing yes;
dnssec-policy "warn2";
};
zone "warn3.example.net" {
type primary;
file "warn3.example.db";
inline-signing yes;
dnssec-policy "warn3";
};

33
bin/tests/system/checkds/ns9/named.conf.in
View File

@@ -54,7 +54,6 @@ zone "." {
zone "good.explicit.dspublish.ns2" {
type primary;
file "good.explicit.dspublish.ns2.db";
inline-signing yes;
dnssec-policy "default";
parental-agents { 10.53.0.8 port @PORT@; };
};
@@ -63,7 +62,6 @@ zone "good.explicit.dspublish.ns2" {
zone "reference.explicit.dspublish.ns2" {
type primary;
file "reference.explicit.dspublish.ns2.db";
inline-signing yes;
dnssec-policy "default";
parental-agents { "ns8"; };
};
@@ -72,7 +70,6 @@ zone "reference.explicit.dspublish.ns2" {
zone "resolver.explicit.dspublish.ns2" {
type primary;
file "resolver.explicit.dspublish.ns2.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.3 port @PORT@;
@@ -83,7 +80,6 @@ zone "resolver.explicit.dspublish.ns2" {
zone "good.yes.dspublish.ns2" {
type primary;
file "good.yes.dspublish.ns2.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -91,7 +87,6 @@ zone "good.yes.dspublish.ns2" {
zone "good.no.dspublish.ns2" {
type primary;
file "good.no.dspublish.ns2.db";
inline-signing yes;
dnssec-policy "default";
checkds no;
};
@@ -100,7 +95,6 @@ zone "good.no.dspublish.ns2" {
zone "no-ent.ns2" {
type primary;
file "no-ent.ns2.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -112,7 +106,6 @@ zone "no-ent.ns2" {
zone "not-yet.explicit.dspublish.ns5" {
type primary;
file "not-yet.explicit.dspublish.ns5.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.5 port @PORT@; // missing
@@ -122,7 +115,6 @@ zone "not-yet.explicit.dspublish.ns5" {
zone "not-yet.yes.dspublish.ns5" {
type primary;
file "not-yet.yes.dspublish.ns5.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -134,7 +126,6 @@ zone "not-yet.yes.dspublish.ns5" {
zone "bad.explicit.dspublish.ns6" {
type primary;
file "bad.explicit.dspublish.ns6.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.6 port @PORT@; // bad
@@ -144,7 +135,6 @@ zone "bad.explicit.dspublish.ns6" {
zone "bad.yes.dspublish.ns6" {
type primary;
file "bad.yes.dspublish.ns6.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -163,7 +153,6 @@ zone "bad.yes.dspublish.ns6" {
zone "good.explicit.dspublish.ns2-4" {
type primary;
file "good.explicit.dspublish.ns2-4.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.8 port @PORT@;
@@ -174,14 +163,12 @@ zone "good.explicit.dspublish.ns2-4" {
zone "good.yes.dspublish.ns2-4" {
type primary;
file "good.yes.dspublish.ns2-4.db";
inline-signing yes;
dnssec-policy "default";
};
zone "good.no.dspublish.ns2-4" {
type primary;
file "good.no.dspublish.ns2-4.db";
inline-signing yes;
dnssec-policy "default";
checkds no;
};
@@ -194,7 +181,6 @@ zone "good.no.dspublish.ns2-4" {
zone "incomplete.explicit.dspublish.ns2-4-5" {
type primary;
file "incomplete.explicit.dspublish.ns2-4-5.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.8 port @PORT@;
@@ -206,7 +192,6 @@ zone "incomplete.explicit.dspublish.ns2-4-5" {
zone "incomplete.yes.dspublish.ns2-4-5" {
type primary;
file "incomplete.yes.dspublish.ns2-4-5.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -218,7 +203,6 @@ zone "incomplete.yes.dspublish.ns2-4-5" {
zone "bad.explicit.dspublish.ns2-4-6" {
type primary;
file "bad.explicit.dspublish.ns2-4-6.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.8 port @PORT@;
