diff --git a/bin/tests/system/forward/ans6/ans.pl b/bin/tests/system/forward/ans6/ans.pl new file mode 100644 index 0000000000..fad3fcbe25 --- /dev/null +++ b/bin/tests/system/forward/ans6/ans.pl @@ -0,0 +1,560 @@ +#!/usr/bin/perl +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# +# This is the name server from hell. It provides canned +# responses based on pattern matching the queries, and +# can be reprogrammed on-the-fly over a TCP connection. +# +# The server listens for queries on port 5300 (or PORT). +# +# The server listens for control connections on port 5301 (or EXTRAPORT1). +# +# A control connection is a TCP stream of lines like +# +# /pattern/ +# name ttl type rdata +# name ttl type rdata +# ... +# /pattern/ +# name ttl type rdata +# name ttl type rdata +# ... +# +# There can be any number of patterns, each associated +# with any number of response RRs. Each pattern is a +# Perl regular expression. If an empty pattern ("//") is +# received, the server will ignore all incoming queries (TCP +# connections will still be accepted, but both UDP queries +# and TCP queries will not be responded to). If a non-empty +# pattern is then received over the same control connection, +# default behavior is restored. +# +# Each incoming query is converted into a string of the form +# "qname qtype" (the printable query domain name, space, +# printable query type) and matched against each pattern. +# +# The first pattern matching the query is selected, and +# the RR following the pattern line are sent in the +# answer section of the response. +# +# Each new control connection causes the current set of +# patterns and responses to be cleared before adding new +# ones. +# +# The server handles UDP and TCP queries. Zone transfer +# responses work, but must fit in a single 64 k message. +# +# Now you can add TSIG, just specify key/key data with: +# +# /pattern / +# name ttl type rdata +# name ttl type rdata +# +# Note that this data will still be sent with any request for +# pattern, only this data will be signed. Currently, this is only +# done for TCP. +# +# /pattern bad-id / +# /pattern bad-id/ +# +# will add 50 to the message id of the response. + + +use IO::File; +use IO::Socket; +use Data::Dumper; +use Net::DNS; +use Net::DNS::Packet; +use strict; + +# Ignore SIGPIPE so we won't fail if peer closes a TCP socket early +local $SIG{PIPE} = 'IGNORE'; + +# Flush logged output after every line +local $| = 1; + +# We default to listening on 10.53.0.2 for historical reasons +# XXX: we should also be able to specify IPv6 +my $server_addr = "10.53.0.6"; +if (@ARGV > 0) { + $server_addr = @ARGV[0]; +} + +my $mainport = int($ENV{'PORT'}); +if (!$mainport) { $mainport = 5300; } +my $ctrlport = int($ENV{'EXTRAPORT1'}); +if (!$ctrlport) { $ctrlport = 5301; } + +print "listening on $server_addr:$mainport,$ctrlport.\n"; +print "Using Net::DNS $Net::DNS::VERSION\n"; + +# XXX: we should also be able to set the port numbers to listen on. +my $ctlsock = IO::Socket::INET->new(LocalAddr => "$server_addr", + LocalPort => $ctrlport, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; + +my $udpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", + LocalPort => $mainport, Proto => "udp", Reuse => 1) or die "$!"; + +my $tcpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", + LocalPort => $mainport, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; + +my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!"; +print $pidf "$$\n" or die "cannot write pid file: $!"; +$pidf->close or die "cannot close pid file: $!";; +sub rmpid { unlink "ans.pid"; exit 1; }; + +$SIG{INT} = \&rmpid; +$SIG{TERM} = \&rmpid; + +#my @answers = (); +my @rules; +my $udphandler; +my $tcphandler; + +sub handleUDP { + my ($buf) = @_; + my $request; + + if ($Net::DNS::VERSION > 0.68) { + $request = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($request, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } + + my @questions = $request->question; + my $qname = $questions[0]->qname; + my $qtype = $questions[0]->qtype; + my $qclass = $questions[0]->qclass; + my $id = $request->header->id; + + my $packet = new Net::DNS::Packet($qname, $qtype, $qclass); + $packet->header->qr(1); + $packet->header->aa(1); + $packet->header->id($id); + + # get the existing signature if any, and clear the additional section + my $prev_tsig; + while (my $rr = $request->pop("additional")) { + $prev_tsig = $rr if ($rr->type eq "TSIG"); + } + + my $r; + my $answers = 0; + my $match; + my $key_name; + my $key_data; + foreach $r (@rules) { + my $pattern = $r->{pattern}; + ($match, $key_name, $key_data) = split(/ /,$pattern); + print "[handleUDP] $match, $key_name, $key_data\n"; + $match =~ tr/\// /; + if ("$qname $qtype" =~ /$match/) { + my $a; + foreach $a (@{$r->{answer}}) { + my $resp; + $resp = new Net::DNS::RR("$qname $a"); + $packet->push("answer", $resp); + ++$answers; + } + last; + } + } + if ($answers eq 0) { + my $soa; + $soa = new Net::DNS::RR("$qname 300 IN SOA . . 0 0 0 0 0"); + $packet->push("authority", $soa) + } + if (defined($key_name) && defined($key_data)) { + my $tsig; + # Sign the packet + print " Signing the response with " . + "$key_name/$key_data\n"; + + if ($Net::DNS::VERSION < 0.69) { + $tsig = Net::DNS::RR->new( + "$key_name TSIG $key_data"); + } else { + $tsig = Net::DNS::RR->new( + name => $key_name, + type => 'TSIG', + key => $key_data); + } + + # These kluges are necessary because Net::DNS + # doesn't know how to sign responses. We + # clear compnames so that the TSIG key and + # algorithm name won't be compressed, and + # add one to arcount because the signing + # function will attempt to decrement it, + # which is incorrect in a response. Finally + # we set request_mac to the previous digest. + $packet->{"compnames"} = {} + if ($Net::DNS::VERSION < 0.70); + $packet->{"header"}{"arcount"} += 1 + if ($Net::DNS::VERSION < 0.70); + if (defined($prev_tsig)) { + if ($Net::DNS::VERSION < 0.73) { + my $rmac = pack('n H*', + length($prev_tsig->mac)/2, + $prev_tsig->mac); + $tsig->{"request_mac"} = + unpack("H*", $rmac); + } else { + $tsig->request_mac( + $prev_tsig->mac); + } + } + + $packet->sign_tsig($tsig); + } + #$packet->print; + + return $packet->data; +} + +# namelen: +# given a stream of data, reads a DNS-formatted name and returns its +# total length, thus making it possible to skip past it. +sub namelen { + my ($data) = @_; + my $len = 0; + my $label_len = 0; + do { + $label_len = unpack("c", $data); + $data = substr($data, $label_len + 1); + $len += $label_len + 1; + } while ($label_len != 0); + return ($len); +} + +# packetlen: +# given a stream of data, reads a DNS wire-format packet and returns +# its total length, making it possible to skip past it. +sub packetlen { + my ($data) = @_; + my $q; + my $rr; + my $header; + my $offset; + + # + # decode/encode were introduced in Net::DNS 0.68 + # parse is no longer a method and calling it here makes perl croak. + # + my $decode = 0; + $decode = 1 if ($Net::DNS::VERSION >= 0.68); + + if ($decode) { + ($header, $offset) = Net::DNS::Header->decode(\$data); + } else { + ($header, $offset) = Net::DNS::Header->parse(\$data); + } + + for (1 .. $header->qdcount) { + if ($decode) { + ($q, $offset) = + Net::DNS::Question->decode(\$data, $offset); + } else { + ($q, $offset) = + Net::DNS::Question->parse(\$data, $offset); + } + } + for (1 .. $header->ancount) { + if ($decode) { + ($q, $offset) = Net::DNS::RR->decode(\$data, $offset); + } else { + ($q, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + } + for (1 .. $header->nscount) { + if ($decode) { + ($q, $offset) = Net::DNS::RR->decode(\$data, $offset); + } else { + ($q, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + } + for (1 .. $header->arcount) { + if ($decode) { + ($q, $offset) = Net::DNS::RR->decode(\$data, $offset); + } else { + ($q, $offset) = Net::DNS::RR->parse(\$data, $offset); + } + } + return $offset; +} + +# sign_tcp_continuation: +# This is a hack to correct the problem that Net::DNS has no idea how +# to sign multiple-message TCP responses. Several data that are included +# in the digest when signing a query or the first message of a response are +# omitted when signing subsequent messages in a TCP stream. +# +# Net::DNS::Packet->sign_tsig() has the ability to use a custom signing +# function (specified by calling Packet->sign_func()). We use this +# function as the signing function for TCP continuations, and it removes +# the unwanted data from the digest before calling the default sign_hmac +# function. +sub sign_tcp_continuation { + my ($key, $data) = @_; + + # copy out first two bytes: size of the previous MAC + my $rmacsize = unpack("n", $data); + $data = substr($data, 2); + + # copy out previous MAC + my $rmac = substr($data, 0, $rmacsize); + $data = substr($data, $rmacsize); + + # try parsing out the packet information + my $plen = packetlen($data); + my $pdata = substr($data, 0, $plen); + $data = substr($data, $plen); + + # remove the keyname, ttl, class, and algorithm name + $data = substr($data, namelen($data)); + $data = substr($data, 6); + $data = substr($data, namelen($data)); + + # preserve the TSIG data + my $tdata = substr($data, 0, 8); + + # prepare a new digest and sign with it + $data = pack("n", $rmacsize) . $rmac . $pdata . $tdata; + return Net::DNS::RR::TSIG::sign_hmac($key, $data); +} + +sub handleTCP { + my ($buf) = @_; + my $request; + + if ($Net::DNS::VERSION > 0.68) { + $request = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($request, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } + + my @questions = $request->question; + my $qname = $questions[0]->qname; + my $qtype = $questions[0]->qtype; + my $qclass = $questions[0]->qclass; + my $id = $request->header->id; + + my $opaque; + + my $packet = new Net::DNS::Packet($qname, $qtype, $qclass); + $packet->header->qr(1); + $packet->header->aa(1); + $packet->header->id($id); + + # get the existing signature if any, and clear the additional section + my $prev_tsig; + my $signer; + my $continuation = 0; + if ($Net::DNS::VERSION < 0.81) { + while (my $rr = $request->pop("additional")) { + if ($rr->type eq "TSIG") { + $prev_tsig = $rr; + } + } + } + + my @results = (); + my $count_these = 0; + + my $r; + my $answers = 0; + my $match; + my $key_name; + my $key_data; + my $tname; + foreach $r (@rules) { + my $pattern = $r->{pattern}; + my($match, $key_name, $key_data, $tname) = split(/ /,$pattern); + print "[handleTCP] $match, $key_name, $key_data, $tname \n"; + $match =~ tr/\// /; + if ("$qname $qtype" =~ /$match/) { + $count_these++; + my $a; + foreach $a (@{$r->{answer}}) { + my $resp; + $resp = new Net::DNS::RR("$qname $a"); + $packet->push("answer", $resp); + ++$answers; + } + last; + } + } + if ($answers eq 0) { + my $soa; + $soa = new Net::DNS::RR("$qname 300 SOA . . 0 0 0 0 0"); + $packet->push("authority", $soa) + } + if (defined($key_name) && $key_name eq "bad-id") { + $packet->header->id(($id+50)%0xffff); + $key_name = $key_data; + ($key_data, $tname) = split(/ /,$tname) + } + if (defined($key_name) && defined($key_data)) { + my $tsig; + # sign the packet + print " Signing the data with " . + "$key_name/$key_data\n"; + + if ($Net::DNS::VERSION < 0.69) { + $tsig = Net::DNS::RR->new( + "$key_name TSIG $key_data"); + } elsif ($Net::DNS::VERSION >= 0.81 && + $continuation) { + } elsif ($Net::DNS::VERSION >= 0.75 && + $continuation) { + $tsig = $prev_tsig; + } else { + $tsig = Net::DNS::RR->new( + name => $key_name, + type => 'TSIG', + key => $key_data); + } + + # These kluges are necessary because Net::DNS + # doesn't know how to sign responses. We + # clear compnames so that the TSIG key and + # algorithm name won't be compressed, and + # add one to arcount because the signing + # function will attempt to decrement it, + # which is incorrect in a response. Finally + # we set request_mac to the previous digest. + $packet->{"compnames"} = {} + if ($Net::DNS::VERSION < 0.70); + $packet->{"header"}{"arcount"} += 1 + if ($Net::DNS::VERSION < 0.70); + if (defined($prev_tsig)) { + if ($Net::DNS::VERSION < 0.73) { + my $rmac = pack('n H*', + length($prev_tsig->mac)/2, + $prev_tsig->mac); + $tsig->{"request_mac"} = + unpack("H*", $rmac); + } elsif ($Net::DNS::VERSION < 0.81) { + $tsig->request_mac( + $prev_tsig->mac); + } + } + + $tsig->sign_func($signer) if defined($signer); + $tsig->continuation($continuation) if + ($Net::DNS::VERSION >= 0.71 && + $Net::DNS::VERSION <= 0.74 ); + if ($Net::DNS::VERSION < 0.81) { + $packet->sign_tsig($tsig); + } elsif ($continuation) { + $opaque = $packet->sign_tsig($opaque); + } else { + $opaque = $packet->sign_tsig($request); + } + $signer = \&sign_tcp_continuation + if ($Net::DNS::VERSION < 0.70); + $continuation = 1; + + my $copy = + Net::DNS::Packet->new(\($packet->data)); + $prev_tsig = $copy->pop("additional"); + } + + #$packet->print; + push(@results,$packet->data); + if ($tname eq "") { + $tname = $qname; + } + $packet = new Net::DNS::Packet($tname, $qtype, $qclass); + $packet->header->qr(1); + $packet->header->aa(1); + $packet->header->id($id); + print " A total of $count_these patterns matched\n"; + return \@results; +} + +# Main +my $rin; +my $rout; +for (;;) { + $rin = ''; + vec($rin, fileno($ctlsock), 1) = 1; + vec($rin, fileno($tcpsock), 1) = 1; + vec($rin, fileno($udpsock), 1) = 1; + + select($rout = $rin, undef, undef, undef); + + if (vec($rout, fileno($ctlsock), 1)) { + warn "ctl conn"; + my $conn = $ctlsock->accept; + my $rule = (); + @rules = (); + while (my $line = $conn->getline) { + chomp $line; + if ($line =~ m!^/(.