ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Update dnssec system test

Browse Source 
The dnssec system test has some tests that use auto-dnssec. Update
these tests to make use of dnssec-policy.

Remove any 'rndc signing -nsec3param' commands because with
dnssec-policy you set the NSEC3 parameters in the configuration.

Remove now duplicate tests that checked if CDS and CDNSKEY RRsets
are signed with KSK only (the dnssec-dnskey-kskonly option worked
in combination with auto-dnssec).

Also remove the publish-inactive.example test case because such
use cases are no longer supported (only with manual signing).

The auto-nsec and auto-nsec3 zones need to use an alternative
algorithm because duplicate lines in dnssec-policy/keys are ignored.
This commit is contained in:
Matthijs Mekking
2023-06-16 17:06:28 +02:00
parent 9f75f472f6
commit d3bf732697
10 changed files with 151 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bin/tests/system/dnssec/ns3/siginterval2.conf
View File

@@ -14,8 +14,6 @@
zone "siginterval.example" {
type primary;
allow-update { any; };
sig-validity-interval 35 28;
dnskey-sig-validity 90;
auto-dnssec maintain;
dnssec-policy siginterval2;
file "siginterval.example.db";
};