diff --git a/bin/tests/system/dnssec/ns2/badparam.db.in b/bin/tests/system/dnssec/ns2/badparam.db.in deleted file mode 100644 index b18d1863d5..0000000000 --- a/bin/tests/system/dnssec/ns2/badparam.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2010081000 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns2 -ns2 A 10.53.0.2 diff --git a/bin/tests/system/dnssec/ns2/cdnskey-auto.secure.db.in b/bin/tests/system/dnssec/ns2/cdnskey-auto.secure.db.in deleted file mode 100644 index aa3aaabfaf..0000000000 --- a/bin/tests/system/dnssec/ns2/cdnskey-auto.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/cdnskey-update.secure.db.in b/bin/tests/system/dnssec/ns2/cdnskey-update.secure.db.in deleted file mode 100644 index aa3aaabfaf..0000000000 --- a/bin/tests/system/dnssec/ns2/cdnskey-update.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/cdnskey.secure.db.in b/bin/tests/system/dnssec/ns2/cdnskey.secure.db.in deleted file mode 100644 index aa3aaabfaf..0000000000 --- a/bin/tests/system/dnssec/ns2/cdnskey.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/cds-update.secure.db.in b/bin/tests/system/dnssec/ns2/cds-update.secure.db.in deleted file mode 100644 index aa3aaabfaf..0000000000 --- a/bin/tests/system/dnssec/ns2/cds-update.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/cds.secure.db.in b/bin/tests/system/dnssec/ns2/cds.secure.db.in deleted file mode 100644 index aa3aaabfaf..0000000000 --- a/bin/tests/system/dnssec/ns2/cds.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/child.nsec3.example.db b/bin/tests/system/dnssec/ns2/child.nsec3.example.db deleted file mode 100644 index 8fc3bc837e..0000000000 --- a/bin/tests/system/dnssec/ns2/child.nsec3.example.db +++ /dev/null @@ -1,20 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2006081400 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ IN NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/child.optout.example.db b/bin/tests/system/dnssec/ns2/child.optout.example.db deleted file mode 100644 index 8fc3bc837e..0000000000 --- a/bin/tests/system/dnssec/ns2/child.optout.example.db +++ /dev/null @@ -1,20 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2006081400 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ IN NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/dst.example.db.in b/bin/tests/system/dnssec/ns2/dst.example.db.in deleted file mode 100644 index 0039484964..0000000000 --- a/bin/tests/system/dnssec/ns2/dst.example.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns2.example. -a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in index c725132988..6531ae6649 100644 --- a/bin/tests/system/dnssec/ns2/example.db.in +++ b/bin/tests/system/dnssec/ns2/example.db.in @@ -12,10 +12,10 @@ $TTL 3600 ; 1 hour @ IN SOA mname1. . ( 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) ) NS ns2 NS ns3 @@ -30,8 +30,8 @@ d A 10.0.0.4 foo TXT "testing" foo A 10.0.1.0 -bad-cname CNAME a -bad-dname DNAME @ +bad-cname CNAME a +bad-dname DNAME @ ; Used for testing CNAME queries cname1 CNAME cname1-target @@ -52,153 +52,153 @@ secure NS ns3.secure ns3.secure A 10.53.0.3 ; An insecure subdomain -insecure NS ns.insecure -ns.insecure A 10.53.0.3 +insecure NS ns3.insecure +ns3.insecure A 10.53.0.3 -; A second insecure subdomain -insecure2 NS ns.insecure2 -ns.insecure2 A 10.53.0.3 +; A subdomain with an extra DNSKEY in the wrong place +extrakey NS ns3.extrakey +ns3.extrakey A 10.53.0.3 ; A secure subdomain we're going to inject bogus data into -bogus NS ns.bogus -ns.bogus A 10.53.0.3 +bogus NS ns3.bogus +ns3.bogus A 10.53.0.3 ; A subdomain with a corrupt DS -badds NS ns.badds -ns.badds A 10.53.0.3 +badds NS ns3.badds +ns3.badds A 10.53.0.3 ; A subdomain with a corrupt DS, but locally trusted by the forwarder -localkey NS ns.localkey -ns.localkey A 10.53.0.3 +localkey NS ns3.localkey +ns3.localkey A 10.53.0.3 ; A dynamic secure subdomain -dynamic NS dynamic -dynamic A 10.53.0.3 +dynamic NS ns3.dynamic +ns3.dynamic A 10.53.0.3 ; A subdomain with expired signatures -expired NS ns.expired -ns.expired A 10.53.0.3 +expired NS ns3.expired +ns3.expired A 10.53.0.3 ; A rfc2535 signed zone w/ CNAME rfc2535 NS ns.rfc2535 -ns.rfc2535 A 10.53.0.3 +ns.rfc2535 A 10.53.0.2 z A 10.0.0.26 -keyless NS ns.keyless -ns.keyless A 10.53.0.3 +keyless NS ns3.keyless +ns3.keyless A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 +nsec3 NS ns3.nsec3 +ns3.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 +optout NS ns3.optout +ns3.optout A 10.53.0.3 -nsec3-unknown NS ns.nsec3-unknown -ns.nsec3-unknown A 10.53.0.3 +nsec3-unknown NS ns3.nsec3-unknown +ns3.nsec3-unknown A 10.53.0.3 -optout-unknown NS ns.optout-unknown -ns.optout-unknown A 10.53.0.3 +optout-unknown NS ns3.optout-unknown +ns3.optout-unknown A 10.53.0.3 -dnskey-unknown NS ns.dnskey-unknown -ns.dnskey-unknown A 10.53.0.3 +dnskey-unknown NS ns3.dnskey-unknown +ns3.dnskey-unknown A 10.53.0.3 -dnskey-unsupported NS ns.dnskey-unsupported -ns.dnskey-unsupported A 10.53.0.3 +dnskey-unsupported NS ns3.dnskey-unsupported +ns3.dnskey-unsupported A 10.53.0.3 -dnskey-unsupported-2 NS ns.dnskey-unsupported -ns.dnskey-unsupported-2 A 10.53.0.3 +dnskey-unsupported-2 NS ns3.dnskey-unsupported +ns3.dnskey-unsupported-2 A 10.53.0.3 -ds-unsupported NS ns.ds-unsupported -ns.ds-unsupported A 10.53.0.3 +ds-unsupported NS ns3.ds-unsupported +ns3.ds-unsupported A 10.53.0.3 -digest-alg-unsupported NS ns.digest-alg-unsupported -ns.digest-alg-unsupported A 10.53.0.3 +digest-alg-unsupported NS ns3.digest-alg-unsupported +ns3.digest-alg-unsupported A 10.53.0.3 -dnskey-nsec3-unknown NS ns.dnskey-nsec3-unknown -ns.dnskey-nsec3-unknown A 10.53.0.3 +dnskey-nsec3-unknown NS ns3.dnskey-nsec3-unknown +ns3.dnskey-nsec3-unknown A 10.53.0.3 -multiple NS ns.multiple -ns.multiple A 10.53.0.3 +multiple NS ns3.multiple +ns3.multiple A 10.53.0.3 *.wild A 10.0.0.27 -rsasha256 NS ns.rsasha256 -ns.rsasha256 A 10.53.0.3 +rsasha256 NS ns3.rsasha256 +ns3.rsasha256 A 10.53.0.3 -rsasha512 NS ns.rsasha512 -ns.rsasha512 A 10.53.0.3 +rsasha512 NS ns3.rsasha512 +ns3.rsasha512 A 10.53.0.3 -kskonly NS ns.kskonly -ns.kskonly A 10.53.0.3 +kskonly NS ns3.kskonly +ns3.kskonly A 10.53.0.3 -update-nsec3 NS ns.update-nsec3 -ns.update-nsec3 A 10.53.0.3 +update-nsec3 NS ns3.update-nsec3 +ns3.update-nsec3 A 10.53.0.3 -auto-nsec NS ns.auto-nsec -ns.auto-nsec A 10.53.0.3 +auto-nsec NS ns3.auto-nsec +ns3.auto-nsec A 10.53.0.3 -auto-nsec3 NS ns.auto-nsec3 -ns.auto-nsec3 A 10.53.0.3 +auto-nsec3 NS ns3.auto-nsec3 +ns3.auto-nsec3 A 10.53.0.3 below-cname CNAME some.where.else. -insecure.below-cname NS ns.insecure.below-cname -ns.insecure.below-cname A 10.53.0.3 +insecure.below-cname NS ns3.insecure.below-cname +ns3.insecure.below-cname A 10.53.0.3 -secure.below-cname NS ns.secure.below-cname -ns.secure.below-cname A 10.53.0.3 +secure.below-cname NS ns3.secure.below-cname +ns3.secure.below-cname A 10.53.0.3 -ttlpatch NS ns.ttlpatch -ns.ttlpatch A 10.53.0.3 +ttlpatch NS ns3.ttlpatch +ns3.ttlpatch A 10.53.0.3 -split-dnssec NS ns.split-dnssec -ns.split-dnssec A 10.53.0.3 +split-dnssec NS ns3.split-dnssec +ns3.split-dnssec A 10.53.0.3 -split-smart NS ns.split-smart -ns.split-smart A 10.53.0.3 +split-smart NS ns3.split-smart +ns3.split-smart A 10.53.0.3 -upper NS ns.upper -ns.upper A 10.53.0.3 +upper NS ns3.upper +ns3.upper A 10.53.0.3 -LOWER NS NS.LOWER -NS.LOWER A 10.53.0.3 +LOWER NS NS3.LOWER +NS3.LOWER A 10.53.0.3 -expiring NS ns.expiring -ns.expiring A 10.53.0.3 +expiring NS ns3.expiring +ns3.expiring A 10.53.0.3 -future NS ns.future -ns.future A 10.53.0.3 +future NS ns3.future +ns3.future A 10.53.0.3 -managed-future NS ns.managed-future -ns.managed-future A 10.53.0.3 +managed-future NS ns3.managed-future +ns3.managed-future A 10.53.0.3 -revkey NS ns.revkey -ns.revkey A 10.53.0.3 +revkey NS ns3.revkey +ns3.revkey A 10.53.0.3 -rsasha1 NS ns.rsasha1 -ns.rsasha1 A 10.53.0.3 +rsasha1 NS ns3.rsasha1 +ns3.rsasha1 A 10.53.0.3 -rsasha1-1024 NS ns.rsasha1-1024 -ns.rsasha1-1024 A 10.53.0.3 +rsasha1-1024 NS ns3.rsasha1-1024 +ns3.rsasha1-1024 A 10.53.0.3 dname-at-apex-nsec3 NS ns3 -rsasha256oid NS ns.rsasha256oid -ns.rsasha256oid A 10.53.0.3 +rsasha256oid NS ns3.rsasha256oid +ns3.rsasha256oid A 10.53.0.3 -rsasha512oid NS ns.rsasha512oid -ns.rsasha512oid A 10.53.0.3 +rsasha512oid NS ns3.rsasha512oid +ns3.rsasha512oid A 10.53.0.3 -unknownoid NS ns.unknownoid -ns.unknownoid A 10.53.0.3 +unknownoid NS ns3.unknownoid +ns3.unknownoid A 10.53.0.3 -extradsoid NS ns.extradsoid -ns.extradsoid A 10.53.0.3 +extradsoid NS ns3.extradsoid +ns3.extradsoid A 10.53.0.3 -extradsunknownoid NS ns.extradsunknownoid -ns.extradsunknownoid A 10.53.0.3 +extradsunknownoid NS ns3.extradsunknownoid +ns3.extradsunknownoid A 10.53.0.3 -extended-ds-unknown-oid NS ns.extended-ds-unknown-oid -ns.extended-ds-unknown-oid A 10.53.0.3 +extended-ds-unknown-oid NS ns3.extended-ds-unknown-oid +ns3.extended-ds-unknown-oid A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns2/lazy-ksk.db.in b/bin/tests/system/dnssec/ns2/lazy-ksk.db.in deleted file mode 100644 index 1527e07c6e..0000000000 --- a/bin/tests/system/dnssec/ns2/lazy-ksk.db.in +++ /dev/null @@ -1,27 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 30 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 30 ; minimum (1 hour) - ) - NS ns2 -ns2 A 10.53.0.2 -ns3 A 10.53.0.3 - -a A 10.0.0.1 -*.a A 10.0.0.3 -b A 10.0.0.2 -d A 10.0.0.4 diff --git a/bin/tests/system/dnssec/ns2/private.secure.example.db.in b/bin/tests/system/dnssec/ns2/private.secure.example.db.in deleted file mode 100644 index 94042ae40a..0000000000 --- a/bin/tests/system/dnssec/ns2/private.secure.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.2 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -private2secure-nxdomain CNAME r.example. -*.wild CNAME s.example. diff --git a/bin/tests/system/dnssec/ns2/rfc2335.example.db b/bin/tests/system/dnssec/ns2/rfc2335.example.db.in similarity index 100% rename from bin/tests/system/dnssec/ns2/rfc2335.example.db rename to bin/tests/system/dnssec/ns2/rfc2335.example.db.in diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index ca824a2ad3..e3f18af15e 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -29,6 +29,31 @@ done cp "../ns3/dsset-target.peer-ns-spoof." . +# Set up some unsigned zones: +# insecure +zone=insecure.secure. +infile=template.db.in +zonefile=insecure.secure.example.db +cp $infile $zonefile + +# delegated child of an nsec3 zone +zone=child.nsec3.secure. +infile=template.db.in +zonefile=child.nsec3.secure.example.db +cp $infile $zonefile + +# delegated child of an optout zone +zone=child.nsec3.secure. +infile=template.db.in +zonefile=child.nsec3.secure.example.db +cp $infile $zonefile + +# zone pre-signed with RFC2335 signatures +zone=rfc2335.example. +infile=rfc2335.example.db.in +zonefile=rfc2335.example.db +cp $infile $zonefile + # Sign the "trusted." and "managed." zones. zone=managed. infile=key.db.in @@ -143,7 +168,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" # Sign the badparam secure file zone=badparam. -infile=badparam.db.in +infile=template.db.in zonefile=badparam.db keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") @@ -211,7 +236,7 @@ cat "$key1.key" "$key2.key" >>"$zonefile" "$SIGNER" -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" >/dev/null 2>&1 zone=cds.secure -infile=cds.secure.db.in +infile=template.db.in zonefile=cds.