mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-10 19:39:58 -04:00
Merge branch 'michal/simplify-trailing-period-handling-in-system-tests-v9_14' into 'v9_14'
[v9_14] Simplify trailing period handling in system tests See merge request isc-projects/bind9!1877
This commit is contained in:
Michał Kępień
commit
bb258967c3
6 changed files with 83 additions and 83 deletions
|
|
@ -16,29 +16,29 @@ SYSTEMTESTTOP=../..
|
|||
|
||||
echo_i "dlv/ns3/sign.sh"
|
||||
|
||||
dlvzone="dlv.utld."
|
||||
dlvzone="dlv.utld"
|
||||
dlvsets=
|
||||
dssets=
|
||||
|
||||
disableddlvzone="disabled-algorithm-dlv.utld."
|
||||
disableddlvzone="disabled-algorithm-dlv.utld"
|
||||
disableddlvsets=
|
||||
disableddssets=
|
||||
|
||||
unsupporteddlvzone="unsupported-algorithm-dlv.utld."
|
||||
unsupporteddlvzone="unsupported-algorithm-dlv.utld"
|
||||
unsupporteddlvsets=
|
||||
unsupporteddssets=
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry.
|
||||
zone=child1.utld.
|
||||
zone=child1.utld
|
||||
infile=child.db.in
|
||||
zonefile=child1.utld.db
|
||||
outfile=child1.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
|
@ -47,16 +47,16 @@ echo_i "signed $zone"
|
|||
|
||||
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||
# with a disabled algorithm.
|
||||
zone=child3.utld.
|
||||
zone=child3.utld
|
||||
infile=child.db.in
|
||||
zonefile=child3.utld.db
|
||||
outfile=child3.signed
|
||||
disableddlvsets="$disableddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
|
@ -66,11 +66,11 @@ echo_i "signed $zone"
|
|||
# Signed zone below unsigned TLD with DLV entry. This one is slightly
|
||||
# different because its children (the grandchildren) don't have a DS record in
|
||||
# this zone. The grandchild zones are served by ns6.
|
||||
zone=child4.utld.
|
||||
zone=child4.utld
|
||||
infile=child.db.in
|
||||
zonefile=child4.utld.db
|
||||
outfile=child4.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
|
@ -83,23 +83,23 @@ echo_i "signed $zone"
|
|||
|
||||
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||
# with an unsupported algorithm.
|
||||
zone=child5.utld.
|
||||
zone=child5.utld
|
||||
infile=child.db.in
|
||||
zonefile=child5.utld.db
|
||||
outfile=child5.signed
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD without DLV entry.
|
||||
zone=child7.utld.
|
||||
zone=child7.utld
|
||||
infile=child.db.in
|
||||
zonefile=child7.utld.db
|
||||
outfile=child7.signed
|
||||
|
|
@ -107,7 +107,7 @@ outfile=child7.signed
|
|||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
|
@ -116,7 +116,7 @@ echo_i "signed $zone"
|
|||
|
||||
# Signed zone below unsigned TLD without DLV entry and no DS records for the
|
||||
# grandchildren.
|
||||
zone=child8.utld.
|
||||
zone=child8.utld
|
||||
infile=child.db.in
|
||||
zonefile=child8.utld.db
|
||||
outfile=child8.signed
|
||||
|
|
@ -130,11 +130,11 @@ $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer
|
|||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry.
|
||||
zone=child9.utld.
|
||||
zone=child9.utld
|
||||
infile=child.db.in
|
||||
zonefile=child9.utld.db
|
||||
outfile=child9.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
|
@ -146,11 +146,11 @@ echo_i "signed $zone"
|
|||
|
||||
# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign
|
||||
# the zone to generate the DLV set.
|
||||
zone=child10.utld.
|
||||
zone=child10.utld
|
||||
infile=child.db.in
|
||||
zonefile=child10.utld.db
|
||||
outfile=child10.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
|
@ -163,11 +163,11 @@ echo_i "signed $zone"
|
|||
|
||||
# Zone signed with a disabled algorithm (an algorithm that is disabled in
|
||||
# one of the test resolvers) with DLV entry.
|
||||
zone=disabled-algorithm.utld.
