diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh index 1928de89ac..c77d627f0c 100644 --- a/bin/tests/system/nsupdate/clean.sh +++ b/bin/tests/system/nsupdate/clean.sh @@ -21,7 +21,6 @@ rm -f */named.memstats rm -f */named.run */ans.run rm -f */named.run.prev rm -f Kxxx.* -rm -f doubleksk.key prepub.key rm -f check.out.* rm -f dig.out.* rm -f jp.out.ns3.* @@ -48,14 +47,12 @@ rm -f ns3/*.signed rm -f ns3/K* rm -f ns3/delegation.test.db rm -f ns3/dnskey.test.db -rm -f ns3/doubleksk.test.db rm -f ns3/dsset-* rm -f ns3/example.db rm -f ns3/relaxed.db rm -f ns3/multisigner.test.db rm -f ns3/many.test.bk rm -f ns3/nsec3param.test.db -rm -f ns3/prepub.test.db rm -f ns3/too-big.test.db rm -f ns5/local.db rm -f ns6/in-addr.db diff --git a/bin/tests/system/nsupdate/ns3/doubleksk.test.db.in b/bin/tests/system/nsupdate/ns3/doubleksk.test.db.in deleted file mode 100644 index 9430fb775a..0000000000 --- a/bin/tests/system/nsupdate/ns3/doubleksk.test.db.in +++ /dev/null @@ -1,15 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -doubleksk.test. 10 IN SOA doubleksk.test. hostmaster.doubleksk.test. 1 3600 900 2419200 3600 -doubleksk.test. 10 IN NS doubleksk.test. -doubleksk.test. 10 IN A 10.53.0.3 -doubleksk.test. 10 IN NSEC3PARAM 1 1 0 - diff --git a/bin/tests/system/nsupdate/ns3/named.conf.in b/bin/tests/system/nsupdate/ns3/named.conf.in index c678fe9d2c..7628532924 100644 --- a/bin/tests/system/nsupdate/ns3/named.conf.in +++ b/bin/tests/system/nsupdate/ns3/named.conf.in @@ -35,7 +35,6 @@ controls { inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; - zone "example" { type primary; allow-update { any; }; @@ -81,22 +80,6 @@ zone "too-big.test" { file "too-big.test.db"; }; -zone "prepub.test" { - type primary; - allow-update { any; }; - auto-dnssec maintain; - dnssec-dnskey-kskonly yes; - file "prepub.test.db.signed"; -}; - -zone "doubleksk.test" { - type primary; - allow-update { any; }; - auto-dnssec maintain; - dnssec-dnskey-kskonly yes; - file "doubleksk.test.db.signed"; -}; - /* Zone for testing CDS and CDNSKEY updates from other provider */ zone "multisigner.test" { type primary; diff --git a/bin/tests/system/nsupdate/ns3/prepub.test.db.in b/bin/tests/system/nsupdate/ns3/prepub.test.db.in deleted file mode 100644 index 916a0b2440..0000000000 --- a/bin/tests/system/nsupdate/ns3/prepub.test.db.in +++ /dev/null @@ -1,15 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -prepub.test. 10 IN SOA prepub.test. hostmaster.prepub.test. 1 3600 900 2419200 3600 -prepub.test. 10 IN NS prepub.test. -prepub.test. 10 IN A 10.53.0.3 -prepub.test. 10 IN NSEC3PARAM 1 1 0 - diff --git a/bin/tests/system/nsupdate/ns3/sign.sh b/bin/tests/system/nsupdate/ns3/sign.sh index 19105e5f1a..519497c6da 100644 --- a/bin/tests/system/nsupdate/ns3/sign.sh +++ b/bin/tests/system/nsupdate/ns3/sign.sh @@ -46,27 +46,5 @@ cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -A -3 - -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null -zone=prepub.test. -infile=prepub.test.db.in -zonefile=prepub.test.db - -keyname1=$($KEYGEN -q -L 3600 -a ${DEFAULT_ALGORITHM} -f KSK $zone) -keyname2=$($KEYGEN -q -L 3600 -a ${DEFAULT_ALGORITHM} $zone) - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -A -x -3 - -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null - -zone=doubleksk.test. -infile=doubleksk.test.db.in -zonefile=doubleksk.test.db - -keyname1=$($KEYGEN -q -L 3600 -a ${DEFAULT_ALGORITHM} -f KSK $zone) -keyname2=$($KEYGEN -q -L 3600 -a ${DEFAULT_ALGORITHM} $zone) - -cat $infile $keyname1.key $keyname2.key >$zonefile - -$SIGNER -A -x -3 - -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null - # Just copy multisigner.db.in because it is signed with dnssec-policy. cp multisigner.test.db.in multisigner.test.db diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index bc72e02dcc..b92b23cd4a 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -1643,48 +1643,6 @@ END retry_quiet 5 has_positive_response multisigner.test CDNSKEY 10.53.0.3 || ret=1 [ $ret = 0 ] || { echo_i "failed"; status=1; } -n=$((n + 1)) -ret=0 -echo_i "check that DNSKEY can be prepublished with dynamic update ($n)" -$DIG $DIGOPTS +tcp +norec prepub.test DNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1 -grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1 -grep "ANSWER: 2," dig.out.pre.test$n > /dev/null || ret=1 -zsk=$($KEYGEN -a $DEFAULT_ALGORITHM -K ns3 -L 3600 -P now -A now+1w prepub.test 2> keygen.out.prepub.test.out$n) -cat "ns3/${zsk}.key" | grep -v ";.*" > prepub.key -$NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1 -server 10.53.0.3 ${PORT} -zone prepub.test -update add $(cat prepub.key) -send -END -$RNDCCMD 10.53.0.3 loadkeys prepub.test. 2>&1 || ret=1 -$DIG $DIGOPTS +tcp +norec prepub.test DNSKEY @10.53.0.3 > dig.out.post.test$n || ret=1 -grep "status: NOERROR" dig.out.post.test$n > /dev/null || ret=1 -grep "ANSWER: 3," dig.out.post.test$n > /dev/null || ret=1 -[ $ret = 0 ] || { echo_i "failed"; status=1; } - -n=$((n + 1)) -ret=0 -echo_i "check that DNSKEY can be added as a signing key with dynamic update ($n)" -$DIG $DIGOPTS +dnssec +tcp +norec doubleksk.test DNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1 -grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1 -# 2x DNSKEY, 1x RRSIG -grep "ANSWER: 3," dig.out.pre.test$n > /dev/null || ret=1 -ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -K ns3 -L 3600 -fk -P now -A now doubleksk.test 2> keygen.out.doubleksk.test.out$n) -cat "ns3/${ksk}.key" | grep -v ";.*" > doubleksk.key -$NSUPDATE -d < nsupdate.out.test$n 2>&1 || ret=1 -server 10.53.0.3 ${PORT} -zone doubleksk.test -update add $(cat doubleksk.key) -send -END -$RNDCCMD 10.53.0.3 loadkeys doubleksk.test. 2>&1 || ret=1 -$DIG $DIGOPTS +dnssec +tcp +norec doubleksk.test DNSKEY @10.53.0.3 > dig.out.post.test$n || ret=1 -grep "status: NOERROR" dig.out.post.test$n > /dev/null || ret=1 -# 3x DNSKEY, 2x RRSIG -grep "ANSWER: 5," dig.out.post.test$n > /dev/null || ret=1 -[ $ret = 0 ] || { echo_i "failed"; status=1; } - n=$((n + 1)) ret=0 echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)"