Move dnssec-policy to kasp-fips.conf.in

All dnssec-policy configurations are here, so why not this one? (cherry picked from commit 93326e3e18)
2024-06-24 10:01:37 +02:00
parent 381d6246d6
commit 6c0380db8a
3 changed files with 6 additions and 12 deletions
--- a/bin/tests/system/kasp/ns6/named.conf.in
+++ b/bin/tests/system/kasp/ns6/named.conf.in
@@ -89,12 +89,6 @@ zone "step1.csk-algorithm-roll.kasp" {
 	dnssec-policy "csk-algoroll";
 };

-dnssec-policy "modified" {
-	keys {
-		csk lifetime unlimited algorithm rsasha256 2048;
-	};
-};
-
 zone example {
 	type primary;
 	file "example.db";
--- a/bin/tests/system/kasp/ns6/named2.conf.in
+++ b/bin/tests/system/kasp/ns6/named2.conf.in
@@ -177,12 +177,6 @@ zone "step6.csk-algorithm-roll.kasp" {
 	dnssec-policy "csk-algoroll";
 };

-dnssec-policy "modified" {
-	keys {
-		csk lifetime unlimited algorithm rsasha256 2048;
-	};
-};
-
 zone example {
 	type primary;
 	file "example.db";
--- a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
+++ b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
@@ -24,6 +24,12 @@ dnssec-policy "nsec3" {
 	nsec3param iterations 0 optout no salt-length 0;
 };

+dnssec-policy "modified" {
+	keys {
+		csk lifetime unlimited algorithm rsasha256 2048;
+	};
+};
+
 dnssec-policy "rsasha256" {
 	signatures-refresh P5D;
 	signatures-validity 30d;