*)/$!) { + if (length($1) == 0) { + $udphandler = sub { return; }; + $tcphandler = sub { return; }; + } else { + $udphandler = \&handleUDP; + $tcphandler = \&handleTCP; + $rule = { pattern => $1, answer => [] }; + push(@rules, $rule); + } + } else { + push(@{$rule->{answer}}, $line); + } + } + $conn->close; + #print Dumper(@rules); + #print "+=+=+ $rules[0]->{'pattern'}\n"; + #print "+=+=+ $rules[0]->{'answer'}->[0]->{'rname'}\n"; + #print "+=+=+ $rules[0]->{'answer'}->[0]\n"; + } elsif (vec($rout, fileno($udpsock), 1)) { + printf "UDP request\n"; + my $buf; + $udpsock->recv($buf, 512); + my $result = &$udphandler($buf); + if (defined($result)) { + my $num_chars = $udpsock->send($result); + print " Sent $num_chars bytes via UDP\n"; + } + } elsif (vec($rout, fileno($tcpsock), 1)) { + my $conn = $tcpsock->accept; + my $buf; + for (;;) { + my $lenbuf; + my $n = $conn->sysread($lenbuf, 2); + last unless $n == 2; + my $len = unpack("n", $lenbuf); + $n = $conn->sysread($buf, $len); + last unless $n == $len; + print "TCP request\n"; + my $result = &$tcphandler($buf); + if (defined($result)) { + foreach my $response (@$result) { + $len = length($response); + $n = $conn->syswrite(pack("n", $len), 2); + $n = $conn->syswrite($response, $len); + print " Sent: $n chars via TCP\n"; + } + } + } + $conn->close; + } +} diff --git a/bin/tests/system/forward/ans6/startme b/bin/tests/system/forward/ans6/startme deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/bin/tests/system/forward/clean.sh b/bin/tests/system/forward/clean.sh index 46a8a87cfd..03b3b74f3c 100644 --- a/bin/tests/system/forward/clean.sh +++ b/bin/tests/system/forward/clean.sh @@ -16,3 +16,6 @@ rm -f ./*/named.memstats rm -f ./*/named.run ./*/named.run.prev rm -f ./ns*/named.lock rm -f ./ns*/managed-keys.bind* +rm -f ./ns1/root.db ./ns1/root.db.signed +rm -f ./ns*/trusted.conf +rm -f ./ns1/K* ./ns1/dsset-* diff --git a/bin/tests/system/forward/ns1/named.conf.in b/bin/tests/system/forward/ns1/named.conf.in index ac854fd822..28d1b33785 100644 --- a/bin/tests/system/forward/ns1/named.conf.in +++ b/bin/tests/system/forward/ns1/named.conf.in @@ -23,7 +23,7 @@ options { zone "." { type primary; - file "root.db"; + file "root.db.signed"; }; zone "example1." { diff --git a/bin/tests/system/forward/ns1/root.db b/bin/tests/system/forward/ns1/root.db.in similarity index 95% rename from bin/tests/system/forward/ns1/root.db rename to bin/tests/system/forward/ns1/root.db.in index 23e40bd583..d70bd96e62 100644 --- a/bin/tests/system/forward/ns1/root.db +++ b/bin/tests/system/forward/ns1/root.db.in @@ -29,3 +29,6 @@ ns.example3 A 10.53.0.1 example7 NS ns.example7 ns.example7 A 10.53.0.2 + +tld NS ns.tld +ns.tld A 10.53.0.2 diff --git a/bin/tests/system/forward/ns1/sign.sh b/bin/tests/system/forward/ns1/sign.sh new file mode 100644 index 0000000000..1a2d732018 --- /dev/null +++ b/bin/tests/system/forward/ns1/sign.sh @@ -0,0 +1,32 @@ +#!/bin/sh -e +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# shellcheck source=conf.sh +. ../../conf.sh + +set -e + +zone=. +infile=root.db.in +zonefile=root.db + +echo_i "ns1/sign.sh" + +ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") + +cat "$infile" "$ksk.key" "$zsk.key" > "$zonefile" + +"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 + +# Configure the resolving server with a static key. +keyfile_to_static_ds "$ksk" > trusted.conf +cp trusted.conf ../ns3/trusted.conf diff --git