mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-23 10:37:43 -04:00
950df056b3
begin converting DNSSEC validation tests from shell to python, and simplify the name servers used in the test. ns4, the name server used for validation tests, is now configured using jinja2 templates. ns8, which was previously used for testing unsupported, disabled and revoked keys and trust anchors, has been removed. we now use a jinja2 configuration in ns5 for this purpose. the configurations in ns7 and ns6 didn't conflict with one another, so the two servers have been merged into one.
29 lines
1 KiB
Text
29 lines
1 KiB
Text
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
SPDX-License-Identifier: MPL-2.0
|
|
|
|
This Source Code Form is subject to the terms of the Mozilla Public
|
|
License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
See the COPYRIGHT file distributed with this work for additional
|
|
information regarding copyright ownership.
|
|
|
|
The test setup for the DNSSEC tests has a secure root.
|
|
|
|
ns1 is the root server.
|
|
|
|
ns2 and ns3 are authoritative servers for the various test domains.
|
|
|
|
ns4 is a caching-only server, configured with the correct trusted key
|
|
for the root.
|
|
|
|
ns5 is a caching-only server, configured with the an incorrect trusted
|
|
key for the root, or with unsupported and disabled algorithms. It is used
|
|
for testing failure cases.
|
|
|
|
ns6 is a caching and authoritative server used for testing unusual
|
|
server behaviors such as disabled DNSSEC algorithms and non-cacheable
|
|
responses. It runs with -T nonearest, -T nosoa, and -T tat=3.
|
|
|
|
ns9 is a forwarding-only server.
|