mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-11 10:40:56 -04:00
Remove auto-dnssec checkconf tests
Any checkconf tests related to auto-dnssec can be removed, as this option will be removed too.
This commit is contained in:
Matthijs Mekking
parent
6df1f85f14
commit
33db82cf20
10 changed files with 4 additions and 126 deletions
|
|
@ -1,24 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
include "good-kasp.conf";
|
||||
|
||||
// Bad zone configuration because this has dnssec-policy and other DNSSEC sign
|
||||
// configuration options (auto-dnssec).
|
||||
zone "example.net" {
|
||||
type primary;
|
||||
file "example.db";
|
||||
dnssec-policy "test";
|
||||
auto-dnssec maintain;
|
||||
allow-update { any; };
|
||||
};
|
||||
|
|
@ -14,6 +14,6 @@
|
|||
zone example {
|
||||
type primary;
|
||||
file "example.db";
|
||||
auto-dnssec maintain;
|
||||
dnssec-policy default;
|
||||
allow-update { none; };
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
view view1 {
|
||||
match-clients { any; };
|
||||
dnssec-validation yes;
|
||||
};
|
||||
|
||||
view view2 {
|
||||
match-clients { none; };
|
||||
dnssec-validation auto;
|
||||
};
|
||||
|
||||
view view3 {
|
||||
match-clients { none; };
|
||||
auto-dnssec maintain;
|
||||
};
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
view view1 {
|
||||
match-clients { any; };
|
||||
};
|
||||
|
||||
view view2 {
|
||||
match-clients { none; };
|
||||
};
|
||||
|
||||
view view3 {
|
||||
match-clients { none; };
|
||||
dnssec-validation auto;
|
||||
};
|
||||
|
||||
view view4 {
|
||||
match-clients { none; };
|
||||
};
|
||||
|
||||
view view5 {
|
||||
match-clients { none; };
|
||||
auto-dnssec off;
|
||||
};
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
zone "test" {
|
||||
type primary;
|
||||
file "test.db";
|
||||
auto-dnssec maintain;
|
||||
};
|
||||
|
|
@ -17,7 +17,7 @@ primaries "publicSecondaries" {127.0.0.1;};
|
|||
zone "example.net" {
|
||||
type secondary;
|
||||
key-directory "/var/lib/bind/example.net";
|
||||
auto-dnssec maintain;
|
||||
dnssec-policy default;
|
||||
inline-signing yes;
|
||||
primaries { stealthPrimaries; };
|
||||
notify explicit;
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ zone "example.net" {
|
|||
type secondary;
|
||||
file "/var/cache/bind/example.net.db";
|
||||
key-directory "/var/lib/bind/example.net";
|
||||
auto-dnssec maintain;
|
||||
dnssec-policy default;
|
||||
inline-signing yes;
|
||||
primaries { stealthPrimaries; };
|
||||
notify explicit;
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ primaries "publicSecondaries" {127.0.0.1;};
|
|||
zone "example.net" {
|
||||
type secondary;
|
||||
key-directory "/var/lib/bind/example.net";
|
||||
auto-dnssec maintain;
|
||||
dnssec-policy default;
|
||||
inline-signing no;
|
||||
primaries { stealthPrimaries; };
|
||||
notify explicit;
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ zone "nsec3.net" {
|
|||
type primary;
|
||||
file "nsec3.db";
|
||||
dnssec-policy "test";
|
||||
auto-dnssec maintain;
|
||||
dnskey-sig-validity 3600;
|
||||
dnssec-dnskey-kskonly yes;
|
||||
dnssec-update-mode maintain;
|
||||
|
|
|
|||
|
|
@ -142,23 +142,6 @@ warnings=$(grep "'notify' is disabled" < checkconf.out$n | wc -l)
|
|||
if [ $ret -ne 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
n=$((n + 1))
|
||||
echo_i "checking named-checkconf dnssec warnings ($n)"
|
||||
ret=0
|
||||
# dnssec.1: auto-dnssec warning
|
||||
$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1 && ret=1
|
||||
grep 'auto-dnssec may only be ' < checkconf.out$n.1 > /dev/null || ret=1
|
||||
# dnssec.2: should have no warnings (other than deprecation warning)
|
||||
$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1 || ret=1
|
||||
grep "option 'auto-dnssec' is deprecated" < checkconf.out$n.2 > /dev/null || ret=1
|
||||
lines=$(wc -l < "checkconf.out$n.2")
|
||||
if [ $lines != 1 ]; then ret=1; fi
|
||||
# dnssec.3: should have specific deprecation warning
|
||||
$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1 && ret=1
|
||||
grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" < checkconf.out$n.3 > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
n=$((n + 1))
|
||||
echo_i "checking named-checkconf deprecate warnings ($n)"
|
||||
ret=0
|
||||
|
|
@ -507,7 +490,6 @@ echo_i "checking named-checkconf kasp errors ($n)"
|
|||
ret=0
|
||||
$CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1
|
||||
grep "'inline-signing yes;' must also be configured explicitly for zones using dnssec-policy without a configured 'allow-update' or 'update-policy'" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "'auto-dnssec maintain;' cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "dnskey-sig-validity: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "dnssec-dnskey-kskonly: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1
|
||||
|
|
|
|||
Loading…
Reference in a new issue