upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-25 08:07:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check that named-checkzone reports deprecated digests

Browse source 
(cherry picked from commit 95a82d0893)
This commit is contained in:
Mark Andrews 2025-06-30 15:26:10 +10:00
parent 2ee06d5b9d
commit 05062b6f66
6 changed files with 241 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.reuse/dep5
View file

@ -32,6 +32,12 @@ Files: **/*.after*
bin/tests/system/checkzone/zones/bad-caa-rr.db
bin/tests/system/checkzone/zones/bad1.db
bin/tests/system/checkzone/zones/crashzone.db
bin/tests/system/checkzone/zones/warn.deprecated.cds-sha1.db
bin/tests/system/checkzone/zones/warn.deprecated.digest-sha1.db
bin/tests/system/checkzone/zones/warn.deprecated.ds-alg.db
bin/tests/system/checkzone/zones/warn.deprecated.key-alg.db
bin/tests/system/checkzone/zones/warn.deprecated.nsec3rsasha1.db
bin/tests/system/checkzone/zones/warn.deprecated.rsasha1.db
bin/tests/system/dnstap/large-answer.fstrm
bin/tests/system/doth/CA/CA.cfg
bin/tests/system/doth/CA/README

36
bin/tests/system/checkzone/tests.sh
View file

@ -232,5 +232,41 @@ n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "Checking for SHA1 CDS digest warning ($n)"
ret=0
$CHECKZONE example zones/warn.deprecated.cds-sha1.db >test.out.$n || ret=1
grep "zone example/IN: deprecated CDS digest type 1 (SHA-1)" test.out.$n >/dev/null || ret=1
grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "Checking for SHA1 DS digest warning ($n)"
ret=0
$CHECKZONE example zones/warn.deprecated.digest-sha1.db >test.out.$n || ret=1
grep "zone example/IN: child.example/DS deprecated digest type 1 (SHA-1)" test.out.$n >/dev/null || ret=1
grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "Checking for RSASHA1 DS algorithm warning ($n)"
ret=0
$CHECKZONE example zones/warn.deprecated.ds-alg.db >test.out.$n || ret=1
grep "zone example/IN: child.example/DS deprecated algorithm 5 (RSASHA1)" test.out.$n >/dev/null || ret=1
grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "Checking for RSASHA1 KEY algorithm warning ($n)"
ret=0
$CHECKZONE example zones/warn.deprecated.key-alg.db >test.out.$n || ret=1
grep "zone example/IN: example/KEY deprecated algorithm 5 (RSASHA1)" test.out.$n >/dev/null || ret=1
grep "loaded serial 0 (DNSSEC signed)" test.out.$n >/dev/null || ret=1
n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

44
bin/tests/system/checkzone/zones/warn.deprecated.cds-sha1.db Normal file
View file

@ -0,0 +1,44 @@
; File written on Wed Jul 2 14:27:34 2025
; dnssec-signzone version 9.21.3-dev
example. 3600 IN SOA . . (
0 ; serial
0 ; refresh (0 seconds)
0 ; retry (0 seconds)
0 ; expire (0 seconds)
3600 ; minimum (1 hour)
)
3600 RRSIG SOA 13 1 3600 (
20901231235959 20250630042051 46204 example.
iC+sFesZi+uurPGRfP7faPfmQcHlQcz4oGKP
4Fqq6/ePy9s+FYpL6LILjnB9iPxc0w3BBvsd
PArExFsuaKcWgQ== )
3600 NS .
3600 RRSIG NS 13 1 3600 (
20901231235959 20250630042051 46204 example.
q2qPtVYQsku7j5xqLyIleldPLnhJjvbjMkcb
XtnV2djkM1swGkZp67u4l7GHr9/b9lcM848w
t+AfDiT2Mak9Lg== )
3600 NSEC example. NS SOA RRSIG NSEC DNSKEY CDS
3600 RRSIG NSEC 13 1 3600 (
20901231235959 20250702032734 46204 example.
aPkaoO9OMYZwldpUPJeqFZoGCc8XQcmQHig2
zJmp2Qv2QGRH1faoWosYy5jwQskxtpoyE0Eh
yxEoUhHZNCKogQ== )
3600 DNSKEY 256 3 13 (
Il3F88buwuAwswJl70b4xh8werV/2a2cDo6x
joU5+1H2dRXE/XRt4CEipBdt8Ss4fr8s6jBE
5CT4INCzzeTuZQ==
) ; ZSK; alg = ECDSAP256SHA256 ; key id = 46204
3600 RRSIG DNSKEY 13 1 3600 (
20901231235959 20250630042051 46204 example.
KQWGucJalgX/cANLv0/g0LNweGdeE7gs8rrx
9yOiZqciu7wCfyRgk5ED1pNXOXsTqtIA0OGa
OmTOsXrBWly7ng== )
3600 CDS 46204 13 1 (
712DD9926EDF2A5E81E76D3BC5F5637BEA06
2E67 )
3600 RRSIG CDS 13 1 3600 (
20901231235959 20250702032734 46204 example.
nS9qKdj0dfWNe6U0ttuKSMiKMhxLq4Yo6WPT
9j/cmjbaOdKO1DBoDxzZ7G4M34msvBcKq31L
mn8qUlrzSOfD9A== )

