From: Evan Hunt Date: Sat, 5 Jul 2025 18:12:02 +0000 (-0700) Subject: tidy up the dnssec test tree X-Git-Tag: v9.21.11~13^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c067e99b3fad411439be6c253de21008e3b32ff;p=thirdparty%2Fbind9.git tidy up the dnssec test tree many of the zones in the dnssec system test were identical or had only trivial differences, and it would be easier to keep track of them if they were sourced from template files. also, the extra_artifacts have been simplified and restored to the test files. --- diff --git a/bin/tests/system/dnssec/ns2/badparam.db.in b/bin/tests/system/dnssec/ns2/badparam.db.in deleted file mode 100644 index b18d1863d55..00000000000 --- a/bin/tests/system/dnssec/ns2/badparam.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2010081000 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns2 -ns2 A 10.53.0.2 diff --git a/bin/tests/system/dnssec/ns2/cdnskey-auto.secure.db.in b/bin/tests/system/dnssec/ns2/cdnskey-auto.secure.db.in deleted file mode 100644 index aa3aaabfaf4..00000000000 --- a/bin/tests/system/dnssec/ns2/cdnskey-auto.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/cdnskey-update.secure.db.in b/bin/tests/system/dnssec/ns2/cdnskey-update.secure.db.in deleted file mode 100644 index aa3aaabfaf4..00000000000 --- a/bin/tests/system/dnssec/ns2/cdnskey-update.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/cdnskey.secure.db.in b/bin/tests/system/dnssec/ns2/cdnskey.secure.db.in deleted file mode 100644 index aa3aaabfaf4..00000000000 --- a/bin/tests/system/dnssec/ns2/cdnskey.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/cds-update.secure.db.in b/bin/tests/system/dnssec/ns2/cds-update.secure.db.in deleted file mode 100644 index aa3aaabfaf4..00000000000 --- a/bin/tests/system/dnssec/ns2/cds-update.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/cds.secure.db.in b/bin/tests/system/dnssec/ns2/cds.secure.db.in deleted file mode 100644 index aa3aaabfaf4..00000000000 --- a/bin/tests/system/dnssec/ns2/cds.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/child.nsec3.example.db b/bin/tests/system/dnssec/ns2/child.nsec3.example.db deleted file mode 100644 index 8fc3bc837ef..00000000000 --- a/bin/tests/system/dnssec/ns2/child.nsec3.example.db +++ /dev/null @@ -1,20 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2006081400 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ IN NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/child.optout.example.db b/bin/tests/system/dnssec/ns2/child.optout.example.db deleted file mode 100644 index 8fc3bc837ef..00000000000 --- a/bin/tests/system/dnssec/ns2/child.optout.example.db +++ /dev/null @@ -1,20 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2006081400 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ IN NS ns2.example. diff --git a/bin/tests/system/dnssec/ns2/dst.example.db.in b/bin/tests/system/dnssec/ns2/dst.example.db.in deleted file mode 100644 index 0039484964a..00000000000 --- a/bin/tests/system/dnssec/ns2/dst.example.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns2.example. -a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in index c7251329881..6531ae6649b 100644 --- a/bin/tests/system/dnssec/ns2/example.db.in +++ b/bin/tests/system/dnssec/ns2/example.db.in @@ -12,10 +12,10 @@ $TTL 3600 ; 1 hour @ IN SOA mname1. . ( 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) ) NS ns2 NS ns3 @@ -30,8 +30,8 @@ d A 10.0.0.4 foo TXT "testing" foo A 10.0.1.0 -bad-cname CNAME a -bad-dname DNAME @ +bad-cname CNAME a +bad-dname DNAME @ ; Used for testing CNAME queries cname1 CNAME cname1-target @@ -52,153 +52,153 @@ secure NS ns3.secure ns3.secure A 10.53.0.3 ; An insecure subdomain -insecure NS ns.insecure -ns.insecure A 10.53.0.3 +insecure NS ns3.insecure +ns3.insecure A 10.53.0.3 -; A second insecure subdomain -insecure2 NS ns.insecure2 -ns.insecure2 A 10.53.0.3 +; A subdomain with an extra DNSKEY in the wrong place +extrakey NS ns3.extrakey +ns3.extrakey A 10.53.0.3 ; A secure subdomain we're going to inject bogus data into -bogus NS ns.bogus -ns.bogus A 10.53.0.3 +bogus NS ns3.bogus +ns3.bogus A 10.53.0.3 ; A subdomain with a corrupt DS -badds NS ns.badds -ns.badds A 10.53.0.3 +badds NS ns3.badds +ns3.badds A 10.53.0.3 ; A subdomain with a corrupt DS, but locally trusted by the forwarder -localkey NS ns.localkey -ns.localkey A 10.53.0.3 +localkey NS ns3.localkey +ns3.localkey A 10.53.0.3 ; A dynamic secure subdomain -dynamic NS dynamic -dynamic A 10.53.0.3 +dynamic NS ns3.dynamic +ns3.dynamic A 10.53.0.3 ; A subdomain with expired signatures -expired NS ns.expired -ns.expired A 10.53.0.3 +expired NS ns3.expired +ns3.expired A 10.53.0.3 ; A rfc2535 signed zone w/ CNAME rfc2535 NS ns.rfc2535 -ns.rfc2535 A 10.53.0.3 +ns.rfc2535 A 10.53.0.2 z A 10.0.0.26 -keyless NS ns.keyless -ns.keyless A 10.53.0.3 +keyless NS ns3.keyless +ns3.keyless A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 +nsec3 NS ns3.nsec3 +ns3.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 +optout NS ns3.optout +ns3.optout A 10.53.0.3 -nsec3-unknown NS ns.nsec3-unknown -ns.nsec3-unknown A 10.53.0.3 +nsec3-unknown NS ns3.nsec3-unknown +ns3.nsec3-unknown A 10.53.0.3 -optout-unknown NS ns.optout-unknown -ns.optout-unknown A 10.53.0.3 +optout-unknown NS ns3.optout-unknown +ns3.optout-unknown A 10.53.0.3 -dnskey-unknown NS ns.dnskey-unknown -ns.dnskey-unknown A 10.53.0.3 +dnskey-unknown NS ns3.dnskey-unknown +ns3.dnskey-unknown A 10.53.0.3 -dnskey-unsupported NS ns.dnskey-unsupported -ns.dnskey-unsupported A 10.53.0.3 +dnskey-unsupported NS ns3.dnskey-unsupported +ns3.dnskey-unsupported A 10.53.0.3 -dnskey-unsupported-2 NS ns.dnskey-unsupported -ns.dnskey-unsupported-2 A 10.53.0.3 +dnskey-unsupported-2 NS ns3.dnskey-unsupported +ns3.dnskey-unsupported-2 A 10.53.0.3 -ds-unsupported NS ns.ds-unsupported -ns.ds-unsupported A 10.53.0.3 +ds-unsupported NS ns3.ds-unsupported +ns3.ds-unsupported A 10.53.0.3 -digest-alg-unsupported NS ns.digest-alg-unsupported -ns.digest-alg-unsupported A 10.53.0.3 +digest-alg-unsupported NS ns3.digest-alg-unsupported +ns3.digest-alg-unsupported A 10.53.0.3 -dnskey-nsec3-unknown NS ns.dnskey-nsec3-unknown -ns.dnskey-nsec3-unknown A 10.53.0.3 +dnskey-nsec3-unknown NS ns3.dnskey-nsec3-unknown +ns3.dnskey-nsec3-unknown A 10.53.0.3 -multiple NS ns.multiple -ns.multiple A 10.53.0.3 +multiple NS ns3.multiple +ns3.multiple A 10.53.0.3 *.wild A 10.0.0.27 -rsasha256 NS ns.rsasha256 -ns.rsasha256 A 10.53.0.3 +rsasha256 NS ns3.rsasha256 +ns3.rsasha256 A 10.53.0.3 -rsasha512 NS ns.rsasha512 -ns.rsasha512 A 10.53.0.3 +rsasha512 NS ns3.rsasha512 +ns3.rsasha512 A 10.53.0.3 -kskonly NS ns.kskonly -ns.kskonly A 10.53.0.3 +kskonly