upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-26 00:30:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/tests/system/autosign/ns3/delay.example.db.in
Matthijs Mekking 9f75f472f6 Alter autosign system test 
The autosign system test mainly tests the auto-dnssec configuration
option. Since this option is going to be removed, update the system
test so that it uses dnssec-policy.

We could remove the complete system test, but keeping an altered
version of the system test may still be useful to detect unexpected
behavior after code changes.

Change the ns1 (test root server) to use manual signing. This zone
has some weird corner cases that do not fit the dnssec-policy model
very well.

The ns2 bar zone also needs to use manual signing, because it revokes
its key, and RFC 5011 key revocation is not supported with
dnssec-policy.

There are also a couple of weird corner test cases that can be removed:
- Inactive KSK or ZSK. With dnssec-policy there is no such thing as
  ZSK taking over the role of a KSK when the KSK is deleted, or vice
  versa.
- The CDS and CDNSKEY DELETE records are now automated with
  dnssec-policy and so the tests for persistence are no longer required.

In tests.sh, bump the expected number of root DNSKEY records to 11,
because with manual signing the activation before publication is
actually honored.

Also remove any 'rndc signing -nsec3param' commands because with
dnssec-policy you set the NSEC3 parameters in the configuration.

Remove any check interval tests, these "next key event" times are
now calculated and tested in the kasp system test.
2023-07-20 11:04:23 +02:00

26 lines
713 B
Text
Raw Blame History

; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2009102722 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns
ns A 10.53.0.3
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
x CNAME a
Reference in a new issue View git blame Copy permalink