upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-24 10:21:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/tests/system/dnssec
History
Evan Hunt 0b09ee8cdc explicitly set dnssec-validation in system tests 
the default value of dnssec-validation is 'auto', which causes
a server to send a key refresh query to the root zone when starting
up. this is undesirable behavior in system tests, so this commit
sets dnssec-validation to either 'yes' or 'no' in all tests where
it had not previously been set.

this change had the mostly-harmless side effect of changing the cached
trust level of unvalidated answer data from 'answer' to 'authanswer',
which caused a few test cases in which dumped cache data was examined in
the serve-stale system test to fail. those test cases have now been
updated to expect 'authanswer'.
2023-06-26 13:41:56 -07:00
..
ans10 Adapt to Python scripts to black 23.1.0 2023-02-17 15:31:52 +01:00
ns1 Remove leftover test code for Windows 2022-01-27 09:08:29 +01:00
ns2 dnssec: Check validation with short RSA key size FIPS mode 2023-04-03 12:44:27 +10:00
ns3 Fix dnssec system test 2023-05-23 08:53:23 +02:00
ns4 explicitly set dnssec-validation in system tests 2023-06-26 13:41:56 -07:00
ns5 explicitly set dnssec-validation in system tests 2023-06-26 13:41:56 -07:00
ns6 Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
ns7 Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
ns8 Use DEFAULT_HMAC for rndc 2022-07-07 10:11:42 +10:00
ns9 Use DEFAULT_HMAC for rndc 2022-07-07 10:11:42 +10:00
signer check that 'dnssec-signzone -F' fails for rsasha1 2023-04-03 12:44:27 +10:00
clean.sh dnssec: test dnssec-keygen -F switches to FIPS mode 2023-04-03 12:44:27 +10:00
dnssec_update_test.pl Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
ntadiff.pl Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
README Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
setup.sh Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
tests.sh Let RSASHA1 signing keys be ignored in FIPS mode 2023-05-17 23:51:39 +00:00
tests_sh_dnssec.py Add pytest functions for shell system tests 2023-05-22 14:11:39 +02:00

README 

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0.  If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.

The test setup for the DNSSEC tests has a secure root.

ns1 is the root server.

ns2 and ns3 are authoritative servers for the various test domains.

ns4 is a caching-only server, configured with the correct trusted key
for the root.

ns5 is a caching-only server, configured with the an incorrect trusted
key for the root.  It is used for testing failure cases.

ns6 is an caching and authoritative server used for testing unusual
server behaviors such as disabled DNSSEC algorithms.

ns7 is used for checking non-cacheable answers.

ns8 is a caching-only server, configured with unsupported and disabled
algorithms.  It is used for testing failure cases.

ns9 is a forwarding-only server.