From 6c0380db8a5cc05a51198e9ba253f5db24c3754e Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Mon, 24 Jun 2024 10:01:37 +0200 Subject: [PATCH] Move dnssec-policy to kasp-fips.conf.in All dnssec-policy configurations are here, so why not this one? (cherry picked from commit 93326e3e180f4cb2d5fe0b01ba99941d5ec74355) --- bin/tests/system/kasp/ns6/named.conf.in | 6 ------ bin/tests/system/kasp/ns6/named2.conf.in | 6 ------ bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in | 6 ++++++ 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/bin/tests/system/kasp/ns6/named.conf.in b/bin/tests/system/kasp/ns6/named.conf.in index 7b0cba8478..8215531f3e 100644 --- a/bin/tests/system/kasp/ns6/named.conf.in +++ b/bin/tests/system/kasp/ns6/named.conf.in @@ -89,12 +89,6 @@ zone "step1.csk-algorithm-roll.kasp" { dnssec-policy "csk-algoroll"; }; -dnssec-policy "modified" { - keys { - csk lifetime unlimited algorithm rsasha256 2048; - }; -}; - zone example { type primary; file "example.db"; diff --git a/bin/tests/system/kasp/ns6/named2.conf.in b/bin/tests/system/kasp/ns6/named2.conf.in index 087fa7716f..cd209e7a52 100644 --- a/bin/tests/system/kasp/ns6/named2.conf.in +++ b/bin/tests/system/kasp/ns6/named2.conf.in @@ -177,12 +177,6 @@ zone "step6.csk-algorithm-roll.kasp" { dnssec-policy "csk-algoroll"; }; -dnssec-policy "modified" { - keys { - csk lifetime unlimited algorithm rsasha256 2048; - }; -}; - zone example { type primary; file "example.db"; diff --git a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in index 810b91d6ad..dc234d0c21 100644 --- a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in +++ b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in @@ -24,6 +24,12 @@ dnssec-policy "nsec3" { nsec3param iterations 0 optout no salt-length 0; }; +dnssec-policy "modified" { + keys { + csk lifetime unlimited algorithm rsasha256 2048; + }; +}; + dnssec-policy "rsasha256" { signatures-refresh P5D; signatures-validity 30d;