ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
e3076c4caa388c94ab3972dd157698bbe4e57d2e
bind9/bin/tests/system/dnssec
History
Matthijs Mekking aebb2aaa0f Fix dnssec test 
There is a failure mode which gets triggered on heavily loaded
systems. A key change is scheduled in 5 seconds to make ZSK2 inactive
and ZSK3 active, but `named` takes more than 5 seconds to progress
from `rndc loadkeys` to the query check. At this time the SOA RRset
is already signed by the new ZSK which is not expected to be active
at that point yet.

Split up the checks to test the case where RRsets are signed
correctly with the offline KSK (maintained the signature) and
the active ZSK.  First run, RRsets should be signed with the still
active ZSK2, second run RRsets should be signed with the new active
ZSK3.
2020-03-09 10:16:55 +01:00
..
ns1
use DS style trust anchors in all system tests
2019-11-15 15:47:57 -08:00
ns2
check kskonly key ids
2020-01-30 11:29:27 +11:00
ns3
fix spelling errors reported by Fossies.
2020-02-21 15:05:08 +11:00
ns4
remove "dnssec-enable" from all system tests
2019-03-14 23:30:13 -07:00
ns5
use DS style trust anchors in all system tests
2019-11-15 15:47:57 -08:00
ns6
convert ns_client and related objects to use netmgr
2019-11-07 11:55:37 -08:00
ns7
Ignore trust anchors using disabled algorithm
2019-03-19 17:14:18 +01:00
ns8
add "static-ds" and "initial-ds" keywords to config parser
2019-11-15 15:47:17 -08:00
ns9
add "static-ds" and "initial-ds" keywords to config parser
2019-11-15 15:47:17 -08:00
signer
fix spelling errors reported by Fossies.
2020-02-21 15:05:08 +11:00
clean.sh
check kskonly key ids
2020-01-30 11:29:27 +11:00
dnssec_update_test.pl
ntadiff.pl
prereq.sh
README
remove DLV system tests
2019-08-09 09:18:02 -07:00
setup.sh
Make NTAs work with validating forwarders
2019-05-09 19:55:35 -07:00
tests.sh
Fix dnssec test
2020-03-09 10:16:55 +01:00

README 

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.

The test setup for the DNSSEC tests has a secure root.

ns1 is the root server.

ns2 and ns3 are authoritative servers for the various test domains.

ns4 is a caching-only server, configured with the correct trusted key
for the root.

ns5 is a caching-only server, configured with the an incorrect trusted
key for the root.  It is used for testing failure cases.

ns6 is an caching and authoritative server used for testing unusual
server behaviors such as disabled DNSSEC algorithms.

ns7 is used for checking non-cacheable answers.

ns8 is a caching-only server, configured with unsupported and disabled
algorithms.  It is used for testing failure cases.

ns9 is a forwarding-only server.
View Git Blame Copy Permalink