bind9

Files

Matthijs Mekking e5736de60d Implement draft-vandijk-dnsop-nsec-ttl

The draft says that the NSEC(3) TTL must have the same TTL value
as the minimum of the SOA MINIMUM field and the SOA TTL. This was
always the intended behaviour.

Update the zone structure to also track the SOA TTL. Whenever we
use the MINIMUM value to determine the NSEC(3) TTL, use the minimum
of MINIMUM and SOA TTL instead.

There is no specific test for this, however two tests need adjusting
because otherwise they failed: They were testing for NSEC3 records
including the TTL. Update these checks to use 600 (the SOA TTL),
rather than 3600 (the SOA MINIMUM).

(cherry picked from commit 9af8caa733)

2021-04-13 14:18:33 +02:00

ans10

Check that a zone in the process of being signed resolves

2020-10-30 09:19:12 +11:00

ns1

further tidying of primary/secondary terminology in system tests

2021-01-12 15:21:14 +01:00

ns2

further tidying of primary/secondary terminology in system tests

2021-01-12 15:21:14 +01:00

ns3

further tidying of primary/secondary terminology in system tests

2021-01-12 15:21:14 +01:00

ns4

further tidying of primary/secondary terminology in system tests

2021-01-12 15:21:14 +01:00

ns5

further tidying of primary/secondary terminology in system tests

2021-01-12 15:21:14 +01:00

ns6

further tidying of primary/secondary terminology in system tests

2021-01-12 15:21:14 +01:00

ns7

further tidying of primary/secondary terminology in system tests

2021-01-12 15:21:14 +01:00

ns8

add "static-ds" and "initial-ds" keywords to config parser

2019-11-15 15:47:17 -08:00

ns9

add "static-ds" and "initial-ds" keywords to config parser

2019-11-15 15:47:17 -08:00

signer

fix spelling errors reported by Fossies.

2020-02-21 07:05:31 +00:00

clean.sh

Clean omitted files from system tests

2021-02-18 08:20:54 +01:00

dnssec_update_test.pl

update all copyright headers to eliminate the typo

2020-09-14 16:50:58 -07:00

ntadiff.pl

update all copyright headers to eliminate the typo

2020-09-14 16:50:58 -07:00

prereq.sh

Check that a zone in the process of being signed resolves

2020-10-30 09:19:12 +11:00

README

update all copyright headers to eliminate the typo

2020-09-14 16:50:58 -07:00

setup.sh

update all copyright headers to eliminate the typo

2020-09-14 16:50:58 -07:00

tests.sh

Implement draft-vandijk-dnsop-nsec-ttl

2021-04-13 14:18:33 +02:00

README

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

See COPYRIGHT in the source root or https://isc.org/copyright.html for terms.

The test setup for the DNSSEC tests has a secure root.

ns1 is the root server.

ns2 and ns3 are authoritative servers for the various test domains.

ns4 is a caching-only server, configured with the correct trusted key
for the root.

ns5 is a caching-only server, configured with the an incorrect trusted
key for the root.  It is used for testing failure cases.

ns6 is an caching and authoritative server used for testing unusual
server behaviors such as disabled DNSSEC algorithms.

ns7 is used for checking non-cacheable answers.

ns8 is a caching-only server, configured with unsupported and disabled
algorithms.  It is used for testing failure cases.

ns9 is a forwarding-only server.