mirror of
https://github.com/isc-projects/bind9.git
synced 2026-04-23 07:07:00 -04:00
244923b9dc
A DNSSEC validation can fail in the case where multiple DNSKEY are available for a zone and none of them are supported, but for different reasons: one has a DS record in the parent zone using an unsupported digest while the other one uses an unsupported encryption algorithm. Add a specific test case covering this flow and making sure that two extended DNS error are provided: code 1 and 2, each of them highlighting unsupported algorithm and digest. |
||
|---|---|---|
| .. | ||
| ans10 | ||
| ns1 | ||
| ns2 | ||
| ns3 | ||
| ns4 | ||
| ns5 | ||
| ns6 | ||
| ns7 | ||
| ns8 | ||
| ns9 | ||
| signer | ||
| dnssec_update_test.pl | ||
| ntadiff.pl | ||
| prereq.sh | ||
| README | ||
| setup.sh | ||
| tests.sh | ||
| tests_sh_dnssec.py | ||
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
SPDX-License-Identifier: MPL-2.0
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
The test setup for the DNSSEC tests has a secure root.
ns1 is the root server.
ns2 and ns3 are authoritative servers for the various test domains.
ns4 is a caching-only server, configured with the correct trusted key
for the root.
ns5 is a caching-only server, configured with the an incorrect trusted
key for the root. It is used for testing failure cases.
ns6 is an caching and authoritative server used for testing unusual
server behaviors such as disabled DNSSEC algorithms.
ns7 is used for checking non-cacheable answers.
ns8 is a caching-only server, configured with unsupported and disabled
algorithms. It is used for testing failure cases.
ns9 is a forwarding-only server.