d3bf732697
The dnssec system test has some tests that use auto-dnssec. Update these tests to make use of dnssec-policy. Remove any 'rndc signing -nsec3param' commands because with dnssec-policy you set the NSEC3 parameters in the configuration. Remove now duplicate tests that checked if CDS and CDNSKEY RRsets are signed with KSK only (the dnssec-dnskey-kskonly option worked in combination with auto-dnssec). Also remove the publish-inactive.example test case because such use cases are no longer supported (only with manual signing). The auto-nsec and auto-nsec3 zones need to use an alternative algorithm because duplicate lines in dnssec-policy/keys are ignored.
20 lines
562 B
Plaintext
20 lines
562 B
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
zone "siginterval.example" {
|
|
type primary;
|
|
allow-update { any; };
|
|
dnssec-policy siginterval2;
|
|
file "siginterval.example.db";
|
|
};
|