@@ -230,7 +214,6 @@ zone "bad.explicit.dspublish.ns2-4-6" {
zone "bad.yes.dspublish.ns2-4-6" {
type primary;
file "bad.yes.dspublish.ns2-4-6.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -253,7 +236,6 @@ zone "bad.yes.dspublish.ns2-4-6" {
zone "good.explicit.dsremoved.ns5" {
type primary;
file "good.explicit.dsremoved.ns5.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents { 10.53.0.10 port @PORT@; };
};
@@ -261,7 +243,6 @@ zone "good.explicit.dsremoved.ns5" {
zone "resolver.explicit.dsremoved.ns5" {
type primary;
file "resolver.explicit.dsremoved.ns5.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.3 port @PORT@;
@@ -271,14 +252,12 @@ zone "resolver.explicit.dsremoved.ns5" {
zone "good.yes.dsremoved.ns5" {
type primary;
file "good.yes.dsremoved.ns5.db";
inline-signing yes;
dnssec-policy "insecure";
};
zone "good.no.dsremoved.ns5" {
type primary;
file "good.no.dsremoved.ns5.db";
inline-signing yes;
dnssec-policy "insecure";
checkds no;
};
@@ -286,7 +265,6 @@ zone "good.no.dsremoved.ns5" {
zone "no-ent.ns5" {
type primary;
file "no-ent.ns5.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -298,7 +276,6 @@ zone "no-ent.ns5" {
zone "still-there.explicit.dsremoved.ns2" {
type primary;
file "still-there.explicit.dsremoved.ns2.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.2 port @PORT@; // still published
@@ -308,7 +285,6 @@ zone "still-there.explicit.dsremoved.ns2" {
zone "still-there.yes.dsremoved.ns2" {
type primary;
file "still-there.yes.dsremoved.ns2.db";
inline-signing yes;
dnssec-policy "insecure";
};
@@ -320,7 +296,6 @@ zone "still-there.yes.dsremoved.ns2" {
zone "bad.explicit.dsremoved.ns6" {
type primary;
file "bad.explicit.dsremoved.ns6.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.6 port @PORT@; // bad
@@ -330,7 +305,6 @@ zone "bad.explicit.dsremoved.ns6" {
zone "bad.yes.dsremoved.ns6" {
type primary;
file "bad.yes.dsremoved.ns6.db";
inline-signing yes;
dnssec-policy "insecure";
};
@@ -349,7 +323,6 @@ zone "bad.yes.dsremoved.ns6" {
zone "good.explicit.dsremoved.ns5-7" {
type primary;
file "good.explicit.dsremoved.ns5-7.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.10 port @PORT@;
@@ -360,14 +333,12 @@ zone "good.explicit.dsremoved.ns5-7" {
zone "good.yes.dsremoved.ns5-7" {
type primary;
file "good.yes.dsremoved.ns5-7.db";
inline-signing yes;
dnssec-policy "insecure";
};
zone "good.no.dsremoved.ns5-7" {
type primary;
file "good.no.dsremoved.ns5-7.db";
inline-signing yes;
dnssec-policy "insecure";
checkds no;
};
@@ -380,7 +351,6 @@ zone "good.no.dsremoved.ns5-7" {
zone "incomplete.explicit.dsremoved.ns2-5-7" {
type primary;
file "incomplete.explicit.dsremoved.ns2-5-7.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.2 port @PORT@; // still published
@@ -392,7 +362,6 @@ zone "incomplete.explicit.dsremoved.ns2-5-7" {
zone "incomplete.yes.dsremoved.ns2-5-7" {
type primary;
file "incomplete.yes.dsremoved.ns2-5-7.db";
inline-signing yes;
dnssec-policy "insecure";
};
@@ -404,7 +373,6 @@ zone "incomplete.yes.dsremoved.ns2-5-7" {
zone "bad.explicit.dsremoved.ns5-6-7" {
type primary;
file "bad.explicit.dsremoved.ns5-6-7.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.10 port @PORT@;
@@ -416,7 +384,6 @@ zone "bad.explicit.dsremoved.ns5-6-7" {
zone "bad.yes.dsremoved.ns5-6-7" {
type primary;
file "bad.yes.dsremoved.ns5-6-7.db";
inline-signing yes;
dnssec-policy "insecure";
};