NS ns3.kskonly +ns3.kskonly A 10.53.0.3 -update-nsec3 NS ns.update-nsec3 -ns.update-nsec3 A 10.53.0.3 +update-nsec3 NS ns3.update-nsec3 +ns3.update-nsec3 A 10.53.0.3 -auto-nsec NS ns.auto-nsec -ns.auto-nsec A 10.53.0.3 +auto-nsec NS ns3.auto-nsec +ns3.auto-nsec A 10.53.0.3 -auto-nsec3 NS ns.auto-nsec3 -ns.auto-nsec3 A 10.53.0.3 +auto-nsec3 NS ns3.auto-nsec3 +ns3.auto-nsec3 A 10.53.0.3 below-cname CNAME some.where.else. -insecure.below-cname NS ns.insecure.below-cname -ns.insecure.below-cname A 10.53.0.3 +insecure.below-cname NS ns3.insecure.below-cname +ns3.insecure.below-cname A 10.53.0.3 -secure.below-cname NS ns.secure.below-cname -ns.secure.below-cname A 10.53.0.3 +secure.below-cname NS ns3.secure.below-cname +ns3.secure.below-cname A 10.53.0.3 -ttlpatch NS ns.ttlpatch -ns.ttlpatch A 10.53.0.3 +ttlpatch NS ns3.ttlpatch +ns3.ttlpatch A 10.53.0.3 -split-dnssec NS ns.split-dnssec -ns.split-dnssec A 10.53.0.3 +split-dnssec NS ns3.split-dnssec +ns3.split-dnssec A 10.53.0.3 -split-smart NS ns.split-smart -ns.split-smart A 10.53.0.3 +split-smart NS ns3.split-smart +ns3.split-smart A 10.53.0.3 -upper NS ns.upper -ns.upper A 10.53.0.3 +upper NS ns3.upper +ns3.upper A 10.53.0.3 -LOWER NS NS.LOWER -NS.LOWER A 10.53.0.3 +LOWER NS NS3.LOWER +NS3.LOWER A 10.53.0.3 -expiring NS ns.expiring -ns.expiring A 10.53.0.3 +expiring NS ns3.expiring +ns3.expiring A 10.53.0.3 -future NS ns.future -ns.future A 10.53.0.3 +future NS ns3.future +ns3.future A 10.53.0.3 -managed-future NS ns.managed-future -ns.managed-future A 10.53.0.3 +managed-future NS ns3.managed-future +ns3.managed-future A 10.53.0.3 -revkey NS ns.revkey -ns.revkey A 10.53.0.3 +revkey NS ns3.revkey +ns3.revkey A 10.53.0.3 -rsasha1 NS ns.rsasha1 -ns.rsasha1 A 10.53.0.3 +rsasha1 NS ns3.rsasha1 +ns3.rsasha1 A 10.53.0.3 -rsasha1-1024 NS ns.rsasha1-1024 -ns.rsasha1-1024 A 10.53.0.3 +rsasha1-1024 NS ns3.rsasha1-1024 +ns3.rsasha1-1024 A 10.53.0.3 dname-at-apex-nsec3 NS ns3 -rsasha256oid NS ns.rsasha256oid -ns.rsasha256oid A 10.53.0.3 +rsasha256oid NS ns3.rsasha256oid +ns3.rsasha256oid A 10.53.0.3 -rsasha512oid NS ns.rsasha512oid -ns.rsasha512oid A 10.53.0.3 +rsasha512oid NS ns3.rsasha512oid +ns3.rsasha512oid A 10.53.0.3 -unknownoid NS ns.unknownoid -ns.unknownoid A 10.53.0.3 +unknownoid NS ns3.unknownoid +ns3.unknownoid A 10.53.0.3 -extradsoid NS ns.extradsoid -ns.extradsoid A 10.53.0.3 +extradsoid NS ns3.extradsoid +ns3.extradsoid A 10.53.0.3 -extradsunknownoid NS ns.extradsunknownoid -ns.extradsunknownoid A 10.53.0.3 +extradsunknownoid NS ns3.extradsunknownoid +ns3.extradsunknownoid A 10.53.0.3 -extended-ds-unknown-oid NS ns.extended-ds-unknown-oid -ns.extended-ds-unknown-oid A 10.53.0.3 +extended-ds-unknown-oid NS ns3.extended-ds-unknown-oid +ns3.extended-ds-unknown-oid A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns2/lazy-ksk.db.in b/bin/tests/system/dnssec/ns2/lazy-ksk.db.in deleted file mode 100644 index 1527e07c6e4..00000000000 --- a/bin/tests/system/dnssec/ns2/lazy-ksk.db.in +++ /dev/null @@ -1,27 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 30 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 30 ; minimum (1 hour) - ) - NS ns2 -ns2 A 10.53.0.2 -ns3 A 10.53.0.3 - -a A 10.0.0.1 -*.a A 10.0.0.3 -b A 10.0.0.2 -d A 10.0.0.4 diff --git a/bin/tests/system/dnssec/ns2/private.secure.example.db.in b/bin/tests/system/dnssec/ns2/private.secure.example.db.in deleted file mode 100644 index 94042ae40a5..00000000000 --- a/bin/tests/system/dnssec/ns2/private.secure.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.2 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -private2secure-nxdomain CNAME r.example. -*.wild CNAME s.example. diff --git a/bin/tests/system/dnssec/ns2/rfc2335.example.db b/bin/tests/system/dnssec/ns2/rfc2335.example.db.in similarity index 100% rename from bin/tests/system/dnssec/ns2/rfc2335.example.db rename to bin/tests/system/dnssec/ns2/rfc2335.example.db.in diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index ca824a2ad3f..e3f18af15e0 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -29,6 +29,31 @@ done cp "../ns3/dsset-target.peer-ns-spoof." . +# Set up some unsigned zones: +# insecure +zone=insecure.secure. +infile=template.db.in +zonefile=insecure.secure.example.db +cp $infile $zonefile + +# delegated child of an nsec3 zone +zone=child.nsec3.secure. +infile=template.db.in +zonefile=child.nsec3.secure.example.db +cp $infile $zonefile + +# delegated child of an optout zone +zone=child.nsec3.secure. +infile=template.db.in +zonefile=child.nsec3.secure.example.db +cp $infile $zonefile + +# zone pre-signed with RFC2335 signatures +zone=rfc2335.example. +infile=rfc2335.example.db.in +zonefile=rfc2335.example.db +cp $infile $zonefile + # Sign the "trusted." and "managed." zones. zone=managed. infile=key.db.in @@ -143,7 +168,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" # Sign the badparam secure file zone=badparam. -infile=badparam.db.in +infile=template.db.in zonefile=badparam.db keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") @@ -211,7 +236,7 @@ cat "$key1.key" "$key2.key" >>"$zonefile" "$SIGNER" -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" >/dev/null 2>&1 zone=cds.secure -infile=cds.secure.db.in +infile=template.db.in zonefile=cds.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -220,7 +245,7 @@ cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 zone=cds-x.secure -infile=cds.secure.db.in +infile=template.db.in zonefile=cds-x.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") @@ -230,7 +255,7 @@ cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key2.cds" >"$zonefile" "$SIGNER" -g -x -o "$zone" "$zonefile" >/dev/null 2>&1 zone=cds-update.secure -infile=cds-update.secure.db.in +infile=template.db.in zonefile=cds-update.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -239,7 +264,7 @@ cat "$infile" "$key1.key" "$key2.key" >"$zonefile" keyfile_to_key_id "$key1" >cds-update.secure.id zone=cds-auto.secure -infile=cds-auto.secure.db.in +infile=template.db.in zonefile=cds-auto.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -247,7 +272,7 @@ $SETTIME -P sync now "$key1" >/dev/null cat "$infile" >"$zonefile.signed" zone=cdnskey.secure -infile=cdnskey.secure.db.in +infile=template.db.in zonefile=cdnskey.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -256,7 +281,7 @@ cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 zone=cdnskey-x.secure -infile=cdnskey.secure.db.in +infile=template.db.in zonefile=cdnskey-x.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") @@ -266,7 +291,7 @@ cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key1.cds" >"$zonefile" "$SIGNER" -g -x -o "$zone" "$zonefile" >/dev/null 2>&1 zone=cdnskey-update.secure -infile=cdnskey-update.secure.db.in +infile=template.db.in zonefile=cdnskey-update.