Added tests

contrib/dnssec/checkds.py

@@ -86,7 +86,7 @@ class DLVRR:
     digest=''
     ttl=0
 
-    def __init__(self, rrtext, dlvname = 'dlv.isc.org'):
+    def __init__(self, rrtext, dlvname):
         if not rrtext:
             return
 
@@ -106,7 +106,7 @@ class DLVRR:
             raise Exception
         parent.reverse()
         self.parent = '.'.join(parent)
-        self.rrname = self.parent + '.' + self.dlvname
+        self.rrname = self.parent + '.' + self.dlvname + '.'
         
         fields = fields[1:]
         if fields[0].upper() in ['IN','CH','HS']:
@@ -143,7 +143,7 @@ class DLVRR:
 ############################################################################
 def checkds(zone, masterfile = None):
     dslist=[]
-    fp=os.popen("/usr/local/bin/dig +noall +answer -t ds " + zone)
+    fp=os.popen("%s +noall +answer -t ds %s" % (args.dig, zone))
     for line in fp:
         dslist.append(DSRR(line))
     dslist = sorted(dslist, key=lambda ds: (ds.keyid, ds.keyalg, ds.hashalg))
@@ -152,11 +152,11 @@ def checkds(zone, masterfile = None):
     dsklist=[]
 
     if masterfile:
-        fp = os.popen("/usr/local/sbin/dnssec-dsfromkey -f %s %s " %
-                      (masterfile, zone))
+        fp = os.popen("%s -f %s %s " %
+                      (args.dsfromkey, masterfile, zone))
     else:
-        fp = os.popen("/usr/local/bin/dig +noall +answer -t dnskey " + zone +
-                      " | /usr/local/sbin/dnssec-dsfromkey -f - " + zone)
+        fp = os.popen("%s +noall +answer -t dnskey %s | %s -f - %s" %
+                      (args.dig, zone, args.dsfromkey, zone))
 
     for line in fp:
         dsklist.append(DSRR(line))
@@ -185,10 +185,10 @@ def checkds(zone, masterfile = None):
 ############################################################################
 def checkdlv(zone, lookaside, masterfile = None):
     dlvlist=[]
-    fp=os.popen("/usr/local/bin/dig +noall +answer -t dlv " +
-                zone + '.' + lookaside)
+    fp=os.popen("%s +noall +answer -t dlv %s.%s" %
+                (args.dig, zone, lookaside))
     for line in fp:
-        dlvlist.append(DLVRR(line))
+        dlvlist.append(DLVRR(line, lookaside))
     dlvlist = sorted(dlvlist,
                      key=lambda dlv: (dlv.keyid, dlv.keyalg, dlv.hashalg))
     fp.close()
@@ -198,15 +198,14 @@ def checkdlv(zone, lookaside, masterfile = None):
     #
     dlvklist=[]
     if masterfile:
-        fp = os.popen("/usr/local/sbin/dnssec-dsfromkey -f %s -l %s %s " %
-                      (masterfile, lookaside, zone))
+        fp = os.popen("%s -f %s -l %s %s " %
+                      (args.dsfromkey, masterfile, lookaside, zone))
     else:
-        fp = os.popen("/usr/local/bin/dig +noall +answer -t dnskey %s "
-                      " | /usr/local/sbin/dnssec-dsfromkey -f - -l %s %s"
-                      % (zone, lookaside, zone))
+        fp = os.popen("%s +noall +answer -t dnskey %s | %s -f - -l %s %s"
+                      % (args.dig, zone, args.dsfromkey, lookaside, zone))
 
     for line in fp:
-        dlvklist.append(DLVRR(line))
+        dlvklist.append(DLVRR(line, lookaside))
 
     fp.close()
 
@@ -237,6 +236,12 @@ def parse_args():
                         help='zone master file')
     parser.add_argument('-l', '--lookaside', dest='lookaside', type=str,
                         help='DLV lookaside zone')
+    parser.add_argument('-d', '--dig', dest='dig',
+                        default='/usr/local/bin/dig', type=str,
+                        help='path to \'dig\'')
+    parser.add_argument('-D', '--dsfromkey', dest='dsfromkey',
+                        default='/usr/local/sbin/dnssec-dsfromkey', type=str,
+                        help='path to \'dig\'')
     parser.add_argument('-v', '--version', action='version', version='9.9.1')
     args = parser.parse_args()
 

contrib/dnssec/tests/clean.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+rm -f checkds.*

