upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch '3345-fix-keyless-example-generation-v9_18' into 'v9_18'

Browse source 
Make modifications to keyless.example deterministic

See merge request isc-projects/bind9!6370
This commit is contained in:
Mark Andrews 2022-06-01 01:08:35 +00:00
commit a6456581ce
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
bin/tests/system/dnssec/ns3/sign.sh
View file

@ -121,12 +121,12 @@ cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -z -o "$zone" "$zonefile" > /dev/null
# Change the signer field of the a.b.keyless.example SIG A
# to point to a provably nonexistent KEY record.
# Change the signer field of the a.b.keyless.example RRSIG A
# to point to a provably nonexistent DNSKEY record.
zonefiletmp=$(mktemp "$zonefile.XXXXXX") || exit 1
mv "$zonefile.signed" "$zonefiletmp"
<"$zonefiletmp" "$PERL" -p -e 's/ keyless.example/ b.keyless.example/
if /^a.b.keyless.example/../NXT/;' > "$zonefile.signed"
if /^a.b.keyless.example/../A RRSIG NSEC/;' > "$zonefile.signed"
rm -f "$zonefiletmp"
#

2
bin/tests/system/dnssec/tests.sh
View file

@ -938,7 +938,7 @@ if [ -x ${DELV} ] ; then
ret=0
echo_i "checking that validation fails when key record is missing using dns_client ($n)"
delv_with_opts +cd @10.53.0.4 a a.b.keyless.example > delv.out$n 2>&1 || ret=1
grep "resolution failed: broken trust chain" delv.out$n > /dev/null || ret=1
grep "resolution failed: insecurity proof failed" delv.out$n > /dev/null || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))