upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 12:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update views system test

Browse source 
Change test configuration to make use of 'dnssec-policy' instead of
'auto-dnssec'.

Because we now use 'dnssec-policy', there is no need to create an
explicit key in the final test that adds multiple inline zones
followed by a reconfig.
This commit is contained in:
Matthijs Mekking 2023-06-29 11:23:34 +02:00
parent 62368c6a6f
commit 4690e95d29
3 changed files with 17 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bin/tests/system/views/ns2/named1.conf.in
View file

@ -33,6 +33,12 @@ controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
dnssec-policy "views" {
keys {
ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
};
};
zone "." {
type hint;
@ -49,7 +55,6 @@ zone "inline" {
type primary;
file "external/inline.db";
key-directory "external";
auto-dnssec maintain;
dnssec-policy views;
inline-signing yes;
dnssec-dnskey-kskonly no;
};

13
bin/tests/system/views/ns2/named2.conf.in
View file

@ -33,6 +33,13 @@ controls {
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
dnssec-policy "views" {
keys {
ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
csk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
};
};
view "internal" {
match-clients { 10.53.0.2;
10.53.0.3; };
@ -63,9 +70,8 @@ view "internal" {
type primary;
file "internal/inline.db";
key-directory "internal";
auto-dnssec maintain;
dnssec-policy views;
inline-signing yes;
dnssec-dnskey-kskonly no;
};
};
@ -96,8 +102,7 @@ view "external" {
type primary;
file "external/inline.db";
key-directory "external";
auto-dnssec maintain;
dnssec-policy views;
inline-signing yes;
dnssec-dnskey-kskonly no;
};
};

4
bin/tests/system/views/tests.sh
View file

@ -158,8 +158,7 @@ while [ $i -lt 50 ]; do
zone "${zone_name}" {
type primary;
file "db.${zone_name}";
dnssec-dnskey-kskonly yes;
auto-dnssec maintain;
dnssec-policy default;
inline-signing yes;
};
EOF
@ -178,7 +177,6 @@ while [ $i -lt 50 ]; do
localhost IN A 127.0.0.1
EOF
$KEYGEN -q -Kns2 -fk -aecdsa256 "${zone_name}" > /dev/null
$RNDCCMD 10.53.0.2 reconfig || ret=1
if [ $ret != 0 ]; then echo_i "failed"; break; fi
i=$((i + 1))