ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Add multisigner system test

Browse Source 
Add a new system test to test multisigner model use cases. This
initial test just tests a small part of the model 2, and uses two
providers for the same zone, ns3 and ns4, each with their own unique
key set. This commit tests that each provider can import their ZSK
of the other provider into their DNSKEY RRset, using dynamic update.

Both providers use dnssec-policy, ns3 applies the DNSSEC records
directly, while ns4 uses inline-signing.
This commit is contained in:
Matthijs Mekking
2022-10-04 15:42:03 +02:00
parent b92d33a849
commit 4e18991fed
12 changed files with 423 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
bin/tests/system/multisigner/kasp.conf Normal file
View File

@@ -0,0 +1,19 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
dnssec-policy "model2" {
keys {
ksk lifetime unlimited algorithm ecdsap256sha256;
zsk lifetime unlimited algorithm ecdsap256sha256;
};
};