diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in index 6378c9f8c1..ada6cdef3a 100644 --- a/bin/tests/system/dnssec/ns2/example.db.in +++ b/bin/tests/system/dnssec/ns2/example.db.in @@ -13,7 +13,7 @@ ; NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION ; WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -; $Id: example.db.in,v 1.8 2001/02/20 18:33:50 bwelling Exp $ +; $Id: example.db.in,v 1.9 2001/09/19 21:19:50 gson Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( @@ -64,3 +64,6 @@ bogus NS ns.bogus ns.bogus A 10.53.0.3 z A 10.0.0.26 + +keyless NS ns.keyless +ns.keyless A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/keyless.example.db.in b/bin/tests/system/dnssec/ns3/keyless.example.db.in new file mode 100644 index 0000000000..bd8ddc4957 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/keyless.example.db.in @@ -0,0 +1,29 @@ +; Copyright (C) 2000, 2001 Internet Software Consortium. +; +; Permission to use, copy, modify, and distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM +; DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL +; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL +; INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING +; FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, +; NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION +; WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +; $Id: keyless.example.db.in,v 1.1 2001/09/19 21:19:51 gson Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a.b A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/named.conf b/bin/tests/system/dnssec/ns3/named.conf index 284d3fdc1a..cc29500d1e 100644 --- a/bin/tests/system/dnssec/ns3/named.conf +++ b/bin/tests/system/dnssec/ns3/named.conf @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.18 2001/01/11 20:41:34 gson Exp $ */ +/* $Id: named.conf,v 1.19 2001/09/19 21:19:51 gson Exp $ */ // NS3 @@ -60,5 +60,9 @@ zone "insecure.example" { allow-update { any; }; }; +zone "keyless.example" { + type master; + file "keyless.example.db.signed"; +}; include "trusted.conf"; diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index cb742dc898..538da201a9 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -15,7 +15,7 @@ # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.13 2001/09/17 17:47:20 bwelling Exp $ +# $Id: sign.sh,v 1.14 2001/09/19 21:19:52 gson Exp $ RANDFILE=../random.data @@ -42,3 +42,22 @@ $KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null cat $infile $keyname.key >$zonefile $SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +zone=keyless.example. +infile=keyless.example.db.in +zonefile=keyless.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone` + +$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# Change the signer field of the a.b.keyless.example SIG A +# to point to a provably nonexistent KEY record. +mv $zonefile.signed $zonefile.tmp +<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/ + if /^a.b.keyless.example/../NXT/;' >$zonefile.signed +rm -f $zonefile.tmp diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index b37c9d658e..62ac3922be 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -15,7 +15,7 @@ # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.34 2001/09/19 20:47:02 gson Exp $ +# $Id: tests.sh,v 1.35 2001/09/19 21:19:48 gson Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -113,6 +113,14 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking that validation fails when key record is missing ($n)" +ret=0 +$DIG $DIGOPTS a.b.keyless.example. a @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + # Check the insecure.secure.example domain (insecurity proof) echo "I:checking 2-server insecurity proof ($n)"