1
bin/tests/system/kasp/ns2/named.conf.in
View File

@@ -49,7 +49,6 @@ zone "signed.tld" {
type primary;
file "signed.tld.db";
dnssec-policy "default";
inline-signing yes;
};
/* Primary service for ns3 */

1
bin/tests/system/kasp/ns3/ed25519.conf
View File

@@ -24,6 +24,5 @@ dnssec-policy "ed25519" {
zone "ed25519.kasp" {
type primary;
file "ed25519.kasp.db";
inline-signing yes;
dnssec-policy "ed25519";
};

1
bin/tests/system/kasp/ns3/ed448.conf
View File

@@ -24,6 +24,5 @@ dnssec-policy "ed448" {
zone "ed448.kasp" {
type primary;
file "ed448.kasp.db";
inline-signing yes;
dnssec-policy "ed448";
};

59
bin/tests/system/kasp/ns3/named-fips.conf.in
View File

@@ -45,7 +45,6 @@ controls {
zone "default.kasp" {
type primary;
file "default.kasp.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -53,7 +52,6 @@ zone "default.kasp" {
zone "checkds-ksk.kasp" {
type primary;
file "checkds-ksk.kasp.db";
inline-signing yes;
dnssec-policy "checkds-ksk";
};
@@ -61,7 +59,6 @@ zone "checkds-ksk.kasp" {
zone "checkds-doubleksk.kasp" {
type primary;
file "checkds-doubleksk.kasp.db";
inline-signing yes;
dnssec-policy "checkds-doubleksk";
};
@@ -69,7 +66,6 @@ zone "checkds-doubleksk.kasp" {
zone "checkds-csk.kasp" {
type primary;
file "checkds-csk.kasp.db";
inline-signing yes;
dnssec-policy "checkds-csk";
};
@@ -77,7 +73,6 @@ zone "checkds-csk.kasp" {
zone "unlimited.kasp" {
type primary;
file "unlimited.kasp.db";
inline-signing yes;
dnssec-policy "unlimited";
};
@@ -85,14 +80,12 @@ zone "unlimited.kasp" {
zone "manual-rollover.kasp" {
type primary;
file "manual-rollover.kasp.db";
inline-signing yes;
dnssec-policy "manual-rollover";
};
/* A zone that inherits dnssec-policy. */
zone "inherit.kasp" {
type primary;
inline-signing yes;
file "inherit.kasp.db";
};
@@ -100,7 +93,6 @@ zone "inherit.kasp" {
zone "unsigned.kasp" {
type primary;
file "unsigned.kasp.db";
inline-signing yes;
dnssec-policy "none";
};
@@ -108,7 +100,6 @@ zone "unsigned.kasp" {
zone "insecure.kasp" {
type primary;
file "insecure.kasp.db";
inline-signing yes;
dnssec-policy "insecure";
};
@@ -116,7 +107,6 @@ zone "insecure.kasp" {
zone "dnssec-keygen.kasp" {
type primary;
file "dnssec-keygen.kasp.db";
inline-signing yes;
dnssec-policy "rsasha256";
};
@@ -125,7 +115,6 @@ zone "secondary.kasp" {
type secondary;
primaries { 10.53.0.2; };
file "secondary.kasp.db";
inline-signing yes;
dnssec-policy "rsasha256";
};
@@ -143,7 +132,6 @@ zone "dynamic-inline-signing.kasp" {
file "dynamic-inline-signing.kasp.db";
dnssec-policy "default";
allow-update { any; };
inline-signing yes;
};
/* An inline-signed zone with dnssec-policy. */
@@ -151,7 +139,6 @@ zone "inline-signing.kasp" {
type primary;
file "inline-signing.kasp.db";
dnssec-policy "default";
inline-signing yes;
};
/*
@@ -160,7 +147,6 @@ zone "inline-signing.kasp" {
zone "some-keys.kasp" {
type primary;
file "some-keys.kasp.db";
inline-signing yes;
dnssec-policy "rsasha256";
};
@@ -170,7 +156,6 @@ zone "some-keys.kasp" {
zone "legacy-keys.kasp" {
type primary;
file "legacy-keys.kasp.db";
inline-signing yes;
dnssec-policy "migrate-to-dnssec-policy";
};
@@ -180,7 +165,6 @@ zone "legacy-keys.kasp" {
