mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-04 00:25:29 +00:00
Increase minimum RSA keygen size to 1024 bits (#36895)
This commit is contained in:
Mukund Sivaraman
4
CHANGES
4
CHANGES
@@ -1,3 +1,7 @@
|
||||
4595. [func] dnssec-keygen will no longer generate RSA keys
|
||||
less than 1024 bits in length. dnssec-keymgr
|
||||
was similarly updated. [RT #36895]
|
||||
|
||||
4594. [func] "dnstap-read -x" prints a hex dump of the wire
|
||||
format of each logged DNS message. [RT #44816]
|
||||
|
||||
|
||||
@@ -89,10 +89,10 @@ usage(void) {
|
||||
"NSEC3RSASHA1 if using -3)\n");
|
||||
fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
|
||||
fprintf(stderr, " -b <key size in bits>:\n");
|
||||
fprintf(stderr, " RSAMD5:\t[512..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " RSASHA1:\t[512..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " NSEC3RSASHA1:\t[512..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " RSASHA256:\t[512..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " RSAMD5:\t[1024..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " RSASHA1:\t[1024..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " NSEC3RSASHA1:\t[1024..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " RSASHA256:\t[1024..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA);
|
||||
fprintf(stderr, " DH:\t\t[128..4096]\n");
|
||||
fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n");
|
||||
@@ -748,7 +748,7 @@ main(int argc, char **argv) {
|
||||
case DNS_KEYALG_RSASHA1:
|
||||
case DNS_KEYALG_NSEC3RSASHA1:
|
||||
case DNS_KEYALG_RSASHA256:
|
||||
if (size != 0 && (size < 512 || size > MAX_RSA))
|
||||
if (size != 0 && (size < 1024 || size > MAX_RSA))
|
||||
fatal("RSA key size %d out of range", size);
|
||||
break;
|
||||
case DNS_KEYALG_RSASHA512:
|
||||
|
||||
@@ -144,7 +144,7 @@
|
||||
<para>
|
||||
Specifies the number of bits in the key. The choice of key
|
||||
size depends on the algorithm used. RSA keys must be
|
||||
between 512 and 2048 bits. Diffie Hellman keys must be between
|
||||
between 1024 and 2048 bits. Diffie Hellman keys must be between
|
||||
128 and 4096 bits. DSA keys must be between 512 and 1024
|
||||
bits and an exact multiple of 64. HMAC keys must be
|
||||
between 1 and 512 bits. Elliptic curve algorithms don't need
|
||||
|
||||
@@ -131,11 +131,11 @@ class Policy:
|
||||
directory = None
|
||||
valid_key_sz_per_algo = {'DSA': [512, 1024],
|
||||
'NSEC3DSA': [512, 1024],
|
||||
'RSAMD5': [512, 4096],
|
||||
'RSASHA1': [512, 4096],
|
||||
'RSAMD5': [1024, 4096],
|
||||
'RSASHA1': [1024, 4096],
|
||||
'NSEC3RSASHA1': [512, 4096],
|
||||
'RSASHA256': [512, 4096],
|
||||
'RSASHA512': [512, 4096],
|
||||
'RSASHA256': [1024, 4096],
|
||||
'RSASHA512': [1024, 4096],
|
||||
'ECCGOST': None,
|
||||
'ECDSAP256SHA256': None,
|
||||
'ECDSAP384SHA384': None}
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
. ./clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
echo "I:generating keys and preparing zones"
|
||||
cd ns1 && $SHELL keygen.sh
|
||||
|
||||
@@ -9,6 +9,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
(cd ns1 && $SHELL -e sign.sh)
|
||||
|
||||
@@ -13,7 +13,7 @@ zone=dlv.isc.org
|
||||
infile=dlv.isc.org.db.in
|
||||
zonefile=dlv.isc.org.db
|
||||
|
||||
dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
cat $infile $dlvkey.key > $zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
|
||||
@@ -21,7 +21,7 @@ zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
|
||||
rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
cat $infile $rootkey.key > $zonefile
|
||||
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
|
||||
|
||||
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
@@ -9,6 +9,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
|
||||
|
||||
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
@@ -24,7 +24,7 @@ cp ../ns2/dsset-in-addr.arpa$TP .
|
||||
grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP
|
||||
cp ../ns6/dsset-optout-tld$TP .
