2fa68d985f
The kasp system test was getting pretty large, and more tests are on
the way. Time to split up. Move tests that are related to migrating
to dnssec-policy to a separate directory 'keymgr2kasp'.
(cherry picked from commit 5389172111)
142 lines
3.0 KiB
Plaintext
142 lines
3.0 KiB
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
// NS6
|
|
|
|
include "policies/kasp.conf";
|
|
include "policies/csk2.conf";
|
|
|
|
options {
|
|
query-source address 10.53.0.6;
|
|
notify-source 10.53.0.6;
|
|
transfer-source 10.53.0.6;
|
|
port @PORT@;
|
|
pid-file "named.pid";
|
|
listen-on { 10.53.0.6; };
|
|
listen-on-v6 { none; };
|
|
allow-transfer { any; };
|
|
recursion no;
|
|
};
|
|
|
|
key rndc_key {
|
|
secret "1234abcd8765";
|
|
algorithm hmac-sha256;
|
|
};
|
|
|
|
controls {
|
|
inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
|
};
|
|
|
|
/* Zones for testing going insecure. */
|
|
zone "step1.going-insecure.kasp" {
|
|
type master;
|
|
file "step1.going-insecure.kasp.db";
|
|
dnssec-policy "none";
|
|
};
|
|
|
|
zone "step2.going-insecure.kasp" {
|
|
type master;
|
|
file "step2.going-insecure.kasp.db";
|
|
dnssec-policy "none";
|
|
};
|
|
|
|
zone "step1.going-insecure-dynamic.kasp" {
|
|
type master;
|
|
file "step1.going-insecure-dynamic.kasp.db";
|
|
dnssec-policy "none";
|
|
allow-update { any; };
|
|
};
|
|
|
|
zone "step2.going-insecure-dynamic.kasp" {
|
|
type master;
|
|
file "step2.going-insecure-dynamic.kasp.db";
|
|
dnssec-policy "none";
|
|
allow-update { any; };
|
|
};
|
|
|
|
/*
|
|
* Zones for testing KSK/ZSK algorithm roll.
|
|
*/
|
|
zone "step1.algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step1.algorithm-roll.kasp.db";
|
|
dnssec-policy "ecdsa256";
|
|
};
|
|
|
|
zone "step2.algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step2.algorithm-roll.kasp.db";
|
|
dnssec-policy "ecdsa256";
|
|
};
|
|
|
|
zone "step3.algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step3.algorithm-roll.kasp.db";
|
|
dnssec-policy "ecdsa256";
|
|
};
|
|
|
|
zone "step4.algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step4.algorithm-roll.kasp.db";
|
|
dnssec-policy "ecdsa256";
|
|
};
|
|
|
|
zone "step5.algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step5.algorithm-roll.kasp.db";
|
|
dnssec-policy "ecdsa256";
|
|
};
|
|
|
|
zone "step6.algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step6.algorithm-roll.kasp.db";
|
|
dnssec-policy "ecdsa256";
|
|
};
|
|
|
|
/*
|
|
* Zones for testing CSK algorithm roll.
|
|
*/
|
|
zone "step1.csk-algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step1.csk-algorithm-roll.kasp.db";
|
|
dnssec-policy "csk-algoroll";
|
|
};
|
|
|
|
zone "step2.csk-algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step2.csk-algorithm-roll.kasp.db";
|
|
dnssec-policy "csk-algoroll";
|
|
};
|
|
|
|
zone "step3.csk-algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step3.csk-algorithm-roll.kasp.db";
|
|
dnssec-policy "csk-algoroll";
|
|
};
|
|
|
|
zone "step4.csk-algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step4.csk-algorithm-roll.kasp.db";
|
|
dnssec-policy "csk-algoroll";
|
|
};
|
|
|
|
zone "step5.csk-algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step5.csk-algorithm-roll.kasp.db";
|
|
dnssec-policy "csk-algoroll";
|
|
};
|
|
|
|
zone "step6.csk-algorithm-roll.kasp" {
|
|
type primary;
|
|
file "step6.csk-algorithm-roll.kasp.db";
|
|
dnssec-policy "csk-algoroll";
|
|
};
|