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -220,7 +245,7 @@ cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 zone=cds-x.secure -infile=cds.secure.db.in +infile=template.db.in zonefile=cds-x.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") @@ -230,7 +255,7 @@ cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key2.cds" >"$zonefile" "$SIGNER" -g -x -o "$zone" "$zonefile" >/dev/null 2>&1 zone=cds-update.secure -infile=cds-update.secure.db.in +infile=template.db.in zonefile=cds-update.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -239,7 +264,7 @@ cat "$infile" "$key1.key" "$key2.key" >"$zonefile" keyfile_to_key_id "$key1" >cds-update.secure.id zone=cds-auto.secure -infile=cds-auto.secure.db.in +infile=template.db.in zonefile=cds-auto.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -247,7 +272,7 @@ $SETTIME -P sync now "$key1" >/dev/null cat "$infile" >"$zonefile.signed" zone=cdnskey.secure -infile=cdnskey.secure.db.in +infile=template.db.in zonefile=cdnskey.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -256,7 +281,7 @@ cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 zone=cdnskey-x.secure -infile=cdnskey.secure.db.in +infile=template.db.in zonefile=cdnskey-x.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") @@ -266,7 +291,7 @@ cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key1.cds" >"$zonefile" "$SIGNER" -g -x -o "$zone" "$zonefile" >/dev/null 2>&1 zone=cdnskey-update.secure -infile=cdnskey-update.secure.db.in +infile=template.db.in zonefile=cdnskey-update.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -275,7 +300,7 @@ cat "$infile" "$key1.key" "$key2.key" >"$zonefile" keyfile_to_key_id "$key1" >cdnskey-update.secure.id zone=cdnskey-auto.secure -infile=cdnskey-auto.secure.db.in +infile=template.db.in zonefile=cdnskey-auto.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -283,7 +308,7 @@ $SETTIME -P sync now "$key1" >/dev/null cat "$infile" >"$zonefile.signed" zone=updatecheck-kskonly.secure -infile=template.secure.db.in +infile=template.db.in zonefile=${zone}.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -321,7 +346,7 @@ cat "$infile" "$key1.key" "$key2.key" >"$zonefile" # A zone with a secure chain of trust of two KSKs, only one KSK is not signing. # zone=lazy-ksk -infile=lazy-ksk.db.in +infile=template.db.in zonefile=lazy-ksk.db ksk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") ksk2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") diff --git a/bin/tests/system/dnssec/ns2/cds-auto.secure.db.in b/bin/tests/system/dnssec/ns2/template.db.in similarity index 83% rename from bin/tests/system/dnssec/ns2/cds-auto.secure.db.in rename to bin/tests/system/dnssec/ns2/template.db.in index aa3aaabfaf..43ad12bb7c 100644 --- a/bin/tests/system/dnssec/ns2/cds-auto.secure.db.in +++ b/bin/tests/system/dnssec/ns2/template.db.in @@ -11,4 +11,11 @@ $TTL 3600 @ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. +@ NS ns2 +ns2 A 10.53.0.2 + +a A 10.0.0.1 +*.a A 10.0.0.3 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns2/template.secure.db.in b/bin/tests/system/dnssec/ns2/template.secure.db.in deleted file mode 100644 index aa3aaabfaf..0000000000 --- a/bin/tests/system/dnssec/ns2/template.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in b/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in deleted file mode 100644 index 34006877b3..0000000000 --- a/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 - -normalthenrrsig A 10.0.0.28 -rrsigonly A 10.0.0.29 diff --git a/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in b/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in deleted file mode 100644 index 34006877b3..0000000000 --- a/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 - -normalthenrrsig A 10.0.0.28 -rrsigonly A 10.0.0.29 diff --git a/bin/tests/system/dnssec/ns3/bogus.example.db.in b/bin/tests/system/dnssec/ns3/bogus.example.db.in deleted file mode 100644 index 0feb441cdd..0000000000 --- a/bin/tests/system/dnssec/ns3/bogus.example.db.in +++ /dev/null @@ -1,27 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -c A 10.0.0.3 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/digest-alg-unsupported.example.db.in b/bin/tests/system/dnssec/ns3/digest-alg-unsupported.example.db.in deleted file mode 100644 index 94fa465980..0000000000 --- a/bin/tests/system/dnssec/ns3/digest-alg-unsupported.example.db.in +++ /dev/null @@ -1,22 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 -a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/dnskey-nsec3-unknown.example.db.in b/bin/tests/system/dnssec/ns3/dnskey-nsec3-unknown.example.db.in deleted file mode 100644 index f37dd750ce..0000000000 --- a/bin/tests/system/dnssec/ns3/dnskey-nsec3-unknown.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/dnskey-unknown.example.db.in b/bin/tests/system/dnssec/ns3/dnskey-unknown.example.db.in deleted file mode 100644 index f37dd750ce..0000000000 --- a/bin/tests/system/dnssec/ns3/dnskey-unknown.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/dnskey-unsupported-2.example.db.in b/bin/tests/system/dnssec/ns3/dnskey-unsupported-2.example.db.in deleted file mode 100644 index f37dd750ce..0000000000 --- a/bin/tests/system/dnssec/ns3/dnskey-unsupported-2.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/dnskey-unsupported.example.db.in b/bin/tests/system/dnssec/ns3/dnskey-unsupported.example.db.in deleted file mode 100644 index f37dd750ce..0000000000 --- a/bin/tests/system/dnssec/ns3/dnskey-unsupported.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/ds-unsupported.example.db.in b/bin/tests/system/dnssec/ns3/ds-unsupported.example.db.in deleted file mode 100644 index 94fa465980..0000000000 --- a/bin/tests/system/dnssec/ns3/ds-unsupported.example.db.in +++ /dev/null @@ -1,22 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 -a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/dynamic.example.db.in b/bin/tests/system/dnssec/ns3/dynamic.example.db.in deleted file mode 100644 index babf54c2a5..0000000000 --- a/bin/tests/system/dnssec/ns3/dynamic.example.db.in +++ /dev/null @@ -1,25 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -; This has the NS and glue at the apex because testing RT #2399 -; requires we have only one name in the zone at a certain point -; during the test. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ NS @ -@ A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/expired.example.db.in b/bin/tests/system/dnssec/ns3/expired.example.db.in deleted file mode 100644 index eaee74b765..0000000000 --- a/bin/tests/system/dnssec/ns3/expired.example.db.in +++ /dev/null @@ -1,44 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 ; 1 hour -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns - MX 10 mx -ns A 10.53.0.3 -mx A 10.0.0.30 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 - -normalthenrrsig A 10.0.0.28 -rrsigonly A 10.0.0.29 - - diff --git a/bin/tests/system/dnssec/ns3/expiring.example.db.in b/bin/tests/system/dnssec/ns3/expiring.example.db.in deleted file mode 100644 index be3e680354..0000000000 --- a/bin/tests/system/dnssec/ns3/expiring.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 ; 1 hour -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns - MX 10 mx -ns A 10.53.0.3 -mx A 10.0.0.30 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -child NS ns2.example. -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/extended-ds-unknown-oid.example.db.in b/bin/tests/system/dnssec/ns3/extended-ds-unknown-oid.example.db.in deleted file mode 100644 index f6c4fabdd3..0000000000 --- a/bin/tests/system/dnssec/ns3/extended-ds-unknown-oid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/extradsoid.example.db.in b/bin/tests/system/dnssec/ns3/extradsoid.example.db.in deleted file mode 100644 index f6c4fabdd3..0000000000 --- a/bin/tests/system/dnssec/ns3/extradsoid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/extradsunknownoid.example.db.in b/bin/tests/system/dnssec/ns3/extradsunknownoid.example.db.in deleted file mode 100644 index f6c4fabdd3..0000000000 --- a/bin/tests/system/dnssec/ns3/extradsunknownoid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/insecure.example.db b/bin/tests/system/dnssec/ns3/extrakey.example.db.in similarity index 96% rename from bin/tests/system/dnssec/ns3/insecure.example.db rename to bin/tests/system/dnssec/ns3/extrakey.example.db.in index 76e3f47f21..c1d17da9b8 100644 --- a/bin/tests/system/dnssec/ns3/insecure.example.db +++ b/bin/tests/system/dnssec/ns3/extrakey.example.db.in @@ -17,8 +17,8 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) - NS ns -ns A 10.53.0.3 + NS ns3 +ns3 A 10.53.0.3 a A 10.0.0.1 b A 10.0.0.2 diff --git a/bin/tests/system/dnssec/ns3/future.example.db.in b/bin/tests/system/dnssec/ns3/future.example.db.in deleted file mode 100644 index 20c19c5216..0000000000 --- a/bin/tests/system/dnssec/ns3/future.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -child NS ns2.example. -insecure.empty NS ns.insecure.empty -ns.insecure.empty A 10.53.0.3 -foo.*.empty-wild NS ns diff --git a/bin/tests/system/dnssec/ns3/generic.example.db.in b/bin/tests/system/dnssec/ns3/generic.example.db.in deleted file mode 100644 index 5cc3ecc1bb..0000000000 --- a/bin/tests/system/dnssec/ns3/generic.example.db.in +++ /dev/null @@ -1,23 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a.b A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/inline.example.db b/bin/tests/system/dnssec/ns3/inline.example.db deleted file mode 100644 index 14971bd7a6..0000000000 --- a/bin/tests/system/dnssec/ns3/inline.example.db +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db b/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db deleted file mode 100644 index 14971bd7a6..0000000000 --- a/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db b/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db deleted file mode 100644 index 14971bd7a6..0000000000 --- a/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.optout.example.db b/bin/tests/system/dnssec/ns3/insecure.optout.example.db deleted file mode 100644 index 14971bd7a6..0000000000 --- a/bin/tests/system/dnssec/ns3/insecure.optout.example.db +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure2.example.db b/bin/tests/system/dnssec/ns3/insecure2.example.db deleted file mode 100644 index 76e3f47f21..0000000000 --- a/bin/tests/system/dnssec/ns3/insecure2.example.db +++ /dev/null @@ -1,27 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -x DNSKEY 258 3 5 Cg== -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/kskonly.example.db.in b/bin/tests/system/dnssec/ns3/kskonly.example.db.in deleted file mode 100644 index 0b11a00b00..0000000000 --- a/bin/tests/system/dnssec/ns3/kskonly.example.