zone "pregenerated.kasp" {
type primary;
file "pregenerated.kasp.db";
inline-signing yes;
dnssec-policy "rsasha256";
};
@@ -191,7 +175,6 @@ zone "pregenerated.kasp" {
zone "rumoured.kasp" {
type primary;
file "rumoured.kasp.db";
inline-signing yes;
dnssec-policy "rsasha256";
};
@@ -209,25 +192,21 @@ zone "multisigner-model2.kasp" {
zone "rsasha256.kasp" {
type primary;
file "rsasha256.kasp.db";
inline-signing yes;
dnssec-policy "rsasha256";
};
zone "rsasha512.kasp" {
type primary;
file "rsasha512.kasp.db";
inline-signing yes;
dnssec-policy "rsasha512";
};
zone "ecdsa256.kasp" {
type primary;
file "ecdsa256.kasp.db";
inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "ecdsa384.kasp" {
type primary;
file "ecdsa384.kasp.db";
inline-signing yes;
dnssec-policy "ecdsa384";
};
@@ -237,7 +216,6 @@ zone "ecdsa384.kasp" {
zone "max-zone-ttl.kasp" {
type primary;
file "max-zone-ttl.kasp.db";
inline-signing yes;
dnssec-policy "ttl";
};
@@ -262,7 +240,6 @@ zone "three-is-a-crowd.kasp" {
zone "expired-sigs.autosign" {
type primary;
file "expired-sigs.autosign.db";
inline-signing yes;
dnssec-policy "autosign";
};
@@ -272,7 +249,6 @@ zone "expired-sigs.autosign" {
zone "fresh-sigs.autosign" {
type primary;
file "fresh-sigs.autosign.db";
inline-signing yes;
dnssec-policy "autosign";
};
@@ -282,7 +258,6 @@ zone "fresh-sigs.autosign" {
zone "unfresh-sigs.autosign" {
type primary;
file "unfresh-sigs.autosign.db";
inline-signing yes;
dnssec-policy "autosign";
};
@@ -292,7 +267,6 @@ zone "unfresh-sigs.autosign" {
zone "ksk-missing.autosign" {
type primary;
file "ksk-missing.autosign.db";
inline-signing yes;
dnssec-policy "autosign";
};
@@ -302,7 +276,6 @@ zone "ksk-missing.autosign" {
zone "zsk-missing.autosign" {
type primary;
file "zsk-missing.autosign.db";
inline-signing yes;
dnssec-policy "autosign";
};
@@ -312,7 +285,6 @@ zone "zsk-missing.autosign" {
zone "zsk-retired.autosign" {
type primary;
file "zsk-retired.autosign.db";
inline-signing yes;
dnssec-policy "autosign";
};
@@ -322,25 +294,21 @@ zone "zsk-retired.autosign" {
zone "step1.enable-dnssec.autosign" {
type primary;
file "step1.enable-dnssec.autosign.db";
inline-signing yes;
dnssec-policy "enable-dnssec";
};
zone "step2.enable-dnssec.autosign" {
type primary;
file "step2.enable-dnssec.autosign.db";
inline-signing yes;
dnssec-policy "enable-dnssec";
};
zone "step3.enable-dnssec.autosign" {
type primary;
file "step3.enable-dnssec.autosign.db";
inline-signing yes;
dnssec-policy "enable-dnssec";
};
zone "step4.enable-dnssec.autosign" {
type primary;
file "step4.enable-dnssec.autosign.db";
inline-signing yes;
dnssec-policy "enable-dnssec";
};
@@ -350,37 +318,31 @@ zone "step4.enable-dnssec.autosign" {
zone "step1.zsk-prepub.autosign" {
type primary;
file "step1.zsk-prepub.autosign.db";
inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step2.zsk-prepub.autosign" {
type primary;
file "step2.zsk-prepub.autosign.db";
inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step3.zsk-prepub.autosign" {
type primary;
file "step3.zsk-prepub.autosign.db";
inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step4.zsk-prepub.autosign" {
