Addition of test suite.

bin/tests/system/dnssec/ns2/example.db.in

@@ -7,7 +7,9 @@ $TTL 300	; 5 minutes
 				3600       ; minimum (1 hour)
 				)
 			NS	ns2
+			NS	ns3
 ns2			A	10.53.0.2
+ns3			A	10.53.0.3
 
 a			A	10.0.0.1
 b			A	10.0.0.2
@@ -18,7 +20,12 @@ secure			NS	ns.secure
 ns.secure		A	10.53.0.3
 
 ; An insecure subdomain
-insecure		NS	ns.secure
+insecure		NS	ns.insecure
 ns.insecure		A	10.53.0.3
 
+
+; A secure subdomain we're going to inject bogus data into
+bogus			NS	ns.bogus
+ns.bogus		A	10.53.0.3
+
 z			A	10.0.0.26

bin/tests/system/dnssec/ns2/named.conf

@@ -16,3 +16,5 @@ zone "example" {
 	allow-update { any; };
 };
 
+
+include "trusted.conf";

bin/tests/system/dnssec/ns2/sign.sh

@@ -13,27 +13,28 @@ keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
 
 cp ../ns3/secure.example.keyset .
 
-$KEYSIGNER -v 9 secure.example.keyset $keyname
+echo $KEYSIGNER secure.example.keyset $keyname
+$KEYSIGNER secure.example.keyset $keyname
 
 # This will leave two copies of the child's zone key in the signed db file;
 # that shouldn't cause any problems.
 cat secure.example.signedkey >>../ns3/secure.example.db.signed
 
+cp ../ns3/bogus.example.keyset .
+
+echo $KEYSIGNER bogus.example.keyset $keyname
+$KEYSIGNER bogus.example.keyset $keyname
+
+# This will leave two copies of the child's zone key in the signed db file;
+# that shouldn't cause any problems.
+cat bogus.example.signedkey >>../ns3/bogus.example.db.signed
+
+echo $KEYSETTOOL $keyname
 $KEYSETTOOL $keyname
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -v 1 -o $zone $zonefile
+echo $SIGNER -o $zone $zonefile
+$SIGNER -o $zone $zonefile
 
-# Configure the resolving server with a trusted key.
-
-cat $keyname.key | perl -n -e '
-my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
-my $key = join("", @rest);
-print <<EOF
-trusted-keys {
-    "$dn" $flags $proto $alg "$key";
-};
-EOF
-' >../ns4/trusted.conf
 

bin/tests/system/dnssec/ns3/named.conf

@@ -10,15 +10,28 @@ zone "." {
 	file "root.hint";
 };
 
+zone "example" {
+	type slave;
+	file "example.bk";
+}
+
 zone "secure.example" {
 	type master;
 	file "secure.example.db.signed";
 	allow-update { any; };
 };
 
+zone "bogus.example" {
+	type master;
+	file "bogus.example.db.signed";
+	allow-update { any; };
+};
+
 zone "insecure.example" {
 	type master;
 	file "insecure.example.db";
 	allow-update { any; };
 };
 
+
+include "trusted.conf";

bin/tests/system/dnssec/ns3/sign.sh

@@ -6,9 +6,24 @@ zonefile=secure.example.db
 
 keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
 
+echo $KEYSETTOOL $keyname.key
 $KEYSETTOOL $keyname.key
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -v 1 -o $zone $zonefile
+echo $SIGNER -o $zone $zonefile
+$SIGNER -o $zone $zonefile
 
+zone=bogus.example.
+infile=bogus.example.db.in
+zonefile=bogus.example.db
+
+keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
+
+echo $KEYSETTOOL $keyname.key
+$KEYSETTOOL $keyname.key
+
+cat $infile $keyname.key >$zonefile
+
+echo $SIGNER -o $zone $zonefile
+$SIGNER -o $zone $zonefile

bin/tests/system/dnssec/ns4/named.conf

@@ -3,7 +3,6 @@ options {
 	pid-file "named.pid";
 	listen-on { 10.53.0.4; };
 	recursion yes;
-	notify yes;
 };
 
 zone "." {

bin/tests/system/dnssec/setup.sh

@@ -1,17 +1,5 @@
 #!/bin/sh
 
-cd ns2 && sh sign.sh
+cd ns1 && sh sign.sh
 
-if [ $# -gt 0 ]
-then
-   case $1 in
-	--badsig)
-	   echo "injecting bogus data to force signature checking to fail..." >&2
-	   echo "a.secure.example.	A	10.0.0.22" >>../ns3/secure.example.db.signed
-	;;
-	
-	*)
-	    echo "unknown option $1" >&2; exit 1
-	;;
-    esac
-fi
+#echo "a.bogus.example.	A	10.0.0.22" >>../ns3/secure.example.db.signed

bin/tests/system/start.sh

@@ -3,6 +3,8 @@
 # Start name servers for running system tests.
 #
 
+
+. ./conf.sh
 cd $1
 
 for d in ns*