ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
df31bdf239f5e09b19e28fc332008aa883442fec
bind9/bin/tests/system/mkeys
History
Evan Hunt 54a682ea50 use DS style trust anchors in all system tests 
this adds functions in conf.sh.common to create DS-style trust anchor
files. those functions are then used to create nearly all of the trust
anchors in the system tests.

there are a few exceptions:
 - some tests in dnssec and mkeys rely on detection of unsupported
   algorithms, which only works with key-style trust anchors, so those
   are used for those tests in particular.
 - the mirror test had a problem with the use of a CSK without a
   SEP bit, which still needs addressing

in the future, some of these tests should be changed back to using
traditional trust anchors, so that both types will be exercised going
forward.
2019-11-15 15:47:57 -08:00
..
ns1
use DS style trust anchors in all system tests
2019-11-15 15:47:57 -08:00
ns2
convert ns_client and related objects to use netmgr
2019-11-07 11:55:37 -08:00
ns3
convert ns_client and related objects to use netmgr
2019-11-07 11:55:37 -08:00
ns4
remove "dnssec-enable" from all system tests
2019-03-14 23:30:13 -07:00
ns5
convert ns_client and related objects to use netmgr
2019-11-07 11:55:37 -08:00
ns6
use DS style trust anchors in all system tests
2019-11-15 15:47:57 -08:00
ns7
remove "dnssec-enable" from all system tests
2019-03-14 23:30:13 -07:00
clean.sh
Add tests for mkeys with unsupported algorithm
2019-02-20 19:44:33 -08:00
README
"dnssec-keys" is now a synonym for "managed-keys"
2019-06-05 07:49:57 -07:00
setup.sh
Add tests for mkeys with unsupported algorithm
2019-02-20 19:44:33 -08:00
tests.sh
use DS style trust anchors in all system tests
2019-11-15 15:47:57 -08:00

README 

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.

This is for testing RFC 5011 Automated Updates of DNSSEC Trust Anchors.

ns1 is the root server that offers new KSKs and hosts one record for
testing. The TTL for the zone's records is 2 seconds.

ns2 is a validator that uses managed keys.  "-T mkeytimers=2/20/40"
is used so it will attempt do automated updates frequently. "-T tat=1"
is used so it will send TAT queries once per second.

ns3 is a validator with a broken initializing key in dnssec-keys.

ns4 is a validator with a deliberately broken managed-keys.bind and
managed-keys.jnl, causing RFC 5011 initialization to fail.

ns5 is a validator which is prevented from getting a response from the
root server, causing key refresh queries to fail.

ns6 is a validator which has unsupported algorithms, one at start up,
one because of an algorithm rollover.

ns7 is a validator with multiple views configured.  It is used for
testing per-view rndc commands and checking interactions between options
related to and potentially affecting RFC 5011 processing.
View Git Blame Copy Permalink