mirror of
https://github.com/NLnetLabs/unbound.git
synced 2026-02-18 18:25:10 -05:00
Script to generate autotrust_10key.rpl
This commit is contained in:
parent
2025946247
commit
ceef1639d4
2 changed files with 210 additions and 0 deletions
144
testdata/gen/autotrust_10key.rpl.in
vendored
Normal file
144
testdata/gen/autotrust_10key.rpl.in
vendored
Normal file
|
|
@ -0,0 +1,144 @@
|
|||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
log-time-ascii: yes
|
||||
fake-sha1: yes
|
||||
trust-anchor-signaling: no
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
AUTOTRUST_FILE example.com
|
||||
; autotrust trust anchor file
|
||||
;;id: example.com. 1
|
||||
;;last_queried: 1258962400 ;;Mon Nov 23 07:46:40 2009
|
||||
;;last_success: 1258962400 ;;Mon Nov 23 07:46:40 2009
|
||||
;;next_probe_time: 1258967360 ;;Mon Nov 23 09:09:20 2009
|
||||
;;query_failed: 0
|
||||
;;query_interval: 5400
|
||||
;;retry_time: 3600
|
||||
PUBKEY01 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
|
||||
PUBKEY02 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
|
||||
AUTOTRUST_END
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test autotrust with 10 keys
|
||||
; spec says you must be able to handle at least 5 keys per trust point
|
||||
|
||||
; K-ROOT
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS k.root-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
k.root-servers.net IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
|
||||
PUBKEY01 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
|
||||
PUBKEY02 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
|
||||
PUBKEY03
|
||||
PUBKEY04
|
||||
PUBKEY05
|
||||
PUBKEY06
|
||||
PUBKEY07
|
||||
PUBKEY08
|
||||
PUBKEY09
|
||||
PUBKEY10
|
||||
PUBKEY11
|
||||
PUBKEY12
|
||||
PUBKEY13
|
||||
SIG1
|
||||
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. IN A 10.20.30.40
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
; set date/time to Mon Nov 23 09:46:40 2009
|
||||
STEP 5 TIME_PASSES EVAL ${1258962400 + 7200}
|
||||
STEP 6 TRAFFIC ; do the probe
|
||||
STEP 7 ASSIGN t0 = ${time}
|
||||
STEP 8 ASSIGN probe0 = ${range 3200 ${timeout} 5400}
|
||||
STEP 9 ASSIGN tp = ${1258962400}
|
||||
|
||||
; the auto probing should have been done now.
|
||||
STEP 11 CHECK_AUTOTRUST example.com
|
||||
FILE_BEGIN
|
||||
; autotrust trust anchor file
|
||||
;;id: example.com. 1
|
||||
;;last_queried: ${$t0} ;;${ctime $t0}
|
||||
;;last_success: ${$t0} ;;${ctime $t0}
|
||||
;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0}
|
||||
;;query_failed: 0
|
||||
;;query_interval: 3600
|
||||
;;retry_time: 3600
|
||||
PUBKEY13 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY12 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY11 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY10 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY09 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY08 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY07 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY06 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY05 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY04 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY03 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
PUBKEY02 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
|
||||
PUBKEY01 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1258962400 ;;Mon Nov 23 07:46:40 2009
|
||||
FILE_END
|
||||
|
||||
SCENARIO_END
|
||||
66
testdata/gen/gen-autotrust_10key
vendored
Executable file
66
testdata/gen/gen-autotrust_10key
vendored
Executable file
|
|
@ -0,0 +1,66 @@
|
|||
#!/bin/sh
|
||||
|
||||
KEYDIR=keys
|
||||
KEYNAME=autotrust_10key
|
||||
|
||||
LDNS_KEYGEN=ldns-keygen
|
||||
LDNS_SIGNZONE=ldns-signzone
|
||||
SECALG=8 # RSA/SHA-256
|
||||
|
||||
TMPZONE=tmpzone
|
||||
|
||||
replace_keys()
|
||||
{
|
||||
pubkey1=$(cat "$KEYDIR/$KEYNAME-1.key")
|
||||
pubkey2=$(cat "$KEYDIR/$KEYNAME-2.key")
|
||||
pubkey3=$(cat "$KEYDIR/$KEYNAME-3.key")
|
||||
pubkey4=$(cat "$KEYDIR/$KEYNAME-4.key")
|
||||
pubkey5=$(cat "$KEYDIR/$KEYNAME-5.key")
|
||||
pubkey6=$(cat "$KEYDIR/$KEYNAME-6.key")
|
||||
pubkey7=$(cat "$KEYDIR/$KEYNAME-7.key")
|
||||
pubkey8=$(cat "$KEYDIR/$KEYNAME-8.key")
|
||||
pubkey9=$(cat "$KEYDIR/$KEYNAME-9.key")
|
||||
pubkey10=$(cat "$KEYDIR/$KEYNAME-10.key")
|
||||
pubkey11=$(cat "$KEYDIR/$KEYNAME-11.key")
|
||||
pubkey12=$(cat "$KEYDIR/$KEYNAME-12.key")
|
||||
pubkey13=$(cat "$KEYDIR/$KEYNAME-13.key")
|
||||
|
||||
sed "s@PUBKEY01@$pubkey1@ ; \
|
||||
s@PUBKEY02@$pubkey2@ ; \
|
||||
s@PUBKEY03@$pubkey3@ ; \
|
||||
s@PUBKEY04@$pubkey4@ ; \
|
||||
s@PUBKEY05@$pubkey5@ ; \
|
||||
s@PUBKEY06@$pubkey6@ ; \
|
||||
s@PUBKEY07@$pubkey7@ ; \
|
||||
s@PUBKEY08@$pubkey8@ ; \
|
||||
s@PUBKEY09@$pubkey9@ ; \
|
||||
s@PUBKEY10@$pubkey10@ ; \
|
||||
s@PUBKEY11@$pubkey11@ ; \
|
||||
s@PUBKEY12@$pubkey12@ ; \
|
||||
s@PUBKEY13@$pubkey13@"
|
||||
}
|
||||
|
||||
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13
|
||||
do
|
||||
if [ -f "$KEYDIR/$KEYNAME-$i.key" ]
|
||||
then
|
||||
continue # Key already exists, remove to regenerate
|
||||
fi
|
||||
mkdir -p "$KEYDIR"
|
||||
keyname=$($LDNS_KEYGEN -a $SECALG -b 2048 -k example.com.)
|
||||
< "$keyname".key sed 's/IN/3600 IN/' > "$KEYDIR/$KEYNAME-$i.key"
|
||||
rm -f "$keyname".key
|
||||
mv "$keyname".private "$KEYDIR/$KEYNAME-$i.private"
|
||||
mv "$keyname".ds "$KEYDIR/$KEYNAME-$i.ds"
|
||||
done
|
||||
|
||||
echo 'example.com. IN SOA host.example.com. user.example.com. (1 7200 3600 2419200 3600)' > $TMPZONE
|
||||
cat "$KEYDIR/$KEYNAME"-*.key >> $TMPZONE
|
||||
$LDNS_SIGNZONE -e 20091124111500 -i 20091018111500 $TMPZONE "$KEYDIR/$KEYNAME-2"
|
||||
sig1=$(grep 'RRSIG[ ]*DNSKEY' < $TMPZONE.signed )
|
||||
rm -f "$TMPZONE" "$TMPZONE.signed"
|
||||
|
||||
< autotrust_10key.rpl.in \
|
||||
replace_keys |
|
||||
sed "s@SIG1@$sig1@" \
|
||||
> ../autotrust_10key.rpl
|
||||
Loading…
Reference in a new issue