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/lower.example.db.in b/bin/tests/system/dnssec/ns3/lower.example.db.in deleted file mode 100644 index a04793e312..0000000000 --- a/bin/tests/system/dnssec/ns3/lower.example.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA MNAME1. . ( - 2012042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ NS NS -NS A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/managed-future.example.db.in b/bin/tests/system/dnssec/ns3/managed-future.example.db.in deleted file mode 100644 index 20c19c5216..0000000000 --- a/bin/tests/system/dnssec/ns3/managed-future.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -child NS ns2.example. -insecure.empty NS ns.insecure.empty -ns.insecure.empty A 10.53.0.3 -foo.*.empty-wild NS ns diff --git a/bin/tests/system/dnssec/ns3/multiple.example.db.in b/bin/tests/system/dnssec/ns3/multiple.example.db.in deleted file mode 100644 index f37dd750ce..0000000000 --- a/bin/tests/system/dnssec/ns3/multiple.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/named.conf.j2 b/bin/tests/system/dnssec/ns3/named.conf.j2 index 47d0422ad2..6c9e18976c 100644 --- a/bin/tests/system/dnssec/ns3/named.conf.j2 +++ b/bin/tests/system/dnssec/ns3/named.conf.j2 @@ -123,9 +123,9 @@ zone "insecure.example" { allow-update { any; }; }; -zone "insecure2.example" { +zone "extrakey.example" { type primary; - file "insecure2.example.db"; + file "extrakey.example.db"; allow-update { any; }; }; diff --git a/bin/tests/system/dnssec/ns3/nosign.example.db.in b/bin/tests/system/dnssec/ns3/nosign.example.db.in deleted file mode 100644 index 2be8a2833a..0000000000 --- a/bin/tests/system/dnssec/ns3/nosign.example.db.in +++ /dev/null @@ -1,23 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in b/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in deleted file mode 100644 index f37dd750ce..0000000000 --- a/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.example.db.in index 55b38776da..f326e0b15a 100644 --- a/bin/tests/system/dnssec/ns3/nsec3.example.db.in +++ b/bin/tests/system/dnssec/ns3/nsec3.example.db.in @@ -17,8 +17,8 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) - NS ns -ns A 10.53.0.3 + NS ns3 +ns3 A 10.53.0.3 a A 10.0.0.1 b A 10.0.0.2 @@ -31,8 +31,8 @@ insecure NS ns.insecure ns.insecure A 10.53.0.3 secure NS ns.secure ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 +nsec3 NS ns3.nsec3 +ns3.nsec3 A 10.53.0.3 optout NS ns.optout ns.optout A 10.53.0.3 02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in deleted file mode 100644 index 15fe621fd0..0000000000 --- a/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in deleted file mode 100644 index 15fe621fd0..0000000000 --- a/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in b/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in deleted file mode 100644 index f37dd750ce..0000000000 --- a/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.example.db.in index 20c19c5216..b1bcefa65f 100644 --- a/bin/tests/system/dnssec/ns3/optout.example.db.in +++ b/bin/tests/system/dnssec/ns3/optout.example.db.in @@ -17,8 +17,8 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) - NS ns -ns A 10.53.0.3 + NS ns3 +ns3 A 10.53.0.3 a A 10.0.0.1 b A 10.0.0.2 @@ -26,14 +26,14 @@ d A 10.0.0.4 z A 10.0.0.26 a.a.a.a A 10.0.0.3 *.wild A 10.0.0.6 -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 +insecure NS ns3.insecure +ns3.insecure A 10.53.0.3 +secure NS ns3.secure +ns3.secure A 10.53.0.3 +nsec3 NS ns3.nsec3 +ns3.nsec3 A 10.53.0.3 +optout NS ns3.optout +ns3.optout A 10.53.0.3 child NS ns2.example. insecure.empty NS ns.insecure.empty ns.insecure.empty A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in deleted file mode 100644 index 15fe621fd0..0000000000 --- a/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/optout.optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.optout.example.db.in deleted file mode 100644 index 15fe621fd0..0000000000 --- a/bin/tests/system/dnssec/ns3/optout.optout.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/publish-inactive.example.db.in b/bin/tests/system/dnssec/ns3/publish-inactive.example.db.in deleted file mode 100644 index 14971bd7a6..0000000000 --- a/bin/tests/system/dnssec/ns3/publish-inactive.example.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db b/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db deleted file mode 100644 index d51672c03c..0000000000 --- a/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db +++ /dev/null @@ -1,63 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -; File written on Tue Jan 11 18:07:57 2022 -; dnssec_signzone version 9.17.21 -rsasha1-1024.example. 300 IN SOA mname1. . 2000042407 20 20 1814400 3600 -rsasha1-1024.example. 300 IN RRSIG SOA 5 2 300 20900129082204 20220111060757 22290 rsasha1-1024.example. kM6ztqAaLkxcRxYWrw2oe3qofzoIRjDv/tLD/A5edreqzzwj7H6Ihm0s JHfzqVOWBTwYzX0XgD0PXCqMdkXP7QlcWGYK7uCWnisayZIwNCdkywPC sS2ky1d0eK1A7kJ9nEH/eOgLba5uFZcAo8+9dD/6o6Rt1jTeTQkL4RHI UC8= -; resign=20900129082204 -rsasha1-1024.example. 300 IN NS ns.rsasha1-1024.example. -rsasha1-1024.example. 300 IN RRSIG NS 5 2 300 20900129082204 20220111060757 22290 rsasha1-1024.example. jxbsZlgK4B6IkCrZuNDVv/EIqgCU8pTOyWEt2DqvzRI8AeL3I+U9Nbcz 9gmQRaNEtffLVR/sfht6v1ms4AFJKd0xLSZj9ywsZKCmG12UxfNIoZ49 4d1ono8hGYU8xr1Qh1BU2HwgGY1JF4OyO28cgrkT2F9dAvG8MSMEW5Sg 9A8= -; resign=20900129082204 -rsasha1-1024.example. 300 IN NSEC a.rsasha1-1024.example. NS SOA RRSIG NSEC DNSKEY -rsasha1-1024.example. 300 IN RRSIG NSEC 5 2 300 20900129082204 20220111060757 22290 rsasha1-1024.example. AfEX9beXrft4d1moQD1VP3Em9cMgJmx2EYBKMlW5e5XFNk2Z5Wj1N//3 sBuUPNppxUilUEydqH5psVw7IMhrz8Q1+bhABNV7cPm1EOuq0NuQJ2LN JNlTnjfaRT6IAtY7d+NOCO2eKlDzMC/q8t2oaB+iHhgO7yc5+fxMGyQ/ PVc= -; resign=20900129082204 -rsasha1-1024.example. 300 IN DNSKEY 256 3 5 AwEAAaYD3SqsLtFHSfDhA8HhNKQJOToRptRmFhsYbqre+lq/BLpLQNkA 7Kq+chsUhOe+8OHMfkNXfr3XFyuUA3rBg15kq57NZ5gLzkHyeGqB9Ths M5pdwDCqPjJKP43W2+EXXHWsg5P94yldWcvMx1v80vrxGvUimfiQSznE hok/6oqR -rsasha1-1024.example. 300 IN DNSKEY 257 3 5 AwEAAeEe/ohrvXtDqYgrz5Q1WAKRstnnH0xi/4Mne49PLO56TcVPf6sg xpv/SaHSlQGJnVbQBLebPemKDAC1vVOUqdTDxHJbLuO28brIWMzf0pc1 5G2RNtrQf44E4yaibSROhyBmWoerUHTPGJw6BGDI4fb/CVWujFQ1ieBy WC0p1NWH -rsasha1-1024.example. 300 IN RRSIG DNSKEY 5 2 300 20900129082204 20220111060757 22290 rsasha1-1024.example. nBLPJfoZe4G3wOe17bBSMooRZHe523pjdaTAK2PmXEa8exXH+OWCHh7f Jnh/SI89Hp9a2ru1Skze3FcUcTj/SlwtEuWpxOs9B1R29P1xVPCwkAfb xsmtmE6u5+oeLGrt88zA/kpjx6t0sFbU7A8/qxlpuoH+hdAu1jI2tlP4 d30= -rsasha1-1024.example. 300 IN RRSIG DNSKEY 5 2 300 20900129082204 20220111060757 1151 rsasha1-1024.example. 0oNrcBsFySVjBT60SX3m7cKIPmuCOUH0ZFucrmEVXJLGpNOXe37aXbnC Iz+NHcaaeZQP/w4aYSTyQvZs6Vl5Tufeic3SWalzTGv0f01mIIk24v1a h4ePUB8w0b0+/qq89zl6Ccr2/PgTaLvjuSGYcgX15cigqPRcKQNYCwO1 Vsk= -; resign=20900129082204 -z.rsasha1-1024.example. 300 IN A 10.0.0.26 -z.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. Zf/ynA7APXpNjcMPusIjRan0/ITLmeeY7GJfhCLeD3lEjnAd7dWRl7sC N5sBzUG78Mtgm39Ov/Kj2EwQjFcwcMUmppan3NzS+1YtYuZqlN9iAW+b UUfv8UQUHvM3x/hW4kNCPd2PHIzV2uedIp7VG3Lz72FvjHxECbI7g79V 18c= -; resign=20900129082204 -z.rsasha1-1024.example. 300 IN NSEC rsasha1-1024.example. A RRSIG NSEC -z.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. FPlYMJ41r79tkhIkDTX9/uVtcKXfHa+5oXb8fdo7/2CugjBfp5uihn57 3gMmY7Mi2aVsW64hRkehPJr+sTUOk5+ILhO2Qhjdrm2DpHgeSK29BTQr Okn9ruvpLhRFHwI/DllnKvBOyCmKSzJZE7PDOrqouGclNue07IXz+K2R bME= -; resign=20900129082204 -b.rsasha1-1024.example. 300 IN A 10.0.0.2 -b.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. gQmhCIwai57iscF2s5CJ5DbSy0Z9TiOWYGeFeZITxQ/koFOOjyuZXAZn 6f7mTUcFPhNm4AT/PJAs/L/tzcE16pcVwwDnHszdY28XwEU6OqaXUB3E T/Qu4Sh0BWet9U6JcSSqLG5317qJxqSGfnIJOXMucYi3MH3W8uSpapr+ 4Qk= -; resign=20900129082204 -b.rsasha1-1024.example. 300 IN NSEC d.rsasha1-1024.example. A RRSIG NSEC -b.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. Do6VghMEcHk35Q7fI2VrrQBYhChT4pnw791qUFhHZeol5fIKtEnrlviA RN2fbEY+7OrQQXo7Ywxo7nTD9sYsFgOwGKqKJ+yLNPcr++0csbkgt5rU ch1Lv+t7jOUuUX8IzgjOoCH5j9eoU5QtGkEBxf6z0nvlsLJaTWwTqvbr 7aU= -; resign=20900129082204 -a.rsasha1-1024.example. 300 IN A 10.0.0.1 -a.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. CaPXSTPLNeQ4MyRylYP/Ztb6kRT9/QdgpTnZxUHCjSdWEBXsrkEr55/z dBSQ8zGGOfCxlOkmgH/UrR7JmHTQrIqsb/iVq+6D0mfvNJDyNpT92bo8 r+C62/9NXLlkS5zcpyNG8Ls66EQ7dcFa6SxwdxF1qaoeBjJvkrGUMnzP UFo= -; resign=20900129082204 -a.rsasha1-1024.example. 300 IN NSEC b.rsasha1-1024.example. A RRSIG NSEC -a.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. DJlfCVMSPZ6KUIUhWUBt7LOCB8vBbxOFaR4PoHs/fLpGBWrQj46sjLKO W/TImquBg3ygYTOIyWEzVb177HryRmx65AKnfGLbzaTdTgHzcELwg88t EYFT4ODalqTn68o2RfWtNl95FNqJR/kguxxzFVgpN4zfGKXdhTWAA4JW zG0= -; resign=20900129082204 -a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. 300 IN A 10.0.0.27 -a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. 300 IN RRSIG A 5 13 300 20900129082204 20220111060757 22290 rsasha1-1024.example. PVFCHIXgDCZOHsTsr3G9wMnPPmiY4CfOXC3b1ZF2qEDqloIT+YX5oKKE uiT6fCBteS6Cq8XTXdezXjqTqxrdY4qMMOBDnIZhf8eOxjFzMEUKKZuH 9c5rt8u35TihuIdKv9OPXdWuTJ4dVSEZjNNxvh3VoMW6XFagYmu3f8Gr 0rg= -; resign=20900129082204 -a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. 300 IN NSEC ns.rsasha1-1024.example. A RRSIG NSEC -a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. 300 IN RRSIG NSEC 5 13 300 20900129082204 20220111060757 22290 rsasha1-1024.example. VOOEksRwMWNO2ESMrcMyPFAHuXyYgeLVODy46DwDx8PTli3/UwOH1e3l qd3Poh2K/OFP2v8TuzkXXnPW48Lg90haHtG9yLr5UUNoKntmBC9PFeqt P/qdOBiHszvcyyjJ4gabEX2gn+o/sL/klQV4m3mB4Vf5sg2dfX8Qyuw6 nDQ= -; resign=20900129082204 -d.rsasha1-1024.example. 300 IN A 10.0.0.4 -d.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. XcxbM4wA+yTOAwPePwRIg6E58HuMr5qIkdghNn/R5ck1JdirLbMB/Wpp Si+5a4q9F02Bs8uZv2YXtXRIa32i1/L6OPeU3RFQfvkpHbQNTvPtsuAL bmFGB/zdR6XQpqC6G+ip9qY+mk2hXwCZZ24NW90O9qYlE8Rp145/dIVM DPo= -; resign=20900129082204 -d.rsasha1-1024.example. 300 IN NSEC a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. A RRSIG NSEC -d.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. fmBjPGTNWOXAs51XO1fIRCKAbf9TLTV04TmlgLm50oOouEXsXpwKo6tb MbCGI2f+u986mtzLW4gWY+rcAPrMCndu5BPIYPk/Ngd6zqylWJzAfKyg PIqO0lf6jg0J3FfP39fw9bf+xB+AI1PWBrVZ55LotBYgIBZYhQ1LKPZ2 iyU= -; resign=20900129082204 -ns.rsasha1-1024.example. 