ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

"dnssec-keys" is now a synonym for "managed-keys"

Browse Source 
- managed-keys is now deprecated as well as trusted-keys, though
  it continues to work as a synonym for dnssec-keys
- references to managed-keys have been updated throughout the code.
- tests have been updated to use dnssec-keys format
- also the trusted-keys entries have been removed from the generated
  bind.keys.h file and are no longer generated by bindkeys.pl.
This commit is contained in:
Evan Hunt
2018-10-05 12:00:42 -07:00
parent fec032588b
commit 821f041d8c
25 changed files with 223 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
bin/tests/system/mkeys/README
View File

@@ -2,17 +2,16 @@ Copyright (C) Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
This is for testing managed-keys, in particular with problems
with RFC 5011 Automated Updates of DNSSEC Trust Anchors.
This is for testing RFC 5011 Automated Updates of DNSSEC Trust Anchors.
ns1 is the root server that offers new KSKs and hosts one record for
testing. The TTL for the zone's records is 2 seconds.
ns2 is a validator that uses managed-keys. "-T mkeytimers=2/20/40"
ns2 is a validator that uses managed keys. "-T mkeytimers=2/20/40"
is used so it will attempt do automated updates frequently. "-T tat=1"
is used so it will send TAT queries once per second.
ns3 is a validator with a broken key in managed-keys.
ns3 is a validator with a broken initializing key in dnssec-keys.
ns4 is a validator with a deliberately broken managed-keys.bind and
managed-keys.jnl, causing RFC 5011 initialization to fail.