bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-04-26 08:39:00 -04:00

History

Matthijs Mekking 5e3aef364f dnssec-signzone retain signature if key is offline Track inside the dns_dnsseckey structure whether we have seen the private key, or if this key only has a public key file. If the key only has a public key file, or a DNSKEY reference in the zone, mark the key 'pubkey'. In dnssec-signzone, if the key only has a public key available, consider the key to be offline. Any signatures that should be refreshed for which the key is not available, retain the signature. So in the code, 'expired' becomes 'refresh', and the new 'expired' is only used to determine whether we need to keep the signature if the corresponding key is not available (retaining the signature if it is not expired). In the 'keysthatsigned' function, we can remove: - key->force_publish = false; - key->force_sign = false; because they are redundant ('dns_dnsseckey_create' already sets these values to false).		2025-01-23 09:43:07 +00:00
..
ans10	Adapt to Python scripts to black 23.1.0	2023-02-17 15:31:52 +01:00
ns1	Remove trusted-keys and managed-keys options	2024-12-11 14:04:37 +01:00
ns2	Remove dnssec-must-be-secure feature	2024-12-09 13:10:21 +01:00
ns3	change allow-transfer default to "none"	2024-06-05 10:50:06 -07:00
ns4	Remove dnssec-must-be-secure feature	2024-12-09 13:10:21 +01:00
ns5	Reformat shell scripts with shfmt	2023-10-26 10:23:50 +02:00
ns6	Remove the lock-file configuration and -X argument to named	2023-10-26 22:42:37 +02:00
ns7	Reformat shell scripts with shfmt	2023-10-26 10:23:50 +02:00
ns8	Rename system test directory with common files to _common	2023-09-19 13:29:27 +02:00
ns9	Use DEFAULT_HMAC for rndc	2022-07-07 10:11:42 +10:00
signer	check that 'dnssec-signzone -F' fails for rsasha1	2023-04-03 12:44:27 +10:00
dnssec_update_test.pl	Update the copyright information in all files in the repository	2022-01-11 09:05:02 +01:00
ntadiff.pl	Update the copyright information in all files in the repository	2022-01-11 09:05:02 +01:00
prereq.sh	Reformat shell scripts with shfmt	2023-10-26 10:23:50 +02:00
README	Update the copyright information in all files in the repository	2022-01-11 09:05:02 +01:00
setup.sh	Remove invocations and mentions of clean.sh	2024-11-08 10:54:24 +01:00
tests.sh	dnssec-signzone retain signature if key is offline	2025-01-23 09:43:07 +00:00
tests_sh_dnssec.py	Test dnssec-signzone with private key file missing	2025-01-23 09:43:07 +00:00

README

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0.  If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.

The test setup for the DNSSEC tests has a secure root.

ns1 is the root server.

ns2 and ns3 are authoritative servers for the various test domains.

ns4 is a caching-only server, configured with the correct trusted key
for the root.

ns5 is a caching-only server, configured with the an incorrect trusted
key for the root.  It is used for testing failure cases.

ns6 is an caching and authoritative server used for testing unusual
server behaviors such as disabled DNSSEC algorithms.

ns7 is used for checking non-cacheable answers.

ns8 is a caching-only server, configured with unsupported and disabled
algorithms.  It is used for testing failure cases.

ns9 is a forwarding-only server.