bind9/bin/python/isc/tests/test-policies/01-keysize.pol

/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

policy keysize_rsa {
	algorithm rsasha1;
	coverage 1y;
	roll-period zsk 3mo;
	pre-publish zsk 2w;
	post-publish zsk 2w;
	roll-period ksk 1y;
	pre-publish ksk 1mo;
	post-publish ksk 2mo;
	keyttl 1h;
	key-size ksk 2048;
	key-size zsk 1024;
};

policy keysize_dsa {
	algorithm dsa;
	coverage 1y;
	key-size ksk 2048;
	key-size zsk 1024;
};

zone good_rsa.test {
	policy keysize_rsa;
};

zone bad_rsa.test {
	policy keysize_rsa;
	key-size ksk 511;
};

zone good_dsa.test {
	policy keysize_dsa;
	key-size ksk 1024;
	key-size zsk 768;
};

zone bad_dsa.test {
	policy keysize_dsa;
	key-size ksk 1024;
	key-size zsk 769;
};
[master] copyrights 2016-04-29 01:30:53 -04:00			`/*`
Update license headers to not include years in copyright in all applicable files 2018-02-23 03:53:12 -05:00			`* Copyright (C) Internet Systems Consortium, Inc. ("ISC")`
[master] copyrights 2016-04-29 01:30:53 -04:00			`*`
4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 00:56:38 -04:00			`* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/.`
Update license headers to not include years in copyright in all applicable files 2018-02-23 03:53:12 -05:00			`*`
			`* See the COPYRIGHT file distributed with this work for additional`
			`* information regarding copyright ownership.`
[master] copyrights 2016-04-29 01:30:53 -04:00			`*/`

[master] dnssec-keymgr 4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211] 2016-04-28 03:12:33 -04:00			`policy keysize_rsa {`
[master] copyrights 2016-04-29 01:30:53 -04:00			`algorithm rsasha1;`
			`coverage 1y;`
			`roll-period zsk 3mo;`
			`pre-publish zsk 2w;`
			`post-publish zsk 2w;`
			`roll-period ksk 1y;`
			`pre-publish ksk 1mo;`
			`post-publish ksk 2mo;`
			`keyttl 1h;`
			`key-size ksk 2048;`
			`key-size zsk 1024;`
[master] dnssec-keymgr 4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211] 2016-04-28 03:12:33 -04:00			`};`

			`policy keysize_dsa {`
[master] copyrights 2016-04-29 01:30:53 -04:00			`algorithm dsa;`
			`coverage 1y;`
			`key-size ksk 2048;`
			`key-size zsk 1024;`
[master] dnssec-keymgr 4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211] 2016-04-28 03:12:33 -04:00			`};`

			`zone good_rsa.test {`
[master] copyrights 2016-04-29 01:30:53 -04:00			`policy keysize_rsa;`
[master] dnssec-keymgr 4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211] 2016-04-28 03:12:33 -04:00			`};`

			`zone bad_rsa.test {`
[master] copyrights 2016-04-29 01:30:53 -04:00			`policy keysize_rsa;`
			`key-size ksk 511;`
[master] dnssec-keymgr 4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211] 2016-04-28 03:12:33 -04:00			`};`

			`zone good_dsa.test {`
[master] copyrights 2016-04-29 01:30:53 -04:00			`policy keysize_dsa;`
			`key-size ksk 1024;`
			`key-size zsk 768;`
[master] dnssec-keymgr 4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211] 2016-04-28 03:12:33 -04:00			`};`

			`zone bad_dsa.test {`
[master] copyrights 2016-04-29 01:30:53 -04:00			`policy keysize_dsa;`
			`key-size ksk 1024;`
			`key-size zsk 769;`
[master] dnssec-keymgr 4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211] 2016-04-28 03:12:33 -04:00			`};`