added system tests

2000-05-15 22:53:15 +00:00
parent 43383a70d3
commit 0e9dcd5480
35 changed files with 814 additions and 0 deletions
--- a/bin/tests/system/dnssec/ns1/named.conf
+++ b/bin/tests/system/dnssec/ns1/named.conf
@@ -0,0 +1,12 @@
+options {
+	directory ".";
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};
--- a/bin/tests/system/dnssec/ns1/root.db
+++ b/bin/tests/system/dnssec/ns1/root.db
@@ -0,0 +1,13 @@
+$TTL 300
+. 			IN SOA	gson.nominum.com. a.root.servers.nil. (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry 
+				1200    	; expire
+				600       	; minimum
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+example.		NS	ns2.example.
+ns2.example.		A	10.53.0.2
--- a/bin/tests/system/dnssec/ns2/example.db.in
+++ b/bin/tests/system/dnssec/ns2/example.db.in
@@ -0,0 +1,24 @@
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns2
+ns2			A	10.53.0.2
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+
+; A secure subdomain
+secure			NS	ns.secure
+ns.secure		A	10.53.0.3
+
+; An insecure subdomain
+insecure		NS	ns.secure
+ns.insecure		A	10.53.0.3
+
+z			A	10.0.0.26
--- a/bin/tests/system/dnssec/ns2/named.conf
+++ b/bin/tests/system/dnssec/ns2/named.conf
@@ -0,0 +1,18 @@
+options {
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "example" {
+	type master;
+	file "example.db.signed";
+	allow-update { any; };
+};
+
--- a/bin/tests/system/dnssec/ns2/root.hint
+++ b/bin/tests/system/dnssec/ns2/root.hint
@@ -0,0 +1,3 @@
+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+zone=example.
+infile=example.db.in
+zonefile=example.db
+
+keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
+
+tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
+
+echo "key=$keyname, tag=$tag"
+
+# Have the child generate a zone key and pass it to us,
+# sign it, and pass it back
+
+( cd ../ns3 && sh sign.sh )
+cp ../ns3/secure.example.keyset .
+/local/bind9/bin/tests/keysigner -v 9 secure.example.keyset example./$tag/001
+# This will leave two copies of the child's zone key in the signed db file;
+# that shouldn't cause any problems.
+cat secure.example.signedkey >>../ns3/secure.example.db.signed
+
+pubkeyfile="$keyname.key"
+
+$KEYSETTOOL $zone $tag/001
+
+cat $infile $pubkeyfile >$zonefile
+
+$SIGNER -v 1 -o $zone $zonefile
+
+# Configure the resolving server with a trusted key.
+
+cat $pubkeyfile | perl -n -e '
+my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+my $key = join("", @rest);
+print <<EOF
+trusted-keys {
+    "$dn" $flags $proto $alg "$key";
+};
+EOF
+' >../ns4/trusted.conf
+
--- a/bin/tests/system/dnssec/ns3/insecure.example.db
+++ b/bin/tests/system/dnssec/ns3/insecure.example.db
@@ -0,0 +1,15 @@
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns
+ns			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+z			A	10.0.0.26
--- a/bin/tests/system/dnssec/ns3/named.conf
+++ b/bin/tests/system/dnssec/ns3/named.conf
@@ -0,0 +1,24 @@
+options {
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	recursion no;
+	notify yes;
+};
+
+zone "." {
+	type hint;
+	file "root.hint";
+};
+
+zone "secure.example" {
+	type master;
+	file "secure.example.db.signed";
+	allow-update { any; };
+};
+
+zone "insecure.example" {
+	type master;
+	file "insecure.example.db";
+	allow-update { any; };
+};
+
--- a/bin/tests/system/dnssec/ns3/root.hint
+++ b/bin/tests/system/dnssec/ns3/root.hint
@@ -0,0 +1,3 @@
+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1
--- a/bin/tests/system/dnssec/ns3/secure.example.db.in
+++ b/bin/tests/system/dnssec/ns3/secure.example.db.in
@@ -0,0 +1,15 @@
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns
+ns			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+z			A	10.0.0.26
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+zone=secure.example.
+infile=secure.example.db.in
+zonefile=secure.example.db
+
+rm -f K$zone*.key
+rm -f K$zone*.private
+rm -f $zone*.keyset
+
+keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
+
+tag=`echo $keykname | sed -n 's/^.*\+\([0-9][0-9]*\)$/\1/p'`
+
+echo "key=$keyname, tag=$tag"
+
+pubkeyfile="$keyname.key"
+
+$KEYSETTOOL $zone $tag/001
+
+cat $infile $pubkeyfile >$zonefile
+
+$SIGNER -v 1 -o $zone $zonefile
+
--- a/bin/tests/system/dnssec/setup.sh
+++ b/bin/tests/system/dnssec/setup.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+cd ns2 && sh sign.sh
+
+if [ $# -gt 0 ]
+then
+   case $1 in
+	--badsig)
+	   echo "injecting bogus data to force signature checking to fail..." >&2
+	   echo "a.secure.example.	A	10.0.0.22" >>../ns3/secure.example.db.signed
+	;;
+	
+	*)
+	    echo "unknown option $1" >&2; exit 1
+	;;
+    esac
+fi