bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00

History

Mark Andrews bce42685ab add missing echo		2015-08-18 09:37:14 +10:00
..
ns1	update copyright notice / whitespace	2015-02-06 23:45:21 +00:00
ns2	update copyright notice / whitespace	2015-02-06 23:45:21 +00:00
ns3	update copyright notice / whitespace	2015-02-06 23:45:21 +00:00
clean.sh	[master] additional mkeys tests	2015-02-23 21:07:26 -08:00
prereq.sh	update copyright notice / whitespace	2015-02-07 23:45:20 +00:00
README	update copyright notice / whitespace	2015-02-06 23:45:21 +00:00
setup.sh	update copyright notice / whitespace	2015-02-06 23:45:21 +00:00
tests.sh	add missing echo	2015-08-18 09:37:14 +10:00

README

Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.

This is for testing managed-keys, in particular with problems
with RFC 5011 Automated Updates of DNSSEC Trust Anchors.

ns1 is the root server that offers new KSKs and hosts one record for
testing. The TTL for the zone's records is 2 seconds.

ns2 is a validator uses managed-keys.
"named -T rfc5011holddown=4" switch is used so it will attempt to do
the automated updates frequently.

ns3 is a validator with a broken key in managed-keys.

Tests TODO:

- initial working KSK

TODO: test using delv with new trusted key too

- introduce a REVOKE bit

- later remove a signature

- corrupt a signature

TODO: also same things with dlv auto updates of trust anchor