Create a signed zone file that contains malformed ZSKs with colliding
key tags. The ZSKs don't represent valid ECDSA keys and will cause a
crypto failure when attempting to use them. Sign the zone with KSK, with
the exception of one record which is "signed" with the invalid ZSKs.
Check that the resolver aborts the DNSSEC verification after
encountering the first crypto failure, indicating malformed DNSKEY.
Closes #5343
Merge branch '5343-count-invalid-keys-into-validation-fails-test' into 'main'
See merge request isc-projects/bind9!11425
projects / thirdparty / bind9.git / commitdiff