300 IN A 10.53.0.3 -ns.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. beHl0WxLgPYkzKs/tdQnphXDzHx6FqdQRlVtJIYHGoWmWe4X6JWg4ENB a0xPeOGFQPBMgNuKbwyjAVmX0B3Su4LiBM7GcmfJbd4YRNCa4hQvhDpG o5A54Pxo2Qdo9Cffhzva5z4iO+DNnmBsfKGPna4sO2lRNfIxXlxCTbnE zps= -; resign=20900129082204 -ns.rsasha1-1024.example. 300 IN NSEC z.rsasha1-1024.example. A RRSIG NSEC -ns.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. aZTImJ5QFufIQEIuX+5ZYVW2Yq4ctxeX9zm9yrQaUODvVRm3X3WjncrU hkgDaW3a/j8RRG0cdAnzSWCzIMz0Yv4kWxrxCEJyIgmVUQ3fzxzpGwMF ZwCtNb9aWmImcAugTnjocn5+iCiyTEVipZmTASEyN0Bgp5Q4oFChnzIj kjk= -; resign=20900129082204 diff --git a/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db.in b/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db.in index b2e7e21e20..d4009dc97e 100644 --- a/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db.in +++ b/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db.in @@ -9,19 +9,55 @@ ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +; File written on Sat Jul 5 14:07:41 2025 +; dnssec-signzone version 9.21.10-dev +rsasha1-1024.example. 300 IN SOA mname1. . 2000042407 20 20 1814400 3600 +rsasha1-1024.example. 300 IN RRSIG SOA 5 2 300 20930723222148 20250705200741 58758 rsasha1-1024.example. PJOZW7DeXBMB3VJ3RGFHbq5sWGc8zas7y8BKaEz4rWmScEfJrmt5ZGtm XPuQ08roCQjirb6ltLGMBorOZ5PrKkF998FhihCzUjJm9FSAVu3VW0FH 0AHGRuoErR7goE8kp3mQtqDjQfKN3RYisffzXC8K8WDb9AXNo6tdPl6d efA= +; resign=20930723222148 +rsasha1-1024.example. 300 IN NS ns3.rsasha1-1024.example. +rsasha1-1024.example. 300 IN RRSIG NS 5 2 300 20930723222148 20250705200741 58758 rsasha1-1024.example. 7bxj7Z1i+Yfn9GzJg7eYbx46KPQOybj/aqhJUDp4ajlYKHrHHtlhHiez DfDj5RlgLGdAzRQPBs51L9KWWl+S6+MPujeVOIT+8SLWbkAWiaY2xLl4 YvZOFFelI1msoBPsXHt28OZz395Iun0VRTnOYAVR/M8lFAwhwYKxnK6S pD8= +; resign=20930723222148 +rsasha1-1024.example. 300 IN NSEC a.rsasha1-1024.example. NS SOA RRSIG NSEC DNSKEY +rsasha1-1024.example. 300 IN RRSIG NSEC 5 2 300 20930723222148 20250705200741 58758 rsasha1-1024.example. ranydIBWyrsp6gvreVGLy8jlHnQh6fL36grp1Rqp6OBNsSn+WegQP5uQ alksR/mDvSAFAeCEX6jJ+GbZan9SUYpkrqbyZtrX1+xKnbbu12ogx/lc Egph/QTXsD6iFBXRB7psiqV1mJx2PjmSHEsDN6zxbOvCrSBSoUQZOkeJ ePc= +; resign=20930723222148 +rsasha1-1024.example. 300 IN DNSKEY 256 3 5 AwEAAfrnP/8ng5St8Ok9VOJ4QWrOIfAp1pzT0quT8+Else7jAOI55qAB qcWOOMfkgF3AGfmD/OkTo17fq4HeoULrnOw8mTPjbQFowrnPRWpClj3N lRUVfYpVaKOzy3WnUSiqtegktKMaZgvBz5BgAeJOkG6IpHCqYab5135K JplSUlBz +rsasha1-1024.example. 300 IN DNSKEY 257 3 5 AwEAAfF0adqZOjSh1ADpmABpTwEAD/cWy/+9R42G+DqZK/8pkxfvC6N9 b9zWsa9LhyBge97aq7LyzlKO4HJvYK7su16y3ZeEQUplrwIwD6OPoffu X7vjNA+O7vikjdSN6sXI/x7eKwU+ZQbLyCao4COGy+Xl8VowWmIGJ3DZ wEhwOd+t +rsasha1-1024.example. 300 IN RRSIG DNSKEY 5 2 300 20930723222148 20250705200741 29488 rsasha1-1024.example. qGZmNE1DZMvZ/OwZXuRtebtpIIE3pzYUQngQD9VUHyA9D1cLuElyevgl /pjOh5Vpt0nid1Y0HrLrXYe6xRsT8a+hhp+5ybUqjOpusBDkj/LYnlev y27Nor/GcHNy03R+B/Piu+1T3UA+dxvYc+YJrmmx7XU5tMpqFyV4C4if IyU= +rsasha1-1024.example. 300 IN RRSIG DNSKEY 5 2 300 20930723222148 20250705200741 58758 rsasha1-1024.example. eMnV0gdwLW5SY+gL5CsTilyz3qN9YJBnD/EgaK4xXxnV8hoTXB/QgtAP +/jylOSIMqCT+VA9UlV2q2WyQd3n2ycdAaXIrZhMJDo/ErXcNrfi4h2G aKLVr/NiX6VlNhyNgbYgz0dM6CjcMbFQSr43hFJ4oWbOrEAS5a708/6t uUU= +; resign=20930723222148 +a.rsasha1-1024.example. 300 IN A 10.0.0.1 +a.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. 41BzMHFHRo79n2jipZYetBEeJ2tb/HD2wj28I++yPLmVbn2IUnA0qOQV ypYQmAjhIKgDD+KHq0SB+WbPnVj6buV7WZ8mlknFDNxmMc6erdStBwsO shtL5kNUv33QTsyRGtreCnEjjWSSMzC63sdBXyjN5+ZWVqxKIFKGwMJZ uwg= +; resign=20930723222148 +a.rsasha1-1024.example. 300 IN NSEC b.rsasha1-1024.example. A RRSIG NSEC +a.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. KXNm/3ISKA9TJqFUAgrFVVwrRqIMZ9IhaLALTD8nZl5guNfq1NUnjKQW kbM24C2b9Wb3ID+lIlz8NygSdVyGpUsxvyn3s72wxRHyAQjWSgXMsxHH K7OlPMWKOKEaa27uGjbXkcITPstqveaZNdCdNba7hrjiBuETsLBRQoyi pO8= +; resign=20930723222148 +b.rsasha1-1024.example. 300 IN A 10.0.0.2 +b.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. sFXNp9u1KLmGALRtBygUQa4jNug25BWHJlBjKiaIQHal4YN2wpNMBfP5 8pwAfTJHpMZmnIfTQKpYHFYI+AZ0VUh8KRjkUfZYtgviu6BqPshuhNVa hKYpSzpUDCjjg29oYPC36sIZSnZDbhbRYLzERXMVB/tLujDgjoGD4z3b dzM= +; resign=20930723222148 +b.rsasha1-1024.example. 300 IN NSEC a.b.rsasha1-1024.example. A RRSIG NSEC +b.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. mz7zYeNU967NoqNLTbi9ggh+jG8c4AQK8nfkP6f09EuH76BcU9T/BzKI lLPws1PYmBeT+WXmcwuFyDxPlSntO/xlU/t5wMGOjMwHWRPaFiaAx3H9 PZj9JC4UDfEKOB/2icS9HQrBqzsPlzYVWrdqkAgm4ErVl4DNU0zUhv6y Xpk= +; resign=20930723222148 +a.b.rsasha1-1024.example. 300 IN A 10.0.0.1 +a.b.rsasha1-1024.example. 300 IN RRSIG A 5 4 300 20930723222148 20250705200741 58758 rsasha1-1024.example. e4R1G9oEo5I2kPqVsbUYBgP0Bv5Eyp9BTesgKqAJ0q9NfZGtjh/03kCr A8CPw7mwL3qLEVo/oupkzpLj/gt5Zszdlmu7Bw81cJfV+x5cPyLjXJty Z9+T9KZIFa/tqW8FFF3/owEecTjcPjJs/mrlNy7lbp1kLXBIk6S7yt+c dpo= +; resign=20930723222148 +a.b.rsasha1-1024.example. 300 IN NSEC d.rsasha1-1024.example. A RRSIG NSEC +a.b.rsasha1-1024.example. 300 IN RRSIG NSEC 5 4 300 20930723222148 20250705200741 58758 rsasha1-1024.example. Y3N3uY1kIyY9WlgWF8ZQ9gmo3Xi74G+UF195ljexwkjlU7LOX7TuaJpJ PyaqASJBGNF6aLbcwR89rItxJknSdNk4oqvQiwykZ0e02MXb/zPeqqkG +y9jS9M+ygKjMcyY+qHVgjy5UaldUqOV/bjg7cq2Z2FsCjkD+lCmGzfl pd4= +; resign=20930723222148 +d.rsasha1-1024.example. 300 IN A 10.0.0.4 +d.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. 1jqKrIB7M9la2A8cRVdy92TV19elq3pGvu19DGz77sbn3HYrb3lF+zSl O2g+75RxuwzN8yoGe5P6/EfaZviOPNBV5s5e+xKHQwAxE0RCdnLUcuE9 8PAuNBogBvhrDzZJQh0p1ap4vyuxCEH3jDYua9Ul7VMy8UmGcBO0BuaS f+A= +; resign=20930723222148 +d.rsasha1-1024.example. 300 IN NSEC ns3.rsasha1-1024.example. A RRSIG NSEC +d.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. JA2sayAAdp9pCtOSsv66hD6LlgA8IFC2gzVSIjYVnz5vevoXHcok7HTi UbaaWoE0UaCI5DrMTSc9x6IOMe0OTC4PLPl3dntnaiOZJfe1Fr97zyme jaMzqd61Tla/dGM58KUKKSL30hj/5o5DwW7ppdHKIW0sq3YXufnDOCgx TT8= +; resign=20930723222148 +ns3.rsasha1-1024.example. 300 IN A 10.53.0.3 +ns3.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. NTFkNDGrOnrz1BvHEgqq3I02y+unDlUmkd2RM5pFz4wMWlZm7b2sPFsi kGH8AwE7U5RBR4Pi6YLS7im+GKXRKEChYbHy7QU2XyvGueQ0AK8jLN3+ daSr0vK5RGSDihl3lWELQPGF4/qrYYVQI8itrewvYWA2EKmPjgJAtjKV DO4= +; resign=20930723222148 +ns3.rsasha1-1024.example. 300 IN NSEC z.rsasha1-1024.example. A RRSIG NSEC +ns3.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. Dx7nC3ZCVV+BTR06WOG6vh9mt81aQijpKH7N03GopNejfbEN3dtGR2n4 cEnc/rofcy0HaDiRGKptrxYNDez6g9awh73p9FDQgE/gnnOJ1WAOIyVi XE4OHSwxfRRdYNV5oDY5Dsl9/ZNuewwc22hfEHTALKDv5ncOeGlk4r/U cds= +; resign=20930723222148 +z.rsasha1-1024.example. 300 IN A 10.0.0.26 +z.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. RO5OYSdypaZuuB+cYQLfj9nZ6PgCpd3iSOZETdY0/RYcH31dX/mDWa/s ODefiUOcyZNJYbJmcZXbOboBQOsHSB2+SsYwc6hfkKiACvB564/6u/5v hujJJQqEpJfuGEaGfJtQHjPgXQoa33juX7k+4zOQJFAs0z4loIb5s9d2 Gyw= +; resign=20930723222148 +z.rsasha1-1024.example. 300 IN NSEC rsasha1-1024.example. A RRSIG NSEC +z.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. hLdkoNjYFvJ0xYYOp2D0mqoZntJ8M0crDboQ5CGQ5fZD3eIFWG/uWqky 9tt6udqkqrVv7cniTlyoD1GQqBpx4FR9P5qgMXDQ5EvZ7WncjfVg2IFV PYZAqV1iFiQXackDd3jipKGFgx8NKvfl/jr1tdNR+5LqxHFM51zb7Hak J08= +; resign=20930723222148 diff --git a/bin/tests/system/dnssec/ns3/rsasha1.example.db b/bin/tests/system/dnssec/ns3/rsasha1.example.db deleted file mode 100644 index 2d16e503d4..0000000000 --- a/bin/tests/system/dnssec/ns3/rsasha1.example.db +++ /dev/null @@ -1,63 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -; File written on Tue Jan 4 17:29:34 2022 -; dnssec_signzone version 9.17.20 -rsasha1.example. 300 IN SOA mname1. . 2000042407 20 20 1814400 3600 -rsasha1.example. 300 IN RRSIG SOA 5 2 300 20900122074341 20220104052934 30286 rsasha1.example. wg8k4y/Cs/+u2QfUnBURhD4isSFTzCofpdhMzVJEUfBqu1DBVO+FECQ4 U80NCg9iksxm7xsWAZiQx6Rzvh1rUqEA7OhCy7XiPuz+jR1TYHXJhRMu t9gu7aCdTkcXYCMtppd49/2vT+WPKB98QIKD6wgl4LFFhwbUCoXavin4 babUiJrJeAnuxmIeD5HtM5a+++p0F8QemdP5FkX3WCRBHNFGnoVYJjc7 PZ+L8ZpKElah47XzJwAYWDr34TwqU9llCOcXlXYKBqDKO9fEtJJ1hyk9 Sf4fGOdzZD9Pj4Zz83UlHumeZPfIC1N0xVBYvGPu8LU41WZ4BgZfKSoS UIpbPQ== -; resign=20900122074341 -rsasha1.example. 300 IN NS ns.rsasha1.example. -rsasha1.example. 300 IN RRSIG NS 5 2 300 20900122074341 20220104052934 30286 rsasha1.example. VqOKkNo7CRH2uquL/46cIVoIPvFYT2WrpwpG6ienlJoLF/mZn0ReoMaK G29R8Q0tklalk14CGShiD409lXDRynyHgmLGIFjkXMd6aNRQOdD1O+7C wEhAj4/FEz+qpk/xRGMslxCCF1P7DxpX5ZPI9DuPVVvTRk4131CALaFQ EPblDzEgd7JeoO0tKnPjpzXLdr86NDeDVZXonimjEhQNrvrrurQ5/u2F x7jVmovN47Z06+XCbleC2ag8ZazNkYfU8GlFvkozZMGZtnpja1/SllNJ ZdURisd3JFMw/xsZd1v2MspKYcZePTfzyk/keXSJ0AlO7TA1X2sjiFOo 1fhSnQ== -; resign=20900122074341 -rsasha1.example. 300 IN NSEC a.rsasha1.example. NS SOA RRSIG NSEC DNSKEY -rsasha1.example. 300 IN RRSIG NSEC 5 2 300 20900122074341 20220104052934 30286 rsasha1.example. U7SEGuJ95CKk6+sWNCNHfPuvjJ2KChhutImWmSTc9lgb3uSfptzwbYnP UZ3xG0IqkayRJhBSizLb5kntvBZbcz4pEWZ+o7ZJdiBHcCARj82OJaLF d147VB3XJa6rIi+o/Zm8SIbxU7gugqRds7KfSTxAIjHzLpCcu12hlgfc Qso1LYiVeU5GVnmfuNJQL7QvS3BQuTylTI1+HQpiY6W8Bzev/TcbhoDJ Ywp4hvgF4VGCvrO2glSO4VycLjluawKSlrNaLbAtWIYYUSPbvtktM8tQ GBqOij4l7eMCTGRCoExWEnr+CzWAauoemhLDh27Bq6VNjD5iIvjzt3Ym uGDQUg== -; resign=20900122074341 -rsasha1.example. 300 IN DNSKEY 256 3 5 AwEAAe31msH3kL5cIQ6C1vTnB8GvbFDm0t/j5XWnLonaKDSUoHtKLlRq pBPuwlORRUZxRSs7VDAaKE0YGky/YklSCqvo8gBD4dkNjWD/6XGkmtEq DOL8XCz1KO+djs7WLCuCyGIkG282+sntuZJj4IMd+ZDW1urCwaP94t3u W9N+PgrSacK9Ff1bwLR9KIgkRFpJ+JxPeaFYnVEyB4ZaZ8DgPWYNJ+aC awL0nATybC8asPeCGvft3lSS99z55IMfkpjF1rwHIVybqhiukRighazQ ljjVQdlXj3YxFgD0fpscJ6yN0QXdseagxiT4PahnwaHYHUhgGm+HB1zA pA49L9dg2RE= -rsasha1.example. 300 IN DNSKEY 257 3 5 AwEAAcQdnpcda8XlNxllEGbWy9EGkD5TtHEbxThaB9c6ZNQPTf3gJw0A LpIZ787sepWND7vPcq6Qb/xZEmC6ER5OfaYbDznUh8q5NaaTbSwv0tng gE8KPwtvlgH+4eUmOcEkGrfR9G6J9S8JTT5bUWKTUbprxE65/8xcY33S cEeOpi34DLR9GLNvPLTSLuWQcYrq1YZFHbivQ45oFD9PvWPJWOoAN68N T28e0ZV8QHuXqW0IEheeW+AEemywupdaxun6Cvvolfz2EMYFnYX8YycE 0qUoDC4W9w3xB4nOllWQfJzgQkSTr/I4XCgepFunBeuAHZhCoQHPt9fK IfPUYxQzaa8= -rsasha1.example. 300 IN RRSIG DNSKEY 5 2 300 20900122074341 20220104052934 30286 rsasha1.example. tODh3LiRuG/ao3ZtJSLBPCy74pkfHXMPRUgFP7MhNR3X6gq75daTVHLi ApTesgAXPAbHI404ps/8M2Z84dkMKBhRDdp1e9OwR8IB4Iw0IOGp2rV7 oZSYNzgnlwRfQ2G75G3xbCjiQhY0H+7IlSiys3sAaI67plvI3nDC3C/r zyDKiY90pK31e+q72SSK+1t/MlsRm0nAYHyUZGLuBMoXYHwonLImeH9Q jwy+cXLwhzOfPfm97ailNifEk38+P+H+Yq35Cp1ezpMzxAi67AcY83sR XB7RVRCf/4uUErh5rYcl6EcnHFh1xA9oSHsaPQbd39PO2fNanyvdPH+p b0ey0A== -rsasha1.example. 300 IN RRSIG DNSKEY 5 2 300 20900122074341 20220104052934 9662 rsasha1.example. Ksyrf1lseBMSQGyPWrSve/X09Nb1CWB//Yvjw9HAEBwna9wseI6cH6mi B1G2JyFmTFzxGgVmf0wB+oec2w7nt5/uUJbyVfLQvCs9RXBGEpKAwhVf GKIwcSF1VTyVfx+PYPHvCpeN01Qm3C/5pJ28dkT65Hry2a7f39kk/8YZ 4zVM1nYaTsBUQdQWvR5UlSm0S3SUMBc2MIEUGUFBhtBJ10W8VkIfNzma ONjMHthu8vLAfwuBYX8zzJIVB31XvnxZDa4LSM4PesyPZ+KVR27o5dlL gQS62u3PWJDgEhUNFIa8A+5kDENC24p7DSfG+Aipe3upefBpBAW3VEdN A/nwQQ== -; resign=20900122074341 -b.rsasha1.example. 