mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-13 19:50:02 -04:00
Merge branch '3433-use-a-default-hmac-algorithm-in-system-tests' into 'main'
Resolve "Use a default HMAC algorithm in system tests" Closes #3433 See merge request isc-projects/bind9!6506
This commit is contained in:
Mark Andrews
commit
a8ddca1917
292 changed files with 425 additions and 390 deletions
3
CHANGES
3
CHANGES
|
|
@ -1,3 +1,6 @@
|
|||
5918. [test] Convert system tests to use a default HMAC algorithm
|
||||
where the test is not HMAC specific. [GL #3433]
|
||||
|
||||
5917. [bug] Update ifconfig.sh script as is miscomputed interface
|
||||
identifiers when destroying interfaces. [GL #3061]
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
@ -35,12 +35,12 @@ options {
|
|||
};
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
@ -35,12 +35,12 @@ options {
|
|||
};
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
@ -35,17 +35,17 @@ options {
|
|||
};
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key three {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
@ -35,12 +35,12 @@ options {
|
|||
};
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
@ -37,12 +37,12 @@ options {
|
|||
};
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -31,5 +31,5 @@ controls {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ controls {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
zone "existing" {
|
||||
|
|
|
|||
|
|
@ -23,14 +23,14 @@ echo_i "testing basic ACL processing"
|
|||
# key "one" should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
|
||||
# any other key should be fine
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
copy_setports ns2/named2.conf.in ns2/named.conf
|
||||
|
|
@ -40,18 +40,18 @@ sleep 5
|
|||
# prefix 10/8 should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# any other address should work, as long as it sends key "one"
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
echo_i "testing nested ACL processing"
|
||||
|
|
@ -63,31 +63,31 @@ sleep 5
|
|||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# but only one or the other should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
t=`expr $t + 1`
|
||||
|
|
@ -109,31 +109,31 @@ sleep 5
|
|||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should succeed
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
# should fail
|
||||
t=`expr $t + 1`
|
||||
$DIG $DIGOPTS tsigzone. \
|
||||
@10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t}
|
||||
@10.53.0.2 -b 10.53.0.3 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t}
|
||||
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
||||
|
||||
echo_i "testing allow-query-on ACL processing"
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -12,12 +12,12 @@
|
|||
*/
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -12,12 +12,12 @@
|
|||
*/
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
|
|||
acl badaccept { 10.53.0.1; };
|
||||
|
||||
key one {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
key two {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234efgh8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -200,7 +200,7 @@ rndc_reload ns2 10.53.0.2
|
|||
|
||||
echo_i "test $n: key allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
|
@ -213,7 +213,7 @@ rndc_reload ns2 10.53.0.2
|
|||
|
||||
echo_i "test $n: key not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
|
|
@ -227,7 +227,7 @@ rndc_reload ns2 10.53.0.2
|
|||
|
||||
echo_i "test $n: key disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
|
|
@ -366,7 +366,7 @@ rndc_reload ns2 10.53.0.2
|
|||
|
||||
echo_i "test $n: views key allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
|
@ -379,7 +379,7 @@ rndc_reload ns2 10.53.0.2
|
|||
|
||||
echo_i "test $n: views key not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
|
|
@ -393,7 +393,7 @@ rndc_reload ns2 10.53.0.2
|
|||
|
||||
echo_i "test $n: views key disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
|
|
@ -533,7 +533,7 @@ status=`expr $status + $ret`
|
|||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key allowed - query allowed"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
|
|
@ -543,7 +543,7 @@ status=`expr $status + $ret`
|
|||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key not allowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.keyallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
|
|
@ -554,7 +554,7 @@ status=`expr $status + $ret`
|
|||
n=`expr $n + 1`
|
||||
echo_i "test $n: zone key disallowed - query refused"
|
||||
ret=0
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
||||
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||
|
|
|
|||
|
|
@ -95,6 +95,8 @@ my $mainport = int($ENV{'PORT'});
|
|||
if (!$mainport) { $mainport = 5300; }
|
||||
my $ctrlport = int($ENV{'EXTRAPORT1'});
|
||||
if (!$ctrlport) { $ctrlport = 5301; }
|
||||
my $hmac_algorithm = $ENV{'DEFAULT_HMAC'};