contrib/dnssec/tests/dig.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+############################################################################
+# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+############################################################################
+
+while [ "$#" != 0 ]; do
+    case $1 in
+    +*) shift ;;
+    -t) shift ;;
+    DS|ds) ext=ds ; shift ;;
+    DLV|dlv) ext=dlv ; shift ;;
+    DNSKEY|dnskey) ext=dnskey ; shift ;;
+    *) file=$1 ; shift ;;
+    esac
+done
+
+cat ${file}.${ext}.db

contrib/dnssec/tests/missing.example.dlv.example.dlv.db

@@ -0,0 +1,2 @@
+missing.example.dlv.example.	3600	IN	DLV	12892 5 1 9D4CD60491D372207FA584D2EE460CC51D7FF8A7
+missing.example.dlv.example.	3600	IN	DLV	12892 5 2 EF59E5C70BC4153B7DB4C11F9C36B729577DA71474E0A5C9B8875173 6E583200

contrib/dnssec/tests/missing.example.dnskey.db

@@ -0,0 +1,3 @@
+missing.example.	3600	IN	DNSKEY 257 3 5 AwEAAc6Cz10GXEh5lxA9ujTY/QarTajcUOBwwBYIeldjRsgoouK/UioY FYgxEFL0O5JK6YCRUoGzl3EgLr5GvNyhIp1PZpOpHf7o/4MVOZTGJzm/ sHWP5B+KcYjQOxJiDb433iCmRM4DpHPUUoxw0QbZglzAzl5MfKBoyZud lH59DdT/50bkBg8iVu35EzuW0SYt31k70hxHBSb2wAGWeqxEPKJ1nQiI UcrWNDeem7byrqjPN9wyZhq0XkQ9qbcYxAkRNd8Y7P0FyR1YKJMc6SWZ Ru7muvxqTHgCtJVgxVz4qndCFKdYidiDeKe2/X/z5gf7pyYl3549O8JR tWdNKqutppk=
+missing.example.	3600	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjG rhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA +u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy 347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQ zBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysy LKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/b ByBNsO70aEFTd
+missing.example.	3600	IN	DNSKEY	256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0=

contrib/dnssec/tests/missing.example.ds.db

@@ -0,0 +1,2 @@
+missing.example.	3600	IN	DS	12892 5 2 EF59E5C70BC4153B7DB4C11F9C36B729577DA71474E0A5C9B8875173 6E583200
+missing.example.	3600	IN	DS	12892 5 1 9D4CD60491D372207FA584D2EE460CC51D7FF8A7

contrib/dnssec/tests/none.example.dnskey.db

@@ -0,0 +1,3 @@
+none.example.	3600	IN	DNSKEY 257 3 5 AwEAAc6Cz10GXEh5lxA9ujTY/QarTajcUOBwwBYIeldjRsgoouK/UioY FYgxEFL0O5JK6YCRUoGzl3EgLr5GvNyhIp1PZpOpHf7o/4MVOZTGJzm/ sHWP5B+KcYjQOxJiDb433iCmRM4DpHPUUoxw0QbZglzAzl5MfKBoyZud lH59DdT/50bkBg8iVu35EzuW0SYt31k70hxHBSb2wAGWeqxEPKJ1nQiI UcrWNDeem7byrqjPN9wyZhq0XkQ9qbcYxAkRNd8Y7P0FyR1YKJMc6SWZ Ru7muvxqTHgCtJVgxVz4qndCFKdYidiDeKe2/X/z5gf7pyYl3549O8JR tWdNKqutppk=
+none.example.	3600	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjG rhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA +u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy 347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQ zBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysy LKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/b ByBNsO70aEFTd
+none.example.	3600	IN	DNSKEY	256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0=

contrib/dnssec/tests/ok.example.dlv.example.dlv.db

@@ -0,0 +1,2 @@
+ok.example.dlv.example.	3600	IN	DLV	12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390
+ok.example.dlv.example.	3600	IN	DLV	12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13

contrib/dnssec/tests/ok.example.dnskey.db

@@ -0,0 +1,2 @@
+ok.example.	625	IN	DNSKEY	257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd
+ok.example.	625	IN	DNSKEY	256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0=

contrib/dnssec/tests/ok.example.ds.db

@@ -0,0 +1,2 @@
+ok.example.	3600	IN	DS	12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13
+ok.example.	3600	IN	DS	12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390