|
||||
zone=disabled-algorithm.utld
|
||||
infile=child.db.in
|
||||
zonefile=disabled-algorithm.utld.db
|
||||
outfile=disabled-algorithm.utld.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
||||
|
|
@ -179,11 +179,11 @@ echo_i "signed $zone"
|
|||
|
||||
|
||||
# Zone signed with an unsupported algorithm with DLV entry.
|
||||
zone=unsupported-algorithm.utld.
|
||||
zone=unsupported-algorithm.utld
|
||||
infile=child.db.in
|
||||
zonefile=unsupported-algorithm.utld.db
|
||||
outfile=unsupported-algorithm.utld.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
|
@ -195,23 +195,23 @@ awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile
|
|||
|
||||
cp ${keyname2}.key ${keyname2}.tmp
|
||||
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
|
||||
cp dlvset-${zone} dlvset-${zone}tmp
|
||||
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}
|
||||
cp dlvset-${zone}${TP} dlvset-${zone}tmp
|
||||
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP}
|
||||
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set.
|
||||
zone=child1.druz.
|
||||
zone=child1.druz
|
||||
infile=child.db.in
|
||||
zonefile=child1.druz.db
|
||||
outfile=child1.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
|
@ -220,17 +220,17 @@ echo_i "signed $zone"
|
|||
|
||||
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
||||
# signed with a disabled algorithm.
|
||||
zone=child3.druz.
|
||||
zone=child3.druz
|
||||
infile=child.db.in
|
||||
zonefile=child3.druz.db
|
||||
outfile=child3.druz.signed
|
||||
disableddlvsets="$disableddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
disableddssets="$disableddssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
|
||||
disableddssets="$disableddssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
|
@ -239,12 +239,12 @@ echo_i "signed $zone"
|
|||
|
||||
# Signed zone below signed TLD with DLV entry and DS set, but missing
|
||||
# DS records for the grandchildren.
|
||||
zone=child4.druz.
|
||||
zone=child4.druz
|
||||
infile=child.db.in
|
||||
zonefile=child4.druz.db
|
||||
outfile=child4.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
|
@ -257,17 +257,17 @@ echo_i "signed $zone"
|
|||
|
||||
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
||||
# signed with an unsupported algorithm algorithm.
|
||||
zone=child5.druz.
|
||||
zone=child5.druz
|
||||
infile=child.db.in
|
||||
zonefile=child5.druz.db
|
||||
outfile=child5.druz.signed
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
unsupporteddssets="$unsupportedssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
|
||||
unsupporteddssets="$unsupportedssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
|
@ -275,16 +275,16 @@ echo_i "signed $zone"
|
|||
|
||||
|
||||
# Signed zone below signed TLD without DLV entry, but with normal DS set.
|
||||
zone=child7.druz.
|
||||
zone=child7.druz
|
||||
infile=child.db.in
|
||||
zonefile=child7.druz.db
|
||||
outfile=child7.druz.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
|
|
@ -293,7 +293,7 @@ echo_i "signed $zone"
|
|||
|
||||
# Signed zone below signed TLD without DLV entry and no DS set. Also DS
|
||||
# records for the grandchildren are not included in the zone.
|
||||
zone=child8.druz.
|
||||
zone=child8.druz
|
||||
infile=child.db.in
|
||||
zonefile=child8.druz.db
|
||||
outfile=child8.druz.signed
|
||||
|
|
@ -309,11 +309,11 @@ echo_i "signed $zone"
|
|||
|
||||
# Signed zone below signed TLD with DLV entry but no DS set. Also DS
|
||||
# records for the grandchildren are not included in the zone.
|
||||
zone=child9.druz.
|
||||
zone=child9.druz
|
||||
infile=child.db.in
|
||||
zonefile=child9.druz.db
|
||||
outfile=child9.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
|
@ -326,12 +326,12 @@ echo_i "signed $zone"
|
|||
|
||||
# Unsigned zone below signed TLD with DLV entry and DS set. We still need to
|
||||
# sign the zone to generate the DS sets.
|
||||
zone=child10.druz.
|
||||
zone=child10.druz
|
||||
infile=child.db.in
|
||||
zonefile=child10.druz.db
|
||||
outfile=child10.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
|
@ -347,23 +347,23 @@ cp $unsupporteddssets ../ns2
|
|||
|
||||
# DLV zones
|
||||
infile=dlv.db.in
|
||||
for zone in dlv.utld. disabled-algorithm-dlv.utld. unsupported-algorithm-dlv.utld.
