Obsolete dnssec-update-mode

We no longer support 'no-resign' and thus the configuration option becomes obsolete. Remove the corresponding dnssec system test cases.
2023-07-11 16:49:45 +02:00
parent 3bcb096a0e
commit 042c89ac69
17 changed files with 14 additions and 132 deletions
--- a/bin/tests/system/dnssec/ns3/named.conf.in
+++ b/bin/tests/system/dnssec/ns3/named.conf.in
@@ -301,13 +301,6 @@ zone "expiring.example" {
 	file "expiring.example.db.signed";
 };

-zone "nosign.example" {
-	type primary;
-	allow-update { any; };
-	dnssec-update-mode no-resign;
-	file "nosign.example.db.signed";
-};
-
 zone "upper.example" {
 	type primary;
 	file "upper.example.db.signed";
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -545,23 +545,6 @@ zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone"
 cp "$infile" "$zonefile"
 "$SIGNER" -P -S -o "$zone" "$zonefile" > /dev/null

-#
-# Zone with signatures about to expire, and dynamic, but configured
-# not to resign with 'auto-resign no;'
-#
-zone="nosign.example."
-infile="nosign.example.db.in"
-zonefile="nosign.example.db"
-signedfile="nosign.example.db.signed"
-kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
-zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
-cp "$infile" "$zonefile"
-"$SIGNER" -S -e "now+1mi" -o "$zone" "$zonefile" > /dev/null
-# preserve a normalized copy of the NS RRSIG for comparison later
-$CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
-        awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \
-        sed 's/[ 	][ 	]*/ /g'> ../nosign.before
-
 #
 # An inline signing zone
 #