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -275,7 +300,7 @@ cat "$infile" "$key1.key" "$key2.key" >"$zonefile" keyfile_to_key_id "$key1" >cdnskey-update.secure.id zone=cdnskey-auto.secure -infile=cdnskey-auto.secure.db.in +infile=template.db.in zonefile=cdnskey-auto.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -283,7 +308,7 @@ $SETTIME -P sync now "$key1" >/dev/null cat "$infile" >"$zonefile.signed" zone=updatecheck-kskonly.secure -infile=template.secure.db.in +infile=template.db.in zonefile=${zone}.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -321,7 +346,7 @@ cat "$infile" "$key1.key" "$key2.key" >"$zonefile" # A zone with a secure chain of trust of two KSKs, only one KSK is not signing. # zone=lazy-ksk -infile=lazy-ksk.db.in +infile=template.db.in zonefile=lazy-ksk.db ksk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") ksk2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") diff --git a/bin/tests/system/dnssec/ns2/cds-auto.secure.db.in b/bin/tests/system/dnssec/ns2/template.db.in similarity index 83% rename from bin/tests/system/dnssec/ns2/cds-auto.secure.db.in rename to bin/tests/system/dnssec/ns2/template.db.in index aa3aaabfaf4..43ad12bb7c7 100644 --- a/bin/tests/system/dnssec/ns2/cds-auto.secure.db.in +++ b/bin/tests/system/dnssec/ns2/template.db.in @@ -11,4 +11,11 @@ $TTL 3600 @ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. +@ NS ns2 +ns2 A 10.53.0.2 + +a A 10.0.0.1 +*.a A 10.0.0.3 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns2/template.secure.db.in b/bin/tests/system/dnssec/ns2/template.secure.db.in deleted file mode 100644 index aa3aaabfaf4..00000000000 --- a/bin/tests/system/dnssec/ns2/template.secure.db.in +++ /dev/null @@ -1,14 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 -@ SOA ns2.example. . 1 3600 1200 86400 1200 -@ NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in b/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in deleted file mode 100644 index 34006877b35..00000000000 --- a/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 - -normalthenrrsig A 10.0.0.28 -rrsigonly A 10.0.0.29 diff --git a/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in b/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in deleted file mode 100644 index 34006877b35..00000000000 --- a/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 - -normalthenrrsig A 10.0.0.28 -rrsigonly A 10.0.0.29 diff --git a/bin/tests/system/dnssec/ns3/bogus.example.db.in b/bin/tests/system/dnssec/ns3/bogus.example.db.in deleted file mode 100644 index 0feb441cdd8..00000000000 --- a/bin/tests/system/dnssec/ns3/bogus.example.db.in +++ /dev/null @@ -1,27 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -c A 10.0.0.3 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/digest-alg-unsupported.example.db.in b/bin/tests/system/dnssec/ns3/digest-alg-unsupported.example.db.in deleted file mode 100644 index 94fa4659802..00000000000 --- a/bin/tests/system/dnssec/ns3/digest-alg-unsupported.example.db.in +++ /dev/null @@ -1,22 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 -a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/dnskey-nsec3-unknown.example.db.in b/bin/tests/system/dnssec/ns3/dnskey-nsec3-unknown.example.db.in deleted file mode 100644 index f37dd750ce9..00000000000 --- a/bin/tests/system/dnssec/ns3/dnskey-nsec3-unknown.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/dnskey-unknown.example.db.in b/bin/tests/system/dnssec/ns3/dnskey-unknown.example.db.in deleted file mode 100644 index f37dd750ce9..00000000000 --- a/bin/tests/system/dnssec/ns3/dnskey-unknown.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/dnskey-unsupported-2.example.db.in b/bin/tests/system/dnssec/ns3/dnskey-unsupported-2.example.db.in deleted file mode 100644 index f37dd750ce9..00000000000 --- a/bin/tests/system/dnssec/ns3/dnskey-unsupported-2.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/dnskey-unsupported.example.db.in b/bin/tests/system/dnssec/ns3/dnskey-unsupported.example.db.in deleted file mode 100644 index f37dd750ce9..00000000000 --- a/bin/tests/system/dnssec/ns3/dnskey-unsupported.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/ds-unsupported.example.db.in b/bin/tests/system/dnssec/ns3/ds-unsupported.example.db.in deleted file mode 100644 index 94fa4659802..00000000000 --- a/bin/tests/system/dnssec/ns3/ds-unsupported.example.db.in +++ /dev/null @@ -1,22 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 -a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/dynamic.example.db.in b/bin/tests/system/dnssec/ns3/dynamic.example.db.in deleted file mode 100644 index babf54c2a53..00000000000 --- a/bin/tests/system/dnssec/ns3/dynamic.example.db.in +++ /dev/null @@ -1,25 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -; This has the NS and glue at the apex because testing RT #2399 -; requires we have only one name in the zone at a certain point -; during the test. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ NS @ -@ A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/expired.example.db.in b/bin/tests/system/dnssec/ns3/expired.example.db.in deleted file mode 100644 index eaee74b765c..00000000000 --- a/bin/tests/system/dnssec/ns3/expired.example.db.in +++ /dev/null @@ -1,44 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 ; 1 hour -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns - MX 10 mx -ns A 10.53.0.3 -mx A 10.0.0.30 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 - -normalthenrrsig A 10.0.0.28 -rrsigonly A 10.0.0.29 - - diff --git a/bin/tests/system/dnssec/ns3/expiring.example.db.in b/bin/tests/system/dnssec/ns3/expiring.example.db.in deleted file mode 100644 index be3e6803544..00000000000 --- a/bin/tests/system/dnssec/ns3/expiring.