bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 12:20:00 -04:00

History

Ondřej Surý b9c1b90b50 Drop RFC 2535 special-casing of the KEY record type After SIG and NXT lost their special handling, KEY remained the only RFC 2535-era type still receiving coexistence allowances: KEY alongside CNAME at the same owner, KEY answered from the parent side of a zone cut, KEY kept across CNAME eviction in the cache. RFC 3755 retains type 25 only for SIG(0) and TKEY transaction signatures, and neither relies on those allowances in practice. The in-tree comment that flagged the RFC 3007 parent-side carve-out as "unclear" predicted this cleanup. Zones that publish CNAME and KEY at the same owner — already invalid under RFC 2181 — now fail to load. System test fixtures are updated accordingly, and a new test asserts that SIG, NXT, and KEY records pick up covering RRSIGs when their zone is signed.		2026-05-28 13:21:00 +02:00
..
ans10	Remove license headers from test zone files	2026-03-31 17:57:58 +02:00
ns1	Remove license headers from test zone files	2026-03-31 17:57:58 +02:00
ns2	Remove license headers from test zone files	2026-03-31 17:57:58 +02:00
ns3	Drop RFC 2535 special-casing of the KEY record type	2026-05-28 13:21:00 +02:00
ns4	Remove license headers from named.conf test files	2026-03-31 17:57:58 +02:00
ns5	Remove license headers from named.conf test files	2026-03-31 17:57:58 +02:00
ns6	Remove license headers from test zone files	2026-03-31 17:57:58 +02:00
ns9	Remove license headers from named.conf test files	2026-03-31 17:57:58 +02:00
prereq.sh	Remove obsolete dnspython prerequisite checks	2025-11-28 11:24:11 +01:00
README	convert dnssec validation tests to python	2025-07-31 12:55:40 -07:00
setup.sh	convert dnssec validation tests to python	2025-07-31 12:55:40 -07:00
tests_badkey.py	Automatically sort imports in Python code	2026-02-20 15:17:32 +01:00
tests_badkey_broken.py	Remove compatibility hacks for dnspython<2.7.0	2026-01-21 16:07:31 +01:00
tests_badkey_revoked.py	Remove compatibility hacks for dnspython<2.7.0	2026-01-21 16:07:31 +01:00
tests_delv.py	Automatically sort imports in Python code	2026-02-20 15:17:32 +01:00
tests_policy.py	Automatically sort imports in Python code	2026-02-20 15:17:32 +01:00
tests_signing.py	Make default_algorithm accessible through a fixture and method	2026-02-20 15:17:32 +01:00
tests_tat.py	Automatically sort imports in Python code	2026-02-20 15:17:32 +01:00
tests_validation.py	Drop RFC 2535 special-casing of the KEY record type	2026-05-28 13:21:00 +02:00
tests_validation_accept_expired.py	Remove compatibility hacks for dnspython<2.7.0	2026-01-21 16:07:31 +01:00
tests_validation_managed_keys.py	Make default_algorithm accessible through a fixture and method	2026-02-20 15:17:32 +01:00
tests_validation_many_anchors.py	Don't use dns_db_findzonecut() in query_addbestns()	2026-03-30 20:41:13 +02:00
tests_validation_multiview.py	Make default_algorithm accessible through a fixture and method	2026-02-20 15:17:32 +01:00

README

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0.  If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.

The test setup for the DNSSEC tests has a secure root.

ns1 is the root server.

ns2 and ns3 are authoritative servers for the various test domains.

ns4 is a caching-only server, configured with the correct trusted key
for the root.

ns5 is a caching-only server, configured with the an incorrect trusted
key for the root, or with unsupported and disabled algorithms.  It is used
for testing failure cases.

ns6 is a caching and authoritative server used for testing unusual
server behaviors such as disabled DNSSEC algorithms and non-cacheable
responses. It runs with -T nonearest, -T nosoa, and -T tat=3.

ns9 is a forwarding-only server.