a/bin/tests/system/forward/ns3/named.conf.in b/bin/tests/system/forward/ns3/named1.conf.in similarity index 86% rename from bin/tests/system/forward/ns3/named.conf.in rename to bin/tests/system/forward/ns3/named1.conf.in index f6022135eb..326befd99b 100644 --- a/bin/tests/system/forward/ns3/named.conf.in +++ b/bin/tests/system/forward/ns3/named1.conf.in @@ -22,6 +22,15 @@ options { dnssec-validation yes; }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + zone "." { type hint; file "root.db"; diff --git a/bin/tests/system/forward/ns3/named2.conf.in b/bin/tests/system/forward/ns3/named2.conf.in new file mode 100644 index 0000000000..cf45ea62a9 --- /dev/null +++ b/bin/tests/system/forward/ns3/named2.conf.in @@ -0,0 +1,38 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + forwarders { 10.53.0.6; }; + dnssec-validation yes; +}; + +include "trusted.conf"; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { + type hint; + file "root.db"; +}; diff --git a/bin/tests/system/forward/setup.sh b/bin/tests/system/forward/setup.sh index 45f8cc9775..b0e20259a4 100644 --- a/bin/tests/system/forward/setup.sh +++ b/bin/tests/system/forward/setup.sh @@ -14,8 +14,13 @@ $SHELL clean.sh copy_setports ns1/named.conf.in ns1/named.conf copy_setports ns2/named.conf.in ns2/named.conf -copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns3/named1.conf.in ns3/named.conf copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns5/named.conf.in ns5/named.conf copy_setports ns7/named.conf.in ns7/named.conf copy_setports ns8/named.conf.in ns8/named.conf + +( + cd ns1 + $SHELL sign.sh +) diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh index 74c4eba217..86e37a621b 100644 --- a/bin/tests/system/forward/tests.sh +++ b/bin/tests/system/forward/tests.sh @@ -18,6 +18,10 @@ sendcmd() ( send 10.53.0.6 "$EXTRAPORT1" ) +rndccmd() { + "$RNDC" -c ../common/rndc.conf -p "$CONTROLPORT" -s "$@" +} + root=10.53.0.1 hidden=10.53.0.2 f1=10.53.0.3 @@ -229,6 +233,24 @@ grep "status: SERVFAIL" dig.out.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) +n=$((n+1)) +echo_i "checking switch from forwarding to normal resolution while chasing DS ($n)" +ret=0 +copy_setports ns3/named2.conf.in ns3/named.conf +rndccmd 10.53.0.3 reconfig 2>&1 | sed 's/^/ns3 /' | cat_i +sleep 1 +sendcmd << EOF +/ns1.sld.tld/A/ +300 A 10.53.0.2 +/sld.tld/NS/ +300 NS ns1.sld.tld. +/sld.tld/ +EOF +nextpart ns3/named.run >/dev/null +dig_with_opts @$f1 xxx.yyy.sld.tld ds > dig.out.$n.f1 || ret=1 +grep "status: SERVFAIL" dig.out.$n.f1 > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/util/copyrights b/util/copyrights index 42c5221150..663e53a7df 100644 --- a/util/copyrights +++ b/util/copyrights @@ -444,9 +444,10 @@ ./bin/tests/system/formerr/setup.sh SH 2018,2019,2020 ./bin/tests/system/formerr/tests.sh SH 2013,2015,2016,2018,2019,2020 ./bin/tests/system/formerr/twoquestions X 2013,2018,2019,2020 -./bin/tests/system/forward/ans6/startme X 2019,2020 +./bin/tests/system/forward/ans6/ans.pl PERL 2020 ./bin/tests/system/forward/clean.sh SH 2000,2001,2004,2007,2012,2014,2015,2016,2018,2019,2020 ./bin/tests/system/forward/ns1/example.db X 2000,2001,2018,2019 +./bin/tests/system/forward/ns1/sign.sh SH 2020 ./bin/tests/system/forward/ns2/example.db X 2000,2001,2018,2019 ./bin/tests/system/forward/setup.sh SH 2018,2019,2020 ./bin/tests/system/forward/tests.sh SH 2000,2001,2004,2007,2011,2012,2013,2014,2016,2018,2019,2020