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 3600 ; 1 hour -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns - MX 10 mx -ns A 10.53.0.3 -mx A 10.0.0.30 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -child NS ns2.example. -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/extended-ds-unknown-oid.example.db.in b/bin/tests/system/dnssec/ns3/extended-ds-unknown-oid.example.db.in deleted file mode 100644 index f6c4fabdd31..00000000000 --- a/bin/tests/system/dnssec/ns3/extended-ds-unknown-oid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/extradsoid.example.db.in b/bin/tests/system/dnssec/ns3/extradsoid.example.db.in deleted file mode 100644 index f6c4fabdd31..00000000000 --- a/bin/tests/system/dnssec/ns3/extradsoid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/extradsunknownoid.example.db.in b/bin/tests/system/dnssec/ns3/extradsunknownoid.example.db.in deleted file mode 100644 index f6c4fabdd31..00000000000 --- a/bin/tests/system/dnssec/ns3/extradsunknownoid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/insecure.example.db b/bin/tests/system/dnssec/ns3/extrakey.example.db.in similarity index 96% rename from bin/tests/system/dnssec/ns3/insecure.example.db rename to bin/tests/system/dnssec/ns3/extrakey.example.db.in index 76e3f47f211..c1d17da9b8f 100644 --- a/bin/tests/system/dnssec/ns3/insecure.example.db +++ b/bin/tests/system/dnssec/ns3/extrakey.example.db.in @@ -17,8 +17,8 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) - NS ns -ns A 10.53.0.3 + NS ns3 +ns3 A 10.53.0.3 a A 10.0.0.1 b A 10.0.0.2 diff --git a/bin/tests/system/dnssec/ns3/future.example.db.in b/bin/tests/system/dnssec/ns3/future.example.db.in deleted file mode 100644 index 20c19c5216f..00000000000 --- a/bin/tests/system/dnssec/ns3/future.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -child NS ns2.example. -insecure.empty NS ns.insecure.empty -ns.insecure.empty A 10.53.0.3 -foo.*.empty-wild NS ns diff --git a/bin/tests/system/dnssec/ns3/generic.example.db.in b/bin/tests/system/dnssec/ns3/generic.example.db.in deleted file mode 100644 index 5cc3ecc1bbb..00000000000 --- a/bin/tests/system/dnssec/ns3/generic.example.db.in +++ /dev/null @@ -1,23 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a.b A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/inline.example.db b/bin/tests/system/dnssec/ns3/inline.example.db deleted file mode 100644 index 14971bd7a6f..00000000000 --- a/bin/tests/system/dnssec/ns3/inline.example.db +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db b/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db deleted file mode 100644 index 14971bd7a6f..00000000000 --- a/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db b/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db deleted file mode 100644 index 14971bd7a6f..00000000000 --- a/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.optout.example.db b/bin/tests/system/dnssec/ns3/insecure.optout.example.db deleted file mode 100644 index 14971bd7a6f..00000000000 --- a/bin/tests/system/dnssec/ns3/insecure.optout.example.db +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure2.example.db b/bin/tests/system/dnssec/ns3/insecure2.example.db deleted file mode 100644 index 76e3f47f211..00000000000 --- a/bin/tests/system/dnssec/ns3/insecure2.example.db +++ /dev/null @@ -1,27 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -x DNSKEY 258 3 5 Cg== -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/kskonly.example.db.in b/bin/tests/system/dnssec/ns3/kskonly.example.db.in deleted file mode 100644 index 0b11a00b004..00000000000 --- a/bin/tests/system/dnssec/ns3/kskonly.example.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/lower.example.db.in b/bin/tests/system/dnssec/ns3/lower.example.db.in deleted file mode 100644 index a04793e3124..00000000000 --- a/bin/tests/system/dnssec/ns3/lower.example.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA MNAME1. . ( - 2012042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ NS NS -NS A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/managed-future.example.db.in b/bin/tests/system/dnssec/ns3/managed-future.example.db.in deleted file mode 100644 index 20c19c5216f..00000000000 --- a/bin/tests/system/dnssec/ns3/managed-future.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -child NS ns2.example. -insecure.empty NS ns.insecure.empty -ns.insecure.empty A 10.53.0.3 -foo.*.empty-wild NS ns diff --git a/bin/tests/system/dnssec/ns3/multiple.example.db.in b/bin/tests/system/dnssec/ns3/multiple.example.db.in deleted file mode 100644 index f37dd750ce9..00000000000 --- a/bin/tests/system/dnssec/ns3/multiple.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/named.conf.j2 b/bin/tests/system/dnssec/ns3/named.conf.j2 index 47d0422ad2c..6c9e18976cf 100644 --- a/bin/tests/system/dnssec/ns3/named.conf.j2 +++ b/bin/tests/system/dnssec/ns3/named.conf.j2 @@ -123,9 +123,9 @@ zone "insecure.example" { allow-update { any; }; }; -zone "insecure2.example" { +zone "extrakey.example" { type primary; - file "insecure2.example.db"; + file "extrakey.example.db"; allow-update { any; }; }; diff --git a/bin/tests/system/dnssec/ns3/nosign.example.db.in b/bin/tests/system/dnssec/ns3/nosign.example.db.in deleted file mode 100644 index 2be8a2833a4..00000000000 --- a/bin/tests/system/dnssec/ns3/nosign.example.db.in +++ /dev/null @@ -1,23 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in b/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in deleted file mode 100644 index f37dd750ce9..00000000000 --- a/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.example.db.in index 55b38776dad..f326e0b15a1 100644 --- a/bin/tests/system/dnssec/ns3/nsec3.example.db.in +++ b/bin/tests/system/dnssec/ns3/nsec3.example.db.in @@ -17,8 +17,8 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) - NS ns -ns A 10.53.0.3 + NS ns3 +ns3 A 10.53.0.3 a A 10.0.0.1 b A 10.0.0.2 @@ -31,8 +31,8 @@ insecure NS ns.insecure ns.insecure A 10.53.0.3 secure NS ns.secure ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 +nsec3 NS ns3.nsec3 +ns3.nsec3 A 10.53.0.3 optout NS ns.optout ns.optout A 10.53.0.3 02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in deleted file mode 100644 index 15fe621fd09..00000000000 --- a/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in deleted file mode 100644 index 15fe621fd09..00000000000 --- a/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in b/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in deleted file mode 100644 index f37dd750ce9..00000000000 --- a/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in +++ /dev/null @@ -1,29 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.e A 10.0.0.6 -child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.example.db.in index 20c19c5216f..b1bcefa65f3 100644 --- a/bin/tests/system/dnssec/ns3/optout.example.db.in +++ b/bin/tests/system/dnssec/ns3/optout.example.db.in @@ -17,8 +17,8 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) - NS ns -ns A 10.53.0.3 + NS ns3 +ns3 A 10.53.0.3 a A 10.0.0.1 b A 10.0.0.2 @@ -26,14 +26,14 @@ d A 10.0.0.4 z A 10.0.0.26 a.a.a.a A 10.0.0.3 *.wild A 10.0.0.6 -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 +insecure NS ns3.insecure +ns3.insecure A 10.53.0.3 +secure NS ns3.secure +ns3.secure A 10.53.0.3 +nsec3 NS ns3.nsec3 +ns3.nsec3 A 10.53.0.3 +optout NS ns3.optout +ns3.optout A 10.53.0.3 child NS ns2.example. insecure.empty NS ns.insecure.empty ns.insecure.empty A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in deleted file mode 100644 index 15fe621fd09..00000000000 --- a/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/optout.optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.optout.example.db.in deleted file mode 100644 index 15fe621fd09..00000000000 --- a/bin/tests/system/dnssec/ns3/optout.optout.