56262db9cd
Add a Pytest based system test for the 'checkds' feature. There is one nameserver (ns9, because it should be started the latest) that has configured several zones with dnssec-policy. The zones are set in such a state that they are waiting for DS publication or DS withdrawal. Then several other name servers act as parent servers that either have the DS for these published, or not. Also one server in the mix is to test a badly configured parental-agent. There are tests for DS publication, DS publication error handling, DS withdrawal and DS withdrawal error handling. The tests ensures that the zone is DNSSEC valid, and that the DSPublish/DSRemoved key metadata is set (or not in case of the error handling). It does not test if the rollover continues, this is already tested in the kasp system test (that uses 'rndc -dnssec checkds' to set the DSPublish/DSRemoved key metadata).
20 lines
755 B
Plaintext
20 lines
755 B
Plaintext
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
See COPYRIGHT in the source root or https://isc.org/copyright.html for terms.
|
|
|
|
The test setup for the checkds tests.
|
|
|
|
These servers are parent servers:
|
|
- ns2 is a primary authoritative server that serves the parent zone for zones
|
|
configured in ns9.
|
|
- ns4 is the secondary server for ns2.
|
|
- ns5 is a primary authoritative server that serves the parent zone for zones
|
|
configured in ns9, but this one does not publish DS records (to test cases
|
|
where the DS is missing).
|
|
- ns6 is an authoritative server for a different zone, to test badly configured
|
|
parental agents.
|
|
- ns7 is the secondary server for ns5.
|
|
|
|
Finally, ns9 is the authoritative server for the various DNSSEC enabled test
|
|
domains.
|