Test changing from dynamic to inline-signing

Add a kasp system test that reconfigures a dnssec-policy zone from maintaining DNSSEC records directly to the zone to using inline-signing. Add a similar test case to the nsec3 system test, testing the same thing but now with NSEC3 in use.
2022-10-10 13:26:47 +02:00
parent 52cf8205a0
commit 9018fbb205
9 changed files with 113 additions and 1 deletions
--- a/bin/tests/system/nsec3/ns3/named.conf.in
+++ b/bin/tests/system/nsec3/ns3/named.conf.in
@@ -184,3 +184,11 @@ zone "nsec3-fails-to-load.kasp" {
 	dnssec-policy "nsec3";
 	allow-update { any; };
 };
+
+/* The zone switches from dynamic to inline-signing. */
+zone "nsec3-dynamic-to-inline.kasp" {
+	type primary;
+	file "nsec3-dynamic-to-inline.kasp.db";
+	dnssec-policy "nsec3";
+	allow-update { any; };
+};
--- a/bin/tests/system/nsec3/ns3/named2.conf.in
+++ b/bin/tests/system/nsec3/ns3/named2.conf.in
@@ -193,3 +193,12 @@ zone "nsec3-fails-to-load.kasp" {
 	dnssec-policy "nsec3";
 	allow-update { any; };
 };
+
+/* The zone switches from dynamic to inline-signing. */
+zone "nsec3-dynamic-to-inline.kasp" {
+	type primary;
+	file "nsec3-dynamic-to-inline.kasp.db";
+	inline-signing yes;
+	dnssec-policy "nsec3";
+	allow-update { any; };
+};
--- a/bin/tests/system/nsec3/ns3/setup.sh
+++ b/bin/tests/system/nsec3/ns3/setup.sh
@@ -25,7 +25,8 @@ setup() {
 }

 for zn in nsec-to-nsec3 nsec3 nsec3-other nsec3-change nsec3-to-nsec \
-	  nsec3-to-optout nsec3-from-optout nsec3-dynamic nsec3-dynamic-change
+	  nsec3-to-optout nsec3-from-optout nsec3-dynamic \
+	  nsec3-dynamic-change nsec3-dynamic-to-inline
 do
 	setup "${zn}.kasp"
 done
--- a/bin/tests/system/nsec3/tests.sh
+++ b/bin/tests/system/nsec3/tests.sh
@@ -297,6 +297,13 @@ set_key_default_values "KEY1"
 echo_i "initial check zone ${ZONE}"
 check_nsec3

+# Zone: nsec3-dynamic-to-inline.kasp.
+set_zone_policy "nsec3-dynamic-to-inline.kasp" "nsec3" 1 3600
+set_nsec3param "0" "0" "0"
+set_key_default_values "KEY1"
+echo_i "initial check zone ${ZONE}"
+check_nsec3
+
 # Zone: nsec3-to-nsec.kasp.
 set_zone_policy "nsec3-to-nsec.kasp" "nsec3" 1 3600
 set_nsec3param "0" "0" "0"
@@ -419,6 +426,13 @@ set_key_default_values "KEY1"
 echo_i "check zone ${ZONE} after reconfig"
 check_nsec3

+# Zone: nsec3-dynamic-to-inline.kasp. (reconfigured)
+set_zone_policy "nsec3-dynamic-to-inline.kasp" "nsec3" 1 3600
+set_nsec3param "0" "0" "0"
+set_key_default_values "KEY1"
+echo_i "check zone ${ZONE} after reconfig"
+check_nsec3
+
 # Zone: nsec3-to-nsec.kasp. (reconfigured)
 set_zone_policy "nsec3-to-nsec.kasp" "nsec" 1 3600
 set_nsec3param "1" "11" "8"