|
||||
for zone in dlv.utld disabled-algorithm-dlv.utld unsupported-algorithm-dlv.utld
|
||||
do
|
||||
zonefile="${zone}db"
|
||||
outfile="${zone}signed"
|
||||
zonefile="${zone}.db"
|
||||
outfile="${zone}.signed"
|
||||
|
||||
case $zone in
|
||||
"dlv.utld.")
|
||||
"dlv.utld")
|
||||
algorithm=$DEFAULT_ALGORITHM
|
||||
bits=$DEFAULT_BITS
|
||||
dlvfiles=$dlvsets
|
||||
;;
|
||||
"disabled-algorithm-dlv.utld.")
|
||||
"disabled-algorithm-dlv.utld")
|
||||
algorithm=$DISABLED_ALGORITHM
|
||||
bits=$DISABLED_BITS
|
||||
dlvfiles=$disableddlvsets
|
||||
;;
|
||||
"unsupported-algorithm-dlv.utld.")
|
||||
"unsupported-algorithm-dlv.utld")
|
||||
algorithm=$DEFAULT_ALGORITHM
|
||||
bits=$DEFAULT_BITS
|
||||
dlvfiles=$unsupporteddlvsets
|
||||
|
|
@ -376,15 +376,15 @@ do
|
|||
cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
case $zone in
|
||||
"dlv.utld.")
|
||||
"dlv.utld")
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
|
||||
;;
|
||||
"disabled-algorithm-dlv.utld.")
|
||||
"disabled-algorithm-dlv.utld")
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
keyfile_to_trusted_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
|
||||
;;
|
||||
"unsupported-algorithm-dlv.utld.")
|
||||
"unsupported-algorithm-dlv.utld")
|
||||
cp ${keyname2}.key ${keyname2}.tmp
|
||||
$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
|||
|
||||
# Sign the privately secure file
|
||||
|
||||
privzone=private.secure.example.
|
||||
privzone=private.secure.example
|
||||
privinfile=private.secure.example.db.in
|
||||
privzonefile=private.secure.example.db
|
||||
|
||||
|
|
@ -153,7 +153,7 @@ cat "$privinfile" "$privkeyname.key" > "$privzonefile"
|
|||
dlvzone=dlv.
|
||||
dlvinfile=dlv.db.in
|
||||
dlvzonefile=dlv.db
|
||||
dlvsetfile="dlvset-$(echo "$privzone" |sed -e "s/\\.$//g")$TP"
|
||||
dlvsetfile="dlvset-${privzone}${TP}"
|
||||
|
||||
dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
|
||||
|
||||
|
|
|
|||
|
|
@ -261,7 +261,7 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
|||
# A zone that is signed with an unknown DNSKEY algorithm.
|
||||
# Algorithm 7 is replaced by 100 in the zone and dsset.
|
||||
#
|
||||
zone=dnskey-unknown.example.
|
||||
zone=dnskey-unknown.example
|
||||
infile=dnskey-unknown.example.db.in
|
||||
zonefile=dnskey-unknown.example.db
|
||||
|
||||
|
|
@ -273,14 +273,14 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
|||
|
||||
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
||||
DSFILE="dsset-${zone}${TP}"
|
||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||
|
||||
#
|
||||
# A zone that is signed with an unsupported DNSKEY algorithm (3).
|
||||
# Algorithm 7 is replaced by 255 in the zone and dsset.
|
||||
#
|
||||
zone=dnskey-unsupported.example.
|
||||
zone=dnskey-unsupported.example
|
||||
infile=dnskey-unsupported.example.db.in
|
||||
zonefile=dnskey-unsupported.example.db
|
||||
|
||||
|
|
@ -292,14 +292,14 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
|||
|
||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
||||
DSFILE="dsset-${zone}${TP}"
|
||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||
|
||||
#
|
||||
# A zone with a published unsupported DNSKEY algorithm (Reserved).
|
||||
# Different from above because this key is not intended for signing.
|
||||
#
|
||||
zone=dnskey-unsupported-2.example.