type primary;
file "step4.zsk-prepub.autosign.db";
inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step5.zsk-prepub.autosign" {
type primary;
file "step5.zsk-prepub.autosign.db";
inline-signing yes;
dnssec-policy "zsk-prepub";
};
zone "step6.zsk-prepub.autosign" {
type primary;
file "step6.zsk-prepub.autosign.db";
inline-signing yes;
dnssec-policy "zsk-prepub";
};
@@ -390,37 +352,31 @@ zone "step6.zsk-prepub.autosign" {
zone "step1.ksk-doubleksk.autosign" {
type primary;
file "step1.ksk-doubleksk.autosign.db";
inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step2.ksk-doubleksk.autosign" {
type primary;
file "step2.ksk-doubleksk.autosign.db";
inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step3.ksk-doubleksk.autosign" {
type primary;
file "step3.ksk-doubleksk.autosign.db";
inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step4.ksk-doubleksk.autosign" {
type primary;
file "step4.ksk-doubleksk.autosign.db";
inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step5.ksk-doubleksk.autosign" {
type primary;
file "step5.ksk-doubleksk.autosign.db";
inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
zone "step6.ksk-doubleksk.autosign" {
type primary;
file "step6.ksk-doubleksk.autosign.db";
inline-signing yes;
dnssec-policy "ksk-doubleksk";
};
@@ -430,91 +386,76 @@ zone "step6.ksk-doubleksk.autosign" {
zone "step1.csk-roll.autosign" {
type primary;
file "step1.csk-roll.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step2.csk-roll.autosign" {
type primary;
file "step2.csk-roll.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step3.csk-roll.autosign" {
type primary;
file "step3.csk-roll.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step4.csk-roll.autosign" {
type primary;
file "step4.csk-roll.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step5.csk-roll.autosign" {
type primary;
file "step5.csk-roll.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step6.csk-roll.autosign" {
type primary;
file "step6.csk-roll.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step7.csk-roll.autosign" {
type primary;
file "step7.csk-roll.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step8.csk-roll.autosign" {
type primary;
file "step8.csk-roll.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll";
};
zone "step1.csk-roll2.autosign" {
type primary;
file "step1.csk-roll2.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step2.csk-roll2.autosign" {
type primary;
file "step2.csk-roll2.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step3.csk-roll2.autosign" {
type primary;
file "step3.csk-roll2.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step4.csk-roll2.autosign" {
type primary;
file "step4.csk-roll2.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step5.csk-roll2.autosign" {
type primary;
file "step5.csk-roll2.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step6.csk-roll2.autosign" {
type primary;
file "step6.csk-roll2.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll2";
};
zone "step7.csk-roll2.autosign" {
type primary;
file "step7.csk-roll2.autosign.db";
inline-signing yes;
dnssec-policy "csk-roll2";
};

