Remove 2>&1 from the dnssec-signzone invocation in tests
This commit is contained in:
Ondřej Surý
@@ -25,7 +25,7 @@ do
|
||||
|
||||
keyname1=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$keyname1.key" > "$zonefile"
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
|
||||
|
||||
# Zone to test trust anchor that matches disabled algorithm.
|
||||
zone=disabled.${tld}
|
||||
@@ -33,7 +33,7 @@ do
|
||||
|
||||
keyname2=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone")
|
||||
cat "$infile" "$keyname2.key" > "$zonefile"
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
|
||||
|
||||
# Zone to test trust anchor that has disabled algorithm for other domain.
|
||||
zone=enabled.${tld}
|
||||
@@ -41,7 +41,7 @@ do
|
||||
|
||||
keyname3=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone")
|
||||
cat "$infile" "$keyname3.key" > "$zonefile"
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
|
||||
|
||||
# Zone to test trust anchor with unsupported algorithm.
|
||||
zone=unsupported.${tld}
|
||||
@@ -49,7 +49,7 @@ do
|
||||
|
||||
keyname4=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$keyname4.key" > "$zonefile"
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
|
||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
# Make trusted-keys and managed keys conf sections for ns8.
|
||||
@@ -62,7 +62,7 @@ do
|
||||
|
||||
keyname5=$("$KEYGEN" -f KSK -f REVOKE -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$keyname5.key" > "$zonefile"
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
|
||||
|
||||
case $tld in
|
||||
"managed")
|
||||
@@ -86,7 +86,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=bogus.example.
|
||||
infile=bogus.example.db.in
|
||||
@@ -96,7 +96,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=dynamic.example.
|
||||
infile=dynamic.example.db.in
|
||||
@@ -107,7 +107,7 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KS
|
||||
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=keyless.example.
|
||||
infile=generic.example.db.in
|
||||
@@ -117,7 +117,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
# Change the signer field of the a.b.keyless.example SIG A
|
||||
# to point to a provably nonexistent KEY record.
|
||||
@@ -138,7 +138,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# NSEC3/NSEC3 test zone
|
||||
@@ -151,7 +151,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC3 test zone
|
||||
@@ -164,7 +164,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A nsec3 zone (non-optout).
|
||||
@@ -177,7 +177,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -g -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -g -3 - -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC test zone
|
||||
@@ -190,7 +190,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC3 test zone
|
||||
@@ -203,7 +203,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# OPTOUT/OPTOUT test zone
|
||||
@@ -216,7 +216,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A optout nsec3 zone.
|
||||
@@ -229,7 +229,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -g -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -g -3 - -A -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U).
|
||||
@@ -242,7 +242,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -U -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -U -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A optout nsec3 zone with a unknown nsec3 hash algorithm (-U).
|
||||
@@ -255,7 +255,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -U -A -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -U -A -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A zone that is signed with an unknown DNSKEY algorithm.
|
||||
@@ -269,7 +269,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
@@ -288,7 +288,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
@@ -308,7 +308,7 @@ zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
|
||||
cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
|
||||
@@ -322,7 +322,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -3 - -o "$zone" -U -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" -U -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
@@ -340,17 +340,17 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
mv "$zonefile".signed "$zonefile"
|
||||
"$SIGNER" -P -u3 - -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -u3 - -o "$zone" "$zonefile" > /dev/null
|
||||
mv "$zonefile".signed "$zonefile"
|
||||
"$SIGNER" -P -u3 AAAA -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -u3 AAAA -o "$zone" "$zonefile" > /dev/null
|
||||
mv "$zonefile".signed "$zonefile"
|
||||
"$SIGNER" -P -u3 BBBB -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -u3 BBBB -o "$zone" "$zonefile" > /dev/null
|
||||
mv "$zonefile".signed "$zonefile"
|
||||
"$SIGNER" -P -u3 CCCC -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -u3 CCCC -o "$zone" "$zonefile" > /dev/null
|
||||
mv "$zonefile".signed "$zonefile"
|
||||
"$SIGNER" -P -u3 DDDD -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -u3 DDDD -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A RSASHA256 zone.
|
||||
@@ -363,7 +363,7 @@ keyname=$("$KEYGEN" -q -a RSASHA256 -n zone "$zone")
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A RSASHA512 zone.
|
||||
@@ -376,7 +376,7 @@ keyname=$("$KEYGEN" -q -a RSASHA512 -n zone "$zone")
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A zone with the DNSKEY set only signed by the KSK
|
||||
@@ -388,7 +388,7 @@ zonefile=kskonly.example.db
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
|
||||
"$SIGNER" -x -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -x -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A zone with the expired signatures
|
||||
@@ -400,7 +400,7 @@ zonefile=expired.example.db
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
|
||||
"$SIGNER" -P -o "$zone" -s -1d -e +1h "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" -s -1d -e +1h "$zonefile" > /dev/null
|
||||
rm -f "$kskname.*" "$zskname.*"
|
||||
|
||||
#
|
||||
@@ -413,7 +413,7 @@ zonefile=update-nsec3.example.db
|
||||
kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
|
||||
zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A NSEC signed zone that will have auto-dnssec enabled and
|
||||
@@ -428,7 +428,7 @@ zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A NSEC3 signed zone that will have auto-dnssec enabled and
|
||||
@@ -443,7 +443,7 @@ zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
|
||||
zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# Secure below cname test zone.