|
||||
if (!defined($hmac_algorithm)) { $hmac_algorithm = "hmac-sha256"; }
|
||||
|
||||
# XXX: we should also be able to set the port numbers to listen on.
|
||||
my $ctlsock = IO::Socket::INET->new(LocalAddr => "$server_addr",
|
||||
|
|
@ -174,6 +176,7 @@ sub handleUDP {
|
|||
} else {
|
||||
$tsig = Net::DNS::RR->new(
|
||||
name => $key_name,
|
||||
algorithm => $hmac_algorithm,
|
||||
type => 'TSIG',
|
||||
key => $key_data);
|
||||
}
|
||||
|
|
@ -390,6 +393,7 @@ sub handleTCP {
|
|||
if ($Net::DNS::VERSION < 0.69) {
|
||||
$tsig = Net::DNS::RR->new(
|
||||
"$key_name TSIG $key_data");
|
||||
$tsig->algorithm = $hmac_algorithm;
|
||||
} elsif ($Net::DNS::VERSION >= 0.81 &&
|
||||
$continuation) {
|
||||
} elsif ($Net::DNS::VERSION >= 0.75 &&
|
||||
|
|
@ -398,6 +402,7 @@ sub handleTCP {
|
|||
} else {
|
||||
$tsig = Net::DNS::RR->new(
|
||||
name => $key_name,
|
||||
algorithm => $hmac_algorithm,
|
||||
type => 'TSIG',
|
||||
key => $key_data);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -122,5 +122,5 @@ view "ch" ch {
|
|||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -165,5 +165,5 @@ view "ch" ch {
|
|||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -122,5 +122,5 @@ view "ch" ch {
|
|||
|
||||
key tsig_key. {
|
||||
secret "LSAnCU+Z";
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -18,12 +18,12 @@
|
|||
|
||||
|
||||
key "keyforview1" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
|
||||
};
|
||||
|
||||
key "keyforview2" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
|
||||
};
|
||||
|
||||
|
|
@ -18,12 +18,12 @@
|
|||
*/
|
||||
|
||||
key "keyforview1" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
|
||||
};
|
||||
|
||||
key "keyforview2" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
|
||||
};
|
||||
|
||||
|
|
@ -19,12 +19,12 @@
|
|||
*/
|
||||
|
||||
key "keyforview1" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
|
||||
};
|
||||
|
||||
key "keyforview2" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
|
||||
};
|
||||
|
||||
|
|
@ -18,12 +18,12 @@
|
|||
*/
|
||||
|
||||
key "keyforview1" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
|
||||
};
|
||||
|
||||
key "keyforview2" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
|
||||
};
|
||||
|
||||
|
|
@ -19,12 +19,12 @@
|
|||
*/
|
||||
|
||||
key "keyforview1" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
|
||||
};
|
||||
|
||||
key "keyforview2" {
|
||||
algorithm "hmac-sha1";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
|
||||
};
|
||||
|
||||
|
|
@ -13,7 +13,6 @@
|
|||
|
||||
/* Bad secret */
|
||||
key "badtsig" {
|
||||
algorithm hmac-md5;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "jEdD+BPKg==";
|
||||
};
|
||||
|
||||
|
|
@ -11,10 +11,16 @@
|
|||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
rm -f good.conf.in good.conf.out badzero.conf *.out
|
||||
rm -f good-kasp.conf.in
|
||||
rm -rf test.keydir
|
||||
rm -f bad-kasp-keydir1.conf
|
||||
rm -f bad-kasp-keydir2.conf
|
||||
rm -f bad-kasp-keydir3.conf
|
||||
rm -f bad-kasp-keydir4.conf
|
||||
rm -f bad-kasp-keydir5.conf
|
||||
rm -f bad-tsig.conf
|
||||
rm -f checkconf.out*
|
||||
rm -f diff.out*
|
||||
rm -f ns*/named.lock
|
||||
rm -f good-kasp.conf.in
|
||||
rm -f good-server-christmas-tree.conf