|
||||
zone=dnskey-unsupported-2.example
|
||||
infile=dnskey-unsupported-2.example.db.in
|
||||
zonefile=dnskey-unsupported-2.example.db
|
||||
|
||||
|
|
@ -314,7 +314,7 @@ cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
|
|||
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
|
||||
# Algorithm 7 is replaced by 100 in the zone and dsset.
|
||||
#
|
||||
zone=dnskey-nsec3-unknown.example.
|
||||
zone=dnskey-nsec3-unknown.example
|
||||
infile=dnskey-nsec3-unknown.example.db.in
|
||||
zonefile=dnskey-nsec3-unknown.example.db
|
||||
|
||||
|
|
@ -326,7 +326,7 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
|||
|
||||
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
||||
DSFILE="dsset-${zone}${TP}"
|
||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -12,10 +12,10 @@
|
|||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
zone1=good.
|
||||
zone1=good
|
||||
infile1=good.db.in
|
||||
zonefile1=good.db
|
||||
zone2=bad.
|
||||
zone2=bad
|
||||
infile2=bad.db.in
|
||||
zonefile2=bad.db
|
||||
|
||||
|
|
@ -30,8 +30,8 @@ cat $infile2 $keyname21.key $keyname22.key >$zonefile2
|
|||
$SIGNER -P -g -o $zone1 $zonefile1 > /dev/null
|
||||
$SIGNER -P -g -o $zone2 $zonefile2 > /dev/null
|
||||
|
||||
DSFILENAME1=dsset-`echo $zone1 |sed -e "s/\.$//g"`$TP
|
||||
DSFILENAME2=dsset-`echo $zone2 |sed -e "s/\.$//g"`$TP
|
||||
DSFILENAME1=dsset-${zone1}${TP}
|
||||
DSFILENAME2=dsset-${zone2}${TP}
|
||||
$DSFROMKEY -a SHA-256 $keyname12 > $DSFILENAME1
|
||||
$DSFROMKEY -a SHA-256 $keyname22 > $DSFILENAME2
|
||||
|
||||
|
|
|
|||
|
|
@ -82,10 +82,10 @@ signzone () {
|
|||
cat $1/$3 $1/$KEYNAME.key > $1/tmp
|
||||
$SIGNER -P -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
|
||||
sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
|
||||
DSFILENAME=dsset-`echo $2 |sed -e "s/\.$//g"`$TP
|
||||
DSFILENAME=dsset-${2}${TP}
|
||||
rm $DSFILENAME $1/tmp
|
||||
}
|
||||
signzone ns2 tld2s. base-tld2s.db tld2s.db
|
||||
signzone ns2 tld2s base-tld2s.db tld2s.db
|
||||
|
||||
# Performance and a few other checks.
|
||||
cat <<EOF >ns5/rpz-switch
|
||||
|
|
|
|||
|
|
@ -16,11 +16,11 @@ SYSTESTDIR=wildcard
|
|||
|
||||
dssets=
|
||||
|
||||
zone=dlv.
|
||||
zone=dlv
|
||||
infile=dlv.db.in
|
||||
zonefile=dlv.db
|
||||
outfile=dlv.db.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
|
|
@ -30,11 +30,11 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
|||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=nsec.
|
||||
zone=nsec
|
||||
infile=nsec.db.in
|
||||
zonefile=nsec.db
|
||||
outfile=nsec.db.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
|
|
@ -44,7 +44,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
|||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=private.nsec.
|
||||
zone=private.nsec
|
||||
infile=private.nsec.db.in
|
||||
zonefile=private.nsec.db
|
||||
outfile=private.nsec.db.signed
|
||||
|
|
@ -59,11 +59,11 @@ echo_i "signed $zone"
|
|||
|
||||
keyfile_to_trusted_keys $keyname2 > private.nsec.conf
|
||||
|
||||
zone=nsec3.
|
||||
zone=nsec3
|
||||
infile=nsec3.db.in
|
||||
zonefile=nsec3.db
|
||||
outfile=nsec3.db.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
|
|
@ -73,7 +73,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
|||
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=private.nsec3.
|
||||
zone=private.nsec3
|
||||
infile=private.nsec3.db.in
|
||||
zonefile=private.nsec3.db
|
||||
outfile=private.nsec3.db.signed
|
||||
|
|
|
|||
Loading…
Reference in a new issue