zrrsig = False
krrsig = not zrrsig
+ signer = fqdn.lower()
+
for key in keys:
if key.external:
continue
alg = key.get_dnsalg()
rtype = dns.rdatatype.to_text(covers)
- expect = rf"IN RRSIG {rtype} {alg} (\d) (\d+) (\d+) (\d+) {key.tag} {fqdn}"
+ expect = rf"IN RRSIG {rtype} {alg} (\d) (\d+) (\d+) (\d+) {key.tag} {signer}"
if zrrsig and zsigning:
has_rrsig = False
"""
if zone is None:
zone = ""
+ zname = zone.lower()
all_keys = []
if keydir is None:
- regex = rf"(K{zone}\.\+.*\+.*)\.key"
- for filename in glob.glob(f"K{zone}.+*+*.key"):
+ regex = rf"(K{zname}\.\+.*\+.*)\.key"
+ for filename in glob.glob(f"K{zname}.+*+*.key"):
match = re.match(regex, filename)
if match is not None:
all_keys.append(Key(match.group(1)))
else:
- regex = rf"{keydir}/(K{zone}\.\+.*\+.*)\.key"
- for filename in glob.glob(f"{keydir}/K{zone}.+*+*.key"):
+ regex = rf"{keydir}/(K{zname}\.\+.*\+.*)\.key"
+ for filename in glob.glob(f"{keydir}/K{zname}.+*+*.key"):
match = re.match(regex, filename)
if match is not None:
all_keys.append(Key(match.group(1), keydir))
dnssec-policy "default";
};
+/* The UPPER case: a zone with uppercase characters. */
+zone "UPPER.KASP" {
+ type primary;
+ file "upper.kasp.db";
+ dnssec-policy "default";
+};
+
/* A zone with special characters. */
zone {% raw %}"i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."{% endraw %} {
type primary;
done
#
-# Setup special zone
+# Setup special zones
#
zone="i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp."
echo_i "setting up zone: $zone"
cp template.db.in "i-am.special.kasp.db"
+zone="UPPER.KASP."
+echo_i "setting up zone: $zone"
+cp upper.kasp.db.in "upper.kasp.db"
+
#
# Set up RSASHA1 based zones
#
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+UPPER.KASP. IN SOA MNAME1. . (
+ 1 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+
+ NS ns3
+ns3 A 10.53.0.3
+
+a A 10.0.0.1
+b A 10.0.0.2
+c A 10.0.0.3
+
check_all(ns3, zone, policy, keys, [])
+def test_kasp_uppercase(ns3):
+ # check the zone with uppercase characters is loaded and signed.
+ isctest.log.info("check a zone with upper case characters is signed")
+ zone = "UPPER.KASP"
+ policy = "default"
+
+ isctest.kasp.wait_keymgr_done(ns3, zone)
+
+ # Key properties.
+ # DNSKEY, RRSIG (ksk), RRSIG (zsk) are published. DS needs to wait.
+ keyprops = [
+ "csk 0 13 256 goal:omnipresent dnskey:rumoured krrsig:rumoured zrrsig:rumoured ds:hidden",
+ ]
+ expected = isctest.kasp.policy_to_properties(ttl=3600, keys=keyprops)
+ keys = isctest.kasp.keydir_to_keylist(zone, "ns3")
+ isctest.kasp.check_dnssec_verify(ns3, zone)
+ isctest.kasp.check_keys(zone, keys, expected)
+ set_keytimes_default_policy(expected[0])
+ isctest.kasp.check_keytimes(keys, expected)
+ check_all(ns3, zone, policy, keys, [])
+
+ fqdn = f"{zone}."
+ query = isctest.query.create(fqdn, dns.rdatatype.NSEC)
+ response = isctest.query.tcp(query, ns3.ip)
+ assert response.rcode() == dns.rcode.NOERROR
+
+ nsec = response.get_rrset(
+ response.answer,
+ dns.name.from_text(fqdn),
+ dns.rdataclass.IN,
+ dns.rdatatype.NSEC,
+ )
+ nextname = nsec[0].next
+ assert str(nextname) == "a.upper.kasp."
+
+
def test_kasp_dynamic(ns3):
# Standard dynamic zone.
isctest.log.info("check dynamic zone is updated and signed after update")
projects / thirdparty / bind9.git / commitdiff