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/publish-inactive.example.db.in b/bin/tests/system/dnssec/ns3/publish-inactive.example.db.in deleted file mode 100644 index 14971bd7a6f..00000000000 --- a/bin/tests/system/dnssec/ns3/publish-inactive.example.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db b/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db deleted file mode 100644 index d51672c03cc..00000000000 --- a/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db +++ /dev/null @@ -1,63 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -; File written on Tue Jan 11 18:07:57 2022 -; dnssec_signzone version 9.17.21 -rsasha1-1024.example. 300 IN SOA mname1. . 2000042407 20 20 1814400 3600 -rsasha1-1024.example. 300 IN RRSIG SOA 5 2 300 20900129082204 20220111060757 22290 rsasha1-1024.example. kM6ztqAaLkxcRxYWrw2oe3qofzoIRjDv/tLD/A5edreqzzwj7H6Ihm0s JHfzqVOWBTwYzX0XgD0PXCqMdkXP7QlcWGYK7uCWnisayZIwNCdkywPC sS2ky1d0eK1A7kJ9nEH/eOgLba5uFZcAo8+9dD/6o6Rt1jTeTQkL4RHI UC8= -; resign=20900129082204 -rsasha1-1024.example. 300 IN NS ns.rsasha1-1024.example. -rsasha1-1024.example. 300 IN RRSIG NS 5 2 300 20900129082204 20220111060757 22290 rsasha1-1024.example. jxbsZlgK4B6IkCrZuNDVv/EIqgCU8pTOyWEt2DqvzRI8AeL3I+U9Nbcz 9gmQRaNEtffLVR/sfht6v1ms4AFJKd0xLSZj9ywsZKCmG12UxfNIoZ49 4d1ono8hGYU8xr1Qh1BU2HwgGY1JF4OyO28cgrkT2F9dAvG8MSMEW5Sg 9A8= -; resign=20900129082204 -rsasha1-1024.example. 300 IN NSEC a.rsasha1-1024.example. NS SOA RRSIG NSEC DNSKEY -rsasha1-1024.example. 300 IN RRSIG NSEC 5 2 300 20900129082204 20220111060757 22290 rsasha1-1024.example. AfEX9beXrft4d1moQD1VP3Em9cMgJmx2EYBKMlW5e5XFNk2Z5Wj1N//3 sBuUPNppxUilUEydqH5psVw7IMhrz8Q1+bhABNV7cPm1EOuq0NuQJ2LN JNlTnjfaRT6IAtY7d+NOCO2eKlDzMC/q8t2oaB+iHhgO7yc5+fxMGyQ/ PVc= -; resign=20900129082204 -rsasha1-1024.example. 300 IN DNSKEY 256 3 5 AwEAAaYD3SqsLtFHSfDhA8HhNKQJOToRptRmFhsYbqre+lq/BLpLQNkA 7Kq+chsUhOe+8OHMfkNXfr3XFyuUA3rBg15kq57NZ5gLzkHyeGqB9Ths M5pdwDCqPjJKP43W2+EXXHWsg5P94yldWcvMx1v80vrxGvUimfiQSznE hok/6oqR -rsasha1-1024.example. 300 IN DNSKEY 257 3 5 AwEAAeEe/ohrvXtDqYgrz5Q1WAKRstnnH0xi/4Mne49PLO56TcVPf6sg xpv/SaHSlQGJnVbQBLebPemKDAC1vVOUqdTDxHJbLuO28brIWMzf0pc1 5G2RNtrQf44E4yaibSROhyBmWoerUHTPGJw6BGDI4fb/CVWujFQ1ieBy WC0p1NWH -rsasha1-1024.example. 300 IN RRSIG DNSKEY 5 2 300 20900129082204 20220111060757 22290 rsasha1-1024.example. nBLPJfoZe4G3wOe17bBSMooRZHe523pjdaTAK2PmXEa8exXH+OWCHh7f Jnh/SI89Hp9a2ru1Skze3FcUcTj/SlwtEuWpxOs9B1R29P1xVPCwkAfb xsmtmE6u5+oeLGrt88zA/kpjx6t0sFbU7A8/qxlpuoH+hdAu1jI2tlP4 d30= -rsasha1-1024.example. 300 IN RRSIG DNSKEY 5 2 300 20900129082204 20220111060757 1151 rsasha1-1024.example. 0oNrcBsFySVjBT60SX3m7cKIPmuCOUH0ZFucrmEVXJLGpNOXe37aXbnC Iz+NHcaaeZQP/w4aYSTyQvZs6Vl5Tufeic3SWalzTGv0f01mIIk24v1a h4ePUB8w0b0+/qq89zl6Ccr2/PgTaLvjuSGYcgX15cigqPRcKQNYCwO1 Vsk= -; resign=20900129082204 -z.rsasha1-1024.example. 300 IN A 10.0.0.26 -z.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. Zf/ynA7APXpNjcMPusIjRan0/ITLmeeY7GJfhCLeD3lEjnAd7dWRl7sC N5sBzUG78Mtgm39Ov/Kj2EwQjFcwcMUmppan3NzS+1YtYuZqlN9iAW+b UUfv8UQUHvM3x/hW4kNCPd2PHIzV2uedIp7VG3Lz72FvjHxECbI7g79V 18c= -; resign=20900129082204 -z.rsasha1-1024.example. 300 IN NSEC rsasha1-1024.example. A RRSIG NSEC -z.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. FPlYMJ41r79tkhIkDTX9/uVtcKXfHa+5oXb8fdo7/2CugjBfp5uihn57 3gMmY7Mi2aVsW64hRkehPJr+sTUOk5+ILhO2Qhjdrm2DpHgeSK29BTQr Okn9ruvpLhRFHwI/DllnKvBOyCmKSzJZE7PDOrqouGclNue07IXz+K2R bME= -; resign=20900129082204 -b.rsasha1-1024.example. 300 IN A 10.0.0.2 -b.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. gQmhCIwai57iscF2s5CJ5DbSy0Z9TiOWYGeFeZITxQ/koFOOjyuZXAZn 6f7mTUcFPhNm4AT/PJAs/L/tzcE16pcVwwDnHszdY28XwEU6OqaXUB3E T/Qu4Sh0BWet9U6JcSSqLG5317qJxqSGfnIJOXMucYi3MH3W8uSpapr+ 4Qk= -; resign=20900129082204 -b.rsasha1-1024.example. 300 IN NSEC d.rsasha1-1024.example. A RRSIG NSEC -b.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. Do6VghMEcHk35Q7fI2VrrQBYhChT4pnw791qUFhHZeol5fIKtEnrlviA RN2fbEY+7OrQQXo7Ywxo7nTD9sYsFgOwGKqKJ+yLNPcr++0csbkgt5rU ch1Lv+t7jOUuUX8IzgjOoCH5j9eoU5QtGkEBxf6z0nvlsLJaTWwTqvbr 7aU= -; resign=20900129082204 -a.rsasha1-1024.example. 300 IN A 10.0.0.1 -a.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. CaPXSTPLNeQ4MyRylYP/Ztb6kRT9/QdgpTnZxUHCjSdWEBXsrkEr55/z dBSQ8zGGOfCxlOkmgH/UrR7JmHTQrIqsb/iVq+6D0mfvNJDyNpT92bo8 r+C62/9NXLlkS5zcpyNG8Ls66EQ7dcFa6SxwdxF1qaoeBjJvkrGUMnzP UFo= -; resign=20900129082204 -a.rsasha1-1024.example. 300 IN NSEC b.rsasha1-1024.example. A RRSIG NSEC -a.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. DJlfCVMSPZ6KUIUhWUBt7LOCB8vBbxOFaR4PoHs/fLpGBWrQj46sjLKO W/TImquBg3ygYTOIyWEzVb177HryRmx65AKnfGLbzaTdTgHzcELwg88t EYFT4ODalqTn68o2RfWtNl95FNqJR/kguxxzFVgpN4zfGKXdhTWAA4JW zG0= -; resign=20900129082204 -a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. 300 IN A 10.0.0.27 -a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. 300 IN RRSIG A 5 13 300 20900129082204 20220111060757 22290 rsasha1-1024.example. PVFCHIXgDCZOHsTsr3G9wMnPPmiY4CfOXC3b1ZF2qEDqloIT+YX5oKKE uiT6fCBteS6Cq8XTXdezXjqTqxrdY4qMMOBDnIZhf8eOxjFzMEUKKZuH 9c5rt8u35TihuIdKv9OPXdWuTJ4dVSEZjNNxvh3VoMW6XFagYmu3f8Gr 0rg= -; resign=20900129082204 -a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. 300 IN NSEC ns.rsasha1-1024.example. A RRSIG NSEC -a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. 300 IN RRSIG NSEC 5 13 300 20900129082204 20220111060757 22290 rsasha1-1024.example. VOOEksRwMWNO2ESMrcMyPFAHuXyYgeLVODy46DwDx8PTli3/UwOH1e3l qd3Poh2K/OFP2v8TuzkXXnPW48Lg90haHtG9yLr5UUNoKntmBC9PFeqt P/qdOBiHszvcyyjJ4gabEX2gn+o/sL/klQV4m3mB4Vf5sg2dfX8Qyuw6 nDQ= -; resign=20900129082204 -d.rsasha1-1024.example. 300 IN A 10.0.0.4 -d.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. XcxbM4wA+yTOAwPePwRIg6E58HuMr5qIkdghNn/R5ck1JdirLbMB/Wpp Si+5a4q9F02Bs8uZv2YXtXRIa32i1/L6OPeU3RFQfvkpHbQNTvPtsuAL bmFGB/zdR6XQpqC6G+ip9qY+mk2hXwCZZ24NW90O9qYlE8Rp145/dIVM DPo= -; resign=20900129082204 -d.rsasha1-1024.example. 300 IN NSEC a.a.a.a.a.a.a.a.a.a.e.rsasha1-1024.example. A RRSIG NSEC -d.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. fmBjPGTNWOXAs51XO1fIRCKAbf9TLTV04TmlgLm50oOouEXsXpwKo6tb MbCGI2f+u986mtzLW4gWY+rcAPrMCndu5BPIYPk/Ngd6zqylWJzAfKyg PIqO0lf6jg0J3FfP39fw9bf+xB+AI1PWBrVZ55LotBYgIBZYhQ1LKPZ2 iyU= -; resign=20900129082204 -ns.rsasha1-1024.example. 300 IN A 10.53.0.3 -ns.