300 IN A 10.0.0.2 -b.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. ivXu+xAyZThIsY2T1c1wczdeeIG/37z+nO9sbUOzcUyf4+T9lX+6rU0D gxQTxHVdcsw3ge/C+dU2qcrs3EHHW4JcpT1yZMbXcyo+w5ocj5oHGYD2 L3iKLCEZrzdkIwmY4GXNyTznk0X5GKuaP7P6PeNrwWEBficB6xLSiLm7 tsswVcc4XyHa+zKBbxevIt2bKvRUfruyztgENZXJ5125Kx1Ee70Hwvgw bNc2J7lqpJw5c5O8yUaXq5gsxcaLBuONbQ4ANL5PtFQJJY7B5GhqlRTy gVrThJsoZj66pfa8gK92yn8uRG6sFpAbtPrTMQaReiExOhCUdBZRBmA+ RWUTKQ== -; resign=20900122074341 -b.rsasha1.example. 300 IN NSEC d.rsasha1.example. A RRSIG NSEC -b.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. hHtS5Bev1RkOJhsz4QnWJzzn/BBRLJil1l1RCbX+nbVbPE93l/2aDi12 jgctWKIfAiVfdFn93uno11+7Lq+bJaiMvaozJ+f7XWMAPsITOlKGNtiw l9kqZJExugH3q0RC1W0xxnb6HlIbwYGn6refUexaZKjgBsUg302pY7bh 6z4WuPakuxAqsaI6KLxLAlm7CWmdXvpFMCc1dnIVDplxOAvEINTrEesY sffjfmRbP3YAXC6/xvu0WVlikgklJjjiRqdeiSqPLGlnb79OAF5whHSL nYvWscX00/f+SOiniFoAFH2KeSb7VdJ2jvpTaqWjrYxxvwuZMsKNzwRI 4pnH/w== -; resign=20900122074341 -a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. 300 IN A 10.0.0.27 -a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. 300 IN RRSIG A 5 13 300 20900122074341 20220104052934 30286 rsasha1.example. BQT+sZ6SJUbGDJ0eG6WBM19+UoBGZEie96E7EXaeS4It3M+EaMkIWIGD hp0MwiC0yW8u0zWjlA57t3yRpVhvCic8kl4SPs5tOmDXyy5RRJ7YOHNx 3PCuAbkoTfoLt5ReVtGcs5LTz+lmPUKZw/dwols5x8v1PIC2O/Ud6Yep TE9Qeymj1/C3GxxLVPLxXQhirkhT6LfMmFH6fNwec6U7bVRyMo3twcvK TDxkEZu5qA0+6bSrLC/xdyZYE38RQOlicmmGfYAIkDWKDdDXYbfBeJq6 zP8aFvdqOckDBvXQcnP9Cq+IvQX1noO90ePYf5AzNxAEQFJ4S1LUm/0q mQqNLA== -; resign=20900122074341 -a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. 300 IN NSEC ns.rsasha1.example. A RRSIG NSEC -a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. 300 IN RRSIG NSEC 5 13 300 20900122074341 20220104052934 30286 rsasha1.example. jvJup/Pg4BpAjh+eLMKEYFkpK/iOVt3QggGL7CRMxzxkYYMJNPwXqdAt 5MovIAFjFKBQm0RDe8/tqav/zdOZrDTyRZ2Zsh9qOp7hlOhy4oqQF+4n Wqg3x8v9gSgrzSAsiJAhb3fbbfdAb3Esc1R0Ec/RcLYEUXiD1eLTG0cB qtVmX3McwXTmu0OGpn0Dsg8CTSuQnrvo24bvsah5SEL1/NVkPtEE7KDT Q8orR7LNM0EeIL1CHxT5dqCAo5MvUm9L8GL/YIOZgtifD/uL23T0ej4j 0JYN7EYoDyFT0fyGeBoS2jkCZTsQZivfnkE5J4Ch1nAU5bUmSeX1eZHK nvce9Q== -; resign=20900122074341 -d.rsasha1.example. 300 IN A 10.0.0.4 -d.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. 1mZnG0HsIygSfEue9vMlqWpIQ59EmrktvFrGBzNUEDQDjsoGHv+syMFi A8BtRPkrHZzGaYTqy4L8ZL6V5vZPN1icETNVebx7teBTNFIwlvubdKoQ Zg/37W8gW6U1PN4khQlfX7W5XMFifF4qfCfI3XhkPgKacVaucHQhvGth ZzgCbhCQBVMooRb+v+nzknin0qpIWm7pVPh94BaajxQJ0mNwVQ8hjdJP jy16PH4z/aQ6oPjPKMbnMwTQOdWVUKsZtEkBGcAjJWLFmUJYpR5PPdRB /VsEtjexNKZtDwn0/QUIqUi4GcSp0ISTDBTNDjImJhWVJUoFh6S6zuRW tPYZGA== -; resign=20900122074341 -d.rsasha1.example. 300 IN NSEC a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. A RRSIG NSEC -d.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. oWJRAhXbXUA84Nc56NyMocBq93bn3k4uGeqv+XL2L5l6yjxQYxKzjqq1 O5m72K6GiIjoIeun5TxJlEI7/o1EivTxdGYVP4Fsb//Wrv422QcHwS27 xNsFhLMFQglBCOaZzj1v3G2nXRRjP8x81ysg048THlhH5Jm7cW3aUmuS P6kXebWVwIc2nywLHVr/U4dCT2sHOk2gkUuaj8p6rMLVYwj/5dBRijVl Wm131ZeimetxrrRVxXtOfof7W4pqx3bpYRqb/Exdh035Hen+QesxRYTA zcxY7CywJY59afc9/abQBWGkPLfF7rgfJjPIc3MpJlP4SPf0SV4bTNUU nptZ/A== -; resign=20900122074341 -ns.rsasha1.example. 300 IN A 10.53.0.3 -ns.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. ONQph6nkFWSS6dqe/agbVnbjwTtA8ZZATpTCqoRJp2QoEgIjZ/0Yh7Fl Axz4PnpMYsEoie0IZ0/g+xTH7nXYphZzzzgedK8WK0vdTW3Pspyoiek/ tWjiGshqq1atHgi+jjRiuhnEvkaX0UDipMCQvI7oFHMOJxmnwZBCNWMc kBu9vbqtr/+HM4y+jGywg5l2XVkmHC5RZv1CoYc5PhfvV4zMI2RCb/Km i5eNCrUZefRfAq4fK9M67Jh/WnfRWfnHZKZN3O0yiRdnKOh2tOQP3X46 fIuNldCeg1PPnkbs4R+ekqJYhpEydNuWKEoKw2ZgeIrmbcRqepD6y3SZ UP/TAw== -; resign=20900122074341 -ns.rsasha1.example. 300 IN NSEC z.rsasha1.example. A RRSIG NSEC -ns.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. s7P7k9FDJrO1JhUVjgVUDQXNXfNOJrYVt44OoD45e7w4Q7QkyeZe+6z1 Arj9tW1bI9nIVNo63DT51bsJmj4vPf4SuJgHO05ElkLFSvHn17qMdw8Q Kpx8MQa7plAISqzl9hJip0exMuV+1IHujO9VGE42CxKl0q6l2b/x3+Il afx47bcEePkdhHXyhOSdrtxFTayzjMd/7uSy6p1jFSEVrheejQ/r44t3 9uxEc4EYfiP+HVfnjJ178j2Xa4dZyi3ljhJjaH5oleiy5c2Y5kXRIuXH OcIQ2axO7LT/yupRcBPlo7ulwI9iEVd2Q2gueMqaJ9YEWlcoOSFu1H75 7IRAbA== -; resign=20900122074341 -z.rsasha1.example. 300 IN A 10.0.0.26 -z.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. nuqG+ILECKKCQockETu4yLRKZzv9qjXJpfD0/yw5Cw7nSrZFvAjpkQR2 f+xmzbcxP4xiYqs1I+nz8cnHs6NNkJA8vcmk9dnzRu78X0x8MFFV0Yha jQKK/cSzhEhys7GMYv3Jz6lKfmFOAoq1et9PaQT6w8zQD8Q5vBzKrvZm pg+QzZvvgToZfj4e5J7nrhnyOVo7Jec5l/aBCGJbgRMDxjyyC0ufOjnm POvsTZk+wM3+wuN6zYwDpproPiH/6vC/yPlDHeh6kDt971dMsdvRv+kS KAzPyN8rweptJ/HRprb9x6zcAJOrK0T1sJ+EhMbYMgC/py6aAn+T7G5D FGY1tg== -; resign=20900122074341 -z.rsasha1.example. 300 IN NSEC rsasha1.example. A RRSIG NSEC -z.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. Wj5DkrGppeMFn8bWLUMfFPCzDAO2HeabbEIMaAHBH/g0hdn+2PPkQc8D D6WCSc4q5gyGNRSXj2Kik2TojD9n/5WuwDAA3W2AOso+4d616lSy9pyj x+e4WZ6y6tAYRRIGIVTdDEOxrZ8KspclWk7H6OAAPIYvgZeYjox21qXN BknpIifVoaYUoxi3e81k25erm/Xww4uU2SMQgvq3sBrs0YGANembfxas BRVmSmBykpugHgS1/Fl19Hp40y/JTBzqOLrHgPgHO4aH89dgta0WlMhb 8uCUOjHNjcR+KO3KUpKDZkH8IuJHWWFd0TabdV0KBhpInQh6Yorhpjg7 qNBbgA== -; resign=20900122074341 -a.rsasha1.example. 300 IN A 10.0.0.1 -a.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. eJyAqMArSagK54kSFvJxE5qYXFSDYxj6Vt8l4gi58BQigO7p5v0BUWcS icToRx3a9+rSdhnBuGbOWGNlrKFfCKrLmqYrlI9GFSAFLAFj7DETSKDJ X5dQ0KnpyGL3SneQsDWAvAof0y9B17dnBHQMSjeVqqQLjYEnq3ZIdT3c b6emCGMhcbfIAOYWt7t9nk/J2tsTsdoKtTCHP1SHjn5sE++BPXOce49X gFnNMD+pOcoLH8Z07RcTQ8IeNIa9hO8UaypyicaHQ2F0JtsiL1pqREXf QsBeLC12Gbi0rxJX3gdj0LXsmSerVl6BgaNjPTp3840WKrW3nTG/8Lre bxgkow== -; resign=20900122074341 -a.rsasha1.example. 300 IN NSEC b.rsasha1.example. A RRSIG NSEC -a.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. 6fZ5/GXrFAc9lEspMNlPa40F8O/tGq1oaSZXVstwLH124TNWxRK+i8eT H77Kq80vZkDus8rkLr4fiLP3ApXVBffCRHZWecGrYaPGDbQXALQEktld NhmLr9Nf30Jq7KvVV9Qf4daPC7ZwkB8EsikJxjpQ/paHlU/Pua7ZonnH /x9HHRJBLWb/PPQWEc++8SSjA79+HZVbB8rBwXyxHO1tFBCbBpK/JNwu KpRqNp/mwxPpSaJGZIuhHlzfbLsS4WoXjdG+fob4RqsPPwrf/uAAzKM2 dHVuqZ1erH3ryb4JdRo+MhqD0+vC/7+eNccEXraBsE5xGw4M62Se37WC kyQDQA== -; resign=20900122074341 diff --git a/bin/tests/system/dnssec/ns3/rsasha1.example.db.in b/bin/tests/system/dnssec/ns3/rsasha1.example.db.in index b2e7e21e20..f358bf1248 100644 --- a/bin/tests/system/dnssec/ns3/rsasha1.example.db.in +++ b/bin/tests/system/dnssec/ns3/rsasha1.example.db.in @@ -9,19 +9,55 @@ ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +; File written on Sat Jul 5 14:07:24 2025 +; dnssec-signzone version 9.21.10-dev +rsasha1.example. 300 IN SOA mname1. . 2000042407 20 20 1814400 3600 +rsasha1.example. 300 IN RRSIG SOA 5 2 300 20930723222131 20250705200724 56181 rsasha1.example. HD26wOumxWQ/epo0958sjThZr0yfTMHnIn5hC2ZdOia9uuBBnHR0kPyS ++zd/Q9lFb6MRzkfLEHGexv2fXIHnWcCLp93gYvMm/HWf0/MhUzhabzO YJfcDKRT3PUEgDvuE0tiHEGWHYAb0iXQi1cjpZhvw6yikAQ2o3UUn3e2 QTQ0JO7EnG4wNxPnr92VPcTLTqajczCz63cvCvJpkaUCjAFyTKvCpgyl /eRKagX0UA8lv+DmOwFCTG0p1JeIQMQoW7xZELEWb9mAR/o1VmcJnYT3 Awi35hTj9XhM+bPCK4qqOkq6JNMSnOA4Xxg1baTEqjrFJZmEG+iyImoL 5d1DLQ== +; resign=20930723222131 +rsasha1.example. 300 IN NS ns3.rsasha1.example. +rsasha1.example. 300 IN RRSIG NS 5 2 300 20930723222131 20250705200724 56181 rsasha1.example. KAZovbd0Urp3LIrLsCV7UldT5ze4fYG8iaXWpyrw7/JmZIZOWA3X4rgF hlhxes8xD73qrV96dWuNZmTMs+mp665bAbX78sjfZZdmWGWrpPzse6G3 YEm6EGSOWjrsb/kOmKPiRTaVUhTanAjJC17rhixEYRBrvekpnDx/3PjX HnJRR8a75DXVrhm47u4/hHD7cS2hOfZj4xqNyWOlpNIaH7ZWPzO34SR9 iuPReF4Q06NG741TdAfsl3h9YeCfZWBH1DQ7jwrq5hRGPTtZmq7OTyMm dH0ovRF6ntYYbU0aOanS4l7sjEVwr+AkrFG8Pu9Ipey5Tlgn3bx40cAn 5TDkfg== +; resign=20930723222131 +rsasha1.example. 300 IN NSEC a.rsasha1.example. NS SOA RRSIG NSEC DNSKEY +rsasha1.example. 300 IN RRSIG NSEC 5 2 300 20930723222131 20250705200724 56181 rsasha1.example. DIhZ8/JkklG9nAC0CB98mmOVnXy7KS+CbG4vC8OrnOSi8nyyHuNC2Zt7 p2taM2KshEJ3piXUsICLbQDpHwrbbRx5RbctaLQz5S3lhx+0j3TNZWaT 2kWP5jMyhNDxaNn35xh7yTamDEKC20Bk5YyN76YClEkwqAr9ksj/FUNY RYIG9+4jjOt962Vj/5e0pgK+1ZbM3lF8WvJAh44YgWD9U4D1nBmyrkTq gBwJUbCvEmyoCxOQfSQhTwaAqKQ3IalnC2hfHfYQsEwpbVwfvt4LGEy+ b0vNnBGHKriM2T/p59vtblWirsxDc8QNpYmtOvjVket4nvzBuA7eqUFt /QijRQ== +; resign=20930723222131 +rsasha1.example. 300 IN DNSKEY 256 3 5 AwEAAYnqt4hwxo/oi63pCLz4EQaUyQU1viMhQ6EVnIXKdPdymJ51tKuh qJ+uT1MxcMwH97b/2CtqTtbI4MP7ksxDWh7JE4R2kzdKrtb1darcvSiy Ewh73TG+1wvt1f7ZC8Hw2TdiU+mLL3vFBfmnUN1Q0xSULKckdlOwH9I/ 20xeS6mz8tYxOC/N9N3AH8gPF4pxoEHkX2XpzdmBSKlgD4Sp1Iqqnebg U/JK2JK2SUZr2ZmCeSMmAmPCt5rT6B6hN8XQkhqPLG3vygqsoLbGngVV nBXFpziMi3VyQ48yvjnNTpzrkfNo/3vrRyrLpBw9I8ZtZNOrypwayBdu fgbfk7veeqk= +rsasha1.example. 300 IN DNSKEY 257 3 5 AwEAAcWJul/er9Gsevi3PxbuJV2iGlbCC1WF1PZ9dluBKZFFCRbl45Mt D32nMBjpr0TkwVRVoTa2tNYdPIo/GrS6EZfUzM6coA3IEK68j0tgqz9b S8fJAaBYMTWlcvho/o9aEZjcnVW3c6IwjxAqUq+4wdokgjV64s+RBPZF 1zRbJz8ONINHmxvKHBzZzVa2Cq7FaHoQpF0NVrHhEuic8IXrW5F9Djah 0svAdethvpfpwVIsthfkv8/E4CfLDFymSe93g4mwMgcIBCZs1ikk1tbG 2oTrUjFui+iXJWIAoKZ8PqfBAWnxckTt1FJCg2cNrxtWAo1WncJdX3py hK7TjQ+DIKc= +rsasha1.example. 300 IN RRSIG DNSKEY 5 2 300 20930723222131 20250705200724 55127 rsasha1.example. qrWtbMhGFKeRoXgphkmpTQJxI04Cl/hmtE81YuB9Em7F/cNAu7yFi0O4 ZDmm8qRyV4a7itK0Ce/WzFBrCp3CuyJ9MG3hyvJDtIoLTHtCL0QeMwDA j9V68ajgTBNYC1ZwhbDTiD53EJDjplU2U6lCB0zxzJkEE4wPdkotddjG Q6LOy0qSej4raIoOwptaTIkRXa0fAYXz696A2S8bDq74Z9Bw6qcYoj0X EwqFnngFS2Wf4scpeoplR/psRP6n345inw8duF+XieGdt8XSaBw3Qf/E h0eReXQcA/GFpRj4Rvevj+vN1LSBnuwZMd5aC3+xHYf99jAzPYdglScc Rv19qw== +rsasha1.example. 300 IN RRSIG DNSKEY 5 2 300 20930723222131 20250705200724 56181 rsasha1.example. hvncQdiu+zpcYQRPG19nmbpPPCCGFAT5s4dITGslA5/V764XGvuowX24 CuZMMTefS1KkR79GzRYuTOw/T+vbinMZcU1KvSWaSNsKwYUIsP6cYZXG DX8ug0X+eijggV2bm+43yGjjNKe00e+Aoj8xHNDJhyy+qbKOHUp87Fbc mAKwpq35gEeuBt13PaJxkuQZVxAe88F9TXwhmaUOrlGrj+5XASJR6Cz0 DmlW4p26X//Uvs44bbyDN/hxF1rGOu/D470Q4Lkhsu9B3wtG3vPoNwSv BaMoFU717YJ3a2li7mean6IXIvyCmS1YQk+EvNfcpiW9yPWHjB/0kycH 37HSDw== +; resign=20930723222131 +a.rsasha1.example. 300 IN A 10.0.0.1 +a.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. V0TqYXv83i25Ir50MPgxnWrdhhE1nIMCpAca7e7FKUrLkGlsypFzbTX+ 5hBHaYENXYr+Risr7B4ZdV0LQk4aXfmKqvPLqU0nYfsh/g86bq9wklaU R3QywkOEJqOfirpTWz/wybAE1ELasFncx/VaPrYQ8Zqw6H/Vb1yVSJWs ZqnfDFbZ7mYfEF4wgfc4St3UzjpuoDwfAhbwWg91t85UbYs0SvgYpgbS QLNL+/ltG0hLKNsIzp/aYQQ3IOeeiofDCDOZSl9k3KAezJofJUy3YRBb YVpbe89h6Gb6m4/kO17rLrwQLg7I90ctPgdqQSCKk8x0WzK3N1gfhxxM fcFnsw== +; resign=20930723222131 +a.rsasha1.example. 300 IN NSEC b.rsasha1.example. A RRSIG NSEC +a.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. MxKko8nlw+QysAsrOjR7UtXgHsEsvsDMji/riMT0PbSEDMPJv22hQHbs hDhBD7xNygGZ6bSIX6gXd2uBVfUePzmXCk5tBraXywZ173SvFy/cMJu/ Q9FAFkPKvyEAhswiYUnrXWnujyNmDUK8JFrjI7TSLzQ6mXh4+PO+7b4E GpRCyhArL0Ov1iDipA1CpxCGfLJNaY+kvA+8VPcxob78Ly7cv81kwafY oV635DUp6D4tqSYgPMgwJyOuiek9D7bZJIHPiH/59jWZ0Ik9TNC4EVNF 1Fy4VjdMAFGnW9KIAUWMfSIxImzbh7V17H3H4C96LMNZIWJJG9zxOtMf r6fS2Q== +; resign=20930723222131 +b.rsasha1.example. 