reinstate jdnssec usage now that it supports ECDSA

diff --git a/regression-tests/tests/verify-dnssec-zone/command b/regression-tests/tests/verify-dnssec-zone/command
index 70fe36d31e7c09ece374e0d528bf5221f9241e9a..0573b0b546efba39064a7650c47047603e928366 100755 (executable)
--- a/regression-tests/tests/verify-dnssec-zone/command
+++ b/regression-tests/tests/verify-dnssec-zone/command
@@ -3,7 +3,7 @@ for zone in $(grep 'zone ' named.conf  | cut -f2 -d\" | grep -v '^\(example.com\
 do
        TFILE=$(mktemp tmp.XXXXXXXXXX)
        drill -p $port axfr $zone @$nameserver | ldns-read-zone -z > $TFILE
-       for validator in "ldns-verify-zone -V2" named-checkzone
+       for validator in "ldns-verify-zone -V2" jdnssec-verifyzone named-checkzone
        do
                echo --- $validator $zone
                if [ "$validator" = "named-checkzone" ]

diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result b/regression-tests/tests/verify-dnssec-zone/expected_result
index 074ec83493908b09947a9bc85a384ee2a1b6b5a4..f3cbe2196b2689cee8de4b37ae34b7a33ad32518 100644 (file)
--- a/regression-tests/tests/verify-dnssec-zone/expected_result
+++ b/regression-tests/tests/verify-dnssec-zone/expected_result
@@ -1,6 +1,10 @@
 --- ldns-verify-zone -V2 test.com
 RETVAL: 0
 
+--- jdnssec-verifyzone test.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone test.com
 zone test.com/IN: test.com/MX 'smtp-servers.test.com' has no address records (A or AAAA)
 zone test.com/IN: sub.test.test.com/NS 'ns-test.example.net.test.com' has no address records (A or AAAA)
@@ -11,6 +15,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 test.dyndns
 RETVAL: 0
 
+--- jdnssec-verifyzone test.dyndns
+zone verified.
+RETVAL: 0
+
 --- named-checkzone test.dyndns
 zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed)
 OK
@@ -19,6 +27,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 wtest.com
 RETVAL: 0
 
+--- jdnssec-verifyzone wtest.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone wtest.com
 zone wtest.com/IN: wtest.com/MX 'smtp-servers.wtest.com' is a CNAME (illegal)
 zone wtest.com/IN: loaded serial 2005092501 (DNSSEC signed)
@@ -28,6 +40,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 dnssec-parent.com
 RETVAL: 0
 
+--- jdnssec-verifyzone dnssec-parent.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone dnssec-parent.com
 zone dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
 OK
@@ -36,6 +52,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 delegated.dnssec-parent.com
 RETVAL: 0
 
+--- jdnssec-verifyzone delegated.dnssec-parent.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone delegated.dnssec-parent.com
 zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
 OK
@@ -44,6 +64,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com
 RETVAL: 0
 
+--- jdnssec-verifyzone secure-delegated.dnssec-parent.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone secure-delegated.dnssec-parent.com
 zone secure-delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
 OK
@@ -52,6 +76,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 minimal.com
 RETVAL: 0
 
+--- jdnssec-verifyzone minimal.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone minimal.com
 zone minimal.com/IN: loaded serial 2000081501 (DNSSEC signed)
 OK
@@ -60,6 +88,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 tsig.com
 RETVAL: 0
 
+--- jdnssec-verifyzone tsig.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone tsig.com
 zone tsig.com/IN: loaded serial 2000081501 (DNSSEC signed)
 OK
@@ -68,6 +100,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 stest.com
 RETVAL: 0
 
+--- jdnssec-verifyzone stest.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone stest.com
 zone stest.com/IN: loaded serial 2000081501 (DNSSEC signed)
 OK
@@ -76,6 +112,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 cdnskey-cds-test.com
 RETVAL: 0
 
+--- jdnssec-verifyzone cdnskey-cds-test.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone cdnskey-cds-test.com
 zone cdnskey-cds-test.com/IN: loaded serial 2005092501 (DNSSEC signed)
 OK

diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout
index 8f41144cf960370ae5dc08ac08c99b37ab048c2c..f26eb8144b0c1ec02a6093751946fc045fa00fd2 100644 (file)
--- a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout
+++ b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout
@@ -1,6 +1,10 @@
 --- ldns-verify-zone -V2 test.com
 RETVAL: 0
 
+--- jdnssec-verifyzone test.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone test.com
 zone test.com/IN: test.com/MX 'smtp-servers.test.com' has no address records (A or AAAA)
 zone test.com/IN: sub.test.test.com/NS 'ns-test.example.net.test.com' has no address records (A or AAAA)
@@ -11,6 +15,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 test.dyndns
 RETVAL: 0
 
+--- jdnssec-verifyzone test.dyndns
+zone verified.
+RETVAL: 0
+
 --- named-checkzone test.dyndns
 zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed)
 OK
@@ -19,6 +27,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 wtest.com
 RETVAL: 0
 
+--- jdnssec-verifyzone wtest.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone wtest.com
 zone wtest.com/IN: wtest.com/MX 'smtp-servers.wtest.com' is a CNAME (illegal)
 zone wtest.com/IN: loaded serial 2005092501 (DNSSEC signed)
@@ -31,6 +43,10 @@ Error: there is no NSEC(3) for ent.ent.auth-ent.dnssec-parent.com.
 There were errors in the zone
 RETVAL: 11
 
+--- jdnssec-verifyzone dnssec-parent.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone dnssec-parent.com
 zone dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
 OK
@@ -39,6 +55,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 delegated.dnssec-parent.com
 RETVAL: 0
 
+--- jdnssec-verifyzone delegated.dnssec-parent.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone delegated.dnssec-parent.com
 zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
 OK
@@ -47,6 +67,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com
 RETVAL: 0
 
+--- jdnssec-verifyzone secure-delegated.dnssec-parent.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone secure-delegated.dnssec-parent.com
 zone secure-delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed)
 OK
@@ -55,6 +79,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 minimal.com
 RETVAL: 0
 
+--- jdnssec-verifyzone minimal.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone minimal.com
 zone minimal.com/IN: loaded serial 2000081501 (DNSSEC signed)
 OK
@@ -63,6 +91,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 tsig.com
 RETVAL: 0
 
+--- jdnssec-verifyzone tsig.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone tsig.com
 zone tsig.com/IN: loaded serial 2000081501 (DNSSEC signed)
 OK
@@ -71,6 +103,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 stest.com
 RETVAL: 0
 
+--- jdnssec-verifyzone stest.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone stest.com
 zone stest.com/IN: loaded serial 2000081501 (DNSSEC signed)
 OK
@@ -79,6 +115,10 @@ RETVAL: 0
 --- ldns-verify-zone -V2 cdnskey-cds-test.com
 RETVAL: 0
 
+--- jdnssec-verifyzone cdnskey-cds-test.com
+zone verified.
+RETVAL: 0
+
 --- named-checkzone cdnskey-cds-test.com
 zone cdnskey-cds-test.com/IN: loaded serial 2005092501 (DNSSEC signed)
 OK