51
bin/tests/system/checkzone/zones/warn.deprecated.digest-sha1.db Normal file
View file

@ -0,0 +1,51 @@
; File written on Mon Jun 30 15:20:51 2025
; dnssec-signzone version 9.21.3-dev
example. 3600 IN SOA . . (
0 ; serial
0 ; refresh (0 seconds)
0 ; retry (0 seconds)
0 ; expire (0 seconds)
3600 ; minimum (1 hour)
)
3600 RRSIG SOA 13 1 3600 (
20901231235959 20250630042051 46204 example.
iC+sFesZi+uurPGRfP7faPfmQcHlQcz4oGKP
4Fqq6/ePy9s+FYpL6LILjnB9iPxc0w3BBvsd
PArExFsuaKcWgQ== )
3600 NS .
3600 RRSIG NS 13 1 3600 (
20901231235959 20250630042051 46204 example.
q2qPtVYQsku7j5xqLyIleldPLnhJjvbjMkcb
XtnV2djkM1swGkZp67u4l7GHr9/b9lcM848w
t+AfDiT2Mak9Lg== )
3600 NSEC child.example. NS SOA RRSIG NSEC DNSKEY
3600 RRSIG NSEC 13 1 3600 (
20901231235959 20250630042051 46204 example.
jgKjQOGLqw7JY1qsyjWZGxL/47mc9dMeZ7yB
KtrRfFCsT7mCe/lMV3u7FOwM2r9/ta8U9/j2
YRVJGECc6/rdcg== )
3600 DNSKEY 256 3 13 (
Il3F88buwuAwswJl70b4xh8werV/2a2cDo6x
joU5+1H2dRXE/XRt4CEipBdt8Ss4fr8s6jBE
5CT4INCzzeTuZQ==
) ; ZSK; alg = ECDSAP256SHA256 ; key id = 46204
3600 RRSIG DNSKEY 13 1 3600 (
20901231235959 20250630042051 46204 example.
KQWGucJalgX/cANLv0/g0LNweGdeE7gs8rrx
9yOiZqciu7wCfyRgk5ED1pNXOXsTqtIA0OGa
OmTOsXrBWly7ng== )
child.example. 3600 IN NS .
3600 DS 30914 13 1 (
3FFB809FC091FDC931815B50E5DA9C00B5C1
454F )
3600 RRSIG DS 13 2 3600 (
20901231235959 20250630042051 46204 example.
5Y/jx0eePoUztptSLwE9DeY2GlVNVHSr3lF4
R8IajnK7zXs2QtoRIdmKwWZ1um1JICh59Xk7
R/BXFAbO6FMaPA== )
3600 NSEC example. NS DS RRSIG NSEC
3600 RRSIG NSEC 13 2 3600 (
20901231235959 20250630042051 46204 example.
A662/raRKle9b45C5douUufAne7iRtKw0u7C
gcnf3tSrJS+plT3e/jHOE5ZRttkloHSDVhYT
7+Wv86G8MGt+3Q== )

51
bin/tests/system/checkzone/zones/warn.deprecated.ds-alg.db Normal file
View file