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. beHl0WxLgPYkzKs/tdQnphXDzHx6FqdQRlVtJIYHGoWmWe4X6JWg4ENB a0xPeOGFQPBMgNuKbwyjAVmX0B3Su4LiBM7GcmfJbd4YRNCa4hQvhDpG o5A54Pxo2Qdo9Cffhzva5z4iO+DNnmBsfKGPna4sO2lRNfIxXlxCTbnE zps= -; resign=20900129082204 -ns.rsasha1-1024.example. 300 IN NSEC z.rsasha1-1024.example. A RRSIG NSEC -ns.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20900129082204 20220111060757 22290 rsasha1-1024.example. aZTImJ5QFufIQEIuX+5ZYVW2Yq4ctxeX9zm9yrQaUODvVRm3X3WjncrU hkgDaW3a/j8RRG0cdAnzSWCzIMz0Yv4kWxrxCEJyIgmVUQ3fzxzpGwMF ZwCtNb9aWmImcAugTnjocn5+iCiyTEVipZmTASEyN0Bgp5Q4oFChnzIj kjk= -; resign=20900129082204 diff --git a/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db.in b/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db.in index b2e7e21e202..d4009dc97ed 100644 --- a/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db.in +++ b/bin/tests/system/dnssec/ns3/rsasha1-1024.example.db.in @@ -9,19 +9,55 @@ ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +; File written on Sat Jul 5 14:07:41 2025 +; dnssec-signzone version 9.21.10-dev +rsasha1-1024.example. 300 IN SOA mname1. . 2000042407 20 20 1814400 3600 +rsasha1-1024.example. 300 IN RRSIG SOA 5 2 300 20930723222148 20250705200741 58758 rsasha1-1024.example. PJOZW7DeXBMB3VJ3RGFHbq5sWGc8zas7y8BKaEz4rWmScEfJrmt5ZGtm XPuQ08roCQjirb6ltLGMBorOZ5PrKkF998FhihCzUjJm9FSAVu3VW0FH 0AHGRuoErR7goE8kp3mQtqDjQfKN3RYisffzXC8K8WDb9AXNo6tdPl6d efA= +; resign=20930723222148 +rsasha1-1024.example. 300 IN NS ns3.rsasha1-1024.example. +rsasha1-1024.example. 300 IN RRSIG NS 5 2 300 20930723222148 20250705200741 58758 rsasha1-1024.example. 7bxj7Z1i+Yfn9GzJg7eYbx46KPQOybj/aqhJUDp4ajlYKHrHHtlhHiez DfDj5RlgLGdAzRQPBs51L9KWWl+S6+MPujeVOIT+8SLWbkAWiaY2xLl4 YvZOFFelI1msoBPsXHt28OZz395Iun0VRTnOYAVR/M8lFAwhwYKxnK6S pD8= +; resign=20930723222148 +rsasha1-1024.example. 300 IN NSEC a.rsasha1-1024.example. NS SOA RRSIG NSEC DNSKEY +rsasha1-1024.example. 300 IN RRSIG NSEC 5 2 300 20930723222148 20250705200741 58758 rsasha1-1024.example. ranydIBWyrsp6gvreVGLy8jlHnQh6fL36grp1Rqp6OBNsSn+WegQP5uQ alksR/mDvSAFAeCEX6jJ+GbZan9SUYpkrqbyZtrX1+xKnbbu12ogx/lc Egph/QTXsD6iFBXRB7psiqV1mJx2PjmSHEsDN6zxbOvCrSBSoUQZOkeJ ePc= +; resign=20930723222148 +rsasha1-1024.example. 300 IN DNSKEY 256 3 5 AwEAAfrnP/8ng5St8Ok9VOJ4QWrOIfAp1pzT0quT8+Else7jAOI55qAB qcWOOMfkgF3AGfmD/OkTo17fq4HeoULrnOw8mTPjbQFowrnPRWpClj3N lRUVfYpVaKOzy3WnUSiqtegktKMaZgvBz5BgAeJOkG6IpHCqYab5135K JplSUlBz +rsasha1-1024.example. 300 IN DNSKEY 257 3 5 AwEAAfF0adqZOjSh1ADpmABpTwEAD/cWy/+9R42G+DqZK/8pkxfvC6N9 b9zWsa9LhyBge97aq7LyzlKO4HJvYK7su16y3ZeEQUplrwIwD6OPoffu X7vjNA+O7vikjdSN6sXI/x7eKwU+ZQbLyCao4COGy+Xl8VowWmIGJ3DZ wEhwOd+t +rsasha1-1024.example. 300 IN RRSIG DNSKEY 5 2 300 20930723222148 20250705200741 29488 rsasha1-1024.example. qGZmNE1DZMvZ/OwZXuRtebtpIIE3pzYUQngQD9VUHyA9D1cLuElyevgl /pjOh5Vpt0nid1Y0HrLrXYe6xRsT8a+hhp+5ybUqjOpusBDkj/LYnlev y27Nor/GcHNy03R+B/Piu+1T3UA+dxvYc+YJrmmx7XU5tMpqFyV4C4if IyU= +rsasha1-1024.example. 300 IN RRSIG DNSKEY 5 2 300 20930723222148 20250705200741 58758 rsasha1-1024.example. eMnV0gdwLW5SY+gL5CsTilyz3qN9YJBnD/EgaK4xXxnV8hoTXB/QgtAP +/jylOSIMqCT+VA9UlV2q2WyQd3n2ycdAaXIrZhMJDo/ErXcNrfi4h2G aKLVr/NiX6VlNhyNgbYgz0dM6CjcMbFQSr43hFJ4oWbOrEAS5a708/6t uUU= +; resign=20930723222148 +a.rsasha1-1024.example. 300 IN A 10.0.0.1 +a.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. 41BzMHFHRo79n2jipZYetBEeJ2tb/HD2wj28I++yPLmVbn2IUnA0qOQV ypYQmAjhIKgDD+KHq0SB+WbPnVj6buV7WZ8mlknFDNxmMc6erdStBwsO shtL5kNUv33QTsyRGtreCnEjjWSSMzC63sdBXyjN5+ZWVqxKIFKGwMJZ uwg= +; resign=20930723222148 +a.rsasha1-1024.example. 300 IN NSEC b.rsasha1-1024.example. A RRSIG NSEC +a.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. KXNm/3ISKA9TJqFUAgrFVVwrRqIMZ9IhaLALTD8nZl5guNfq1NUnjKQW kbM24C2b9Wb3ID+lIlz8NygSdVyGpUsxvyn3s72wxRHyAQjWSgXMsxHH K7OlPMWKOKEaa27uGjbXkcITPstqveaZNdCdNba7hrjiBuETsLBRQoyi pO8= +; resign=20930723222148 +b.rsasha1-1024.example. 300 IN A 10.0.0.2 +b.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. sFXNp9u1KLmGALRtBygUQa4jNug25BWHJlBjKiaIQHal4YN2wpNMBfP5 8pwAfTJHpMZmnIfTQKpYHFYI+AZ0VUh8KRjkUfZYtgviu6BqPshuhNVa hKYpSzpUDCjjg29oYPC36sIZSnZDbhbRYLzERXMVB/tLujDgjoGD4z3b dzM= +; resign=20930723222148 +b.rsasha1-1024.example. 300 IN NSEC a.b.rsasha1-1024.example. A RRSIG NSEC +b.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. mz7zYeNU967NoqNLTbi9ggh+jG8c4AQK8nfkP6f09EuH76BcU9T/BzKI lLPws1PYmBeT+WXmcwuFyDxPlSntO/xlU/t5wMGOjMwHWRPaFiaAx3H9 PZj9JC4UDfEKOB/2icS9HQrBqzsPlzYVWrdqkAgm4ErVl4DNU0zUhv6y Xpk= +; resign=20930723222148 +a.b.rsasha1-1024.example. 300 IN A 10.0.0.1 +a.b.rsasha1-1024.example. 300 IN RRSIG A 5 4 300 20930723222148 20250705200741 58758 rsasha1-1024.example. e4R1G9oEo5I2kPqVsbUYBgP0Bv5Eyp9BTesgKqAJ0q9NfZGtjh/03kCr A8CPw7mwL3qLEVo/oupkzpLj/gt5Zszdlmu7Bw81cJfV+x5cPyLjXJty Z9+T9KZIFa/tqW8FFF3/owEecTjcPjJs/mrlNy7lbp1kLXBIk6S7yt+c dpo= +; resign=20930723222148 +a.b.rsasha1-1024.example. 300 IN NSEC d.rsasha1-1024.example. A RRSIG NSEC +a.b.rsasha1-1024.example. 300 IN RRSIG NSEC 5 4 300 20930723222148 20250705200741 58758 rsasha1-1024.example. Y3N3uY1kIyY9WlgWF8ZQ9gmo3Xi74G+UF195ljexwkjlU7LOX7TuaJpJ PyaqASJBGNF6aLbcwR89rItxJknSdNk4oqvQiwykZ0e02MXb/zPeqqkG +y9jS9M+ygKjMcyY+qHVgjy5UaldUqOV/bjg7cq2Z2FsCjkD+lCmGzfl pd4= +; resign=20930723222148 +d.rsasha1-1024.example. 300 IN A 10.0.0.4 +d.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. 1jqKrIB7M9la2A8cRVdy92TV19elq3pGvu19DGz77sbn3HYrb3lF+zSl O2g+75RxuwzN8yoGe5P6/EfaZviOPNBV5s5e+xKHQwAxE0RCdnLUcuE9 8PAuNBogBvhrDzZJQh0p1ap4vyuxCEH3jDYua9Ul7VMy8UmGcBO0BuaS f+A= +; resign=20930723222148 +d.rsasha1-1024.example. 300 IN NSEC ns3.rsasha1-1024.example. A RRSIG NSEC +d.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. JA2sayAAdp9pCtOSsv66hD6LlgA8IFC2gzVSIjYVnz5vevoXHcok7HTi UbaaWoE0UaCI5DrMTSc9x6IOMe0OTC4PLPl3dntnaiOZJfe1Fr97zyme jaMzqd61Tla/dGM58KUKKSL30hj/5o5DwW7ppdHKIW0sq3YXufnDOCgx TT8= +; resign=20930723222148 +ns3.rsasha1-1024.example. 300 IN A 10.53.0.3 +ns3.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. NTFkNDGrOnrz1BvHEgqq3I02y+unDlUmkd2RM5pFz4wMWlZm7b2sPFsi kGH8AwE7U5RBR4Pi6YLS7im+GKXRKEChYbHy7QU2XyvGueQ0AK8jLN3+ daSr0vK5RGSDihl3lWELQPGF4/qrYYVQI8itrewvYWA2EKmPjgJAtjKV DO4= +; resign=20930723222148 +ns3.rsasha1-1024.example. 300 IN NSEC z.rsasha1-1024.example. A RRSIG NSEC +ns3.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. Dx7nC3ZCVV+BTR06WOG6vh9mt81aQijpKH7N03GopNejfbEN3dtGR2n4 cEnc/rofcy0HaDiRGKptrxYNDez6g9awh73p9FDQgE/gnnOJ1WAOIyVi XE4OHSwxfRRdYNV5oDY5Dsl9/ZNuewwc22hfEHTALKDv5ncOeGlk4r/U cds= +; resign=20930723222148 +z.rsasha1-1024.example. 300 IN A 10.0.0.26 +z.rsasha1-1024.example. 