ad029b78c6
One of the test cases was invalid as it disabled an algorithm for a name that is below the zone apex. As this use case is flawed, the behavior is undocumented, the test should ensure that the disabled algorithm is at the zone origin. This commit fixes that. In addition, it adds checks to ensure the response status is NOERROR when the answer is treated as insecure. Furthermore, when signing the zones for ds-unsupported and algorithm-disabled, there is no need to create a KEY record for 'cnameandkey' and 'dnameandkey', this was an accidental copy paste error. This seems to be also true for the reference to ns8.
23 lines
670 B
Plaintext
23 lines
670 B
Plaintext
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
;
|
|
; SPDX-License-Identifier: MPL-2.0
|
|
;
|
|
; This Source Code Form is subject to the terms of the Mozilla Public
|
|
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
;
|
|
; See the COPYRIGHT file distributed with this work for additional
|
|
; information regarding copyright ownership.
|
|
|
|
$TTL 300 ; 5 minutes
|
|
@ IN SOA mname1. . (
|
|
2000042407 ; serial
|
|
20 ; refresh (20 seconds)
|
|
20 ; retry (20 seconds)
|
|
1814400 ; expire (3 weeks)
|
|
3600 ; minimum (1 hour)
|
|
)
|
|
NS ns
|
|
ns A 10.53.0.3
|
|
a A 10.0.0.1
|