mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-25 10:59:35 -05:00
32 lines
927 B
Text
32 lines
927 B
Text
Copyright (C) 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
This Source Code Form is subject to the terms of the Mozilla Public
|
|
License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
This is for testing managed-keys, in particular with problems
|
|
with RFC 5011 Automated Updates of DNSSEC Trust Anchors.
|
|
|
|
ns1 is the root server that offers new KSKs and hosts one record for
|
|
testing. The TTL for the zone's records is 2 seconds.
|
|
|
|
ns2 is a validator uses managed-keys.
|
|
"named -T rfc5011holddown=4" switch is used so it will attempt to do
|
|
the automated updates frequently.
|
|
|
|
ns3 is a validator with a broken key in managed-keys.
|
|
|
|
Tests TODO:
|
|
|
|
- initial working KSK
|
|
|
|
TODO: test using delv with new trusted key too
|
|
|
|
- introduce a REVOKE bit
|
|
|
|
- later remove a signature
|
|
|
|
- corrupt a signature
|
|
|
|
TODO: also same things with dlv auto updates of trust anchor
|
|
|