300 IN RRSIG A 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. RO5OYSdypaZuuB+cYQLfj9nZ6PgCpd3iSOZETdY0/RYcH31dX/mDWa/s ODefiUOcyZNJYbJmcZXbOboBQOsHSB2+SsYwc6hfkKiACvB564/6u/5v hujJJQqEpJfuGEaGfJtQHjPgXQoa33juX7k+4zOQJFAs0z4loIb5s9d2 Gyw= +; resign=20930723222148 +z.rsasha1-1024.example. 300 IN NSEC rsasha1-1024.example. A RRSIG NSEC +z.rsasha1-1024.example. 300 IN RRSIG NSEC 5 3 300 20930723222148 20250705200741 58758 rsasha1-1024.example. hLdkoNjYFvJ0xYYOp2D0mqoZntJ8M0crDboQ5CGQ5fZD3eIFWG/uWqky 9tt6udqkqrVv7cniTlyoD1GQqBpx4FR9P5qgMXDQ5EvZ7WncjfVg2IFV PYZAqV1iFiQXackDd3jipKGFgx8NKvfl/jr1tdNR+5LqxHFM51zb7Hak J08= +; resign=20930723222148 diff --git a/bin/tests/system/dnssec/ns3/rsasha1.example.db b/bin/tests/system/dnssec/ns3/rsasha1.example.db deleted file mode 100644 index 2d16e503d47..00000000000 --- a/bin/tests/system/dnssec/ns3/rsasha1.example.db +++ /dev/null @@ -1,63 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -; File written on Tue Jan 4 17:29:34 2022 -; dnssec_signzone version 9.17.20 -rsasha1.example. 300 IN SOA mname1. . 2000042407 20 20 1814400 3600 -rsasha1.example. 300 IN RRSIG SOA 5 2 300 20900122074341 20220104052934 30286 rsasha1.example. wg8k4y/Cs/+u2QfUnBURhD4isSFTzCofpdhMzVJEUfBqu1DBVO+FECQ4 U80NCg9iksxm7xsWAZiQx6Rzvh1rUqEA7OhCy7XiPuz+jR1TYHXJhRMu t9gu7aCdTkcXYCMtppd49/2vT+WPKB98QIKD6wgl4LFFhwbUCoXavin4 babUiJrJeAnuxmIeD5HtM5a+++p0F8QemdP5FkX3WCRBHNFGnoVYJjc7 PZ+L8ZpKElah47XzJwAYWDr34TwqU9llCOcXlXYKBqDKO9fEtJJ1hyk9 Sf4fGOdzZD9Pj4Zz83UlHumeZPfIC1N0xVBYvGPu8LU41WZ4BgZfKSoS UIpbPQ== -; resign=20900122074341 -rsasha1.example. 300 IN NS ns.rsasha1.example. -rsasha1.example. 300 IN RRSIG NS 5 2 300 20900122074341 20220104052934 30286 rsasha1.example. VqOKkNo7CRH2uquL/46cIVoIPvFYT2WrpwpG6ienlJoLF/mZn0ReoMaK G29R8Q0tklalk14CGShiD409lXDRynyHgmLGIFjkXMd6aNRQOdD1O+7C wEhAj4/FEz+qpk/xRGMslxCCF1P7DxpX5ZPI9DuPVVvTRk4131CALaFQ EPblDzEgd7JeoO0tKnPjpzXLdr86NDeDVZXonimjEhQNrvrrurQ5/u2F x7jVmovN47Z06+XCbleC2ag8ZazNkYfU8GlFvkozZMGZtnpja1/SllNJ ZdURisd3JFMw/xsZd1v2MspKYcZePTfzyk/keXSJ0AlO7TA1X2sjiFOo 1fhSnQ== -; resign=20900122074341 -rsasha1.example. 300 IN NSEC a.rsasha1.example. NS SOA RRSIG NSEC DNSKEY -rsasha1.example. 300 IN RRSIG NSEC 5 2 300 20900122074341 20220104052934 30286 rsasha1.example. U7SEGuJ95CKk6+sWNCNHfPuvjJ2KChhutImWmSTc9lgb3uSfptzwbYnP UZ3xG0IqkayRJhBSizLb5kntvBZbcz4pEWZ+o7ZJdiBHcCARj82OJaLF d147VB3XJa6rIi+o/Zm8SIbxU7gugqRds7KfSTxAIjHzLpCcu12hlgfc Qso1LYiVeU5GVnmfuNJQL7QvS3BQuTylTI1+HQpiY6W8Bzev/TcbhoDJ Ywp4hvgF4VGCvrO2glSO4VycLjluawKSlrNaLbAtWIYYUSPbvtktM8tQ GBqOij4l7eMCTGRCoExWEnr+CzWAauoemhLDh27Bq6VNjD5iIvjzt3Ym uGDQUg== -; resign=20900122074341 -rsasha1.example. 300 IN DNSKEY 256 3 5 AwEAAe31msH3kL5cIQ6C1vTnB8GvbFDm0t/j5XWnLonaKDSUoHtKLlRq pBPuwlORRUZxRSs7VDAaKE0YGky/YklSCqvo8gBD4dkNjWD/6XGkmtEq DOL8XCz1KO+djs7WLCuCyGIkG282+sntuZJj4IMd+ZDW1urCwaP94t3u W9N+PgrSacK9Ff1bwLR9KIgkRFpJ+JxPeaFYnVEyB4ZaZ8DgPWYNJ+aC awL0nATybC8asPeCGvft3lSS99z55IMfkpjF1rwHIVybqhiukRighazQ ljjVQdlXj3YxFgD0fpscJ6yN0QXdseagxiT4PahnwaHYHUhgGm+HB1zA pA49L9dg2RE= -rsasha1.example. 300 IN DNSKEY 257 3 5 AwEAAcQdnpcda8XlNxllEGbWy9EGkD5TtHEbxThaB9c6ZNQPTf3gJw0A LpIZ787sepWND7vPcq6Qb/xZEmC6ER5OfaYbDznUh8q5NaaTbSwv0tng gE8KPwtvlgH+4eUmOcEkGrfR9G6J9S8JTT5bUWKTUbprxE65/8xcY33S cEeOpi34DLR9GLNvPLTSLuWQcYrq1YZFHbivQ45oFD9PvWPJWOoAN68N T28e0ZV8QHuXqW0IEheeW+AEemywupdaxun6Cvvolfz2EMYFnYX8YycE 0qUoDC4W9w3xB4nOllWQfJzgQkSTr/I4XCgepFunBeuAHZhCoQHPt9fK IfPUYxQzaa8= -rsasha1.example. 300 IN RRSIG DNSKEY 5 2 300 20900122074341 20220104052934 30286 rsasha1.example. tODh3LiRuG/ao3ZtJSLBPCy74pkfHXMPRUgFP7MhNR3X6gq75daTVHLi ApTesgAXPAbHI404ps/8M2Z84dkMKBhRDdp1e9OwR8IB4Iw0IOGp2rV7 oZSYNzgnlwRfQ2G75G3xbCjiQhY0H+7IlSiys3sAaI67plvI3nDC3C/r zyDKiY90pK31e+q72SSK+1t/MlsRm0nAYHyUZGLuBMoXYHwonLImeH9Q jwy+cXLwhzOfPfm97ailNifEk38+P+H+Yq35Cp1ezpMzxAi67AcY83sR XB7RVRCf/4uUErh5rYcl6EcnHFh1xA9oSHsaPQbd39PO2fNanyvdPH+p b0ey0A== -rsasha1.example. 300 IN RRSIG DNSKEY 5 2 300 20900122074341 20220104052934 9662 rsasha1.example. Ksyrf1lseBMSQGyPWrSve/X09Nb1CWB//Yvjw9HAEBwna9wseI6cH6mi B1G2JyFmTFzxGgVmf0wB+oec2w7nt5/uUJbyVfLQvCs9RXBGEpKAwhVf GKIwcSF1VTyVfx+PYPHvCpeN01Qm3C/5pJ28dkT65Hry2a7f39kk/8YZ 4zVM1nYaTsBUQdQWvR5UlSm0S3SUMBc2MIEUGUFBhtBJ10W8VkIfNzma ONjMHthu8vLAfwuBYX8zzJIVB31XvnxZDa4LSM4PesyPZ+KVR27o5dlL gQS62u3PWJDgEhUNFIa8A+5kDENC24p7DSfG+Aipe3upefBpBAW3VEdN A/nwQQ== -; resign=20900122074341 -b.rsasha1.example. 300 IN A 10.0.0.2 -b.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. ivXu+xAyZThIsY2T1c1wczdeeIG/37z+nO9sbUOzcUyf4+T9lX+6rU0D gxQTxHVdcsw3ge/C+dU2qcrs3EHHW4JcpT1yZMbXcyo+w5ocj5oHGYD2 L3iKLCEZrzdkIwmY4GXNyTznk0X5GKuaP7P6PeNrwWEBficB6xLSiLm7 tsswVcc4XyHa+zKBbxevIt2bKvRUfruyztgENZXJ5125Kx1Ee70Hwvgw bNc2J7lqpJw5c5O8yUaXq5gsxcaLBuONbQ4ANL5PtFQJJY7B5GhqlRTy gVrThJsoZj66pfa8gK92yn8uRG6sFpAbtPrTMQaReiExOhCUdBZRBmA+ RWUTKQ== -; resign=20900122074341 -b.rsasha1.example. 300 IN NSEC d.rsasha1.example. A RRSIG NSEC -b.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. hHtS5Bev1RkOJhsz4QnWJzzn/BBRLJil1l1RCbX+nbVbPE93l/2aDi12 jgctWKIfAiVfdFn93uno11+7Lq+bJaiMvaozJ+f7XWMAPsITOlKGNtiw l9kqZJExugH3q0RC1W0xxnb6HlIbwYGn6refUexaZKjgBsUg302pY7bh 6z4WuPakuxAqsaI6KLxLAlm7CWmdXvpFMCc1dnIVDplxOAvEINTrEesY sffjfmRbP3YAXC6/xvu0WVlikgklJjjiRqdeiSqPLGlnb79OAF5whHSL nYvWscX00/f+SOiniFoAFH2KeSb7VdJ2jvpTaqWjrYxxvwuZMsKNzwRI 4pnH/w== -; resign=20900122074341 -a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. 300 IN A 10.0.0.27 -a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. 300 IN RRSIG A 5 13 300 20900122074341 20220104052934 30286 rsasha1.example. BQT+sZ6SJUbGDJ0eG6WBM19+UoBGZEie96E7EXaeS4It3M+EaMkIWIGD hp0MwiC0yW8u0zWjlA57t3yRpVhvCic8kl4SPs5tOmDXyy5RRJ7YOHNx 3PCuAbkoTfoLt5ReVtGcs5LTz+lmPUKZw/dwols5x8v1PIC2O/Ud6Yep TE9Qeymj1/C3GxxLVPLxXQhirkhT6LfMmFH6fNwec6U7bVRyMo3twcvK TDxkEZu5qA0+6bSrLC/xdyZYE38RQOlicmmGfYAIkDWKDdDXYbfBeJq6 zP8aFvdqOckDBvXQcnP9Cq+IvQX1noO90ePYf5AzNxAEQFJ4S1LUm/0q mQqNLA== -; resign=20900122074341 -a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. 300 IN NSEC ns.rsasha1.example. A RRSIG NSEC -a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. 300 IN RRSIG NSEC 5 13 300 20900122074341 20220104052934 30286 rsasha1.example. jvJup/Pg4BpAjh+eLMKEYFkpK/iOVt3QggGL7CRMxzxkYYMJNPwXqdAt 5MovIAFjFKBQm0RDe8/tqav/zdOZrDTyRZ2Zsh9qOp7hlOhy4oqQF+4n Wqg3x8v9gSgrzSAsiJAhb3fbbfdAb3Esc1R0Ec/RcLYEUXiD1eLTG0cB qtVmX3McwXTmu0OGpn0Dsg8CTSuQnrvo24bvsah5SEL1/NVkPtEE7KDT Q8orR7LNM0EeIL1CHxT5dqCAo5MvUm9L8GL/YIOZgtifD/uL23T0ej4j 0JYN7EYoDyFT0fyGeBoS2jkCZTsQZivfnkE5J4Ch1nAU5bUmSeX1eZHK nvce9Q== -; resign=20900122074341 -d.rsasha1.example. 300 IN A 10.0.0.4 -d.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. 