c9f8165a06
4798. [func] Keys specified in "managed-keys" statements are tagged as "initializing" until they have been updated by a key refresh query. If initialization fails it will be visible from "rndc secroots". [RT #46267]
24 lines
1003 B
Plaintext
24 lines
1003 B
Plaintext
Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
This Source Code Form is subject to the terms of the Mozilla Public
|
|
License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
This is for testing managed-keys, in particular with problems
|
|
with RFC 5011 Automated Updates of DNSSEC Trust Anchors.
|
|
|
|
ns1 is the root server that offers new KSKs and hosts one record for
|
|
testing. The TTL for the zone's records is 2 seconds.
|
|
|
|
ns2 is a validator that uses managed-keys. "-T mkeytimers=2/20/40"
|
|
is used so it will attempt do automated updates frequently. "-T tat=1"
|
|
is used so it will send TAT queries once per second.
|
|
|
|
ns3 is a validator with a broken key in managed-keys.
|
|
|
|
ns4 is a validator with a deliberately broken managed-keys.bind and
|
|
managed-keys.jnl, causing RFC 5011 initialization to fail.
|
|
|
|
ns5 is a validator which is prevented from getting a response from the
|
|
root server, causing key refresh queries to fail.
|