300 IN A 10.0.0.2 +b.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. dM6MhQGCqyBNdEbr0YMS/+sUjNDrdkkBcKhrtZ271WDx07838oY9XbpZ v+cKtLuhk69Gm0xErN32k+Qaa+LhqP1YPdqmnyAEycUJXUE7HsH6E9Fz 8AKp/BDQshb209++d3JQxlbch9sqodpIRkxYIkTVJfBt6vsAstYwZHCF I8+PbjTn2zNkBZz0rmj5+AxDDNfnRmcPOoXVJXKNkasQgagSWr1bieb8 15CMDnk/PJhFpHdJ5NiQck8Y9bUMaz8mPBJpFeJwwssY3jCe2qb96IaJ e+XLRpJntHpZvBy3DpO0jA2WHf9WkS1/4toVh4ePHc+FgJBEUXJyPqXc OzjGog== +; resign=20930723222131 +b.rsasha1.example. 300 IN NSEC a.b.rsasha1.example. A RRSIG NSEC +b.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. VV6Z1mhegfATU+mN9gEqrL9oJNpPeZY+Ld7p9kp4oBL+omWo5c/DQ1LR xFUUA6mp1fm81vQwxkxqSwfixABF40lX82ooKQZkgOMKEDvsfkZR4dE5 bN5Dp0JUQTH9fuEX4mo9jrto0gPVKuI0PihHzNfgo8aBFIiXZA86D3/w phVgC+x/o/kZ5Keau01kY8DRxK8Fb1dU3FMjJB8gQFpPwv2wde8yxYgn HUql7sSkmFpQO9heh9+lPqQTwThaiM+PnYY7D96O/28Y4FTfS3D/RCnS Xb4gGM//gkbTmXPlFsaYqYeBdFJbkh0cI4YZxk4ynVXsWL1D0Nb2FqqS XnjBAQ== +; resign=20930723222131 +a.b.rsasha1.example. 300 IN A 10.0.0.1 +a.b.rsasha1.example. 300 IN RRSIG A 5 4 300 20930723222131 20250705200724 56181 rsasha1.example. Ctc9dyCVDi7ptbp/g2H5NmCmPSGhYTKcES2bCXz6xnByyISpjyrJjG9X 71RVB1ZfF9FIiaHu97K96zmYB0GsvhHiYx+WV0En3gYhzWEze3IoCrYf wxYkYwhYeaqRksl4utpDlzURUsxlqGbKw0XFT8vV8lm9nAg7E0hI10Bj VAVvc2Wuf3niV+GE0t2wXa17ccPeL78B7ab59extwCKG/gYLm8gJ547u 9kAdnw2Hi7FWBSXSoM02PESZLcN+GEWJ9Jc6O/m2aGSryer6W4UV8HLF TtN72HJvog1ky3RArlkUwvuwD2w8eiVHARN85t0hnykVT25K0q1dwIR+ d3B2Mw== +; resign=20930723222131 +a.b.rsasha1.example. 300 IN NSEC d.rsasha1.example. A RRSIG NSEC +a.b.rsasha1.example. 300 IN RRSIG NSEC 5 4 300 20930723222131 20250705200724 56181 rsasha1.example. U48IEvy4W8MhJaTxZvemh31MxAU6Xwn5K2MCJhu9MenDRWQqrmPSBKfo nIMSp+a1Wcjsu9UQgBDzoOTuNWKCSI5H2YwhGQsIpCYpIiK/j8X4DCqm cIS0ipTipTbLGPBHfgvwA1KFJhtMi0FOaqe9OXODZFJ3vCz5J/uvmG4H O8PADlUX1clFR4iipLhCa4bvfojUGMM401oDIIxaQLpsrbm1iOqjTvrm glnDQFvFvO3+3J4wLRuVDtV5Z21AhzLIgIXwhh1P4zI4B5aELHB8rrec W6CWkbb6WdZ/rHIiMspe03dby7aW5qbP5pwXwhiycqCqkIvlQAGaxphj 1Hcd3g== +; resign=20930723222131 +d.rsasha1.example. 300 IN A 10.0.0.4 +d.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. fMn2pTXdK3X+l5cwvP/Lk+luqWhC12mxkvK2GNScLGWG6xq9PZzzLUPU mAiEvzUnFPswZzKDgN99OORpPRJXNN7c0S3qqejBhEpz1kkDM1zTaFdY yGwzuNn9I5O6O+//adYkFZu/qCD90ggVA71KSUQVkHfdWt0WiqUdZExY sRbxDf36moVaJ+PtWnnvbXPcdlALouSv3msyf3FwIrfQcr9PpV9bE+rZ jKN+sab4n1/YkSBdFyTht2MSUzxKyfn+TgxCzBdGeSk00JNzyKBlDau8 ebmR7oYLQcAhj43v4u+wPbuilDw4tyhxcgrRMr5ZnjG7XzaivcoLpZMA umrQLw== +; resign=20930723222131 +d.rsasha1.example. 300 IN NSEC ns3.rsasha1.example. A RRSIG NSEC +d.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. G+FZFvRZm4GXf/zfkLH7gWKuTxIhZ3rO/iP9e4Xg2Dcz9Jt/yCIXVkr4 I7bbBOnE8NGS43E55NILYS3aA7llzJtutENqBw9TRW3EcqFlYsFUBUeK T/FCV3zEYlEPeiO82jK7l+1CpiVeVvbX3pLYDrME/lbYeu8KUYsj/fBa Iq5S8mnWD7ZzR7KiSBQU97bn0YAi9pyhA4t3YqrR1MClf3/lpzLq5Rv9 YSzW+7O/jpvCGUotr3bgOpZWtZ0v5QxKdf8Anx6KHgH9n6ZdbareopeO y8mKVk0FmtuYZefMm/0n8uU0aYrwf38bpLMQMcqrT9gVaAPullFC9D/R Z670cw== +; resign=20930723222131 +ns3.rsasha1.example. 300 IN A 10.53.0.3 +ns3.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. V/B0gi6v54YeufttfGwEVEy8+UivueXqqb2BOj+U4wMpFcunT71Y5Sqf iTs5uH42EkyKbBrz+wXyx4ar4VNSp0ONA3oPx0rZTFA6FV18L7BkYPtW Mh2Fs2qxc4XdGUgHqt4K3LT4ond7a2hek0aBA7EWc0hggs2YflE60766 zmjK/OWaUinG/bZqM1KaaMMlporXaGp9yDyvs6ikgI0YKaQd5GtOK5XC xEJPsIovvyvChXPP/OFPnqOjcXS7zZtxey4krqFUe3Ttbb7sQGrAqv2f 59cB7TO5O/uMZ+iy4Q4sih1FPuDYoBCVT/9LzyOp7glyHyvq4Emp9QkA zlYGKg== +; resign=20930723222131 +ns3.rsasha1.example. 300 IN NSEC z.rsasha1.example. A RRSIG NSEC +ns3.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. NpqZAR5fkDzDzqBYzeKD+FbAtMWHj0rcKsJloAsO4bNqAH5575v07oAz CtqIU8QD55zSya6glTWXOImUtPZia7KQAq84k85UmEnI7idDezpO5g5a gwDb8p6/L8a5YFL0i7QmjVjxGxWha7E2dDma3fDIICaF/sMqixE6Qi06 NBXvVwbPYsI27tXEDugigEEoO6mmwUxih8O0ifOjy9rVh8zA7UTT0NtI ZavRYz5grUZ6Otrqf6q1d27PaGxRvBjltmXBZTSmQvHVexkjPlrLcIIN LygvWnYIZfY8csF+5gOlYN6jR6eTnMgjy0Xf4kitUjXAI4apeBe1/nRO P3HlQw== +; resign=20930723222131 +z.rsasha1.example. 300 IN A 10.0.0.26 +z.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. K8Cz5MTHdD6loMbfXOSCuwTwsuwGUmqmI7BlKhRULTk5RZRDrXPfiBQa Hr2umtzrnclgm+LSpuFrRPoQOWaJ1cAXzpM8bF+WvL8UKasIxBD5rxzW en/QvmfpgQQH/LwUW+MnsIMuDxs8P5GQ4267crMPfZ7kwaA69FIz/TCJ B0mt5bw/6I7MABqxD3YfZ69uxh04WtjhHFGTBV9CUhsvB1IXgSU7udKg 2+ZTJJqRf4+6hy3ztJFy28HRcBHPkdcJ1AR++pPb8PTFTIUdBqzZQ8h7 kFYQP6jOP34rw8HuvNB6El5scCr7emhMt0yuEdA4+hbQc8UUU7qo1z4C l/gj+A== +; resign=20930723222131 +z.rsasha1.example. 300 IN NSEC rsasha1.example. A RRSIG NSEC +z.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. eJ35f6tSE8yUMR+z+vnJwdg8eAS/VM2e0oVaGLD5JBwboocJW45IaRv0 DIbq62NBt+BHSv2LZlKXaZwA+rNGmcDXqhlscTMYoqIu2AItNBRJaQwj 3aF3AySSOADG1obymVM+HLVO12kifQTJBSPHUcpuvtBtnz1o4POaBFAa icCJf33cNirEDIYWGTmc2MejhrvfU/uuy3YIHUFYkAiX6WISva9pmNiJ pPq+5zRUZpsFISHc0W6coUuwgyQlVLmziTVesfgxSER0rp0BJ/B7M14+ xvWPSoHHhSU0fR8DkzUWJA6hbEpgB7sLNDL4NPnaUDiZGdTXCGzXbnum Ttcm8Q== +; resign=20930723222131 diff --git a/bin/tests/system/dnssec/ns3/rsasha256.example.db.in b/bin/tests/system/dnssec/ns3/rsasha256.example.db.in deleted file mode 100644 index f6c4fabdd3..0000000000 --- a/bin/tests/system/dnssec/ns3/rsasha256.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/rsasha256oid.example.db.in b/bin/tests/system/dnssec/ns3/rsasha256oid.example.db.in deleted file mode 100644 index f6c4fabdd3..0000000000 --- a/bin/tests/system/dnssec/ns3/rsasha256oid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/rsasha512.example.db.in b/bin/tests/system/dnssec/ns3/rsasha512.example.db.in deleted file mode 100644 index f6c4fabdd3..0000000000 --- a/bin/tests/system/dnssec/ns3/rsasha512.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/rsasha512oid.example.db.in b/bin/tests/system/dnssec/ns3/rsasha512oid.example.db.in deleted file mode 100644 index f6c4fabdd3..0000000000 --- a/bin/tests/system/dnssec/ns3/rsasha512oid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in b/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in deleted file mode 100644 index 14971bd7a6..0000000000 --- a/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/secure.example.db.in b/bin/tests/system/dnssec/ns3/secure.example.db.in index 5859ebcdc5..decb1eb3f0 100644 --- a/bin/tests/system/dnssec/ns3/secure.example.db.in +++ b/bin/tests/system/dnssec/ns3/secure.example.db.in @@ -38,8 +38,8 @@ ns.private A 10.53.0.2 insecure NS ns2.insecure ns2.insecure A 10.53.0.2 -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 +nosoa NS ns6.nosoa +ns6.nosoa A 10.53.0.6 normalthenrrsig A 10.0.0.28 rrsigonly A 10.0.0.29 diff --git a/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in deleted file mode 100644 index 15fe621fd0..0000000000 --- a/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/secure.optout.example.db.in b/bin/tests/system/dnssec/ns3/secure.optout.example.db.in deleted file mode 100644 index 15fe621fd0..0000000000 --- a/bin/tests/system/dnssec/ns3/secure.optout.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/siginterval.example.db.in b/bin/tests/system/dnssec/ns3/siginterval.example.db.in deleted file mode 100644 index ec6603a91f..0000000000 --- a/bin/tests/system/dnssec/ns3/siginterval.example.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2012042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ NS ns -ns A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/sign-rsasha1-1024.sh b/bin/tests/system/dnssec/ns3/sign-rsasha1-1024.sh index 20e4bc52dd..981d4af52b 100644 --- a/bin/tests/system/dnssec/ns3/sign-rsasha1-1024.sh +++ b/bin/tests/system/dnssec/ns3/sign-rsasha1-1024.sh @@ -20,8 +20,8 @@ zone=rsasha1-1024.example k1=$("$KEYGEN" -a rsasha1 -b 1024 $zone) k2=$("$KEYGEN" -a rsasha1 -b 1024 -f KSK $zone) -cat $zone.db.in $k1.key $k2.key >$zone.tmp -# use maximum expirey period (-e 2^31-1-3600) +cat template.db.in $k1.key $k2.key >$zone.tmp +# use maximum expiry period (-e 2^31-1-3600) # use output format full for easy extraction of KSK (-O full) "$SIGNER" -e +2147480047 -o $zone -f $zone.db -O full $zone.tmp rm -f $k1.key $k1.private $k2.key $k2.private $zone.tmp diff --git a/bin/tests/system/dnssec/ns3/sign-rsasha1.sh b/bin/tests/system/dnssec/ns3/sign-rsasha1.sh index c62f3fe660..ce2afa254f 100644 --- a/bin/tests/system/dnssec/ns3/sign-rsasha1.sh +++ b/bin/tests/system/dnssec/ns3/sign-rsasha1.sh @@ -20,8 +20,8 @@ zone=rsasha1.example k1=$("$KEYGEN" -a rsasha1 $zone) k2=$("$KEYGEN" -a rsasha1 -f KSK $zone) -cat $zone.db.in $k1.key $k2.key >$zone.tmp -# use maximum expirey period (-e 2^31-1-3600) +cat template.db.in $k1.key $k2.key >$zone.tmp +# use maximum expiry period (-e 2^31-1-3600) # use output format full for easy extraction of KSK (-O full) -"$SIGNER" +2147480047 -o $zone -f $zone.db -O full $zone.tmp +"$SIGNER" -e +2147480047 -o $zone -f $zone.db -O full $zone.tmp rm -f $k1.key $k1.private $k2.key $k2.private $zone.tmp diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index 58da7378f0..b7ec530e3c 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -77,6 +77,14 @@ done echo_i "ns3/sign.sh: example zones" +# first set up some insecure zones: +cp template.db.in insecure.example.db +cp template.db.in insecure.below-cname.example.db +cp template.db.in insecure.nsec3.example.db +cp template.db.in insecure.optout.example.db +cp extrakey.example.db.in extrakey.example.db + +# now the signed zones: zone=secure.example. infile=secure.example.db.in zonefile=secure.example.db @@ -92,7 +100,7 @@ cat "$zonefile" "$zonefile".signed >"$zonefile".tmp mv "$zonefile".tmp "$zonefile".signed zone=bogus.example. -infile=bogus.example.db.in +infile=template.db.in zonefile=bogus.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -102,7 +110,7 @@ cat "$infile" "$keyname.key" >"$zonefile" "$SIGNER" -z -o "$zone" "$zonefile" >/dev/null zone=dynamic.example. -infile=dynamic.example.db.in +infile=template.db.in zonefile=dynamic.example.db keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -113,7 +121,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" "$SIGNER" -o "$zone" "$zonefile" >/dev/null zone=keyless.example. -infile=generic.example.db.in +infile=template.db.in zonefile=keyless.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -134,7 +142,7 @@ rm -f "$zonefiletmp" # NSEC3/NSEC test zone # zone=secure.nsec3.example. -infile=secure.nsec3.example.db.in +infile=template.db.in zonefile=secure.nsec3.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -147,7 +155,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # NSEC3/NSEC3 test zone # zone=nsec3.nsec3.example. -infile=nsec3.nsec3.example.db.in +infile=template.db.in zonefile=nsec3.nsec3.