contrib/dnssec/tests/tests.sh

@@ -0,0 +1,172 @@
+#!/bin/sh
+# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+
+DIG="./dig.sh"
+chmod +x $DIG
+
+CHECKDS="python ../checkds.py -d $DIG"
+
+status=0
+n=1
+
+echo "I:checking for correct DS, looking up key via 'dig' ($n)"
+ret=0
+$CHECKDS ok.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for correct DS, obtaining key from file ($n)"
+ret=0
+$CHECKDS -f ok.example.dnskey.db ok.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for correct DLV, looking up key via 'dig' ($n)"
+ret=0
+$CHECKDS -l dlv.example ok.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for correct DLV, obtaining key from file ($n)"
+ret=0
+$CHECKDS -l dlv.example -f ok.example.dnskey.db ok.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for incorrect DS, lowronging up key via 'dig' ($n)"
+ret=0
+$CHECKDS wrong.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for incorrect DS, obtaining key from file ($n)"
+ret=0
+$CHECKDS -f wrong.example.dnskey.db wrong.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for incorrect DLV, lowronging up key via 'dig' ($n)"
+ret=0
+$CHECKDS -l dlv.example wrong.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for incorrect DLV, obtaining key from file ($n)"
+ret=0
+$CHECKDS -l dlv.example -f wrong.example.dnskey.db wrong.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+
+echo "I:checking for partially missing DS, looking up key via 'dig' ($n)"
+ret=0
+$CHECKDS missing.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'DS missing' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for partially missing DS, obtaining key from file ($n)"
+ret=0
+$CHECKDS -f missing.example.dnskey.db missing.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'DS missing' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for partially missing DLV, looking up key via 'dig' ($n)"
+ret=0
+$CHECKDS -l dlv.example missing.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'DS missing' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for partially missing DLV, obtaining key from file ($n)"
+ret=0
+$CHECKDS -l dlv.example -f missing.example.dnskey.db missing.example > checkds.out.$n || ret=1
+grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1
+grep 'DS missing' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for entirely missing DS, looking up key via 'dig' ($n)"
+ret=0
+$CHECKDS none.example > checkds.out.$n && ret=1
+grep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for entirely missing DS, obtaining key from file ($n)"
+ret=0
+$CHECKDS -f none.example.dnskey.db none.example > checkds.out.$n && ret=1
+grep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for entirely missing DLV, looking up key via 'dig' ($n)"
+ret=0
+$CHECKDS -l dlv.example none.example > checkds.out.$n && ret=1
+grep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking for entirely missing DLV, obtaining key from file ($n)"
+ret=0
+$CHECKDS -l dlv.example -f none.example.dnskey.db none.example > checkds.out.$n && ret=1
+grep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+if [ $status = 0 ]; then sh clean.sh; fi
+echo "I:exit status: $status"
+exit $status

contrib/dnssec/tests/wrong.example.dlv.example.dlv.db

@@ -0,0 +1,2 @@
+wrong.example.dlv.example.	3600	IN	DLV 1192 5 1 684BB5119673C9272A0A7582AF8576561B5D80EC
+wrong.example.dlv.example.	3600	IN	DLV 1192 5 2 14E4A873360E512CD2E8C2C331C4472F5EDAB0736669901F4D42E976 3D7B1F5C

contrib/dnssec/tests/wrong.example.dnskey.db

@@ -0,0 +1,2 @@
+wrong.example.                3600    IN      DNSKEY 257 3 5 AwEAAc6Cz10GXEh5lxA9ujTY/QarTajcUOBwwBYIeldjRsgoouK/UioY FYgxEFL0O5JK6YCRUoGzl3EgLr5GvNyhIp1PZpOpHf7o/4MVOZTGJzm/ sHWP5B+KcYjQOxJiDb433iCmRM4DpHPUUoxw0QbZglzAzl5MfKBoyZud lH59DdT/50bkBg8iVu35EzuW0SYt31k70hxHBSb2wAGWeqxEPKJ1nQiI UcrWNDeem7byrqjPN9wyZhq0XkQ9qbcYxAkRNd8Y7P0FyR1YKJMc6SWZ Ru7muvxqTHgCtJVgxVz4qndCFKdYidiDeKe2/X/z5gf7pyYl3549O8JR tWdNKqutppk=
+wrong.example.		        3600	IN	DNSKEY	256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0=

contrib/dnssec/tests/wrong.example.ds.db

@@ -0,0 +1,2 @@
+wrong.example.	3600	IN	DS 1192 5 1 684BB5119673C9272A0A7582AF8576561B5D80EC
+wrong.example.	3600	IN	DS 1192 5 2 14E4A873360E512CD2E8C2C331C4472F5EDAB0736669901F4D42E976 3D7B1F5C