ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
03e8747aaa8dedf4e2e21cbd76f0756e6ec5e04e
bind9/bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf
Matthijs Mekking 3c08fbc79f Change NSEC3 iterations to 0 in system tests 
The system tests need to be updated because non-zero iterations are no
longer accepted.

The autosign system test changes its iterations from 1 to 0 in one
test case. This requires the hash to be updated.

The checkconf system test needs to change the iterations in the good
configuration files to 0, and in the bad ones to 1 (any non-zero value
would suffice, but we test the corner case here). Also, the expected
failure message is change, so needs to be adjusted.

The nsec3 system test also needs iteration configuration adjustments.
In addition, the test script no longer needs the ITERATIONS environment
variable.

In the process of updating the system tests, I noticed an error
in the dnssec-policy "nsec3-other", where the salt length in one
configuration file is different than in the other (they need to be
the same). Furthermore, the 'rndc signing -nsec3param' test case
is operated on the zone 'nsec-change.kasp', so is moved so that the
tests on the same zone are grouped together.
2023-12-05 14:58:58 +00:00

61 lines
1.2 KiB
Plaintext
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
dnssec-policy "rsasha1" {
keys {
csk lifetime P10Y algorithm nsec3rsasha1 1024;
};
nsec3param iterations 0;
};
dnssec-policy "rsasha1-bad" {
keys {
csk lifetime P10Y algorithm nsec3rsasha1 1024;
};
nsec3param iterations 1;
};
dnssec-policy "rsasha256" {
keys {
csk lifetime P10Y algorithm rsasha256 2048;
};
nsec3param iterations 0;
};
dnssec-policy "rsasha256-bad" {
keys {
csk lifetime P10Y algorithm rsasha256 2048;
};
nsec3param iterations 1;
};
dnssec-policy "rsasha512" {
keys {
csk lifetime P10Y algorithm rsasha512 4096;
};
nsec3param iterations 0;
};
dnssec-policy "rsasha512-bad" {
keys {
csk lifetime P10Y algorithm rsasha512 4096;
};
nsec3param iterations 1;
};
zone "example.net" {
type primary;
file "example.db";
dnssec-policy "default";
};
View Git Blame Copy Permalink