ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Generate test zone with multiple NSEC and NSEC3 chains

Browse Source 
The method used to generate a test zone with multiple NSEC and
NSEC3 chains was incorrect.  Multiple calls to dnssec-signzone
with multiple parameters is not additive.  Extract the chain on
each run then add them to the final signed zone instance.
This commit is contained in:
Mark Andrews
2021-11-18 14:22:04 +11:00
parent e3ca3156a5
commit 77ca778377
2 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tests/system/dnssec/clean.sh
View File

@@ -94,6 +94,7 @@ rm -f ./ns3/ttlpatch.example.db ./ns3/ttlpatch.example.db.signed
rm -f ./ns3/ttlpatch.example.db.patched
rm -f ./ns3/unsecure.example.db ./ns3/bogus.example.db ./ns3/keyless.example.db
rm -f ./ns3/unsupported.managed.db.tmp ./ns3/unsupported.trusted.db.tmp
rm -f ./ns3/NSEC ./ns3/NSEC3
rm -f ./ns4/managed-keys.bind*
rm -f ./ns4/named_dump.db*
rm -f ./ns6/optout-tld.db

23
bin/tests/system/dnssec/ns3/sign.sh
View File

@@ -340,17 +340,18 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 - -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 AAAA -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 BBBB -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 CCCC -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 DDDD -o "$zone" "$zonefile" > /dev/null
"$SIGNER" -P -O full -o "$zone" "$zonefile" > /dev/null
awk '$4 == "NSEC" || ( $4 == "RRSIG" && $5 == "NSEC" ) { print }' "$zonefile".signed > NSEC
"$SIGNER" -P -O full -u3 - -o "$zone" "$zonefile" > /dev/null
awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed > NSEC3
"$SIGNER" -P -O full -u3 AAAA -o "$zone" "$zonefile" > /dev/null
awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >> NSEC3
"$SIGNER" -P -O full -u3 BBBB -o "$zone" "$zonefile" > /dev/null
awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >> NSEC3
"$SIGNER" -P -O full -u3 CCCC -o "$zone" "$zonefile" > /dev/null
awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >> NSEC3
"$SIGNER" -P -O full -u3 DDDD -o "$zone" "$zonefile" > /dev/null
cat NSEC NSEC3 >> "$zonefile".signed
#
# A RSASHA256 zone.