ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Refactor findzonekeys

Browse Source 
Move dns_dnssec_findzonekeys from the dnssec.{c,h} source code to
zone.{c,h} (the header file already commented that this should be done
inside dns_zone_t).

Alter the function in such a way, that keys are searched for in the
key stores if a 'dnssec-policy' (kasp) is attached to the zone,
otherwise keep using the zone's key-directory.
This commit is contained in:
Matthijs Mekking
2023-06-20 15:44:17 +02:00
parent b0f14a604d
commit 18b566ccea
8 changed files with 268 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bin/tests/system/multisigner/tests.sh
View File

@@ -147,7 +147,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "make sure we did not try to sign with the keys added with nsupdate for zone ${ZONE} ($n)"
ret=0
grep "dns_dnssec_findzonekeys: error reading ./K${ZONE}.*\.private: file not found" "${DIR}/named.run" && ret=1
grep "dns_zone_findkeys: error reading ./K${ZONE}.*\.private: file not found" "${DIR}/named.run" && ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))
# Verify again.
@@ -176,7 +176,7 @@ status=$((status + ret))
n=$((n + 1))
echo_i "make sure we did not try to sign with the keys added with nsupdate for zone ${ZONE} ($n)"
ret=0
grep "dns_dnssec_findzonekeys: error reading ./K${ZONE}.*\.private: file not found" "${DIR}/named.run" && ret=1
grep "dns_zone_findkeys: error reading ./K${ZONE}.*\.private: file not found" "${DIR}/named.run" && ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))
# Verify again.
@@ -521,7 +521,7 @@ test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))
dnssec_verify
no_dnssec_in_journal
grep "dns_dnssec_findzonekeys: error reading ./K${ZONE}.*\.private: file not found" "${DIR}/named.run" && ret=1
grep "dns_zone_findkeys: error reading ./K${ZONE}.*\.private: file not found" "${DIR}/named.run" && ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))
# NS4
@@ -534,7 +534,7 @@ test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))
dnssec_verify
no_dnssec_in_journal
grep "dns_dnssec_findzonekeys: error reading ./K${ZONE}.*\.private: file not found" "${DIR}/named.run" && ret=1
grep "dns_zone_findkeys: error reading ./K${ZONE}.*\.private: file not found" "${DIR}/named.run" && ret=1
test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret))