ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
4e36debc738d015929685298d15bcd51caa7b95c
bind9/bin/tests/system/keymgr2kasp/ns3/named2.conf.in
Matthijs Mekking 68e9603ed8 Test keymgr2kasp state from timing metadata 
Add two test zones that migrate to dnssec-policy. Test if the key
states are set accordingly given the timing metadata.

The rumoured.kasp zone has its Publish/Active/SyncPublish times set
not too long ago so the key states should be set to RUMOURED. The
omnipresent.kasp zone has its Publish/Active/SyncPublish times set
long enough to set the key states to OMNIPRESENT.

Slightly change the init_migration_keys function to set the
key lifetime to "none" (legacy keys don't have lifetime). Then in the
test case set the expected key lifetime explicitly.

(cherry picked from commit c40c1ebcb1)
2021-03-22 11:24:55 +01:00

72 lines
1.5 KiB
Plaintext
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS3
include "kasp.conf";
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
allow-transfer { any; };
recursion no;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
/* These are zones that migrate to dnssec-policy. */
zone "migrate.kasp" {
type primary;
file "migrate.kasp.db";
allow-update { any; };
dnssec-policy "migrate";
};
zone "rumoured.kasp" {
type primary;
file "rumoured.kasp.db";
allow-update { any; };
dnssec-policy "timing-metadata";
};
zone "omnipresent.kasp" {
type primary;
file "omnipresent.kasp.db";
allow-update { any; };
dnssec-policy "timing-metadata";
};
zone "migrate-nomatch-algnum.kasp" {
type primary;
file "migrate-nomatch-algnum.kasp.db";
allow-update { any; };
dnssec-policy "migrate-nomatch-algnum";
};
zone "migrate-nomatch-alglen.kasp" {
type primary;
file "migrate-nomatch-alglen.kasp.db";
allow-update { any; };
dnssec-policy "migrate-nomatch-alglen";
};
View Git Blame Copy Permalink