2
bin/tests/system/kasp/ns3/named.conf.in
View File

@@ -18,13 +18,11 @@ include "named-fips.conf";
zone "rsasha1.kasp" {
type primary;
file "rsasha1.kasp.db";
inline-signing yes;
dnssec-policy "rsasha1";
};
zone "rsasha1-nsec3.kasp" {
type primary;
file "rsasha1-nsec3.kasp.db";
inline-signing yes;
dnssec-policy "rsasha1-nsec3";
};

1
bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in
View File

@@ -34,6 +34,7 @@ dnssec-policy "manual-rollover" {
dnssec-policy "multisigner-model2" {
dnskey-ttl 3600;
inline-signing no;
keys {
ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;

6
bin/tests/system/kasp/ns4/named.conf.in
View File

@@ -76,14 +76,12 @@ view "inherit" {
zone "inherit.inherit.signed" {
type primary;
file "inherit.inherit.signed.db";
inline-signing yes;
};
/* Override dnssec-policy */
zone "override.inherit.signed" {
type primary;
file "override.inherit.signed.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -103,14 +101,12 @@ view "override" {
zone "inherit.override.signed" {
type primary;
file "inherit.override.signed.db";
inline-signing yes;
};
/* Override dnssec-policy */
zone "override.override.signed" {
type primary;
file "override.override.signed.db";
inline-signing yes;
dnssec-policy "test";
};
@@ -136,7 +132,6 @@ view "none" {
zone "override.none.signed" {
type primary;
file "override.none.signed.db";
inline-signing yes;
dnssec-policy "test";
};
@@ -166,7 +161,6 @@ view "example2" {
zone "example.net" {
type primary;
file "example2.db";
inline-signing yes;
};
};

4
bin/tests/system/kasp/ns5/named.conf.in
View File

@@ -67,7 +67,6 @@ view "inherit" {
zone "override.inherit.unsigned" {
type primary;
file "override.inherit.unsigned.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -87,14 +86,12 @@ view "override" {
zone "inherit.override.unsigned" {
type primary;
file "inherit.override.unsigned.db";
inline-signing yes;
};
/* Override dnssec-policy */
zone "override.override.unsigned" {
type primary;
file "override.override.unsigned.db";
inline-signing yes;
dnssec-policy "test";
};
@@ -120,7 +117,6 @@ view "none" {
zone "override.none.unsigned" {
type primary;
file "override.none.unsigned.db";
inline-signing yes;
dnssec-policy "test";
};

5
bin/tests/system/kasp/ns6/named.conf.in
View File

@@ -51,7 +51,6 @@ zone "dynamic2inline.kasp" {
zone "step1.going-insecure.kasp" {
type primary;
file "step1.going-insecure.kasp.db";
inline-signing yes;
dnssec-policy "unsigning";
};
@@ -66,7 +65,6 @@ zone "step1.going-insecure-dynamic.kasp" {
zone "step1.going-straight-to-none.kasp" {
type primary;
file "step1.going-straight-to-none.kasp.db";
inline-signing yes;
dnssec-policy "default";
};
@@ -82,14 +80,12 @@ zone "step1.going-straight-to-none-dynamic.kasp" {
zone "step1.algorithm-roll.kasp" {
type primary;
file "step1.algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "rsasha256";
};
zone "step1.csk-algorithm-roll.kasp" {
type primary;
file "step1.csk-algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "csk-algoroll";
};
@@ -102,6 +98,5 @@ dnssec-policy "modified" {
zone example {
type primary;
file "example.db";
inline-signing yes;
dnssec-policy modified;
};

16
bin/tests/system/kasp/ns6/named2.conf.in
View File

@@ -43,7 +43,6 @@ zone "dynamic2inline.kasp" {
type primary;
file "dynamic2inline.kasp.db";
allow-update { any; };
inline-signing yes;
dnssec-policy "default";
};
@@ -51,14 +50,12 @@ zone "dynamic2inline.kasp" {
zone "step1.going-insecure.kasp" {
type primary;
file "step1.going-insecure.kasp.db";
inline-signing yes;
dnssec-policy "insecure";
};
zone "step2.going-insecure.kasp" {
type primary;
file "step2.going-insecure.kasp.db";
inline-signing yes;
dnssec-policy "insecure";
};
@@ -98,42 +95,36 @@ zone "step1.going-straight-to-none-dynamic.kasp" {
zone "step1.algorithm-roll.kasp" {
type primary;
file "step1.algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step2.algorithm-roll.kasp" {
type primary;
file "step2.algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step3.algorithm-roll.kasp" {
type primary;
file "step3.algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step4.algorithm-roll.kasp" {
type primary;
file "step4.algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step5.algorithm-roll.kasp" {
type primary;
file "step5.algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "ecdsa256";
};
zone "step6.algorithm-roll.kasp" {
type primary;
file "step6.algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "ecdsa256";
};
@@ -143,42 +134,36 @@ zone "step6.algorithm-roll.kasp" {
zone "step1.csk-algorithm-roll.kasp" {
type primary;
file "step1.csk-algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step2.csk-algorithm-roll.kasp" {
type primary;
file "step2.csk-algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step3.csk-algorithm-roll.kasp" {
type primary;
file "step3.csk-algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step4.csk-algorithm-roll.kasp" {
type primary;
file "step4.csk-algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step5.csk-algorithm-roll.kasp" {
type primary;
file "step5.csk-algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "csk-algoroll";
};
zone "step6.csk-algorithm-roll.kasp" {
type primary;
file "step6.csk-algorithm-roll.kasp.db";
inline-signing yes;
dnssec-policy "csk-algoroll";
};
@@ -191,6 +176,5 @@ dnssec-policy "modified" {
zone example {
type primary;
file "example.db";
inline-signing yes;
dnssec-policy modified;
};

