mirror of
https://github.com/isc-projects/bind9.git
synced 2026-04-14 05:26:20 -04:00
62ddc3dca0
Now that inline-signing is explicitly set in dnssec-policy, remove the redundant "inline-signing yes;" lines from the system tests.
59 lines
1.4 KiB
Text
59 lines
1.4 KiB
Text
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
dnssec-policy "warn1" {
|
|
keys {
|
|
// This policy has keys in the same algorithm with the same
|
|
// role, this should trigger a warning.
|
|
ksk lifetime unlimited algorithm ecdsa256;
|
|
zsk lifetime unlimited algorithm ecdsa256;
|
|
zsk lifetime unlimited algorithm ecdsa256;
|
|
ksk lifetime unlimited algorithm ecdsa256;
|
|
};
|
|
};
|
|
|
|
dnssec-policy "warn2" {
|
|
keys {
|
|
// This policy has keys in the same algorithm with the same
|
|
// role, this should trigger a warning.
|
|
csk lifetime unlimited algorithm rsasha256;
|
|
ksk lifetime unlimited algorithm rsasha256;
|
|
zsk lifetime unlimited algorithm rsasha256;
|
|
};
|
|
};
|
|
|
|
dnssec-policy "warn3" {
|
|
keys {
|
|
// This policy has a key with a very short lifetime.
|
|
csk lifetime PT2591999S algorithm rsasha256;
|
|
};
|
|
};
|
|
|
|
zone "warn1.example.net" {
|
|
type primary;
|
|
file "warn1.example.db";
|
|
dnssec-policy "warn1";
|
|
};
|
|
|
|
zone "warn2.example.net" {
|
|
type primary;
|
|
file "warn2.example.db";
|
|
dnssec-policy "warn2";
|
|
};
|
|
|
|
zone "warn3.example.net" {
|
|
type primary;
|
|
file "warn3.example.db";
|
|
dnssec-policy "warn3";
|
|
};
|
|
|