|
||||
rm -f good.conf good.conf.raw good.conf.out badzero.conf *.out
|
||||
rm -f ns*/named.lock
|
||||
rm -rf test.keydir
|
||||
|
|
|
|||
|
|
@ -267,6 +267,6 @@ dyndb "name" "library.so" {
|
|||
system;
|
||||
};
|
||||
key "mykey" {
|
||||
algorithm "hmac-md5";
|
||||
algorithm "@DEFAULT_HMAC@";
|
||||
secret "qwertyuiopasdfgh";
|
||||
};
|
||||
|
|
@ -10,4 +10,13 @@
|
|||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
. ../conf.sh
|
||||
|
||||
copy_setports bad-kasp-keydir1.conf.in bad-kasp-keydir1.conf
|
||||
copy_setports bad-kasp-keydir2.conf.in bad-kasp-keydir2.conf
|
||||
copy_setports bad-kasp-keydir3.conf.in bad-kasp-keydir3.conf
|
||||
copy_setports bad-kasp-keydir4.conf.in bad-kasp-keydir4.conf
|
||||
copy_setports bad-kasp-keydir5.conf.in bad-kasp-keydir5.conf
|
||||
copy_setports bad-tsig.conf.in bad-tsig.conf
|
||||
copy_setports good.conf.in good.conf
|
||||
cp -f good-server-christmas-tree.conf.in good-server-christmas-tree.conf
|
||||
|
|
|
|||
|
|
@ -26,11 +26,11 @@ status=`expr $status + $ret`
|
|||
n=`expr $n + 1`
|
||||
echo_i "checking that named-checkconf prints a known good config ($n)"
|
||||
ret=0
|
||||
awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in
|
||||
[ -s good.conf.in ] || ret=1
|
||||
$CHECKCONF -p good.conf.in > checkconf.out$n || ret=1
|
||||
grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
|
||||
cmp good.conf.in good.conf.out || ret=1
|
||||
awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.raw
|
||||
[ -s good.conf.raw ] || ret=1
|
||||
$CHECKCONF -p good.conf.raw > checkconf.out$n || ret=1
|
||||
grep -v '^good.conf.raw:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
|
||||
cmp good.conf.raw good.conf.out || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
|
|
@ -38,10 +38,10 @@ n=`expr $n + 1`
|
|||
echo_i "checking that named-checkconf -x removes secrets ($n)"
|
||||
ret=0
|
||||
# ensure there is a secret and that it is not the check string.
|
||||
grep 'secret "' good.conf.in > /dev/null || ret=1
|
||||
grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1
|
||||
$CHECKCONF -p -x good.conf.in > checkconf.out$n || ret=1
|
||||
grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
|
||||
grep 'secret "' good.conf.raw > /dev/null || ret=1
|
||||
grep 'secret "????????????????"' good.conf.raw > /dev/null 2>&1 && ret=1
|
||||
$CHECKCONF -p -x good.conf.raw > checkconf.out$n || ret=1
|
||||
grep -v '^good.conf.raw:' < checkconf.out$n > good.conf.out 2>&1 || ret=1
|
||||
grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -11,4 +11,5 @@
|
|||
|
||||
rm -f test.* good1.db.raw named-compilezone
|
||||
rm -f ns*/named.lock
|
||||
rm -f zones/bad-tsig.db
|
||||
rm -f zones/zone1_*.txt
|
||||
|
|
|
|||
|
|
@ -15,3 +15,5 @@ ln -s $CHECKZONE named-compilezone
|
|||
|
||||
./named-compilezone -D -F raw -o good1.db.raw example \
|
||||
zones/good1.db > /dev/null 2>&1
|
||||
|
||||
copy_setports zones/bad-tsig.db.in zones/bad-tsig.db
|
||||
|
|
|
|||
|
|
@ -14,4 +14,4 @@ $TTL 600
|
|||
NS ns
|
||||
ns A 192.0.2.1
|
||||
|
||||
tsig TSIG hmac-sha1. 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0
|
||||
tsig TSIG @DEFAULT_HMAC@ 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -283,6 +283,10 @@ DISABLED_ALGORITHM=ECDSAP384SHA384
