mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Check that named-checkzone reports deprecated algorithms
This commit is contained in:
Mark Andrews
parent
1e3e61ba53
commit
5d406677f1
3 changed files with 162 additions and 0 deletions
|
|
@ -260,5 +260,25 @@ n=$((n + 1))
|
|||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "Checking for RSASHA1 deprecated warning ($n)"
|
||||
ret=0
|
||||
$CHECKZONE example zones/warn.deprecated.rsasha1.db >test.out.$n || ret=1
|
||||
grep "deprecated DNSKEY algorithm found: 5 (RSASHA1)" test.out.$n >/dev/null || ret=1
|
||||
grep "all DNSKEY algorithms found are deprecated" test.out.$n >/dev/null || ret=1
|
||||
grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
|
||||
n=$((n + 1))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "Checking for NSECRSASHA1 deprected warning ($n)"
|
||||
ret=0
|
||||
$CHECKZONE example zones/warn.deprecated.nsec3rsasha1.db >test.out.$n || ret=1
|
||||
grep "deprecated DNSKEY algorithm found: 7 (NSEC3RSASHA1)" test.out.$n >/dev/null || ret=1
|
||||
grep "all DNSKEY algorithms found are deprecated" test.out.$n >/dev/null || ret=1
|
||||
grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
|
||||
n=$((n + 1))
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "exit status: $status"
|
||||
[ $status -eq 0 ] || exit 1
|
||||
|
|
|
|||
|
|
@ -0,0 +1,71 @@
|
|||
; File written on Mon Jun 30 14:55:37 2025
|
||||
; dnssec-signzone version 9.21.3-dev
|
||||
example. 3600 IN SOA . . (
|
||||
0 ; serial
|
||||
0 ; refresh (0 seconds)
|
||||
0 ; retry (0 seconds)
|
||||
0 ; expire (0 seconds)
|
||||
3600 ; minimum (1 hour)
|
||||
)
|
||||
3600 RRSIG SOA 7 1 3600 (
|
||||
20901231235959 20250630035537 41424 example.
|
||||
oqX2MaQSaMj2YPYWA/8echxn7QHBerVEs426
|
||||
z8IJ88lv8Ih3Rrsldur6hXCieYI46wK3xOft
|
||||
p0VMAw9iIK5T49PXnaf7+hdaIJFDTAvuhzco
|
||||
e1IcdfmS26a6rRZHG8QKNjVjn/Du3J2gbdoB
|
||||
ubyio+7BY45Mk1S0sb0QzkmfTRZodULfvlW7
|
||||
BkmC9k0ixU1f1R+k26I0TJHYwH6Tw3O/0nPG
|
||||
SkUKnIcgqjzXsnUN1XGR+gD9TVF8Hp+JYWCz
|
||||
5fFTR733OiScIK+Xlon+ydg1GixW1rOR2MOP
|
||||
lowGJIHeE8nDYEgncKv91wFCp1IRHjgN/6zg
|
||||
c6JBClYMhe0RS66I6A== )
|
||||
3600 NS .
|
||||
3600 RRSIG NS 7 1 3600 (
|
||||
20901231235959 20250630035411 41424 example.
|
||||
pQUeJTZvpEPBZOdatA79eUE+qunKTasFyjgT
|
||||
xB+hpvXujxFqf6FDs/TdfE9jGo5T8Rwb3Gu0
|
||||
7+uo5ATwKuQL0TywDVm7DMj07iWoXpCGWge9
|
||||
q+iZ9sVXTzGKbb+1f8w9b/E9qW/s9Uir/tZq
|
||||
pPWhEgy61ip/pjkcyoIi3wQtffBMckApBgao
|
||||
Nk6YPi0TSl3W+cQUDkT2BeCoZDHuhuvS+Z3x
|
||||
URTu5FnqT3YPKJ5xb4N3mr4um4oI9sy+TJIj
|
||||
yuSW/ie0Bzy8x8ha1capfhlbPsZI6SKe0ldR
|
||||
vC9dr0gertISQzAnl9GqxFne6Ya5DyYHKye+
|
||||
khVrRKAu2YIFRWYrOg== )
|
||||
3600 NSEC example. NS SOA RRSIG NSEC DNSKEY
|
||||
3600 RRSIG NSEC 7 1 3600 (
|
||||
20901231235959 20250630035537 41424 example.