1
bin/tests/system/nsec3/ns2/named.conf.in
View File

@@ -42,6 +42,5 @@ controls {
zone "nsec3-xfr-inline.kasp" {
type primary;
file "nsec3-xfr-inline.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};

10
bin/tests/system/nsec3/ns3/named-fips.conf.in
View File

@@ -56,7 +56,6 @@ controls {
zone "nsec-to-nsec3.kasp" {
type primary;
file "nsec-to-nsec3.kasp.db";
inline-signing yes;
dnssec-policy "nsec";
};
@@ -64,7 +63,6 @@ zone "nsec-to-nsec3.kasp" {
zone "nsec3.kasp" {
type primary;
file "nsec3.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};
@@ -79,7 +77,6 @@ zone "nsec3-dynamic.kasp" {
zone "nsec3-other.kasp" {
type primary;
file "nsec3-other.kasp.db";
inline-signing yes;
dnssec-policy "nsec3-other";
};
@@ -87,7 +84,6 @@ zone "nsec3-other.kasp" {
zone "nsec3-change.kasp" {
type primary;
file "nsec3-change.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};
@@ -103,7 +99,6 @@ zone "nsec3-dynamic-change.kasp" {
zone "nsec3-to-optout.kasp" {
type primary;
file "nsec3-to-optout.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};
@@ -111,7 +106,6 @@ zone "nsec3-to-optout.kasp" {
zone "nsec3-from-optout.kasp" {
type primary;
file "nsec3-from-optout.kasp.db";
inline-signing yes;
dnssec-policy "optout";
};
@@ -119,7 +113,6 @@ zone "nsec3-from-optout.kasp" {
zone "nsec3-to-nsec.kasp" {
type primary;
file "nsec3-to-nsec.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};
@@ -143,7 +136,6 @@ zone "nsec3-dynamic-to-inline.kasp" {
zone "nsec3-inline-to-dynamic.kasp" {
type primary;
file "nsec3-inline-to-dynamic.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};
@@ -151,7 +143,6 @@ zone "nsec3-inline-to-dynamic.kasp" {
zone "nsec3-dynamic-update-inline.kasp" {
type primary;
file "nsec3-dynamic-update-inline.kasp.db";
inline-signing yes;
allow-update { any; };
dnssec-policy "nsec";
};
@@ -159,7 +150,6 @@ zone "nsec3-dynamic-update-inline.kasp" {
zone "nsec3-xfr-inline.kasp" {
type secondary;
file "nsec3-xfr-inline.kasp.db";
inline-signing yes;
dnssec-policy "nsec";
primaries { 10.53.0.2; };
};

4
bin/tests/system/nsec3/ns3/named.conf.in
View File

@@ -29,7 +29,6 @@ dnssec-policy "rsasha1" {
zone "rsasha1-to-nsec3.kasp" {
type primary;
file "rsasha1-to-nsec3.kasp.db";
inline-signing yes;
dnssec-policy "rsasha1";
};
@@ -41,7 +40,6 @@ zone "rsasha1-to-nsec3.kasp" {
zone "rsasha1-to-nsec3-wait.kasp" {
type primary;
file "rsasha1-to-nsec3-wait.kasp.db";
inline-signing yes;
dnssec-policy "rsasha1";
};
@@ -53,7 +51,6 @@ zone "rsasha1-to-nsec3-wait.kasp" {
zone "nsec3-to-rsasha1.kasp" {
type primary;
file "nsec3-to-rsasha1.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};
@@ -66,6 +63,5 @@ zone "nsec3-to-rsasha1.kasp" {
zone "nsec3-to-rsasha1-ds.kasp" {
type primary;
file "nsec3-to-rsasha1-ds.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};

