upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-27 03:51:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/tests/dnssec-signzone/test8.zone
Mark Andrews 2534a73a59 2608. [func] Perform post signing verification checks in 
dnssec-signzone.  These can be disabled with -P.

                        The post sign verification test ensures that for each
                        algorithm in use there is at least one non revoked
                        self signed KSK key.  That all revoked KSK keys are
                        self signed.  That all records in the zone are signed
                        by the algorithm.  [RT #19653]
2009-06-04 02:13:37 +00:00

9 lines
299 B
Dns
Raw Blame History

;
; This is a zone which has two DNSKEY records, one of which,
; the KSK, has a private key. The resulting zone should be rejected as
; it has no ZSK signatures.
;
$TTL 3600
example.com. IN SOA ns hostmaster 00090000 1200 3600 604800 300
$include Kexample.com.+005+23362.key
$include bogus-zsk.key
Reference in a new issue View git blame Copy permalink