Update nsupdate system test

Remove from the nsupdate system test two test cases that are no longer
supported: We no longer support adding signing keys via dynamic update.

bin/tests/system/nsupdate/clean.sh

@@ -21,7 +21,6 @@ rm -f */named.memstats
 rm -f */named.run */ans.run
 rm -f */named.run.prev
 rm -f Kxxx.*
-rm -f doubleksk.key prepub.key
 rm -f check.out.*
 rm -f dig.out.*
 rm -f jp.out.ns3.*
@@ -48,14 +47,12 @@ rm -f ns3/*.signed
 rm -f ns3/K*
 rm -f ns3/delegation.test.db
 rm -f ns3/dnskey.test.db
-rm -f ns3/doubleksk.test.db
 rm -f ns3/dsset-*
 rm -f ns3/example.db
 rm -f ns3/relaxed.db
 rm -f ns3/multisigner.test.db
 rm -f ns3/many.test.bk
 rm -f ns3/nsec3param.test.db
-rm -f ns3/prepub.test.db
 rm -f ns3/too-big.test.db
 rm -f ns5/local.db
 rm -f ns6/in-addr.db

bin/tests/system/nsupdate/ns3/doubleksk.test.db.in

@@ -1,15 +0,0 @@
-; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-;
-; SPDX-License-Identifier: MPL-2.0
-;
-; This Source Code Form is subject to the terms of the Mozilla Public
-; License, v. 2.0.  If a copy of the MPL was not distributed with this
-; file, you can obtain one at https://mozilla.org/MPL/2.0/.
-;
-; See the COPYRIGHT file distributed with this work for additional
-; information regarding copyright ownership.
-
-doubleksk.test. 10 IN SOA doubleksk.test. hostmaster.doubleksk.test. 1 3600 900 2419200 3600
-doubleksk.test. 10 IN NS doubleksk.test.
-doubleksk.test. 10 IN A 10.53.0.3
-doubleksk.test. 10 IN NSEC3PARAM 1 1 0 -

bin/tests/system/nsupdate/ns3/named.conf.in

@@ -35,7 +35,6 @@ controls {
 	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };
 
-
 zone "example" {
 	type primary;
 	allow-update { any; };
@@ -81,22 +80,6 @@ zone "too-big.test" {
 	file "too-big.test.db";
 };
 
-zone "prepub.test" {
-	type primary;
-	allow-update { any; };
-	auto-dnssec maintain;
-	dnssec-dnskey-kskonly yes;
-	file "prepub.test.db.signed";
-};
-
-zone "doubleksk.test" {
-	type primary;
-	allow-update { any; };
-	auto-dnssec maintain;
-	dnssec-dnskey-kskonly yes;
-	file "doubleksk.test.db.signed";
-};
-
 /* Zone for testing CDS and CDNSKEY updates from other provider */
 zone "multisigner.test" {
 	type primary;

bin/tests/system/nsupdate/ns3/prepub.test.db.in

@@ -1,15 +0,0 @@
-; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-;
-; SPDX-License-Identifier: MPL-2.0
-;
-; This Source Code Form is subject to the terms of the Mozilla Public
-; License, v. 2.0.  If a copy of the MPL was not distributed with this
-; file, you can obtain one at https://mozilla.org/MPL/2.0/.
-;
-; See the COPYRIGHT file distributed with this work for additional
-; information regarding copyright ownership.
-
-prepub.test. 10 IN SOA prepub.test. hostmaster.prepub.test. 1 3600 900 2419200 3600
-prepub.test. 10 IN NS prepub.test.
-prepub.test. 10 IN A 10.53.0.3
-prepub.test. 10 IN NSEC3PARAM 1 1 0 -

bin/tests/system/nsupdate/ns3/sign.sh

@@ -46,27 +46,5 @@ cat $infile $keyname1.key $keyname2.key >$zonefile
 
 $SIGNER -A -3 - -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
 
-zone=prepub.test.
-infile=prepub.test.db.in
-zonefile=prepub.test.db
-
-keyname1=$($KEYGEN -q -L 3600 -a ${DEFAULT_ALGORITHM} -f KSK $zone)
-keyname2=$($KEYGEN -q -L 3600 -a ${DEFAULT_ALGORITHM} $zone)
-
-cat $infile $keyname1.key $keyname2.key >$zonefile
-
-$SIGNER -A -x -3 - -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
-
-zone=doubleksk.test.
-infile=doubleksk.test.db.in
-zonefile=doubleksk.test.db
-
-keyname1=$($KEYGEN -q -L 3600 -a ${DEFAULT_ALGORITHM} -f KSK $zone)
-keyname2=$($KEYGEN -q -L 3600 -a ${DEFAULT_ALGORITHM} $zone)
-
-cat $infile $keyname1.key $keyname2.key >$zonefile
-
-$SIGNER -A -x -3 - -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
-
 # Just copy multisigner.db.in because it is signed with dnssec-policy.
 cp multisigner.test.db.in multisigner.test.db

bin/tests/system/nsupdate/tests.sh

@@ -1643,48 +1643,6 @@ END
 retry_quiet 5 has_positive_response multisigner.test CDNSKEY 10.53.0.3 || ret=1
 [ $ret = 0 ] || { echo_i "failed"; status=1; }
 
-n=$((n + 1))
-ret=0
-echo_i "check that DNSKEY can be prepublished with dynamic update ($n)"
-$DIG $DIGOPTS +tcp +norec prepub.test DNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1
-grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
-grep "ANSWER: 2," dig.out.pre.test$n > /dev/null || ret=1
-zsk=$($KEYGEN -a $DEFAULT_ALGORITHM -K ns3 -L 3600 -P now -A now+1w prepub.test 2> keygen.out.prepub.test.out$n)
-cat "ns3/${zsk}.key" | grep -v ";.*" > prepub.key
-$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
-server 10.53.0.3 ${PORT}
-zone prepub.test
-update add $(cat prepub.key)
-send
-END
-$RNDCCMD 10.53.0.3 loadkeys prepub.test. 2>&1 || ret=1
-$DIG $DIGOPTS +tcp +norec prepub.test DNSKEY @10.53.0.3 > dig.out.post.test$n || ret=1
-grep "status: NOERROR" dig.out.post.test$n > /dev/null || ret=1
-grep "ANSWER: 3," dig.out.post.test$n > /dev/null || ret=1
-[ $ret = 0 ] || { echo_i "failed"; status=1; }
-
-n=$((n + 1))
-ret=0
-echo_i "check that DNSKEY can be added as a signing key with dynamic update ($n)"
-$DIG $DIGOPTS +dnssec +tcp +norec doubleksk.test DNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1
-grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
-# 2x DNSKEY, 1x RRSIG
-grep "ANSWER: 3," dig.out.pre.test$n > /dev/null || ret=1
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -K ns3 -L 3600 -fk -P now -A now doubleksk.test 2> keygen.out.doubleksk.test.out$n)
-cat "ns3/${ksk}.key" | grep -v ";.*" > doubleksk.key
-$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
-server 10.53.0.3 ${PORT}
-zone doubleksk.test
-update add $(cat doubleksk.key)
-send
-END
-$RNDCCMD 10.53.0.3 loadkeys doubleksk.test. 2>&1 || ret=1
-$DIG $DIGOPTS +dnssec +tcp +norec doubleksk.test DNSKEY @10.53.0.3 > dig.out.post.test$n || ret=1
-grep "status: NOERROR" dig.out.post.test$n > /dev/null || ret=1
-# 3x DNSKEY, 2x RRSIG
-grep "ANSWER: 5," dig.out.post.test$n > /dev/null || ret=1
-[ $ret = 0 ] || { echo_i "failed"; status=1; }
-
 n=$((n + 1))
 ret=0
 echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)"