ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
d189b8a432f5927bd2a738ef1607d99eed226daf
bind9/bin/tests/system/checkds/ns9/named.conf.in
Tom Krizek f9e075175d Rename system test directory with common files to _common 
The old name "common" clashes with the convention of system test
directory naming. It appears as a system test directory, but it only
contains helper files.

To reduce confusion and to allow automatic detection of issues with
possibly missing test files, rename the helper directory to "_common".
The leading underscore indicates the directory is different and the its
name can no longer be confused with regular system test directories.

(cherry picked from commit 168dba163c)
2023-09-19 14:56:12 +02:00

243 lines
5.1 KiB
Plaintext
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS9
options {
query-source address 10.53.0.9;
notify-source 10.53.0.9;
transfer-source 10.53.0.9;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.9; };
listen-on-v6 { none; };
allow-transfer { any; };
recursion no;
dnssec-validation yes;
};
key rndc_key {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
controls {
inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
parental-agents "ns2" port @PORT@ {
10.53.0.2;
};
zone "." {
type hint;
file "../../_common/root.hint";
};
/*
* Zone with parental agent configured, due for DS checking.
*/
zone "dspublished.checkds" {
type primary;
file "dspublished.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents { 10.53.0.2 port @PORT@; };
};
/*
* Zone with parental agent configured, due for DS checking.
* Same as above, but now with a reference to parental-agents.
*/
zone "reference.checkds" {
type primary;
file "reference.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents { "ns2"; };
};
/*
* Zone with parental agent configured, due for DS checking.
* The parental agent does not have the DS yet.
*/
zone "missing-dspublished.checkds" {
type primary;
file "missing-dspublished.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.5 port @PORT@; // missing
};
};
/*
* Zone with parental agent configured, due for DS checking.
* This case, the server is badly configured.
*/
zone "bad-dspublished.checkds" {
type primary;
file "bad-dspublished.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.6 port @PORT@; // bad
};
};
/*
* Zone with multiple parental agents configured, due for DS checking.
* All need to have the DS before the rollover may continue.
*/
zone "multiple-dspublished.checkds" {
type primary;
file "multiple-dspublished.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
10.53.0.4 port @PORT@;
};
};
/*
* Zone with multiple parental agents configured, due for DS checking.
* All need to have the DS before the rollover may continue.
* This case, one server is still missing the DS.
*/
zone "incomplete-dspublished.checkds" {
type primary;
file "incomplete-dspublished.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
10.53.0.4 port @PORT@;
10.53.0.5 port @PORT@; // missing
};
};
/*
* Zone with multiple parental agents configured, due for DS checking.
* All need to have the DS before the rollover may continue.
* This case, one server is badly configured.
*/
zone "bad2-dspublished.checkds" {
type primary;
file "bad2-dspublished.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
10.53.0.4 port @PORT@;
10.53.0.6 port @PORT@; // bad
};
};
/*
* Zone with resolver parental agent configured, due for DS checking.
*/
zone "resolver-dspublished.checkds" {
type primary;
file "resolver-dspublished.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.3 port @PORT@;
};
};
// TODO: Other test cases:
// - Test with bogus response
// - check with TSIG
// - check with TLS
/*
* Zones that are going insecure (test DS withdrawn polling).
*/
zone "dswithdrawn.checkds" {
type primary;
file "dswithdrawn.checkds.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents { 10.53.0.5 port @PORT@; };
};
zone "missing-dswithdrawn.checkds" {
type primary;
file "missing-dswithdrawn.checkds.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.2 port @PORT@; // still published
};
};
zone "bad-dswithdrawn.checkds" {
type primary;
file "bad-dswithdrawn.checkds.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.6 port @PORT@; // bad
};
};
zone "multiple-dswithdrawn.checkds" {
type primary;
file "multiple-dswithdrawn.checkds.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.5 port @PORT@;
10.53.0.7 port @PORT@;
};
};
zone "incomplete-dswithdrawn.checkds" {
type primary;
file "incomplete-dswithdrawn.checkds.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.2 port @PORT@; // still published
10.53.0.5 port @PORT@;
10.53.0.7 port @PORT@;
};
};
zone "bad2-dswithdrawn.checkds" {
type primary;
file "bad2-dswithdrawn.checkds.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.5 port @PORT@;
10.53.0.7 port @PORT@;
10.53.0.6 port @PORT@; // bad
};
};
zone "resolver-dswithdrawn.checkds" {
type primary;
file "resolver-dswithdrawn.checkds.db";
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.8 port @PORT@;
};
};
View Git Blame Copy Permalink