|
|||
DISABLED_ALGORITHM_NUMBER=14
|
||||
DISABLED_BITS=384
|
||||
|
||||
# Default HMAC algorithm.
|
||||
# also update common/rndc.conf and common/rndc.key when updating DEFAULT_HMAC
|
||||
DEFAULT_HMAC=hmac-sha256
|
||||
|
||||
#
|
||||
# Useful functions in test scripts
|
||||
#
|
||||
|
|
@ -711,6 +715,7 @@ copy_setports() {
|
|||
-e "s/@ALTERNATIVE_ALGORITHM@/${ALTERNATIVE_ALGORITHM}/g" \
|
||||
-e "s/@ALTERNATIVE_ALGORITHM_NUMBER@/${ALTERNATIVE_ALGORITHM_NUMBER}/g" \
|
||||
-e "s/@ALTERNATIVE_BITS@/${ALTERNATIVE_BITS}/g" \
|
||||
-e "s/@DEFAULT_HMAC@/${DEFAULT_HMAC}/g" \
|
||||
-e "s/@DISABLED_ALGORITHM@/${DISABLED_ALGORITHM}/g" \
|
||||
-e "s/@DISABLED_ALGORITHM_NUMBER@/${DISABLED_ALGORITHM_NUMBER}/g" \
|
||||
-e "s/@DISABLED_BITS@/${DISABLED_BITS}/g" \
|
||||
|
|
|
|||
|
|
@ -45,8 +45,8 @@ def logquery(type, qname):
|
|||
try:
|
||||
keyring = dns.tsigkeyring.from_text(
|
||||
{
|
||||
"foo": {"hmac-sha256", "aaaaaaaaaaaa"},
|
||||
"fake": {"hmac-sha256", "aaaaaaaaaaaa"},
|
||||
"foo": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"},
|
||||
"fake": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"},
|
||||
}
|
||||
)
|
||||
except:
|
||||
|
|
|
|||
|
|
@ -13,12 +13,12 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
key foo {
|
||||
secret "aaaaaaaaaaaa";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
server 10.53.0.10 {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -474,7 +474,7 @@ then
|
|||
echo_i "check that TSIG test server is correctly configured ($n)"
|
||||
ret=0
|
||||
pat="; COOKIE: ................................ (good)"
|
||||
key=hmac-sha256:foo:aaaaaaaaaaaa
|
||||
key="${DEFAULT_HMAC}:foo:aaaaaaaaaaaa"
|
||||
#UDP
|
||||
$DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. > dig.out.test$n.1
|
||||
grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ ret=0
|
|||
import sys
|
||||
sys.path.insert(0, '../../../../bin/python')
|
||||
from isc import rndc
|
||||
r = rndc(('10.53.0.2', 9953), 'hmac-sha256', '1234abcd8765')
|
||||
r = rndc(('10.53.0.2', 9953), '${DEFAULT_HMAC}', '1234abcd8765')
|
||||
for i in range(20000):
|
||||
res = r.call('addzone z%d.example { type primary; file "added.db"; };' % i)
|
||||
if 'text' in res:
|
||||
|
|
@ -48,7 +48,7 @@ EOF
|
|||
import sys
|
||||
sys.path.insert(0, '../../../../bin/python')
|
||||
from isc import rndc
|
||||
r = rndc(('10.53.0.2', 9953), 'hmac-sha256', '1234abcd8765')
|
||||
r = rndc(('10.53.0.2', 9953), '${DEFAULT_HMAC}', '1234abcd8765')
|
||||
for i in range(20000):
|
||||
res = r.call('delzone z%d.example' % i)
|
||||
if 'text' in res:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
include "ddns.key";
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
@ -34,7 +34,7 @@ controls {
|
|||
|
||||
key auth {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
include "trusted.conf";
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
@ -35,5 +35,5 @@ controls {
|
|||
|
||||
key auth {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ server 10.53.0.1 { tcp-only yes; };
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ server 10.53.0.1 { tcp-only yes; };
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
key rndc_key {
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
key rndc_key {
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
secret "1234abcd8765";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ server 10.53.0.4 {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ server 10.53.0.4 {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ server 10.53.0.4 {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ options {
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ include "trusted.conf";
|
|||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm hmac-sha256;
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue