"dnssec-keys" is now a synonym for "managed-keys"

- managed-keys is now deprecated as well as trusted-keys, though
  it continues to work as a synonym for dnssec-keys
- references to managed-keys have been updated throughout the code.
- tests have been updated to use dnssec-keys format
- also the trusted-keys entries have been removed from the generated
  bind.keys.h file and are no longer generated by bindkeys.pl.

bin/tests/system/checkconf/bad-duplicate-root-key.conf

@@ -13,7 +13,7 @@ options {
 	dnssec-validation yes;
 };
 
-managed-keys {
+dnssec-keys {
 	. initial-key 257 3 8 "AwEAAawvFp8GlBx8Qt6yaIqXkDe+nMkSk2HkTAG7qlVBo++AQwZ1j3Xl
 		25IN4jsw0VTMbKUbafw9DYsVzztIwx1sNkKRLo6qP9SSkBL8RicQaafG
 		tURtsYI3oqte5qqLve1CUpRD8J06Pg1xkOxsDlz9sQAyiQrOyvMbykJY

bin/tests/system/checkconf/check-dlv-ksk-key.conf

@@ -9,7 +9,7 @@
  * information regarding copyright ownership.
  */
 
-managed-keys {
+dnssec-keys {
 	dlv.isc.org static-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWE
 		n4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8
 		+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ

bin/tests/system/checkconf/check-root-ksk-2010.conf

@@ -9,7 +9,7 @@
  * information regarding copyright ownership.
  */
 
-managed-keys {
+dnssec-keys {
 	# This key (19036) is to be phased out starting in 2017. It will
 	# remain in the root zone for some time after its successor key
 	# has been added. It will remain this file until it is removed from

bin/tests/system/checkconf/check-root-ksk-2017.conf

@@ -9,7 +9,7 @@
  * information regarding copyright ownership.
  */
 
-managed-keys {
+dnssec-keys {
 	# This key (20326) was published in the root zone in 2017.
 	# Servers which were already using the old key (19036) should
 	# roll seamlessly to this new one via RFC 5011 rollover. Servers

bin/tests/system/checkconf/check-root-ksk-both.conf

@@ -9,7 +9,7 @@
  * information regarding copyright ownership.
  */
 
-managed-keys {
+dnssec-keys {
 	# This key (19036) is to be phased out starting in 2017. It will
 	# remain in the root zone for some time after its successor key
 	# has been added. It will remain this file until it is removed from

bin/tests/system/checkconf/check-root-mixed-key.conf

@@ -9,7 +9,7 @@
  * information regarding copyright ownership.
  */
 
-managed-keys {
+dnssec-keys {
 	# This key (19036) is to be phased out starting in 2017. It will
 	# remain in the root zone for some time after its successor key
 	# has been added. It will remain this file until it is removed from

bin/tests/system/checkconf/check-root-static-key.conf

@@ -9,7 +9,7 @@
  * information regarding copyright ownership.
  */
 
-managed-keys {
+dnssec-keys {
 	# This key (20326) was published in the root zone in 2017.
 	# Servers which were already using the old key (19036) should
 	# roll seamlessly to this new one via RFC 5011 rollover. Servers

bin/tests/system/checkconf/good-dup-managed-key.conf

@@ -13,7 +13,7 @@ options {
 	dnssec-validation yes;
 };
 
-managed-keys {
+dnssec-keys {
 	example. initial-key 257 3 8 "AwEAAawvFp8GlBx8Qt6yaIqXkDe+nMkSk2HkTAG7qlVBo++AQwZ1j3Xl
 		25IN4jsw0VTMbKUbafw9DYsVzztIwx1sNkKRLo6qP9SSkBL8RicQaafG
 		tURtsYI3oqte5qqLve1CUpRD8J06Pg1xkOxsDlz9sQAyiQrOyvMbykJY

bin/tests/system/checkconf/tests.sh

@@ -427,7 +427,7 @@ echo_i "check that the dlv.isc.org KSK generates a warning ($n)"
 ret=0
 $CHECKCONF check-dlv-ksk-key.conf > checkconf.out$n 2>/dev/null || ret=1
 [ -s checkconf.out$n ] || ret=1
-grep "entry for dlv.isc.org still present" checkconf.out$n > /dev/null || ret=1
+grep "trust anchor for dlv.isc.org is present" checkconf.out$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
 status=`expr $status + $ret`
 

bin/tests/system/conf.sh.common

@@ -216,7 +216,7 @@ keyfile_to_keys_section() {
     for keyname in $*; do
 	awk '!/^; /{
 	    printf "\t\""$1"\" "
-	    printf "'"$key_prefix"'"
+	    printf "'"$key_prefix "'"
 	    printf $4 " " $5 " " $6 " \""
 	    for (i=7; i<=NF; i++) printf $i
 	    printf "\";\n"
@@ -226,17 +226,17 @@ keyfile_to_keys_section() {
 }
 
 # keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
-# provided to a *static* "managed-keys" section suitable for including in a
+# provided to a *static* "dnssec-keys" section suitable for including in a
 # resolver's configuration file
 keyfile_to_trusted_keys() {
-    keyfile_to_keys_section "managed-keys" "static-key" $*
+    keyfile_to_keys_section "dnssec-keys" "static-key" $*
 }
 
 # keyfile_to_managed_keys: convert key data contained in the keyfile(s)
-# provided to a "managed-keys" section suitable for including in a
+# provided to a "dnssec-keys" section suitable for including in a
 # resolver's configuration file
 keyfile_to_managed_keys() {
-    keyfile_to_keys_section "managed-keys" "initial-key" $*
+    keyfile_to_keys_section "dnssec-keys" "initial-key" $*
 }
 
 # nextpart*() - functions for reading files incrementally

bin/tests/system/genzone.sh

@@ -487,7 +487,7 @@ dlv			DLV	30795 1 1 (
 
 ; type 65280-65534 (private use)
 
-; keydata (internal type used for managed-keys)
+; keydata (internal type used for managed keys)
 keydata			TYPE65533	\# 0
 keydata			TYPE65533	\# 6 010203040506 
 keydata			TYPE65533	\# 18 010203040506010203040506010203040506

bin/tests/system/legacy/ns1/trusted.conf

@@ -1,3 +1,3 @@
-managed-keys {
+dnssec-keys {
     "edns512-notcp." static-key 257 3 10 "AwEAAcEBkn/cuVhdRTWMHt19O7h9F4Hx2t68u1JUZg7swLLvwfljqnNYjsKYk9EzUhIaYOAHtVe7//cYwoVU4BFhY2DGbx1YE1LnKIGxfqpopFxDZC34TTl6jpoTP6kvj+XpeO0HfF2+DcyNgnQcMGgHXyLWeRUJFt1As6o9tmsBiInGIZMTE3/rANhtAGMLNzhRLN7CS/Tc5GhKaL66uebyEYenEOAyDVgsuhr8Q9D5ka6xZmxzXFVswy2KvsSxu9aoxVq4nACjIeTZ4GJy0v83zclV7hA+5jlPDXMFtIpvwux5XALrNkUUPq+Fb5sc5/u141LcvdASnlk58I77HbsnfausvDxdYYxEns7K9e9N85dwyreM/OGTmm8p4hNDngZESAea7MrSCsJpOGn9XLkVe6gZnBgB1cra+ezzTSWn+4QH17lIhFXYNjMV83df2h/gH3Gmthqnr9RgknZga8B/Czc7TeX6iy2gAOshKGyb6w12eJim1L8tS5T138V8d6SigzxZz1raiJNolVhXyA8SbbDpgBrcoEXN/WjwvWI+2ol5gzlqMeNw/F9SMoWdpGIWkkNCNWBbhLWhp6qfhpRLUFwVys54LGOIGSVRd9uJmc2hPdXoP8ephnCIeNJb8Zp6DnpssyN0JaF815dKkOHff9GEjaiRLj0xWvtZSqNFaGoB";
 };

bin/tests/system/mkeys/README

@@ -2,17 +2,16 @@ Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 
 See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
 
-This is for testing managed-keys, in particular with problems
-with RFC 5011 Automated Updates of DNSSEC Trust Anchors.
+This is for testing RFC 5011 Automated Updates of DNSSEC Trust Anchors.
 
 ns1 is the root server that offers new KSKs and hosts one record for
 testing. The TTL for the zone's records is 2 seconds.
 
-ns2 is a validator that uses managed-keys.  "-T mkeytimers=2/20/40"
+ns2 is a validator that uses managed keys.  "-T mkeytimers=2/20/40"
 is used so it will attempt do automated updates frequently. "-T tat=1"
 is used so it will send TAT queries once per second.
 
-ns3 is a validator with a broken key in managed-keys.
+ns3 is a validator with a broken initializing key in dnssec-keys.
 
 ns4 is a validator with a deliberately broken managed-keys.bind and
 managed-keys.jnl, causing RFC 5011 initialization to fail.

bin/tests/system/mkeys/ns3/named.conf.in

@@ -41,6 +41,6 @@ zone "." {
 };
 
 # purposely broken key for testing
-managed-keys {
+dnssec-keys {
     "." initial-key 257 3 5 "PURPOSELYBROKEN/xs9iVj7QekClcpzjCf0JrvXW1z07hNMqMm6Q2FtIXMbRgfvTtHF3/ZNvcewT9hpfczC+JACHsQSYYdr7UI8oe4nJfal9+2F3pz4a+HR6CqkgrR6WLWQI1Q==";
 };

bin/tests/system/rpz/setup.sh

@@ -81,7 +81,7 @@ signzone () {
     KEYNAME=`$KEYGEN -q -a rsasha256 -K $1 $2`
     cat $1/$3 $1/$KEYNAME.key > $1/tmp
     $SIGNER -P -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
-    sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/managed-keys {"\1" static-key \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
+    sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/dnssec-keys {"\1" static-key \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
     DSFILENAME=dsset-${2}${TP}
     rm $DSFILENAME $1/tmp
 }