ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
f563cd570c8a4e24e0c6a1cf7cf6e11da1b090fb
bind9/bin/tests/system/checkds/ns2/template.db.in
Matthijs Mekking 56262db9cd Add checkds system test 
Add a Pytest based system test for the 'checkds' feature. There is
one nameserver (ns9, because it should be started the latest) that
has configured several zones with dnssec-policy. The zones are set
in such a state that they are waiting for DS publication or DS
withdrawal.

Then several other name servers act as parent servers that either have
the DS for these published, or not. Also one server in the mix is
to test a badly configured parental-agent.

There are tests for DS publication, DS publication error handling,
DS withdrawal and DS withdrawal error handling.

The tests ensures that the zone is DNSSEC valid, and that the
DSPublish/DSRemoved key metadata is set (or not in case of the error
handling).

It does not test if the rollover continues, this is already tested in
the kasp system test (that uses 'rndc -dnssec checkds' to set the
DSPublish/DSRemoved key metadata).
2021-06-30 17:28:48 +02:00

37 lines
1.2 KiB
Plaintext
Raw Blame History

; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300
@ IN SOA secondary.example. hostmaster.example. (
1 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
ns2 A 10.53.0.2
dspublished NS ns9.dspublished
reference NS ns9.reference
missing-dspublished NS ns9.missing-dspublished
bad-dspublished NS ns9.bad-dspublished
multiple-dspublished NS ns9.multiple-dspublished
incomplete-dspublished NS ns9.incomplete-dspublished
bad2-dspublished NS ns9.bad2-dspublished
dswithdrawn NS ns9.dswithdrawn
missing-dswithdrawn NS ns9.missing-dswithdrawn
bad-dswithdrawn NS ns9.bad-dswithdrawn
multiple-dswithdrawn NS ns9.multiple-dswithdrawn
incomplete-dswithdrawn NS ns9.incomplete-dswithdrawn
bad2-dswithdrawn NS ns9.bad2-dswithdrawn
View Git Blame Copy Permalink