ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
b0f477df875a39146a69f1ab622bfb87a760c028
bind9/bin/tests/system/autosign/ns3/named.conf.in
Ondřej Surý 519b047362 Tune the performance of oldsigs test 
The oldsigs test was checking only for the validity of the A
a.oldsigs.example. resource record and associated DNSSEC signature while
the zone might not have been fully signed yet leading to validation
failures because of bogus signatures on the validation path.

This commit changes the test to test that all old signatures in the
oldsigs.example. zone were replaced and the zone is fully resigned
before running the main check.
2019-11-26 12:07:01 +01:00

312 lines
5.5 KiB
Plaintext
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS3
controls { /* empty */ };
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port @PORT@;
session-keyfile "session.key";
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-validation yes;
dnssec-loadkeys-interval 10;
allow-new-zones yes;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-sha256;
};
controls {
inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "." {
type hint;
file "../../common/root.hint";
};
zone "example" {
type slave;
masters { 10.53.0.2; };
file "example.bk";
};
zone "bar" {
type slave;
masters { 10.53.0.2; };
file "bar.bk";
};
zone "secure.example" {
type master;
file "secure.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "insecure.example" {
type master;
file "insecure.example.db";
};
zone "nsec3.example" {
type master;
file "nsec3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "autonsec3.example" {
type master;
file "autonsec3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "optout.nsec3.example" {
type master;
file "optout.nsec3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "nsec3.nsec3.example" {
type master;
file "nsec3.nsec3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "jitter.nsec3.example" {
type master;
file "jitter.nsec3.example.db";
allow-update { any; };
auto-dnssec maintain;
sig-validity-interval 10 2;
sig-signing-nodes 1000;
sig-signing-signatures 100;
};
zone "secure.nsec3.example" {
type master;
file "secure.nsec3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "optout.example" {
type master;
file "optout.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "secure.optout.example" {
type master;
file "secure.optout.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "nsec3.optout.example" {
type master;
file "nsec3.optout.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "optout.optout.example" {
type master;
file "optout.optout.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "rsasha256.example" {
type master;
file "rsasha256.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "rsasha512.example" {
type master;
file "rsasha512.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "nsec.example" {
type master;
file "nsec.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "nsec3-to-nsec.example" {
type master;
file "nsec3-to-nsec.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "secure-to-insecure.example" {
type master;
file "secure-to-insecure.example.db";
allow-update { any; };
dnssec-secure-to-insecure yes;
};
zone "secure-to-insecure2.example" {
type master;
file "secure-to-insecure2.example.db";
allow-update { any; };
auto-dnssec maintain;
dnssec-secure-to-insecure yes;
};
zone "oldsigs.example" {
type master;
file "oldsigs.example.db";
allow-update { any; };
auto-dnssec maintain;
sig-validity-interval 10 2;
sig-signing-nodes 1000;
sig-signing-signatures 100;
};
zone "prepub.example" {
type master;
file "prepub.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "ttl1.example" {
type master;
file "ttl1.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "ttl2.example" {
type master;
file "ttl2.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "ttl3.example" {
type master;
file "ttl3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "ttl4.example" {
type master;
file "ttl4.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "delay.example" {
type master;
file "delay.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "nozsk.example" {
type master;
file "nozsk.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "inaczsk.example" {
type master;
file "inaczsk.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "sync.example" {
type master;
file "sync.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "kskonly.example" {
type master;
file "kskonly.example.db";
allow-update { any; };
dnssec-dnskey-kskonly yes;
auto-dnssec maintain;
};
zone "inacksk2.example" {
type master;
file "inacksk2.example.db";
allow-update { any; };
dnssec-dnskey-kskonly yes;
auto-dnssec maintain;
};
zone "inacksk3.example" {
type master;
file "inacksk3.example.db";
allow-update { any; };
dnssec-dnskey-kskonly yes;
auto-dnssec maintain;
};
zone "inaczsk2.example" {
type master;
file "inaczsk2.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "inaczsk3.example" {
type master;
file "inaczsk3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "delzsk.example." {
type master;
file "delzsk.example.db";
allow-update { any; };
auto-dnssec maintain;
};
zone "dname-at-apex-nsec3.example" {
type master;
file "dname-at-apex-nsec3.example.db";
allow-update { any; };
auto-dnssec maintain;
};
include "trusted.conf";
View Git Blame Copy Permalink