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key > $zonefile
|
||||
|
||||
|
||||
@@ -98,7 +98,7 @@ privzone=private.secure.example.
|
||||
privinfile=private.secure.example.db.in
|
||||
privzonefile=private.secure.example.db
|
||||
|
||||
privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`
|
||||
privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $privzone`
|
||||
|
||||
cat $privinfile $privkeyname.key >$privzonefile
|
||||
|
||||
@@ -112,7 +112,7 @@ dlvinfile=dlv.db.in
|
||||
dlvzonefile=dlv.db
|
||||
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
|
||||
|
||||
dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
|
||||
dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $dlvzone`
|
||||
|
||||
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
|
||||
|
||||
|
||||
@@ -13,9 +13,9 @@ zone=secure.example.
|
||||
infile=secure.example.db.in
|
||||
zonefile=secure.example.db
|
||||
|
||||
cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 768 -n host cnameandkey.$zone`
|
||||
dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 768 -n host dnameandkey.$zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
|
||||
dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $cnameandkey.key $dnameandkey.key $keyname.key >$zonefile
|
||||
|
||||
@@ -25,7 +25,7 @@ zone=bogus.example.
|
||||
infile=bogus.example.db.in
|
||||
zonefile=bogus.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -35,7 +35,7 @@ zone=dynamic.example.
|
||||
infile=dynamic.example.db.in
|
||||
zonefile=dynamic.example.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
@@ -46,7 +46,7 @@ zone=keyless.example.
|
||||
infile=generic.example.db.in
|
||||
zonefile=keyless.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -66,7 +66,7 @@ zone=secure.nsec3.example.
|
||||
infile=secure.nsec3.example.db.in
|
||||
zonefile=secure.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -79,7 +79,7 @@ zone=nsec3.nsec3.example.
|
||||
infile=nsec3.nsec3.example.db.in
|
||||
zonefile=nsec3.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -92,7 +92,7 @@ zone=optout.nsec3.example.
|
||||
infile=optout.nsec3.example.db.in
|
||||
zonefile=optout.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -105,7 +105,7 @@ zone=nsec3.example.
|
||||
infile=nsec3.example.db.in
|
||||
zonefile=nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -118,7 +118,7 @@ zone=secure.optout.example.
|
||||
infile=secure.optout.example.db.in
|
||||
zonefile=secure.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -131,7 +131,7 @@ zone=nsec3.optout.example.
|
||||
infile=nsec3.optout.example.db.in
|
||||
zonefile=nsec3.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -144,7 +144,7 @@ zone=optout.optout.example.
|
||||
infile=optout.optout.example.db.in
|
||||
zonefile=optout.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -157,7 +157,7 @@ zone=optout.example.
|
||||
infile=optout.example.db.in
|
||||
zonefile=optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -170,7 +170,7 @@ zone=nsec3-unknown.example.
|
||||
infile=nsec3-unknown.example.db.in
|
||||
zonefile=nsec3-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -183,7 +183,7 @@ zone=optout-unknown.example.
|
||||
infile=optout-unknown.example.db.in
|
||||
zonefile=optout-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -197,7 +197,7 @@ zone=dnskey-unknown.example.
|
||||
infile=dnskey-unknown.example.db.in
|
||||
zonefile=dnskey-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -216,7 +216,7 @@ zone=dnskey-nsec3-unknown.example.
|
||||
infile=dnskey-nsec3-unknown.example.db.in
|
||||
zonefile=dnskey-nsec3-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -234,7 +234,7 @@ zone=multiple.example.
|
||||
infile=multiple.example.db.in
|
||||
zonefile=multiple.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -257,7 +257,7 @@ zone=rsasha256.example.
|
||||
infile=rsasha256.example.db.in
|
||||
zonefile=rsasha256.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
@@ -362,7 +362,7 @@ zonefile=ttlpatch.example.db
|
||||
signedfile=ttlpatch.example.db.signed
|
||||
patchedfile=ttlpatch.example.db.patched
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1
|
||||
@@ -377,7 +377,7 @@ infile=split-dnssec.example.db.in
|
||||
zonefile=split-dnssec.example.db
|
||||
signedfile=split-dnssec.example.db.signed
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $keyname.key >$zonefile
|
||||
echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
|
||||
: > $signedfile
|
||||
@@ -391,7 +391,7 @@ infile=split-smart.example.db.in
|
||||
zonefile=split-smart.example.db
|
||||
signedfile=split-smart.example.db.signed
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cp $infile $zonefile
|
||||
echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
|
||||
: > $signedfile
|
||||
@@ -495,7 +495,7 @@ zone=badds.example.