|
||||
@@ -453,7 +453,7 @@ infile=secure.below-cname.example.db.in
|
||||
zonefile=secure.below-cname.example.db
|
||||
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# Patched TTL test zone.
|
||||
@@ -467,7 +467,7 @@ patchedfile=ttlpatch.example.db.patched
|
||||
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -f $signedfile -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -f $signedfile -o "$zone" "$zonefile" > /dev/null
|
||||
$CHECKZONE -D -s full "$zone" $signedfile 2> /dev/null | \
|
||||
awk '{$2 = "3600"; print}' > $patchedfile
|
||||
|
||||
@@ -483,7 +483,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
echo "\$INCLUDE \"$signedfile\"" >> "$zonefile"
|
||||
: > "$signedfile"
|
||||
"$SIGNER" -P -D -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -D -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# Seperate DNSSEC records smart signing.
|
||||
@@ -498,7 +498,7 @@ cp "$infile" "$zonefile"
|
||||
# shellcheck disable=SC2016
|
||||
echo "\$INCLUDE \"$signedfile\"" >> "$zonefile"
|
||||
: > "$signedfile"
|
||||
"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# Zone with signatures about to expire, but no private key to replace them
|
||||
@@ -510,7 +510,7 @@ signedfile="expiring.example.db.signed"
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
cp "$infile" "$zonefile"
|
||||
"$SIGNER" -S -e now+1mi -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -S -e now+1mi -o "$zone" "$zonefile" > /dev/null
|
||||
mv -f "${zskname}.private" "${zskname}.private.moved"
|
||||
mv -f "${kskname}.private" "${kskname}.private.moved"
|
||||
|
||||
@@ -525,7 +525,7 @@ signedfile="upper.example.db.signed"
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
cp "$infile" "$zonefile"
|
||||
"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null
|
||||
$CHECKZONE -D upper.example $lower 2>/dev/null | \
|
||||
sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
|
||||
|
||||
@@ -540,7 +540,7 @@ signedfile="lower.example.db.signed"
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
cp "$infile" "$zonefile"
|
||||
"$SIGNER" -P -S -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -S -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# Zone with signatures about to expire, and dynamic, but configured
|
||||
@@ -553,7 +553,7 @@ signedfile="nosign.example.db.signed"
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
cp "$infile" "$zonefile"
|
||||
"$SIGNER" -S -e "now+1mi" -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -S -e "now+1mi" -o "$zone" "$zonefile" > /dev/null
|
||||
# preserve a normalized copy of the NS RRSIG for comparison later
|
||||
$CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
|
||||
awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \
|
||||
@@ -578,7 +578,7 @@ kskname=$("$KEYGEN" -P "$now+90s" -A "$now+3600s" -q -a "$DEFAULT_ALGORITHM" -b
|
||||
kskname=$("$KEYGEN" -I "$now+90s" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
cp "$infile" "$zonefile"
|
||||
"$SIGNER" -S -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -S -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A zone which will change its sig-validity-interval
|
||||
@@ -602,7 +602,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||||
|
||||
cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
|
||||
|
||||
#
|
||||
@@ -614,7 +614,7 @@ zonefile=future.example.db
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
|
||||
"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null
|
||||
cp -f "$kskname.key" trusted-future.key
|
||||
|
||||
#
|
||||
@@ -626,7 +626,7 @@ zonefile=managed-future.example.db
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
|
||||
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
|
||||
"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A zone with a revoked key
|
||||
@@ -641,7 +641,7 @@ ksk2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -3fk "$zone")
|
||||
zsk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -3 "$zone")
|
||||
|
||||
cat "$infile" "${ksk1}.key" "${ksk2}.key" "${zsk1}.key" > "$zonefile"
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# Check that NSEC3 are correctly signed and returned from below a DNAME
|
||||
@@ -653,7 +653,7 @@ zonefile=dname-at-apex-nsec3.example.db
|
||||
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -3fk "$zone")
|
||||
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -3 "$zone")
|
||||
cat "$infile" "${kskname}.key" "${zskname}.key" >"$zonefile"
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
#
|
||||
# A NSEC zone with occuded data at the delegation
|
||||
@@ -668,4 +668,4 @@ keyname=$("$KEYGEN" -q -a DH -b 1024 -n HOST -T KEY "delegation.$zone")
|
||||
$DSFROMKEY "$dnskeyname.key" > "dsset-delegation.${zone}$TP"
|
||||
cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \
|
||||
"${dnskeyname}.key" "dsset-delegation.${zone}$TP" >"$zonefile"
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
|
||||
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
Reference in New Issue
Block a user