upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-23 10:37:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/bin/tests/system/dnssec
History
Colin Vidal e856afa3b5 add system tests covering EDE 9 
The authoritative server on "missing-dnskey." zone is ns2, the zone is
initially signed normally, but then the DNSKEY are pulled out from the
signed generated zone file. As a consequence, a quering the resolver ns4
returns a SERVFAIL with EDE9 as the chain of trust is broken: the DS is
prsent in the parent zone (the root zone in ns1), but the DNSKEY is
missing from the zone.

A similar is "wrong-dnskey.", but here the zone is signed correctly,
but the DS points to a different DNSKEY. Hence no supported matching
DNSKEY record could be found for the child.
2025-12-17 09:43:13 +01:00
..
ans10 Use isctest.asyncserver in the "dnssec" test 2025-10-29 14:20:02 +01:00
ns1 add system tests covering EDE 9 2025-12-17 09:43:13 +01:00
ns2 add system tests covering EDE 9 2025-12-17 09:43:13 +01:00
ns3 Add a system test with one good and one bad algorithm 2025-11-04 19:53:25 +01:00
ns4 remove "bindkeys-file" option 2025-10-12 23:37:49 -07:00
ns5 convert dnssec validation tests to python 2025-07-31 12:55:40 -07:00
ns6 tidy up the dnssec test tree 2025-07-31 12:55:40 -07:00
ns9 Split up badkey tests into separate modules 2025-07-31 12:55:40 -07:00
prereq.sh Remove obsolete dnspython prerequisite checks 2025-11-28 11:24:11 +01:00
README convert dnssec validation tests to python 2025-07-31 12:55:40 -07:00
setup.sh convert dnssec validation tests to python 2025-07-31 12:55:40 -07:00
tests_badkey.py Require dnspython>2.0.0 in system tests using asyncserver 2025-11-04 16:57:59 +01:00
tests_badkey_broken.py Require dnspython>2.0.0 in system tests using asyncserver 2025-11-04 16:57:59 +01:00
tests_badkey_revoked.py Require dnspython>2.0.0 in system tests using asyncserver 2025-11-04 16:57:59 +01:00
tests_delv.py Use Text with Grep support in isctest.run.cmd() 2025-12-08 14:57:47 +01:00
tests_policy.py Refactor NamedInstance.rndc() to use EnvCmd() interface 2025-12-08 14:57:47 +01:00
tests_signing.py Refactor NamedInstance.rndc() to use EnvCmd() interface 2025-12-08 14:57:47 +01:00
tests_tat.py Refactor LogFile into TextFile with Grep support 2025-12-08 14:57:47 +01:00
tests_validation.py add system tests covering EDE 9 2025-12-17 09:43:13 +01:00
tests_validation_accept_expired.py Refactor NamedInstance.rndc() to use EnvCmd() interface 2025-12-08 14:57:47 +01:00
tests_validation_managed_keys.py Refactor NamedInstance.rndc() to use EnvCmd() interface 2025-12-08 14:57:47 +01:00
tests_validation_many_anchors.py Use new EDE helper in existing system tests 2025-11-10 15:41:51 +01:00
tests_validation_multiview.py Refactor NamedInstance.rndc() to use EnvCmd() interface 2025-12-08 14:57:47 +01:00

README 

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0.  If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.

The test setup for the DNSSEC tests has a secure root.

ns1 is the root server.

ns2 and ns3 are authoritative servers for the various test domains.

ns4 is a caching-only server, configured with the correct trusted key
for the root.

ns5 is a caching-only server, configured with the an incorrect trusted
key for the root, or with unsupported and disabled algorithms.  It is used
for testing failure cases.

ns6 is a caching and authoritative server used for testing unusual
server behaviors such as disabled DNSSEC algorithms and non-cacheable
responses. It runs with -T nonearest, -T nosoa, and -T tat=3.

ns9 is a forwarding-only server.