ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
3e7689fc23ca8a05e76216f6d711af44067be7cd
bind9/bin/tests/system/dnssec
History
Matthijs Mekking 9be1126cd2 Fix intermittent test failure dnssec system test 
The updatecheck-kskonly.secure zone is being used to test dynamic
updates while the KSK is offline. It ensures that the DNSKEY RRset
will retain the RRSIG record, while the updated data is being signed
with the currently active ZSK.

When walking through ZSK rollovers, ensure that the newest ZSK (ZSK3)
is published before doing the dynamic update, preventing timing
related test failures.

Also fix the test log line ($ZSK_ID3 was not yet created at the time
of logging).

(cherry picked from commit e874632488)
2024-07-30 12:06:16 +00:00
..
ans10
ns1
Test secure chain that includes inactive KSK
2024-03-12 09:10:41 +01:00
ns2
change allow-transfer default to "none"
2024-06-05 10:50:06 -07:00
ns3
change allow-transfer default to "none"
2024-06-05 10:50:06 -07:00
ns4
Ensure dnssec test doesn't leak queries to root servers
2024-05-06 14:44:09 +02:00
ns5
Reformat shell scripts with shfmt
2023-10-26 10:23:50 +02:00
ns6
Remove the lock-file configuration and -X argument to named
2023-10-26 22:42:37 +02:00
ns7
Reformat shell scripts with shfmt
2023-10-26 10:23:50 +02:00
ns8
Rename system test directory with common files to _common
2023-09-19 13:29:27 +02:00
ns9
signer
check that 'dnssec-signzone -F' fails for rsasha1
2023-04-03 12:44:27 +10:00
clean.sh
Remove the lock-file configuration and -X argument to named
2023-10-26 22:42:37 +02:00
dnssec_update_test.pl
ntadiff.pl
prereq.sh
Reformat shell scripts with shfmt
2023-10-26 10:23:50 +02:00
README
setup.sh
Reformat shell scripts with shfmt
2023-10-26 10:23:50 +02:00
tests_sh_dnssec.py
Add pytest functions for shell system tests
2023-05-22 14:11:39 +02:00
tests.sh
Fix intermittent test failure dnssec system test
2024-07-30 12:06:16 +00:00

README 

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0.  If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.

The test setup for the DNSSEC tests has a secure root.

ns1 is the root server.

ns2 and ns3 are authoritative servers for the various test domains.

ns4 is a caching-only server, configured with the correct trusted key
for the root.

ns5 is a caching-only server, configured with the an incorrect trusted
key for the root.  It is used for testing failure cases.

ns6 is an caching and authoritative server used for testing unusual
server behaviors such as disabled DNSSEC algorithms.

ns7 is used for checking non-cacheable answers.

ns8 is a caching-only server, configured with unsupported and disabled
algorithms.  It is used for testing failure cases.

ns9 is a forwarding-only server.
View Git Blame Copy Permalink