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -160,7 +168,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # OPTOUT/NSEC3 test zone # zone=optout.nsec3.example. -infile=optout.nsec3.example.db.in +infile=template.db.in zonefile=optout.nsec3.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -186,7 +194,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # OPTOUT/NSEC test zone # zone=secure.optout.example. -infile=secure.optout.example.db.in +infile=template.db.in zonefile=secure.optout.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -199,7 +207,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # OPTOUT/NSEC3 test zone # zone=nsec3.optout.example. -infile=nsec3.optout.example.db.in +infile=template.db.in zonefile=nsec3.optout.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -212,7 +220,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # OPTOUT/OPTOUT test zone # zone=optout.optout.example. -infile=optout.optout.example.db.in +infile=template.db.in zonefile=optout.optout.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -238,7 +246,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U). # zone=nsec3-unknown.example. -infile=nsec3-unknown.example.db.in +infile=template.db.in zonefile=nsec3-unknown.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -251,7 +259,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A optout nsec3 zone with a unknown nsec3 hash algorithm (-U). # zone=optout-unknown.example. -infile=optout-unknown.example.db.in +infile=template.db.in zonefile=optout-unknown.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -265,7 +273,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # Algorithm 7 is replaced by 100 in the zone and dsset. # zone=dnskey-unknown.example -infile=dnskey-unknown.example.db.in +infile=template.db.in zonefile=dnskey-unknown.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -284,7 +292,7 @@ $DSFROMKEY -A -f ${zonefile}.signed "$zone" >"$DSFILE" # Algorithm 7 is replaced by 255 in the zone and dsset. # zone=dnskey-unsupported.example -infile=dnskey-unsupported.example.db.in +infile=template.db.in zonefile=dnskey-unsupported.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -303,7 +311,7 @@ $DSFROMKEY -A -f ${zonefile}.signed "$zone" >"$DSFILE" # digest for another DNSKEY # zone=digest-alg-unsupported.example. -infile=digest-alg-unsupported.example.db.in +infile=template.db.in zonefile=digest-alg-unsupported.example.db cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone") @@ -327,7 +335,7 @@ $DSFROMKEY -2 -A -f ${zonefile}.signed "$zone" | tail -1 >>"$DSFILE" # to mimic unsupported DS digest (see ns5/many_anchors). # zone=ds-unsupported.example. -infile=ds-unsupported.example.db.in +infile=template.db.in zonefile=ds-unsupported.example.db cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone") @@ -345,13 +353,13 @@ mv "$zonefile".tmp "$zonefile".signed # Different from above because this key is not intended for signing. # zone=dnskey-unsupported-2.example -infile=dnskey-unsupported-2.example.db.in +infile=template.db.in zonefile=dnskey-unsupported-2.example.db ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") -cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key >"$zonefile" +cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key.in >"$zonefile" "$SIGNER" -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" >/dev/null @@ -360,7 +368,7 @@ cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key >"$zonefile" # Algorithm 7 is replaced by 100 in the zone and dsset. # zone=dnskey-nsec3-unknown.example -infile=dnskey-nsec3-unknown.example.db.in +infile=template.db.in zonefile=dnskey-nsec3-unknown.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -378,7 +386,7 @@ $DSFROMKEY -A -f ${zonefile}.signed "$zone" >"$DSFILE" # A multiple parameter nsec3 zone. # zone=multiple.example. -infile=multiple.example.db.in +infile=template.db.in zonefile=multiple.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -386,23 +394,23 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" "$SIGNER" -z -O full -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC" || ( $4 == "RRSIG" && $5 == "NSEC" ) { print }' "$zonefile".signed >NSEC +awk '$4 == "NSEC" || ( $4 == "RRSIG" && $5 == "NSEC" ) { print }' "$zonefile".signed >NSEC.db "$SIGNER" -z -O full -u3 - -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >NSEC3 +awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >NSEC3.db "$SIGNER" -z -O full -u3 AAAA -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3 +awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3.db "$SIGNER" -z -O full -u3 BBBB -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3 +awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3.db "$SIGNER" -z -O full -u3 CCCC -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3 +awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3.db "$SIGNER" -z -O full -u3 DDDD -o "$zone" "$zonefile" >/dev/null -cat NSEC NSEC3 >>"$zonefile".signed +cat NSEC.db NSEC3.db >>"$zonefile".signed # # A RSASHA256 zone. # zone=rsasha256.example. -infile=rsasha256.example.db.in +infile=template.db.in zonefile=rsasha256.example.db keyname=$("$KEYGEN" -q -a RSASHA256 "$zone") @@ -415,7 +423,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A RSASHA512 zone. # zone=rsasha512.example. -infile=rsasha512.example.db.in +infile=template.db.in zonefile=rsasha512.example.db keyname=$("$KEYGEN" -q -a RSASHA512 "$zone") @@ -428,7 +436,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A RSASHA256OID zone. # zone=rsasha256oid.example. -infile=rsasha256oid.example.db.in +infile=template.db.in zonefile=rsasha256oid.example.db keyname=$("$KEYGEN" -q -a RSASHA256OID "$zone") @@ -441,7 +449,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A RSASHA512OID zone. # zone=rsasha512oid.example. -infile=rsasha512oid.example.db.in +infile=template.db.in zonefile=rsasha512oid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -456,7 +464,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # 1.2.840.113549.1.1.14 # zone=unknownoid.example -infile=unknownoid.example.db.in +infile=template.db.in zonefile=unknownoid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -481,7 +489,7 @@ sed "s/\(2[0-9]* 2[0-9]*\) [1-9][0-9]* unknownoid.example./\1 ${tag} unknownoid. # A PRIVATEOID zone with a extra DS record for a non-existent DNSKEY. # zone=extradsoid.example. -infile=extradsoid.example.db.in +infile=template.db.in zonefile=extradsoid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -502,7 +510,7 @@ keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") # the DNSKEY RRset with using this unknown OID. # zone=extradsunknownoid.example -infile=extradsunknownoid.example.db.in +infile=template.db.in zonefile=extradsunknownoid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -536,7 +544,7 @@ sed 's/CwYJKoZIhvcN/CwYJKoZIhvcO/' <"$keyname.key" | "$DSFROMKEY" -2A -f - "$zon # match the DNSKEY RRset with using this unknown OID. # zone=extended-ds-unknown-oid.example -infile=extended-ds-unknown-oid.example.db.in +infile=template.db.in zonefile=extended-ds-unknown-oid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -568,7 +576,7 @@ fi # A zone with the DNSKEY set only signed by the KSK # zone=kskonly.example. -infile=kskonly.example.db.in +infile=template.db.in zonefile=kskonly.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") @@ -580,7 +588,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # A zone with the expired signatures # zone=expired.example. -infile=expired.example.db.in +infile=template.db.in zonefile=expired.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") @@ -593,7 +601,7 @@ rm -f "$kskname.*" "$zskname.*" # A NSEC3 signed zone that will have a DNSKEY added to it via UPDATE. # zone=update-nsec3.example. -infile=update-nsec3.example.db.in +infile=template.db.in zonefile=update-nsec3.example.db kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") @@ -606,7 +614,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # extra keys not in the initial signed zone. # zone=auto-nsec.example. -infile=auto-nsec.example.db.in +infile=template.db.in zonefile=auto-nsec.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") @@ -621,7 +629,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # extra keys not in the initial signed zone. # zone=auto-nsec3.example. -infile=auto-nsec3.example.db.in +infile=template.db.in zonefile=auto-nsec3.example.db kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") @@ -635,7 +643,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # Secure below cname test zone. # zone=secure.below-cname.example. -infile=secure.below-cname.example.db.in +infile=template.db.in zonefile=secure.below-cname.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -645,7 +653,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # Patched TTL test zone. # zone=ttlpatch.example. -infile=ttlpatch.example.db.in +infile=template.db.in zonefile=ttlpatch.example.db signedfile=ttlpatch.example.db.signed patchedfile=ttlpatch.example.db.patched @@ -661,7 +669,7 @@ $CHECKZONE -D -s full "$zone" $signedfile 2>/dev/null \ # Separate DNSSEC records. # zone=split-dnssec.example. -infile=split-dnssec.example.db.in +infile=template.db.in zonefile=split-dnssec.example.db signedfile=split-dnssec.example.db.signed @@ -675,7 +683,7 @@ echo "\$INCLUDE \"$signedfile\"" >>"$zonefile" # Separate DNSSEC records smart signing. # zone=split-smart.example. -infile=split-smart.example.db.in +infile=template.db.in zonefile=split-smart.example.db signedfile=split-smart.example.db.signed @@ -690,7 +698,7 @@ echo "\$INCLUDE \"$signedfile\"" >>"$zonefile" # Zone with signatures about to expire, but no private key to replace them # zone="expiring.example." -infile="expiring.example.db.in" +infile="template.db.in" zonefile="expiring.example.db" signedfile="expiring.example.db.signed" kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -704,15 +712,15 @@ mv -f "${kskname}.private" "${kskname}.private.moved" # A zone where the signer's name has been forced to uppercase. # zone="upper.example." -infile="upper.example.db.in" +infile="template.db.in" zonefile="upper.example.db" lower="upper.example.db.lower" signedfile="upper.example.db.signed" kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") cp "$infile" "$zonefile" -"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" >/dev/null -$CHECKZONE -D upper.example $lower 2>/dev/null \ +"$SIGNER" -P -S -o "$zone" -f "$lower" "$zonefile" >/dev/null +$CHECKZONE -D upper.example "$lower" 2>/dev/null \ | sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' >$signedfile # @@ -720,18 +728,19 @@ $CHECKZONE -D upper.example $lower 2>/dev/null \ # upper case. # zone="LOWER.EXAMPLE." -infile="lower.example.db.in" +infile="template.db.in" zonefile="lower.example.db" signedfile="lower.example.db.signed" +sed -e 's/ns3/NS3/' -e 's/mname1/MNAME1/' "$infile" >"$zonefile" kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") -cp "$infile" "$zonefile" "$SIGNER" -P -S -o "$zone" "$zonefile" >/dev/null # # An inline signing zone # zone=inline.example. +cp template.db.in inline.example.db kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -739,7 +748,7 @@ zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") # A zone which will change its signatures-validity # zone=siginterval.example -infile=siginterval.example.db.in +infile=template.db.in zonefile=siginterval.example.db kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -747,10 +756,9 @@ cp "$infile" "$zonefile" # # A zone with a bad DS in the parent -# (sourced from bogus.example.db.in) # zone=badds.example. -infile=bogus.example.db.in +infile=template.db.in zonefile=badds.