8
bin/tests/system/nsec3/ns3/named2-fips.conf.in
View File

@@ -56,7 +56,6 @@ controls {
zone "nsec-to-nsec3.kasp" {
type primary;
file "nsec-to-nsec3.kasp.db";
inline-signing yes;
//dnssec-policy "nsec";
dnssec-policy "nsec3";
};
@@ -65,7 +64,6 @@ zone "nsec-to-nsec3.kasp" {
zone "nsec3.kasp" {
type primary;
file "nsec3.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
};
@@ -80,7 +78,6 @@ zone "nsec3-dynamic.kasp" {
zone "nsec3-other.kasp" {
type primary;
file "nsec3-other.kasp.db";
inline-signing yes;
dnssec-policy "nsec3-other";
};
@@ -88,7 +85,6 @@ zone "nsec3-other.kasp" {
zone "nsec3-change.kasp" {
type primary;
file "nsec3-change.kasp.db";
inline-signing yes;
//dnssec-policy "nsec3";
dnssec-policy "nsec3-other";
};
@@ -106,7 +102,6 @@ zone "nsec3-dynamic-change.kasp" {
zone "nsec3-to-optout.kasp" {
type primary;
file "nsec3-to-optout.kasp.db";
inline-signing yes;
//dnssec-policy "nsec3";
dnssec-policy "optout";
};
@@ -115,7 +110,6 @@ zone "nsec3-to-optout.kasp" {
zone "nsec3-from-optout.kasp" {
type primary;
file "nsec3-from-optout.kasp.db";
inline-signing yes;
//dnssec-policy "optout";
dnssec-policy "nsec3";
};
@@ -124,7 +118,6 @@ zone "nsec3-from-optout.kasp" {
zone "nsec3-to-nsec.kasp" {
type primary;
file "nsec3-to-nsec.kasp.db";
inline-signing yes;
//dnssec-policy "nsec3";
dnssec-policy "nsec";
};
@@ -141,7 +134,6 @@ zone "nsec3-fails-to-load.kasp" {
zone "nsec3-dynamic-to-inline.kasp" {
type primary;
file "nsec3-dynamic-to-inline.kasp.db";
inline-signing yes;
dnssec-policy "nsec3";
allow-update { any; };
};

4
bin/tests/system/nsec3/ns3/named2.conf.in
View File

@@ -29,7 +29,6 @@ dnssec-policy "rsasha1" {
zone "rsasha1-to-nsec3.kasp" {
type primary;
file "rsasha1-to-nsec3.kasp.db";
inline-signing yes;
//dnssec-policy "rsasha1";
dnssec-policy "nsec3";
};
@@ -42,7 +41,6 @@ zone "rsasha1-to-nsec3.kasp" {
zone "rsasha1-to-nsec3-wait.kasp" {
type primary;
file "rsasha1-to-nsec3-wait.kasp.db";
inline-signing yes;
//dnssec-policy "rsasha1";
dnssec-policy "nsec3";
};
@@ -55,7 +53,6 @@ zone "rsasha1-to-nsec3-wait.kasp" {
zone "nsec3-to-rsasha1.kasp" {
type primary;
file "nsec3-to-rsasha1.kasp.db";
inline-signing yes;
//dnssec-policy "nsec3";
dnssec-policy "rsasha1";
};
@@ -69,7 +66,6 @@ zone "nsec3-to-rsasha1.kasp" {
zone "nsec3-to-rsasha1-ds.kasp" {
type primary;
file "nsec3-to-rsasha1-ds.kasp.db";
inline-signing yes;
//dnssec-policy "nsec3";
dnssec-policy "rsasha1";
};