ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Implement auto parental-agents (checkds yes)

Browse Source 
Implement the new feature, automatic parental-agents. This is enabled
with 'checkds yes'.

When set to 'yes', instead of querying the explicit configured
parental agents, look up the parental agents by resolving the parent
NS records. The found parent NS RRset is considered to be the list
of parental agents that should be queried during a KSK rollover,
looking up the DS RRset corresponding to the key signing keys.

For each NS record, look up the addresses in the ADB. These addresses
will be used to send the DS requests. Count the number of servers and
keep track of how many good DS responses were seen.
This commit is contained in:
Matthijs Mekking
2023-03-28 15:55:51 +02:00
parent dc651cbf3f
commit e72b0df50b
2 changed files with 535 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bin/tests/system/checkds/tests_checkds.py
View File

@@ -346,7 +346,8 @@ def checkds_dspublished(named_port, checkds):
"zone incomplete.{}.dspublish.ns2-4-5/IN (signed): checkds: "
"empty DS response from 10.53.0.5".format(checkds),
)
keystate_check(parent, "incomplete.{}.dspublish.ns2-4-5.".format(checkds), "!DSPublish")
keystate_check(
parent, "incomplete.{}.dspublish.ns2-4-5.".format(checkds), "!DSPublish")
#
# 1.2.3: One parental agent is badly configured.
@@ -413,7 +414,8 @@ def checkds_dswithdrawn(named_port, checkds):
"zone still-there.{}.dsremoved.ns2/IN (signed): checkds: "
"DS response from 10.53.0.2".format(checkds),
)
keystate_check(parent, "still-there.{}.dsremoved.ns2.".format(checkds), "!DSRemoved")
keystate_check(
parent, "still-there.{}.dsremoved.ns2.".format(checkds), "!DSRemoved")
#
# 2.1.3: The parental agent is badly configured.
@@ -476,7 +478,8 @@ def checkds_dswithdrawn(named_port, checkds):
"zone incomplete.{}.dsremoved.ns2-5-7/IN (signed): checkds: "
"empty DS response from 10.53.0.7".format(checkds),
)
keystate_check(parent, "incomplete.{}.dsremoved.ns2-5-7.".format(checkds), "!DSRemoved")
keystate_check(
parent, "incomplete.{}.dsremoved.ns2-5-7.".format(checkds), "!DSRemoved")
#
# 2.2.3: One parental agent is badly configured.