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -764,7 +772,7 @@ sed -e 's/bogus/badds/g' dsset-badds.example. # Same as badds, but locally trusted by the forwarder # zone=localkey.example. -infile=bogus.example.db.in +infile=template.db.in zonefile=localkey.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -779,7 +787,7 @@ keyfile_to_static_keys $keyname >../ns9/trusted-localkey.conf # A zone with future signatures. # zone=future.example -infile=future.example.db.in +infile=template.db.in zonefile=future.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -791,7 +799,7 @@ cp -f "$kskname.key" trusted-future.key # A zone with future signatures. # zone=managed-future.example -infile=managed-future.example.db.in +infile=template.db.in zonefile=managed-future.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -802,7 +810,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # A zone with a revoked key # zone=revkey.example. -infile=generic.example.db.in +infile=template.db.in zonefile=revkey.example.db ksk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -3fk "$zone") @@ -848,12 +856,16 @@ cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \ # We only need to generate the dsset. # zone=rsasha1.example +infile=rsasha1.example.db.in zonefile=rsasha1.example.db +cp $infile $zonefile awk '$4 == "DNSKEY" && $5 == 257 { print }' "$zonefile" \ | $DSFROMKEY -f - "$zone" >"dsset-${zone}." zone=rsasha1-1024.example +infile=rsasha1-1024.example.db.in zonefile=rsasha1-1024.example.db +cp $infile $zonefile awk '$4 == "DNSKEY" && $5 == 257 { print }' "$zonefile" \ | $DSFROMKEY -f - "$zone" >"dsset-${zone}." diff --git a/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in b/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in deleted file mode 100644 index 55b38776da..0000000000 --- a/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in +++ /dev/null @@ -1,38 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -child NS ns2.example. -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/split-smart.example.db.in b/bin/tests/system/dnssec/ns3/split-smart.example.db.in deleted file mode 100644 index 55b38776da..0000000000 --- a/bin/tests/system/dnssec/ns3/split-smart.example.db.in +++ /dev/null @@ -1,38 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -child NS ns2.example. -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns2/insecure.secure.example.db b/bin/tests/system/dnssec/ns3/template.db.in similarity index 93% rename from bin/tests/system/dnssec/ns2/insecure.secure.example.db rename to bin/tests/system/dnssec/ns3/template.db.in index 62862f5305..f603e448ff 100644 --- a/bin/tests/system/dnssec/ns2/insecure.secure.example.db +++ b/bin/tests/system/dnssec/ns3/template.db.in @@ -17,10 +17,11 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) - NS ns2 -ns2 A 10.53.0.2 + NS ns3 +ns3 A 10.53.0.3 a A 10.0.0.1 +a.b A 10.0.0.1 b A 10.0.0.2 d A 10.0.0.4 z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in b/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in deleted file mode 100644 index 14971bd7a6..0000000000 --- a/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/unknownoid.example.db.in b/bin/tests/system/dnssec/ns3/unknownoid.example.db.in deleted file mode 100644 index f6c4fabdd3..0000000000 --- a/bin/tests/system/dnssec/ns3/unknownoid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/unsupported-algorithm.key b/bin/tests/system/dnssec/ns3/unsupported-algorithm.key.in similarity index 100% rename from bin/tests/system/dnssec/ns3/unsupported-algorithm.key rename to bin/tests/system/dnssec/ns3/unsupported-algorithm.key.in diff --git a/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in b/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in deleted file mode 100644 index 34006877b3..0000000000 --- a/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 - -normalthenrrsig A 10.0.0.28 -rrsigonly A 10.0.0.29 diff --git a/bin/tests/system/dnssec/ns3/upper.example.db.in b/bin/tests/system/dnssec/ns3/upper.example.db.in deleted file mode 100644 index ec6603a91f..0000000000 --- a/bin/tests/system/dnssec/ns3/upper.example.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2012042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ NS ns -ns A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns6/nosoa.secure.example.db b/bin/tests/system/dnssec/ns6/nosoa.secure.example.db.in similarity index 93% rename from bin/tests/system/dnssec/ns6/nosoa.secure.example.db rename to bin/tests/system/dnssec/ns6/nosoa.secure.example.db.in index 6b7af12553..85044d4168 100644 --- a/bin/tests/system/dnssec/ns6/nosoa.secure.example.db +++ b/bin/tests/system/dnssec/ns6/nosoa.secure.example.db.in @@ -17,6 +17,6 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) -@ IN NS ns -ns IN A 10.53.0.6 +@ IN NS ns6 +ns6 IN A 10.53.0.6 a IN A 1.2.3.4 diff --git a/bin/tests/system/dnssec/ns6/sign.sh b/bin/tests/system/dnssec/ns6/sign.sh index 74ae836f71..f2e231f235 100644 --- a/bin/tests/system/dnssec/ns6/sign.sh +++ b/bin/tests/system/dnssec/ns6/sign.sh @@ -18,6 +18,13 @@ set -e echo_i "ns6/sign.sh" +# set up unsigned zone first +zone=nosoa.secure.example. +infile=nosoa.secure.example.db.in +zonefile=nosoa.secure.example.db +cp "$infile" "$zonefile" + +# now sign the others zone=optout-tld infile=optout-tld.db.in zonefile=optout-tld.db diff --git a/bin/tests/system/dnssec/tests_badkey.py b/bin/tests/system/dnssec/tests_badkey.py index b646789e3a..ca883f81e7 100644 --- a/bin/tests/system/dnssec/tests_badkey.py +++ b/bin/tests/system/dnssec/tests_badkey.py @@ -11,9 +11,39 @@ from dns import flags +import pytest + import isctest +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + def test_misconfigured_validation(): # check that validation fails with a misconfigured trust anchor msg = isctest.query.create("example.", "SOA") diff --git a/bin/tests/system/dnssec/tests_delv.py b/bin/tests/system/dnssec/tests_delv.py index 5e5f375ab7..6ed76fe90f 100644 --- a/bin/tests/system/dnssec/tests_delv.py +++ b/bin/tests/system/dnssec/tests_delv.py @@ -18,7 +18,35 @@ import pytest import isctest -pytestmark = pytest.mark.skipif(bool(os.getenv("TSAN_OPTIONS", "")), reason="TSAN") +pytestmark = [ + pytest.mark.skipif(bool(os.getenv("TSAN_OPTIONS", "")), reason="TSAN"), + pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] + ), +] # helper functions diff --git a/bin/tests/system/dnssec/tests_policy.py b/bin/tests/system/dnssec/tests_policy.py index bbeb8189b3..d76a0ed5f0 100644 --- a/bin/tests/system/dnssec/tests_policy.py +++ b/bin/tests/system/dnssec/tests_policy.py @@ -14,9 +14,39 @@ import time from dns import rdatatype +import pytest + import isctest +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + def is_rrsig_soa(rrset): return rrset.rdtype == rdatatype.RRSIG and rrset.covers == rdatatype.SOA diff --git a/bin/tests/system/dnssec/tests_signing.py b/bin/tests/system/dnssec/tests_signing.py index a5919e78d9..617c62234f 100644 --- a/bin/tests/system/dnssec/tests_signing.py +++ b/bin/tests/system/dnssec/tests_signing.py @@ -23,6 +23,34 @@ pytest.importorskip("dns", minversion="2.0.0") import isctest +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + # helper functions def grep_c(regex, filename): with open(filename, "r", encoding="utf-8") as f: @@ -171,10 +199,10 @@ def test_update_signing(): # check that the NSEC3 record for the apex is properly signed # when a DNSKEY is added via UPDATE key = keygen( - "-q3fk", "-a", os.environ["DEFAULT_ALGORITHM"], "update-nsec3.example." + "-Kns3", "-q3fk", "-a", os.environ["DEFAULT_ALGORITHM"], "update-nsec3.example." ) - with open(f"{key}.key", "r", encoding="utf-8") as f: + with open(f"ns3/{key}.key", "r", encoding="utf-8") as f: dnskey = f.read().splitlines()[-1] dnskey = " ".join(dnskey.split()[3:]) diff --git a/bin/tests/system/dnssec/tests_tat.py b/bin/tests/system/dnssec/tests_tat.py index 5f527d0964..97b5a253f3 100644 --- a/bin/tests/system/dnssec/tests_tat.py +++ b/bin/tests/system/dnssec/tests_tat.py @@ -14,9 +14,39 @@ import re from dns import edns +import pytest + import isctest +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + def test_tat_queries(servers): ns1 = servers["ns1"] ns6 = servers["ns6"] diff --git a/bin/tests/system/dnssec/tests_validation.py b/bin/tests/system/dnssec/tests_validation.py index 8c9bc78554..74cb7c6dff 100644 --- a/bin/tests/system/dnssec/tests_validation.py +++ b/bin/tests/system/dnssec/tests_validation.py @@ -18,12 +18,40 @@ from dns import edns, flags, name, rcode, rdataclass, rdatatype import pytest -pytest.importorskip("dns", minversion="2.0.0") import isctest import isctest.mark from isctest.util import param +pytest.importorskip("dns", minversion="2.0.0") +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + # helper functions def grep_q(regex, filename): with open(filename, "r", encoding="utf-8") as f: @@ -64,7 +92,7 @@ def test_insecure_glue(): isctest.check.rr_count_eq(res.answer, 1) isctest.check.rr_count_eq(res.authority, 1) isctest.check.rr_count_eq(res.additional, 1) - assert str(res.additional[0].name) == "ns.insecure.example." + assert str(res.additional[0].name) == "ns3.insecure.example." addrs = [str(a) for a in res.additional[0]] assert "10.53.0.3" in addrs @@ -1271,11 +1299,12 @@ def test_broken_servers(): isctest.check.noadflag(res) -def test_pending_ds(): +def test_pending_ds(servers): # check that a query against a validating resolver succeeds when there is # a negative cache entry with trust level "pending" for the DS. prime # with a +cd DS query to produce the negative cache entry, then send a # query that uses that entry as part of the validation process. + ns4 = servers["ns4"] ns4.rndc("flush", log=False) msg = isctest.query.create("insecure.example", "DS", cd=True) res = isctest.query.tcp(msg, "10.53.0.4")