Make 'parent-registration-delay' obsolete

With the introduction of 'checkds', the 'parent-registration-delay' option becomes obsolete. (cherry picked from commit a25f49f153)
2020-07-31 09:58:59 +02:00
parent 0475646ebb
commit 4892006a92
21 changed files with 15 additions and 86 deletions
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@@ -3959,12 +3959,12 @@ check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"

 # The KSK is immediately published and activated.
 # -P     : now-3900s
-# -P sync: now-24h
+# -P sync: now-3h
 # -A     : now-3900s
 created=$(key_get KEY1 CREATED)
 set_addkeytime "KEY1" "PUBLISHED"   "${created}" -3900
 set_addkeytime "KEY1" "ACTIVE"      "${created}" -3900
-set_addkeytime "KEY1" "SYNCPUBLISH" "${created}" -86400
+set_addkeytime "KEY1" "SYNCPUBLISH" "${created}" -10800
 # The ZSK is immediately published and activated.
 # -P: now-12h
 # -A: now-12h
@@ -4022,12 +4022,12 @@ check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"

 # The KSK is immediately published and activated.
 # -P     : now-3900s
-# -P sync: now-24h
+# -P sync: now-3h
 # -A     : now-3900s
 created=$(key_get KEY1 CREATED)
 set_addkeytime "KEY1" "PUBLISHED"   "${created}" -3900
 set_addkeytime "KEY1" "ACTIVE"      "${created}" -3900
-set_addkeytime "KEY1" "SYNCPUBLISH" "${created}" -86400
+set_addkeytime "KEY1" "SYNCPUBLISH" "${created}" -10800
 # The ZSK is immediately published and activated.
 # -P: now-12h
 # -A: now-12h
@@ -4178,7 +4178,7 @@ check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"

 # KSK must be retired since it no longer matches the policy.
 # -P     : now-3900s
-# -P sync: now-24h
+# -P sync: now-3h
 # -A     : now-3900s
 # The key is removed after the retire interval:
 # IretKSK = TTLds + DprpP + retire_safety.
@@ -4190,7 +4190,7 @@ IretKSK=14400
 created=$(key_get KEY1 CREATED)
 set_addkeytime "KEY1" "PUBLISHED"   "${created}" -3900
 set_addkeytime "KEY1" "ACTIVE"      "${created}" -3900
-set_addkeytime "KEY1" "SYNCPUBLISH" "${created}" -86400
+set_addkeytime "KEY1" "SYNCPUBLISH" "${created}" -10800
 keyfile=$(key_get KEY1 BASEFILE)
 grep "; Inactive:" "${keyfile}.key" > retired.test${n}.ksk
 retired=$(awk '{print $3}' < retired.test${n}.ksk)
@@ -4295,7 +4295,7 @@ check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"

 # KSK must be retired since it no longer matches the policy.
 # -P     : now-3900s
-# -P sync: now-24h
+# -P sync: now-3h
 # -A     : now-3900s
 # The key is removed after the retire interval:
 # IretKSK = TTLds + DprpP + retire_safety.
@@ -4307,7 +4307,7 @@ IretKSK=14400
 created=$(key_get KEY1 CREATED)
 set_addkeytime "KEY1" "PUBLISHED"   "${created}" -3900
 set_addkeytime "KEY1" "ACTIVE"      "${created}" -3900
-set_addkeytime "KEY1" "SYNCPUBLISH" "${created}" -86400
+set_addkeytime "KEY1" "SYNCPUBLISH" "${created}" -10800
 keyfile=$(key_get KEY1 BASEFILE)
 grep "; Inactive:" "${keyfile}.key" > retired.test${n}.ksk
 retired=$(awk '{print $3}' < retired.test${n}.ksk)