|
||||
infile=bogus.example.db.in
|
||||
zonefile=badds.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ zone=optout-tld
|
||||
infile=optout-tld.db.in
|
||||
zonefile=optout-tld.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
|
||||
@@ -15,8 +15,8 @@ zone=split-rrsig
|
||||
infile=split-rrsig.db.in
|
||||
zonefile=split-rrsig.db
|
||||
|
||||
k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
|
||||
k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
|
||||
k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $k1.key $k2.key >$zonefile
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
|
||||
@@ -2938,16 +2938,23 @@ until test $alg = 256
|
||||
do
|
||||
size=
|
||||
case $alg in
|
||||
1) size="-b 512";;
|
||||
1) # RSA/MD5
|
||||
size="-b 1024";;
|
||||
2) # Diffie Helman
|
||||
alg=`expr $alg + 1`
|
||||
continue;;
|
||||
3) size="-b 512";;
|
||||
5) size="-b 512";;
|
||||
6) size="-b 512";;
|
||||
7) size="-b 512";;
|
||||
8) size="-b 512";;
|
||||
10) size="-b 1024";;
|
||||
3) # DSA/SHA1
|
||||
size="-b 512";;
|
||||
5) # RSA/SHA-1
|
||||
size="-b 1024";;
|
||||
6) # DSA-NSEC3-SHA1
|
||||
size="-b 512";;
|
||||
7) # RSASHA1-NSEC3-SHA1
|
||||
size="-b 1024";;
|
||||
8) # RSA/SHA-256
|
||||
size="-b 1024";;
|
||||
10) # RSA/SHA-512
|
||||
size="-b 1024";;
|
||||
157|160|161|162|163|164|165) # private - non standard
|
||||
alg=`expr $alg + 1`
|
||||
continue;;
|
||||
|
||||
@@ -9,6 +9,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
@@ -9,6 +9,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cp ns1/named1.conf ns1/named.conf
|
||||
cp ns2/named1.conf ns2/named.conf
|
||||
|
||||
@@ -9,6 +9,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
@@ -14,7 +14,7 @@ SYSTEMTESTTOP=../..
|
||||
zone=.
|
||||
rm -f K.+*+*.key
|
||||
rm -f K.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
|
||||
[ $? = 0 ] || cat signer.out
|
||||
|
||||
@@ -12,35 +12,35 @@ SYSTEMTESTTOP=../..
|
||||
zone=bits
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=noixfr
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=master
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=dynamic
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
zone=updated
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
|
||||
@@ -50,7 +50,7 @@ cp master2.db.in updated.db
|
||||
zone=expired
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
|
||||
@@ -58,7 +58,7 @@ $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone}
|
||||
zone=retransfer
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
@@ -71,20 +71,20 @@ $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
zone=retransfer3
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
|
||||
|
||||
for s in a c d h k l m q z
|
||||
do
|
||||
zone=test-$s
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
done
|
||||
|
||||
for s in b f i o p t v
|
||||
do
|
||||
zone=test-$s
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
done
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cp ns1/root.db.in ns1/root.db
|
||||
rm -f ns1/root.db.signed
|
||||
|
||||
@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
rm -f named-compilezone
|
||||
ln -s $CHECKZONE named-compilezone
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL ./clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
pzone=parent.nil
|
||||
czone=child.parent.nil
|
||||
|
||||
@@ -28,7 +28,7 @@ rolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key`
|
||||
standby=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < standby.key`
|
||||
zsk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < zsk.key`
|
||||
|
||||
$GENRANDOM 400 $RANDFILE
|
||||
$GENRANDOM 800 $RANDFILE
|
||||
|
||||
echo "I:signing zones"
|
||||
$SIGNER -Sg -o $czone $cfile > /dev/null 2>&1
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cp ns1/named1.conf ns1/named.conf
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
#
|
||||
# jnl and database files MUST be removed before we start
|
||||
|
||||
@@ -160,7 +160,7 @@ grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
|
||||
|
||||
ret=0
|
||||
echo "I:check SIG(0) key is accepted"
|
||||
key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx`
|
||||
key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -T KEY -n ENTITY xxx`
|
||||
echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1
|
||||
[ $ret = 0 ] || { echo I:failed; status=1; }
|
||||
|
||||
|
||||
@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
@@ -16,7 +16,7 @@ for domain in example example.com; do
|
||||
infile=${domain}.db.in
|
||||
zonefile=${domain}.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key > $zonefile
|
||||
|
||||
@@ -9,6 +9,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL -e sign.sh
|
||||
|
||||
@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cp ns2/redirect.db.in ns2/redirect.db
|
||||
cp ns2/example.db.in ns2/example.db
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cp ns4/tld1.db ns4/tld.db
|
||||
cp ns6/to-be-removed.tld.db.in ns6/to-be-removed.tld.db
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
$SHELL ../genzone.sh 2 >ns2/nil.db
|
||||
$SHELL ../genzone.sh 2 >ns2/other.db
|
||||
|
||||
@@ -569,8 +569,8 @@ fi
|
||||
n=`expr $n + 1`
|
||||
echo "I:check 'rndc \"\"' is handled ($n)"
|
||||
ret=0
|
||||
$RNDCCMD "" > rndc.out.test$n 2>&1 && ret=1
|
||||
grep "rndc: '' failed: failure" rndc.out.test$n > /dev/null
|
||||
$RNDCCMD "" > rndc.output.test$n 2>&1 && ret=1
|
||||
grep "rndc: '' failed: failure" rndc.output.test$n > /dev/null
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
|
||||
@@ -26,11 +26,11 @@ for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wild
|
||||
done
|
||||
|
||||
# sign the root and a zone in ns2
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
# $1=directory, $2=domain name, $3=input zone file, $4=output file
|
||||
signzone () {
|
||||
KEYNAME=`$KEYGEN -q -r $RANDFILE -b 512 -K $1 $2`
|
||||
KEYNAME=`$KEYGEN -q -r $RANDFILE -b 1024 -K $1 $2`
|
||||
cat $1/$3 $1/$KEYNAME.key > $1/tmp
|
||||
$SIGNER -Pp -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
|
||||
sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
if $BIGKEY > /dev/null 2>&1
|
||||
then
|
||||
|
||||
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL -e sign.sh
|
||||
|
||||
@@ -17,7 +17,7 @@ zonefile=root.db
|
||||
|
||||
cp ../ns2/dsset-example$TP .