|
||||
IMgNRFY4qWHDFz/gWiXn6jrCSW4Az/5sE7ML
|
||||
dyJgY8OHtM2Kq+ThRsgZn7gN47T7QJv8Dvc3
|
||||
oYNRH7R6sjGJBZmfoqfdZmJOrR1bdKhHjhHR
|
||||
0b3NuXlVAG7eqMu4eJvsKZCUTKxa3+iFStw/
|
||||
pTsHWEVT9ozMaAfQdzM86Pq6x8VVQCRwuw9g
|
||||
JWkjt0/4VGA/tTj713o0/7Ju0055wSVnFNvH
|
||||
XaAW2PG9nRDyFvoOq1lFSFEPm9gXDFfDmTZn
|
||||
40v+qIer/vPGMkHyizZAbZ0qnM7lwNAhDukz
|
||||
catwpgsbpMWHrBUgnDCbxpzfl24n7wmHyCUa
|
||||
ArewJH9UphjytrxHjw== )
|
||||
3600 DNSKEY 256 3 7 (
|
||||
AwEAAakdlaNNa6UNEKTh7g0TPBLuEecXezJ2
|
||||
mz7kaBxIEx7t3IPxWymt5XezCtR7NilHW+zo
|
||||
d42hzKrtqFilt5SBrsjnWr5ipczEySEYCtOz
|
||||
Jx0P9xLj8MjCf5D6+elSY4zm9gtqlIo6ryhf
|
||||
SuCJQ9XZOIFD10/8efr0HYxkc0N4msZhVcuB
|
||||
yJ650Pjc0EFWEe2yseM+uXZCIc/0Q4OayMJA
|
||||
5GEJwvq/POH/POU7HlQR5RKzT0babm4Jvmpx
|
||||
F1jf7gSRL44LgVLl/m4fKjseK1w0shOxhrwc
|
||||
gAXI5ZMpspN9Mnhy+HNemkw9xyw3XkAtcTuN
|
||||
yUHvCLEyaklh6latwxFQTLM=
|
||||
) ; ZSK; alg = NSEC3RSASHA1 ; key id = 41424
|
||||
3600 RRSIG DNSKEY 7 1 3600 (
|
||||
20901231235959 20250630035411 41424 example.
|
||||
G2lr1Q+xjDnefyPbxLTy0yZ8wUg1+GcaBb9H
|
||||
7YX0FzZroRLTNr8SN2VYge4CbNZkTIC98dmV
|
||||
TRwoBp4HbrWY5jDGT2oQS1zDc92dz0TuD0Ys
|
||||
JMI2/IEVpA9wBcqsRssmAwzSuh4dMLqfMkrm
|
||||
KzWk7CRNxqC1JXJ1MgbRCRuES22HGO3O7ZXZ
|
||||
HjsFANBQt+7PebgdmAtS61RvztyJE+o6LyaA
|
||||
qA9qawqYDBi7Lcar/U+arrfg77kQ8BmC+ZZV
|
||||
toLkus9VsM9GShmMo2/KMu+PYWHKWUuHwRas
|
||||
v9hSvLh/+b7mymssp/WtmX79a3WXlHovNP2v
|
||||
Sh2S4RjDq4lFsyqTAA== )
|
||||
71
bin/tests/system/checkzone/zones/warn.deprecated.rsasha1.db
Normal file
71
bin/tests/system/checkzone/zones/warn.deprecated.rsasha1.db
Normal file
|
|
@ -0,0 +1,71 @@
|
|||
; File written on Mon Jun 30 14:57:52 2025
|
||||
; dnssec-signzone version 9.21.3-dev
|
||||
example. 3600 IN SOA . . (
|
||||
0 ; serial
|
||||
0 ; refresh (0 seconds)
|
||||
0 ; retry (0 seconds)
|
||||
0 ; expire (0 seconds)
|
||||
3600 ; minimum (1 hour)
|
||||
)
|
||||
3600 RRSIG SOA 5 1 3600 (
|
||||
20901231235959 20250630035752 3495 example.
|
||||
gq16Xp8iCErMp/R6jdzvws3MMvWAMowfYOa5
|
||||
K3Dwo3MXUruWhsDa4XjH3CJIk4LtSRDWcVSj
|
||||
/STy/R4CEvz83/2VMjQ7L73hFZZNVrMHKrLi
|
||||
SfRhnUueOHiYrv8sLM2ZHy0EYM/gULmcX51j
|
||||
j0XJlSf9DfkT/nh3ZwqS+lD/RA+1Gg73xVkS
|
||||
tRh5AZMWAGrjyBMOC0iW9qexqINmM0nR40K7
|
||||
5L+17OL2Ay/Fp7zliN+g9bAEfgITQlFRO32Y
|
||||
sZrPRguzavP5xad4m3GOCAQoTQJpnci7id2u
|
||||
DhIwkh6+7Do3zjZOQy74IvbuPVUS5nVRiEd8
|
||||
XqF3Z7hHMYWWCEdslw== )
|
||||
3600 NS .
|
||||
3600 RRSIG NS 5 1 3600 (
|
||||
20901231235959 20250630034615 3495 example.
