mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-01 04:50:50 -05:00
b85007e0a6
Some values returned by dstkey_fromconfig() indicate that key loading should be interrupted, others do not. There are also certain subsequent checks to be made after parsing a key from configuration and the results of these checks also affect the key loading process. All of this complicates the key loading logic. In order to make the relevant parts of the code easier to follow, reduce the body of the inner for loop in load_view_keys() to a single call to a new function, process_key(). Move dstkey_fromconfig() error handling to process_key() as well and add comments to clearly describe the effects of various key loading errors. |
||
|---|---|---|
| .. | ||
| ns1 | ||
| ns2 | ||
| ns3 | ||
| ns4 | ||
| ns5 | ||
| ns6 | ||
| ns7 | ||
| clean.sh | ||
| README | ||
| setup.sh | ||
| tests.sh | ||
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
This is for testing managed-keys, in particular with problems
with RFC 5011 Automated Updates of DNSSEC Trust Anchors.
ns1 is the root server that offers new KSKs and hosts one record for
testing. The TTL for the zone's records is 2 seconds.
ns2 is a validator that uses managed-keys. "-T mkeytimers=2/20/40"
is used so it will attempt do automated updates frequently. "-T tat=1"
is used so it will send TAT queries once per second.
ns3 is a validator with a broken key in managed-keys.
ns4 is a validator with a deliberately broken managed-keys.bind and
managed-keys.jnl, causing RFC 5011 initialization to fail.
ns5 is a validator which is prevented from getting a response from the
root server, causing key refresh queries to fail.
ns6 is a validator which has unsupported algorithms, one at start up,
one because of an algorithm rollover.