--- 9.7.1b1 released ---
+2902. [func] Add regression test for change 2897. [RT #21040]
+
2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
2900. [bug] The placeholder negative caching element was not
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: clean.sh,v 1.3.6.2 2010/01/18 23:48:01 tbox Exp $
+# $Id: clean.sh,v 1.3.6.3 2010/05/19 07:47:11 marka Exp $
rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
rm -f active.key inact.key del.key unpub.key standby.key rev.key
-rm -f nopriv.key vanishing.key
+rm -f nopriv.key vanishing.key del1.key del2.key
rm -f nsupdate.out
rm -f */core
rm -f */example.bk
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: keygen.sh,v 1.3.6.3 2010/01/18 23:48:01 tbox Exp $
+# $Id: keygen.sh,v 1.3.6.4 2010/05/19 07:47:11 marka Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1
#
-# secure-to-insecure transition test zone.
+# secure-to-insecure transition test zone; used to test removal of
+# keys via nsupdate
#
zone=secure-to-insecure.example
zonefile="${zone}.db"
ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
$KEYGEN -q -r $RANDFILE $zone > /dev/null
$SIGNER -S -o $zone -f $zonefile $infile > /dev/null 2>&1
+
+#
+# another secure-to-insecure transition test zone; used to test
+# removal of keys on schedule.
+#
+zone=secure-to-insecure2.example
+zonefile="${zone}.db"
+infile="${zonefile}.in"
+ksk=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
+echo $ksk > ../del1.key
+zsk=`$KEYGEN -q -3 -r $RANDFILE $zone`
+echo $zsk > ../del2.key
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile > /dev/null 2>&1
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named.conf,v 1.3.6.2 2010/01/18 23:48:01 tbox Exp $ */
+/* $Id: named.conf,v 1.3.6.3 2010/05/19 07:47:11 marka Exp $ */
// NS3
dnssec-secure-to-insecure yes;
};
+zone "secure-to-insecure2.example" {
+ type master;
+ file "secure-to-insecure2.example.db";
+ allow-update { any; };
+ auto-dnssec maintain;
+ dnssec-secure-to-insecure yes;
+};
+
zone "oldsigs.example" {
type master;
file "oldsigs.example.db";
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.4.6.4 2010/05/14 04:41:12 marka Exp $
+# $Id: tests.sh,v 1.4.6.5 2010/05/19 07:47:11 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
-echo "I:checking secure-to-insecure transition ($n)"
+echo "I:checking secure-to-insecure transition, nsupdate ($n)"
$NSUPDATE > /dev/null 2>&1 <<END || status=1
server 10.53.0.3 5300
zone secure-to-insecure.example
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+echo "I:checking secure-to-insecure transition, scheduled ($n)"
+file="ns3/`cat del1.key`.key"
+$SETTIME -I now -D now $file > /dev/null
+file="ns3/`cat del2.key`.key"
+$SETTIME -I now -D now $file > /dev/null
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sign secure-to-insecure2.example. 2>&1 | sed 's/^/I:ns3 /'
+sleep 2
+$DIG $DIGOPTS axfr secure-to-insecure2.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
+egrep 'RRSIG.*'" $newid "'\. ' dig.out.ns3.test$n > /dev/null && ret=1
+egrep '(DNSKEY|NSEC3)' dig.out.ns3.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
echo "I:preparing to test key change corner cases"
echo "I:removing a private key file"
file="ns1/`cat vanishing.key`.private"
projects / thirdparty / bind9.git / commitdiff
