[master] 5011 tests and fixes
4056. [bug] Expanded automatic testing of trust anchor management and fixed several small bugs including a memory leak and a possible loss of key state information. [RT #38458] 4055. [func] "rndc managed-keys" can be used to check status of trust anchors or to force keys to be refreshed, Also, the managed keys data file has easier-to-read comments. [RT #38458]
This commit is contained in:
Evan Hunt
26
bin/tests/system/mkeys/README
Normal file
26
bin/tests/system/mkeys/README
Normal file
@@ -0,0 +1,26 @@
|
||||
This is for testing managed-keys, in particular with problems
|
||||
with RFC 5011 Automated Updates of DNSSEC Trust Anchors.
|
||||
|
||||
ns1 is the root server that offers new KSKs and hosts one record for
|
||||
testing. The TTL for the zone's records is 2 seconds.
|
||||
|
||||
ns2 is a validator uses managed-keys.
|
||||
"named -T rfc5011holddown=4" switch is used so it will attempt to do
|
||||
the automated updates frequently.
|
||||
|
||||
ns3 is a validator with a broken key in managed-keys.
|
||||
|
||||
Tests TODO:
|
||||
|
||||
- initial working KSK
|
||||
|
||||
TODO: test using delv with new trusted key too
|
||||
|
||||
- introduce a REVOKE bit
|
||||
|
||||
- later remove a signature
|
||||
|
||||
- corrupt a signature
|
||||
|
||||
TODO: also same things with dlv auto updates of trust anchor
|
||||
|
||||
Reference in New Issue
Block a user