rm -f ./delv.out*
rm -f ./delve.out*
rm -f ./dig.out.*
+rm -f ./dnssectools.out*
rm -f ./dsfromkey.out.*
rm -f ./keygen.err
-rm -f ./dnssectools.out*
rm -f ./named.secroots.test*
rm -f ./nosign.before
rm -f ./ns*/*.nta
rm -f ./ns2/algroll.db
rm -f ./ns2/badparam.db ./ns2/badparam.db.bad
rm -f ./ns2/cdnskey-kskonly.secure.db
+rm -f ./ns2/cdnskey-kskonly.secure.id
rm -f ./ns2/cdnskey-update.secure.db
rm -f ./ns2/cdnskey-x.secure.db
rm -f ./ns2/cdnskey.secure.db
rm -f ./ns2/cds-auto.secure.db ./ns2/cds-auto.secure.db.jnl
rm -f ./ns2/cds-kskonly.secure.db
+rm -f ./ns2/cds-kskonly.secure.id
rm -f ./ns2/cds-update.secure.db ./ns2/cds-update.secure.db.jnl
rm -f ./ns2/cds.secure.db ./ns2/cds-x.secure.db
rm -f ./ns2/in-addr.arpa.db
rm -f ./ns2/nsec3chain-test.db
rm -f ./ns2/single-nsec3.db
rm -f ./ns2/updatecheck-kskonly.secure.*
-rm -f ./ns3/secure.example.db ./ns3/*.managed.db ./ns3/*.trusted.db
-rm -f ./ns3/unsupported.managed.db.tmp ./ns3/unsupported.trusted.db.tmp
rm -f ./ns3/auto-nsec.example.db ./ns3/auto-nsec3.example.db
rm -f ./ns3/badds.example.db
rm -f ./ns3/dname-at-apex-nsec3.example.db
rm -f ./ns3/dnskey-nsec3-unknown.example.db.tmp
rm -f ./ns3/dnskey-unknown.example.db
rm -f ./ns3/dnskey-unknown.example.db.tmp
-rm -f ./ns3/dnskey-unsupported.example.db
-rm -f ./ns3/dnskey-unsupported.example.db.tmp
rm -f ./ns3/dnskey-unsupported-2.example.db
rm -f ./ns3/dnskey-unsupported-2.example.db.tmp
+rm -f ./ns3/dnskey-unsupported.example.db
+rm -f ./ns3/dnskey-unsupported.example.db.tmp
rm -f ./ns3/dynamic.example.db ./ns3/dynamic.example.db.signed.jnl
rm -f ./ns3/expired.example.db ./ns3/update-nsec3.example.db
rm -f ./ns3/expiring.example.db ./ns3/nosign.example.db
rm -f ./ns3/revkey.example.db
rm -f ./ns3/rsasha256.example.db ./ns3/rsasha512.example.db
rm -f ./ns3/secure.below-cname.example.db
+rm -f ./ns3/secure.example.db ./ns3/*.managed.db ./ns3/*.trusted.db
rm -f ./ns3/secure.nsec3.example.db
rm -f ./ns3/secure.optout.example.db
rm -f ./ns3/siginterval.conf
rm -f ./ns3/ttlpatch.example.db ./ns3/ttlpatch.example.db.signed
rm -f ./ns3/ttlpatch.example.db.patched
rm -f ./ns3/unsecure.example.db ./ns3/bogus.example.db ./ns3/keyless.example.db
+rm -f ./ns3/unsupported.managed.db.tmp ./ns3/unsupported.trusted.db.tmp
rm -f ./ns4/managed-keys.bind*
rm -f ./ns4/named_dump.db*
rm -f ./ns6/optout-tld.db
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
+keyfile_to_key_id "$key1" > cds-kskonly.secure.id
zone=cds-auto.secure
infile=cds-auto.secure.db.in
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
+keyfile_to_key_id "$key1" > cdnskey-kskonly.secure.id
zone=cdnskey-auto.secure
infile=cdnskey-auto.secure.db.in
echo_i "check that CDS records are signed only using KSK when added by"
echo_i " nsupdate when dnssec-dnskey-kskonly is yes ($n)"
ret=0
+keyid=$(cat ns2/cds-kskonly.secure.id)
(
echo zone cds-kskonly.secure
echo server 10.53.0.2 "$PORT"
dig_with_opts +noall +answer @10.53.0.2 cds cds-kskonly.secure > dig.out.test$n
lines=$(awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.test$n | wc -l)
test "$lines" -eq 1 || ret=1
+lines=$(awk -v id="${keyid}" '$4 == "RRSIG" && $5 == "CDS" && $11 == id {print}' dig.out.test$n | wc -l)
+test "$lines" -eq 1 || ret=1
lines=$(awk '$4 == "CDS" {print}' dig.out.test$n | wc -l)
test "$lines" -eq 2 || ret=1
n=$((n+1))
echo_i "check that CDS deletion records are signed only using KSK when added by"
echo_i " nsupdate when dnssec-dnskey-kskonly is yes ($n)"
ret=0
+keyid=$(cat ns2/cds-kskonly.secure.id)
(
echo zone cds-kskonly.secure
echo server 10.53.0.2 "$PORT"
dig_with_opts +noall +answer @10.53.0.2 cds cds-kskonly.secure > dig.out.test$n
lines=$(awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.test$n | wc -l)
test "$lines" -eq 1 || ret=1
+lines=$(awk -v id="${keyid}" '$4 == "RRSIG" && $5 == "CDS" && $11 == id {print}' dig.out.test$n | wc -l)
+test "$lines" -eq 1 || ret=1
lines=$(awk '$4 == "CDS" {print}' dig.out.test$n | wc -l)
test "$lines" -eq 1 || ret=1
n=$((n+1))
echo_i "check that CDNSKEY records are signed only using KSK when added by"
echo_i " nsupdate when dnssec-dnskey-kskonly is yes ($n)"
ret=0
+keyid=$(cat ns2/cdnskey-kskonly.secure.id)
(
echo zone cdnskey-kskonly.secure
echo server 10.53.0.2 "$PORT"
dig_with_opts +noall +answer @10.53.0.2 cdnskey cdnskey-kskonly.secure > dig.out.test$n
lines=$(awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.test$n | wc -l)
test "$lines" -eq 1 || ret=1
+lines=$(awk -v id="${keyid}" '$4 == "RRSIG" && $5 == "CDNSKEY" && $11 == id {print}' dig.out.test$n | wc -l)
+test "$lines" -eq 1 || ret=1
lines=$(awk '$4 == "CDNSKEY" {print}' dig.out.test$n | wc -l)
test "$lines" -eq 1 || ret=1
n=$((n+1))
projects / thirdparty / bind9.git / commitdiff
