Add good dnssec-policy tag-range variants test examples

diff --git a/bin/tests/system/checkconf/good-dnssec-policy-range.conf b/bin/tests/system/checkconf/good-dnssec-policy-range.conf
new file mode 100644 (file)
index 0000000..68f9afd
--- /dev/null
+++ b/bin/tests/system/checkconf/good-dnssec-policy-range.conf
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy restricted-range {
+       keys {
+               ksk lifetime unlimited algorithm rsasha256 tag-range 0 32767 2048;
+               zsk lifetime unlimited algorithm rsasha256 tag-range 0 32767;
+       };
+};
+
+dnssec-policy unrestricted-range {
+       keys {
+               ksk lifetime unlimited algorithm rsasha256 2048;
+               zsk lifetime unlimited algorithm rsasha256;
+       };
+};

diff --git a/bin/tests/system/checkconf/good.conf.in b/bin/tests/system/checkconf/good.conf.in
index e326f7ce749dbbcb9526458b9b0db5fdae87df5b..f7e8cc8415b185b64f8577159ef0dff2b91fab99 100644 (file)
--- a/bin/tests/system/checkconf/good.conf.in
+++ b/bin/tests/system/checkconf/good.conf.in
@@ -23,7 +23,7 @@ dnssec-policy "test" {
        };
        dnskey-ttl 3600;
        keys {
-               ksk key-directory lifetime P1Y algorithm 13;
+               ksk key-directory lifetime P1Y algorithm 13 tag-range 0 32767;
                zsk lifetime P30D algorithm 13;
                csk key-store "hsm" lifetime P30D algorithm 8 2048;
        };