@ -0,0 +1,51 @@
; File written on Wed Jul 2 12:22:09 2025
; dnssec-signzone version 9.21.3-dev
example. 3600 IN SOA . . (
0 ; serial
0 ; refresh (0 seconds)
0 ; retry (0 seconds)
0 ; expire (0 seconds)
3600 ; minimum (1 hour)
)
3600 RRSIG SOA 13 1 3600 (
20901231235959 20250630042051 46204 example.
iC+sFesZi+uurPGRfP7faPfmQcHlQcz4oGKP
4Fqq6/ePy9s+FYpL6LILjnB9iPxc0w3BBvsd
PArExFsuaKcWgQ== )
3600 NS .
3600 RRSIG NS 13 1 3600 (
20901231235959 20250630042051 46204 example.
q2qPtVYQsku7j5xqLyIleldPLnhJjvbjMkcb
XtnV2djkM1swGkZp67u4l7GHr9/b9lcM848w
t+AfDiT2Mak9Lg== )
3600 NSEC child.example. NS SOA RRSIG NSEC DNSKEY
3600 RRSIG NSEC 13 1 3600 (
20901231235959 20250630042051 46204 example.
jgKjQOGLqw7JY1qsyjWZGxL/47mc9dMeZ7yB
KtrRfFCsT7mCe/lMV3u7FOwM2r9/ta8U9/j2
YRVJGECc6/rdcg== )
3600 DNSKEY 256 3 13 (
Il3F88buwuAwswJl70b4xh8werV/2a2cDo6x
joU5+1H2dRXE/XRt4CEipBdt8Ss4fr8s6jBE
5CT4INCzzeTuZQ==
) ; ZSK; alg = ECDSAP256SHA256 ; key id = 46204
3600 RRSIG DNSKEY 13 1 3600 (
20901231235959 20250630042051 46204 example.
KQWGucJalgX/cANLv0/g0LNweGdeE7gs8rrx
9yOiZqciu7wCfyRgk5ED1pNXOXsTqtIA0OGa
OmTOsXrBWly7ng== )
child.example. 3600 IN NS .
3600 DS 58246 5 2 (
641AFA5ACB8099E4E571585B7B9A416078FF
79D40D1C2E85F9179E28BF08D61D )
3600 RRSIG DS 13 2 3600 (
20901231235959 20250702012209 46204 example.
g17c5sfC0OAucFLA0n9C5EfPActxuPMpHN6G
spGmkkDUaU5UosWkdcapd20Yb29NaEKvJO3Q
Qn6K53MKtWt7zQ== )
3600 NSEC example. NS DS RRSIG NSEC
3600 RRSIG NSEC 13 2 3600 (
20901231235959 20250630042051 46204 example.
A662/raRKle9b45C5douUufAne7iRtKw0u7C
gcnf3tSrJS+plT3e/jHOE5ZRttkloHSDVhYT
7+Wv86G8MGt+3Q== )

53
bin/tests/system/checkzone/zones/warn.deprecated.key-alg.db Normal file
View file

@ -0,0 +1,53 @@
; File written on Wed Jul 2 16:48:02 2025
; dnssec-signzone version 9.21.3-dev
example. 3600 IN SOA . . (
0 ; serial
0 ; refresh (0 seconds)
0 ; retry (0 seconds)
0 ; expire (0 seconds)
3600 ; minimum (1 hour)
)
3600 RRSIG SOA 13 1 3600 (
20901231235959 20250630042051 46204 example.
iC+sFesZi+uurPGRfP7faPfmQcHlQcz4oGKP
4Fqq6/ePy9s+FYpL6LILjnB9iPxc0w3BBvsd
PArExFsuaKcWgQ== )
3600 NS .
3600 RRSIG NS 13 1 3600 (
20901231235959 20250630042051 46204 example.
q2qPtVYQsku7j5xqLyIleldPLnhJjvbjMkcb
XtnV2djkM1swGkZp67u4l7GHr9/b9lcM848w
t+AfDiT2Mak9Lg== )
3600 KEY 512 3 5 (
AwEAAZwLHbB7cjvlEt0evebAMsJtuNYXgiyt
qe3lu0RO/ChFdddyHv+O9M1zLrCnWMBSLHad
YHSXfG3BMyMAnBh7om+1pgrHCShlmMaxZ5cC
sug5buS3E8eVRVAf7Qje63owxm2iF3G9kKWY
FgfE+Ml5Uv7etHkmxqAmFb3jYuXzYWfMz1qY
rICsJnw7qcKzNphl71tDvJUYD5pDA7izhzs3
8tdDH8qMQgK/yNU3Q/RAOg2VRvYuwYOteCAx
6RB/z+rtNTKNbphrPrzSsekOurLo1B+AvDct
o/orbilbQ8qdq0cknKlqdMKuYcqQ1BbBMrdV
w1fBTLDwiFwiRBjYazPqPiE=
); alg = RSASHA1 ; key id = 13684
3600 RRSIG KEY 13 1 3600 (
20901231235959 20250702054802 46204 example.
GvfNtx1F8crebI/QrPb2meHplhSpAsIDqJ48
iMg6aT22mGBagR698GS+9ehg0ExMumfIDPSO
k/1wtwRKYqrKow== )
3600 NSEC example. NS SOA KEY RRSIG NSEC DNSKEY
3600 RRSIG NSEC 13 1 3600 (
20901231235959 20250702054802 46204 example.
Nah5tUuwQiiDKWpdgtqPp7LppMOoDUJkyTZB
pAzmbT8UA7kNJN2K5kfkLJgPqWAt4h2P0Ys1
9lkLcXqYUH0x5g== )
3600 DNSKEY 256 3 13 (
Il3F88buwuAwswJl70b4xh8werV/2a2cDo6x
joU5+1H2dRXE/XRt4CEipBdt8Ss4fr8s6jBE
5CT4INCzzeTuZQ==
) ; ZSK; alg = ECDSAP256SHA256 ; key id = 46204
3600 RRSIG DNSKEY 13 1 3600 (
20901231235959 20250630042051 46204 example.
KQWGucJalgX/cANLv0/g0LNweGdeE7gs8rrx
9yOiZqciu7wCfyRgk5ED1pNXOXsTqtIA0OGa
OmTOsXrBWly7ng== )