|
||||
FrY8Bi8StW34PADKfVn2uPDIgDzbhyinoQDw
|
||||
HjklP8PFXvl2VLhroGZy5EfoGQlC+eOL7Ffb
|
||||
ZlKMvSOtGHpIIdqWg6GmGBWqCYoC3EoaFVXh
|
||||
A2SBxOPdcbGbwzVk6MWnrpFRsxwMqX+7vjJg
|
||||
eB7XVh1tZf90N6Yfswfy/UFf5Qbaj69gE7/7
|
||||
Eu3lkNNsFr5UVLPU4K4/dzNalllZjZ++w68T
|
||||
5Y97UmIJH+aXpNndibJU9c25F1/ou5NJLQQN
|
||||
LxyWXIi1CRaF88sjQwXemO8xutnh2b3ULKI0
|
||||
pelDtKThLWWYAMhgMnhr5HktL69++cMZiZ4z
|
||||
3heBavJIPY2QTYOLZw== )
|
||||
3600 NSEC example. NS SOA RRSIG NSEC DNSKEY
|
||||
3600 RRSIG NSEC 5 1 3600 (
|
||||
20901231235959 20250630035752 3495 example.
|
||||
N5mNbNXTSbLOya8baU6SaGao8bPquA4rO2hb
|
||||
5mkYjM+wzAJRNKSrViA5Ev7iFJolXKM+NCV3
|
||||
fpKtT+5v8mqhGZf80H1Z7inmAMX+Gz9B0YfO
|
||||
yhmSTD7qnIgoxw+W/dFAeBx18XyCRDBRlGyj
|
||||
2FEqZa46AVuDaYgQoUJLfM4SkOhbsDdDfQV1
|
||||
uQinjRnhvOQEOd0wYRbqR7S8BMqppnahwyai
|
||||
lH5tx8qsBVFTR7P8D5UlTfHCBM+d0VI5jXjt
|
||||
45eCwzqQBTl4ot4Tbc/nGaUvPU5ffkW8fmsk
|
||||
BygQeKd97xPnzK0tt1KJaYGTiqc3UgUId929
|
||||
XniHMB6YmxkpIb2qrg== )
|
||||
3600 DNSKEY 256 3 5 (
|
||||
AwEAAZmABvQsJBvsRu2fMlU1CtN58u7+yO5x
|
||||
ioxkg8O2mH29NDFoMKtxZKlk74+hT8m0aAKV
|
||||
hqEywM9S2NaWEXctv2lF6t/f8E8YJkY+cnLb
|
||||
iZmxuJmScxce8u32KlX0MiKN2JQHIokDTz7m
|
||||
2AqUaLTnERyIXNUHJfHx1nzvhhz4G7TV41Pk
|
||||
U1MSX3gCrgsSQ7IUzLOsyy6iQn4wFml+eXlO
|
||||
qmypFvjRDhmjXAHms3nSOgDmDu6kF+9R0ccL
|
||||
Lh4YAEYZlx2UoDigcEtRfMeYQwb76tC7xAkx
|
||||
EEJAUo+oRkaw2in8kVjpwuXSWF5WlX+Cpie9
|
||||
o3r+4EpI/IV6z63QO9zqMEE=
|
||||
) ; ZSK; alg = RSASHA1 ; key id = 3495
|
||||
3600 RRSIG DNSKEY 5 1 3600 (
|
||||
20901231235959 20250630034615 3495 example.
|
||||
gpKH6gf+47UNqMlTdtylpSW/yRNEyPtpj7Tu
|
||||
Y939pwRPgQcPBscIwcZzezV0r4y2O5xMTKQ1
|
||||
fQZTidfCwvessYTxYJYSjE1i+pChblLmqY/j
|
||||
JNjwUv0nH9rs8ZSXRSFiqPsC7tl4jBQsD1N+
|
||||
UdV3a/rEFCON1C+KirQlrdSq+/bAic0A4afZ
|
||||
g746kgnLsNCu/FnVucfoOBGaAk6na9dYIt0+
|
||||
l7IKI+4dg+tHsaGdRVv2h2JXO6g1I2LtCiIB
|
||||
FlKxFDCrMFV9+xduLFNnNxVsvnK7RtlAAPo5
|
||||
n4WBinbW5CpGJnc7n/0BknnecqZb63qkQgia
|
||||
50FJvVZCJ4WTZ+Hh0g== )
|
||||
Loading…
Reference in a new issue