mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Merge branch '2906-sig-signing-type-breaks-named-checkconf-p-pretty-output' into 'main'
Resolve "sig-signing-type breaks `named-checkconf -p` pretty output" Closes #2906 See merge request isc-projects/bind9!5410
This commit is contained in:
Mark Andrews
commit
f735eead0a
5 changed files with 28 additions and 10 deletions
4
CHANGES
4
CHANGES
|
|
@ -1,3 +1,7 @@
|
|||
5718. [bug] Changing the sig signing type, by specifing
|
||||
sig-signing-type, failed as the configuration was
|
||||
incorrectly rejected. [GL #2906]
|
||||
|
||||
5717. [func] The "cache-file" option, which was documented as
|
||||
for testing purposes only and not to be used,
|
||||
has been removed. [GL #2903]
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@ zone "example" {
|
|||
allow-transfer { any; };
|
||||
allow-update { any; };
|
||||
auto-dnssec maintain;
|
||||
sig-signing-type 65280;
|
||||
};
|
||||
|
||||
zone "bar" {
|
||||
|
|
|
|||
|
|
@ -18,9 +18,13 @@ DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
|
|||
RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
|
||||
|
||||
# convert private-type records to readable form
|
||||
# $1 is the zone
|
||||
# $2 is the server
|
||||
# $3 is ignored
|
||||
# $4 is the alternate type
|
||||
showprivate () {
|
||||
echo "-- $@ --"
|
||||
$DIG $DIGOPTS +nodnssec +short @$2 -t type65534 $1 | cut -f3 -d' ' |
|
||||
$DIG $DIGOPTS +nodnssec +short @$2 -t ${4:-type65534} $1 | cut -f3 -d' ' |
|
||||
while read record; do
|
||||
$PERL -e 'my $rdata = pack("H*", @ARGV[0]);
|
||||
die "invalid record" unless length($rdata) == 5;
|
||||
|
|
@ -34,11 +38,15 @@ showprivate () {
|
|||
}
|
||||
|
||||
# check that signing records are marked as complete
|
||||
# if $3 is 1 then we are expecting "(incomplete)"
|
||||
# if $3 is 2 then we are not expecting either "(complete)" or "(incomplete)"
|
||||
# if $4 is present then that specifies any alternate type to check
|
||||
checkprivate () {
|
||||
_ret=0
|
||||
expected="${3:-0}"
|
||||
x=`showprivate "$@"`
|
||||
echo $x | grep incomplete > /dev/null && _ret=1
|
||||
echo $x | grep "(complete)" > /dev/null || _ret=2
|
||||
echo $x | grep "(incomplete)" > /dev/null && _ret=1
|
||||
|
||||
if [ $_ret = $expected ]; then
|
||||
return 0
|
||||
|
|
@ -1144,25 +1152,25 @@ echo_i "checking that signing records have been marked as complete ($n)"
|
|||
ret=0
|
||||
checkprivate . 10.53.0.1 || ret=1
|
||||
checkprivate bar 10.53.0.2 || ret=1
|
||||
checkprivate example 10.53.0.2 || ret=1
|
||||
checkprivate private.secure.example 10.53.0.3 || ret=1
|
||||
checkprivate example 10.53.0.2 0 type65280 || ret=1 # sig-signing-type 65280
|
||||
checkprivate private.secure.example 10.53.0.3 2 || ret=1 # pre-signed
|
||||
checkprivate nsec3.example 10.53.0.3 || ret=1
|
||||
checkprivate nsec3.nsec3.example 10.53.0.3 || ret=1
|
||||
checkprivate nsec3.optout.example 10.53.0.3 || ret=1
|
||||
checkprivate nsec3-to-nsec.example 10.53.0.3 || ret=1
|
||||
checkprivate nsec3-to-nsec.example 10.53.0.3 2 || ret=1 # automatically removed
|
||||
checkprivate nsec.example 10.53.0.3 || ret=1
|
||||
checkprivate oldsigs.example 10.53.0.3 || ret=1
|
||||
checkprivate oldsigs.example 10.53.0.3 2 || ret=1 # pre-signed
|
||||
checkprivate optout.example 10.53.0.3 || ret=1
|
||||
checkprivate optout.nsec3.example 10.53.0.3 || ret=1
|
||||
checkprivate optout.optout.example 10.53.0.3 || ret=1
|
||||
checkprivate prepub.example 10.53.0.3 1 || ret=1
|
||||
checkprivate prepub.example 10.53.0.3 1 || ret=1 # expecting incomplete
|
||||
checkprivate rsasha256.example 10.53.0.3 || ret=1
|
||||
checkprivate rsasha512.example 10.53.0.3 || ret=1
|
||||
checkprivate secure.example 10.53.0.3 || ret=1
|
||||
checkprivate secure.nsec3.example 10.53.0.3 || ret=1
|
||||
checkprivate secure.optout.example 10.53.0.3 || ret=1
|
||||
checkprivate secure-to-insecure2.example 10.53.0.3 || ret=1
|
||||
checkprivate secure-to-insecure.example 10.53.0.3 || ret=1
|
||||
checkprivate secure-to-insecure2.example 10.53.0.3 2|| ret=1 # automatically removed
|
||||
checkprivate secure-to-insecure.example 10.53.0.3 2 || ret=1 # automatically removed
|
||||
checkprivate ttl1.example 10.53.0.3 || ret=1
|
||||
checkprivate ttl2.example 10.53.0.3 || ret=1
|
||||
checkprivate ttl3.example 10.53.0.3 || ret=1
|
||||
|
|
|
|||
5
bin/tests/system/checkconf/good-sig-signing-type.conf
Normal file
5
bin/tests/system/checkconf/good-sig-signing-type.conf
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
zone example {
|
||||
type master;
|
||||
file "example.db";
|
||||
sig-signing-type 65280;
|
||||
};
|
||||
|
|
@ -3237,8 +3237,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
|
|||
"sig-signing-type: %u out of "
|
||||
"range [%u..%u]",
|
||||
type, 0xff00U, 0xffffU);
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
|
|
|
|||
Loading…
Reference in a new issue