c6e2d7d54d
Update checkconf and kasp related system tests after requiring inline-signing. (cherry picked from commit 8fd75e8a4e1035ce0e81bf47d954a3f5b8a4d571)
63 lines
1.5 KiB
Plaintext
63 lines
1.5 KiB
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
dnssec-policy "warn1" {
|
|
keys {
|
|
// This policy has keys in the same algorithm with the same
|
|
// role, this should trigger a warning.
|
|
ksk lifetime unlimited algorithm ecdsa256;
|
|
zsk lifetime unlimited algorithm ecdsa256;
|
|
zsk lifetime unlimited algorithm ecdsa256;
|
|
ksk lifetime unlimited algorithm ecdsa256;
|
|
};
|
|
};
|
|
|
|
dnssec-policy "warn2" {
|
|
keys {
|
|
// This policy has keys in the same algorithm with the same
|
|
// role, this should trigger a warning.
|
|
csk lifetime unlimited algorithm rsasha256;
|
|
ksk lifetime unlimited algorithm rsasha256;
|
|
zsk lifetime unlimited algorithm rsasha256;
|
|
};
|
|
};
|
|
|
|
dnssec-policy "warn3" {
|
|
keys {
|
|
// This policy has a key with a very short lifetime.
|
|
csk lifetime PT2591999S algorithm rsasha256;
|
|
};
|
|
};
|
|
|
|
zone "warn1.example.net" {
|
|
type primary;
|
|
file "warn1.example.db";
|
|
inline-signing yes;
|
|
dnssec-policy "warn1";
|
|
};
|
|
|
|
zone "warn2.example.net" {
|
|
type primary;
|
|
file "warn2.example.db";
|
|
inline-signing yes;
|
|
dnssec-policy "warn2";
|
|
};
|
|
|
|
zone "warn3.example.net" {
|
|
type primary;
|
|
file "warn3.example.db";
|
|
inline-signing yes;
|
|
dnssec-policy "warn3";
|
|
};
|
|
|