#
keyfile_to_key_id "$ksk" >managed.key.id
+
+#
+# Also generate a broken trusted-keys file for the dnssec test.
+#
+broken=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" .)
+keyfile_to_static_ds "$broken" >../ns4/broken.conf
};
-# Note: This is deliberately wrong! The bind.keys file contains
-# the real DNS root key, so it won't work with the local toy
-# root zones used in the tests. This is to test a forwarder
-# talking to a resolver with a misconfigured trust anchor.
-include "../../../../../bind.keys";
+# Note: This contains a deliberately incorrect key,
+# so it won't work with the root zones used in the tests;
+# all signed data should SERVFAIL. This is to test the case
+# of a validating forwarder talking to a resolver that has
+# a misconfigured trust anchor.
+include "broken.conf";
key rndc_key {
secret "1234abcd8765";
projects / thirdparty / bind9.git / commitdiff