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key > $zonefile
|
||||
|
||||
|
||||
@@ -9,9 +9,9 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
$GENRANDOM 400 $RANDFILE
|
||||
$GENRANDOM 800 $RANDFILE
|
||||
|
||||
if $KEYGEN -q -a RSAMD5 -b 512 -n zone -r $RANDFILE foo > /dev/null 2>&1
|
||||
if $KEYGEN -q -a RSAMD5 -b 1024 -n zone -r $RANDFILE foo > /dev/null 2>&1
|
||||
then
|
||||
rm -f Kfoo*
|
||||
else
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL sign.sh
|
||||
|
||||
|
||||
@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
@@ -15,7 +15,7 @@ zone=sub.example
|
||||
infile=${zone}.db.in
|
||||
zonefile=${zone}.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key > $zonefile
|
||||
|
||||
@@ -13,6 +13,6 @@ sed 's/SERVER_CONFIG_PLACEHOLDER/server-names { "ns.example.net"; };/' ns2/named
|
||||
|
||||
sed 's/EXAMPLE_ZONE_PLACEHOLDER/zone "example" { type master; file "example.db.signed"; };/' ns3/named.conf.in > ns3/named.conf
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns3 && $SHELL -e sign.sh
|
||||
|
||||
@@ -9,12 +9,12 @@
|
||||
SYSTEMTESTTOP=${SYSTEMTESTTOP:=..}
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
prog=$0
|
||||
|
||||
args="-r $RANDFILE"
|
||||
alg="-a RSAMD5 -b 512"
|
||||
alg="-a RSAMD5 -b 1024"
|
||||
quiet=0
|
||||
|
||||
msg1="cryptography"
|
||||
|
||||
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
cd ns1 && $SHELL setup.sh
|
||||
|
||||
@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
|
||||
|
||||
sh clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
rm -f ns1/*.jnl ns1/K*.key ns1/K*.private ns1/_default.tsigkeys
|
||||
|
||||
|
||||
@@ -14,5 +14,5 @@ SYSTEMTESTTOP=../..
|
||||
zone=example
|
||||
rm -f K${zone}.+*+*.key
|
||||
rm -f K${zone}.+*+*.private
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
|
||||
|
||||
@@ -9,6 +9,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
(cd ns3; $SHELL -e sign.sh)
|
||||
|
||||
@@ -18,7 +18,7 @@ rm -f Ksig0.example2.*
|
||||
#
|
||||
# SIG(0) required cryptographic support which may not be configured.
|
||||
#
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -n HOST -a RSASHA1 -b 1024 -T KEY sig0.example2 2>/dev/null | $D2U`
|
||||
if test -n "$keyname"
|
||||
then
|
||||
|
||||
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
(cd zones && $SHELL genzones.sh)
|
||||
|
||||
@@ -19,7 +19,7 @@ rm -f ns2/internal/inline.db.signed.jnl
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
#
|
||||
# We remove k1 and k2 as KEYGEN is deterministic when given the
|
||||
|
||||
@@ -9,6 +9,6 @@
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
(cd ns1 && $SHELL -e sign.sh)
|
||||
|
||||
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
|
||||
|
||||
$SHELL clean.sh
|
||||
|
||||
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
|
||||
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
||||
|
||||
$SHELL ../genzone.sh 1 > ns1/master.db
|
||||
$SHELL ../genzone.sh 1 > ns1/duplicate.db
|
||||
|
||||
Reference in New Issue
Block a user