]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 315ad2d)
Don't sign non-apex DNSKEY records
authorMark Andrews <marka@isc.org>
Tue, 9 Jan 2024 04:20:09 +0000 (15:20 +1100)
committerMark Andrews <marka@isc.org>
Thu, 16 May 2024 00:28:27 +0000 (10:28 +1000)
DNSKEY can only be validated if it is signed by itself.  Stop
attempting to sign non apex DNSKEY RRsets.

bin/tests/system/doth/example.axfr.good patch | blob | blame | history
bin/tests/system/doth/example8.axfr.good patch | blob | blame | history
bin/tests/system/genzone.sh patch | blob | blame | history
bin/tests/system/xfer/dig1.good patch | blob | blame | history
bin/tests/system/xfer/dig2.good patch | blob | blame | history

diff --git a/bin/tests/system/doth/example.axfr.good b/bin/tests/system/doth/example.axfr.good
index 581a0c5cd3d07de9f659ce0de4fcd4e278f987fe..176c824f4abb72d529e67d1a7c3b2ce3689a4a35 100644 (file)
--- a/bin/tests/system/doth/example.axfr.good
+++ b/bin/tests/system/doth/example.axfr.good
@@ -1,5 +1,6 @@
 example.               86400   IN      SOA     ns2.example. hostmaster.example. 1397051952 5 5 1814400 3600
 example.               3600    IN      NS      ns2.example.
+example.               3600    IN      DNSKEY  512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 a01.example.           3600    IN      A       0.0.0.0
 a02.example.           3600    IN      A       255.255.255.255
 a601.example.          3600    IN      A6      0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
@@ -2541,7 +2542,6 @@ dlv.example.              3600    IN      DLV     30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
 dname01.example.       3600    IN      DNAME   dname-target.
 dname02.example.       3600    IN      DNAME   dname-target.example.
 dname03.example.       3600    IN      DNAME   .
-dnskey01.example.      3600    IN      DNSKEY  512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 doa01.example.         3600    IN      DOA     1234567890 1234567890 1 "image/gif" R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAAAAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeFAgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7
 doa02.example.         3600    IN      DOA     0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8=
 ds01.example.          3600    IN      NS      ns42.example.
diff --git a/bin/tests/system/doth/example8.axfr.good b/bin/tests/system/doth/example8.axfr.good
index fe00a90577a55aa5727ca96bb5114a814f5731be..97b05323d797e5d0e86d791d813e673a17f82a50 100644 (file)
--- a/bin/tests/system/doth/example8.axfr.good
+++ b/bin/tests/system/doth/example8.axfr.good
@@ -1,5 +1,6 @@
 example8.              86400   IN      SOA     ns2.example8. hostmaster.example8. 1397051952 5 5 1814400 3600
 example8.              3600    IN      NS      ns2.example8.
+example8.              3600    IN      DNSKEY  512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 a01.example8.          3600    IN      A       0.0.0.0
 a02.example8.          3600    IN      A       255.255.255.255
 a601.example8.         3600    IN      A6      0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
@@ -2541,7 +2542,6 @@ dlv.example8.             3600    IN      DLV     30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
 dname01.example8.      3600    IN      DNAME   dname-target.
 dname02.example8.      3600    IN      DNAME   dname-target.example8.
 dname03.example8.      3600    IN      DNAME   .
-dnskey01.example8.     3600    IN      DNSKEY  512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 doa01.example8.                3600    IN      DOA     1234567890 1234567890 1 "image/gif" R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAAAAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeFAgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7
 doa02.example8.                3600    IN      DOA     0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8=
 ds01.example8.         3600    IN      DS      12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13
diff --git a/bin/tests/system/genzone.sh b/bin/tests/system/genzone.sh
index 13ac32f1ea97ef464dcc2f3a221c714bab154d92..40bf221a3bf9064dd78c8b0c1d14cba49cb92a98 100644 (file)
--- a/bin/tests/system/genzone.sh
+++ b/bin/tests/system/genzone.sh
@@ -277,7 +277,7 @@ nsec03                      NSEC    . TYPE1
 nsec04                 NSEC    . TYPE127
 
 ; type 48
-dnskey01               DNSKEY  512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
+@                      DNSKEY  512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
                                9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV
                                sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg
                                a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= )
diff --git a/bin/tests/system/xfer/dig1.good b/bin/tests/system/xfer/dig1.good
index 4908f8ed1d1552090b6bac237a68d3cdeecf3f50..27285100d7c6e138c9a7124780dffc93a0098b26 100644 (file)
--- a/bin/tests/system/xfer/dig1.good
+++ b/bin/tests/system/xfer/dig1.good
@@ -1,6 +1,7 @@
 example.               86400   IN      SOA     ns2.example. hostmaster.example. 1397051952 5 5 1814400 3600
 example.               3600    IN      NS      ns2.example.
 example.               3600    IN      NS      ns3.example.
+example.               3600    IN      DNSKEY  512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 a01.example.           3600    IN      A       0.0.0.0
 a02.example.           3600    IN      A       255.255.255.255
 a601.example.          3600    IN      A6      0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
@@ -42,7 +43,6 @@ dlv.example.          3600    IN      DLV     30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
 dname01.example.       3600    IN      DNAME   dname-target.
 dname02.example.       3600    IN      DNAME   dname-target.example.
 dname03.example.       3600    IN      DNAME   .
-dnskey01.example.      3600    IN      DNSKEY  512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 doa01.example.         3600    IN      DOA     1234567890 1234567890 1 "image/gif" R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAAAAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeFAgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7
 doa02.example.         3600    IN      DOA     0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8=
 ds01.example.          3600    IN      DS      12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13
diff --git a/bin/tests/system/xfer/dig2.good b/bin/tests/system/xfer/dig2.good
index 4993815af8803b3f735aef550bd946298d690bff..5b1d93d09c130c323d91d361bd580317cdd033a7 100644 (file)
--- a/bin/tests/system/xfer/dig2.good
+++ b/bin/tests/system/xfer/dig2.good
@@ -1,6 +1,7 @@
 example.               86400   IN      SOA     ns2.example. hostmaster.example. 1397051953 5 5 1814400 3600
 example.               3600    IN      NS      ns2.example.
 example.               3600    IN      NS      ns3.example.
+example.               3600    IN      DNSKEY  512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 a01.example.           3600    IN      A       0.0.0.1
 a02.example.           3600    IN      A       255.255.255.255
 a601.example.          3600    IN      A6      0 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
@@ -42,7 +43,6 @@ dlv.example.          3600    IN      DLV     30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
 dname01.example.       3600    IN      DNAME   dname-target.
 dname02.example.       3600    IN      DNAME   dname-target.example.
 dname03.example.       3600    IN      DNAME   .
-dnskey01.example.      3600    IN      DNSKEY  512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 doa01.example.         3600    IN      DOA     1234567890 1234567890 1 "image/gif" R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAAAAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeFAgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7
 doa02.example.         3600    IN      DOA     0 1 2 "" aHR0cHM6Ly93d3cuaXNjLm9yZy8=
 ds01.example.          3600    IN      NS      ns42.example.
Mirror of https://gitlab.isc.org/isc-projects/bind9.git