1mZnG0HsIygSfEue9vMlqWpIQ59EmrktvFrGBzNUEDQDjsoGHv+syMFi A8BtRPkrHZzGaYTqy4L8ZL6V5vZPN1icETNVebx7teBTNFIwlvubdKoQ Zg/37W8gW6U1PN4khQlfX7W5XMFifF4qfCfI3XhkPgKacVaucHQhvGth ZzgCbhCQBVMooRb+v+nzknin0qpIWm7pVPh94BaajxQJ0mNwVQ8hjdJP jy16PH4z/aQ6oPjPKMbnMwTQOdWVUKsZtEkBGcAjJWLFmUJYpR5PPdRB /VsEtjexNKZtDwn0/QUIqUi4GcSp0ISTDBTNDjImJhWVJUoFh6S6zuRW tPYZGA== -; resign=20900122074341 -d.rsasha1.example. 300 IN NSEC a.a.a.a.a.a.a.a.a.a.e.rsasha1.example. A RRSIG NSEC -d.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. oWJRAhXbXUA84Nc56NyMocBq93bn3k4uGeqv+XL2L5l6yjxQYxKzjqq1 O5m72K6GiIjoIeun5TxJlEI7/o1EivTxdGYVP4Fsb//Wrv422QcHwS27 xNsFhLMFQglBCOaZzj1v3G2nXRRjP8x81ysg048THlhH5Jm7cW3aUmuS P6kXebWVwIc2nywLHVr/U4dCT2sHOk2gkUuaj8p6rMLVYwj/5dBRijVl Wm131ZeimetxrrRVxXtOfof7W4pqx3bpYRqb/Exdh035Hen+QesxRYTA zcxY7CywJY59afc9/abQBWGkPLfF7rgfJjPIc3MpJlP4SPf0SV4bTNUU nptZ/A== -; resign=20900122074341 -ns.rsasha1.example. 300 IN A 10.53.0.3 -ns.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. ONQph6nkFWSS6dqe/agbVnbjwTtA8ZZATpTCqoRJp2QoEgIjZ/0Yh7Fl Axz4PnpMYsEoie0IZ0/g+xTH7nXYphZzzzgedK8WK0vdTW3Pspyoiek/ tWjiGshqq1atHgi+jjRiuhnEvkaX0UDipMCQvI7oFHMOJxmnwZBCNWMc kBu9vbqtr/+HM4y+jGywg5l2XVkmHC5RZv1CoYc5PhfvV4zMI2RCb/Km i5eNCrUZefRfAq4fK9M67Jh/WnfRWfnHZKZN3O0yiRdnKOh2tOQP3X46 fIuNldCeg1PPnkbs4R+ekqJYhpEydNuWKEoKw2ZgeIrmbcRqepD6y3SZ UP/TAw== -; resign=20900122074341 -ns.rsasha1.example. 300 IN NSEC z.rsasha1.example. A RRSIG NSEC -ns.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. s7P7k9FDJrO1JhUVjgVUDQXNXfNOJrYVt44OoD45e7w4Q7QkyeZe+6z1 Arj9tW1bI9nIVNo63DT51bsJmj4vPf4SuJgHO05ElkLFSvHn17qMdw8Q Kpx8MQa7plAISqzl9hJip0exMuV+1IHujO9VGE42CxKl0q6l2b/x3+Il afx47bcEePkdhHXyhOSdrtxFTayzjMd/7uSy6p1jFSEVrheejQ/r44t3 9uxEc4EYfiP+HVfnjJ178j2Xa4dZyi3ljhJjaH5oleiy5c2Y5kXRIuXH OcIQ2axO7LT/yupRcBPlo7ulwI9iEVd2Q2gueMqaJ9YEWlcoOSFu1H75 7IRAbA== -; resign=20900122074341 -z.rsasha1.example. 300 IN A 10.0.0.26 -z.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. nuqG+ILECKKCQockETu4yLRKZzv9qjXJpfD0/yw5Cw7nSrZFvAjpkQR2 f+xmzbcxP4xiYqs1I+nz8cnHs6NNkJA8vcmk9dnzRu78X0x8MFFV0Yha jQKK/cSzhEhys7GMYv3Jz6lKfmFOAoq1et9PaQT6w8zQD8Q5vBzKrvZm pg+QzZvvgToZfj4e5J7nrhnyOVo7Jec5l/aBCGJbgRMDxjyyC0ufOjnm POvsTZk+wM3+wuN6zYwDpproPiH/6vC/yPlDHeh6kDt971dMsdvRv+kS KAzPyN8rweptJ/HRprb9x6zcAJOrK0T1sJ+EhMbYMgC/py6aAn+T7G5D FGY1tg== -; resign=20900122074341 -z.rsasha1.example. 300 IN NSEC rsasha1.example. A RRSIG NSEC -z.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. Wj5DkrGppeMFn8bWLUMfFPCzDAO2HeabbEIMaAHBH/g0hdn+2PPkQc8D D6WCSc4q5gyGNRSXj2Kik2TojD9n/5WuwDAA3W2AOso+4d616lSy9pyj x+e4WZ6y6tAYRRIGIVTdDEOxrZ8KspclWk7H6OAAPIYvgZeYjox21qXN BknpIifVoaYUoxi3e81k25erm/Xww4uU2SMQgvq3sBrs0YGANembfxas BRVmSmBykpugHgS1/Fl19Hp40y/JTBzqOLrHgPgHO4aH89dgta0WlMhb 8uCUOjHNjcR+KO3KUpKDZkH8IuJHWWFd0TabdV0KBhpInQh6Yorhpjg7 qNBbgA== -; resign=20900122074341 -a.rsasha1.example. 300 IN A 10.0.0.1 -a.rsasha1.example. 300 IN RRSIG A 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. eJyAqMArSagK54kSFvJxE5qYXFSDYxj6Vt8l4gi58BQigO7p5v0BUWcS icToRx3a9+rSdhnBuGbOWGNlrKFfCKrLmqYrlI9GFSAFLAFj7DETSKDJ X5dQ0KnpyGL3SneQsDWAvAof0y9B17dnBHQMSjeVqqQLjYEnq3ZIdT3c b6emCGMhcbfIAOYWt7t9nk/J2tsTsdoKtTCHP1SHjn5sE++BPXOce49X gFnNMD+pOcoLH8Z07RcTQ8IeNIa9hO8UaypyicaHQ2F0JtsiL1pqREXf QsBeLC12Gbi0rxJX3gdj0LXsmSerVl6BgaNjPTp3840WKrW3nTG/8Lre bxgkow== -; resign=20900122074341 -a.rsasha1.example. 300 IN NSEC b.rsasha1.example. A RRSIG NSEC -a.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20900122074341 20220104052934 30286 rsasha1.example. 6fZ5/GXrFAc9lEspMNlPa40F8O/tGq1oaSZXVstwLH124TNWxRK+i8eT H77Kq80vZkDus8rkLr4fiLP3ApXVBffCRHZWecGrYaPGDbQXALQEktld NhmLr9Nf30Jq7KvVV9Qf4daPC7ZwkB8EsikJxjpQ/paHlU/Pua7ZonnH /x9HHRJBLWb/PPQWEc++8SSjA79+HZVbB8rBwXyxHO1tFBCbBpK/JNwu KpRqNp/mwxPpSaJGZIuhHlzfbLsS4WoXjdG+fob4RqsPPwrf/uAAzKM2 dHVuqZ1erH3ryb4JdRo+MhqD0+vC/7+eNccEXraBsE5xGw4M62Se37WC kyQDQA== -; resign=20900122074341 diff --git a/bin/tests/system/dnssec/ns3/rsasha1.example.db.in b/bin/tests/system/dnssec/ns3/rsasha1.example.db.in index b2e7e21e202..f358bf1248c 100644 --- a/bin/tests/system/dnssec/ns3/rsasha1.example.db.in +++ b/bin/tests/system/dnssec/ns3/rsasha1.example.db.in @@ -9,19 +9,55 @@ ; See the COPYRIGHT file distributed with this work for additional ; information regarding copyright ownership. -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +; File written on Sat Jul 5 14:07:24 2025 +; dnssec-signzone version 9.21.10-dev +rsasha1.example. 300 IN SOA mname1. . 2000042407 20 20 1814400 3600 +rsasha1.example. 300 IN RRSIG SOA 5 2 300 20930723222131 20250705200724 56181 rsasha1.example. HD26wOumxWQ/epo0958sjThZr0yfTMHnIn5hC2ZdOia9uuBBnHR0kPyS ++zd/Q9lFb6MRzkfLEHGexv2fXIHnWcCLp93gYvMm/HWf0/MhUzhabzO YJfcDKRT3PUEgDvuE0tiHEGWHYAb0iXQi1cjpZhvw6yikAQ2o3UUn3e2 QTQ0JO7EnG4wNxPnr92VPcTLTqajczCz63cvCvJpkaUCjAFyTKvCpgyl /eRKagX0UA8lv+DmOwFCTG0p1JeIQMQoW7xZELEWb9mAR/o1VmcJnYT3 Awi35hTj9XhM+bPCK4qqOkq6JNMSnOA4Xxg1baTEqjrFJZmEG+iyImoL 5d1DLQ== +; resign=20930723222131 +rsasha1.example. 300 IN NS ns3.rsasha1.example. +rsasha1.example. 300 IN RRSIG NS 5 2 300 20930723222131 20250705200724 56181 rsasha1.example. KAZovbd0Urp3LIrLsCV7UldT5ze4fYG8iaXWpyrw7/JmZIZOWA3X4rgF hlhxes8xD73qrV96dWuNZmTMs+mp665bAbX78sjfZZdmWGWrpPzse6G3 YEm6EGSOWjrsb/kOmKPiRTaVUhTanAjJC17rhixEYRBrvekpnDx/3PjX HnJRR8a75DXVrhm47u4/hHD7cS2hOfZj4xqNyWOlpNIaH7ZWPzO34SR9 iuPReF4Q06NG741TdAfsl3h9YeCfZWBH1DQ7jwrq5hRGPTtZmq7OTyMm dH0ovRF6ntYYbU0aOanS4l7sjEVwr+AkrFG8Pu9Ipey5Tlgn3bx40cAn 5TDkfg== +; resign=20930723222131 +rsasha1.example. 300 IN NSEC a.rsasha1.example. NS SOA RRSIG NSEC DNSKEY +rsasha1.example. 300 IN RRSIG NSEC 5 2 300 20930723222131 20250705200724 56181 rsasha1.example. DIhZ8/JkklG9nAC0CB98mmOVnXy7KS+CbG4vC8OrnOSi8nyyHuNC2Zt7 p2taM2KshEJ3piXUsICLbQDpHwrbbRx5RbctaLQz5S3lhx+0j3TNZWaT 2kWP5jMyhNDxaNn35xh7yTamDEKC20Bk5YyN76YClEkwqAr9ksj/FUNY RYIG9+4jjOt962Vj/5e0pgK+1ZbM3lF8WvJAh44YgWD9U4D1nBmyrkTq gBwJUbCvEmyoCxOQfSQhTwaAqKQ3IalnC2hfHfYQsEwpbVwfvt4LGEy+ b0vNnBGHKriM2T/p59vtblWirsxDc8QNpYmtOvjVket4nvzBuA7eqUFt /QijRQ== +; resign=20930723222131 +rsasha1.example. 300 IN DNSKEY 256 3 5 AwEAAYnqt4hwxo/oi63pCLz4EQaUyQU1viMhQ6EVnIXKdPdymJ51tKuh qJ+uT1MxcMwH97b/2CtqTtbI4MP7ksxDWh7JE4R2kzdKrtb1darcvSiy Ewh73TG+1wvt1f7ZC8Hw2TdiU+mLL3vFBfmnUN1Q0xSULKckdlOwH9I/ 20xeS6mz8tYxOC/N9N3AH8gPF4pxoEHkX2XpzdmBSKlgD4Sp1Iqqnebg U/JK2JK2SUZr2ZmCeSMmAmPCt5rT6B6hN8XQkhqPLG3vygqsoLbGngVV nBXFpziMi3VyQ48yvjnNTpzrkfNo/3vrRyrLpBw9I8ZtZNOrypwayBdu fgbfk7veeqk= +rsasha1.example. 300 IN DNSKEY 257 3 5 AwEAAcWJul/er9Gsevi3PxbuJV2iGlbCC1WF1PZ9dluBKZFFCRbl45Mt D32nMBjpr0TkwVRVoTa2tNYdPIo/GrS6EZfUzM6coA3IEK68j0tgqz9b S8fJAaBYMTWlcvho/o9aEZjcnVW3c6IwjxAqUq+4wdokgjV64s+RBPZF 1zRbJz8ONINHmxvKHBzZzVa2Cq7FaHoQpF0NVrHhEuic8IXrW5F9Djah 0svAdethvpfpwVIsthfkv8/E4CfLDFymSe93g4mwMgcIBCZs1ikk1tbG 2oTrUjFui+iXJWIAoKZ8PqfBAWnxckTt1FJCg2cNrxtWAo1WncJdX3py hK7TjQ+DIKc= +rsasha1.example. 300 IN RRSIG DNSKEY 5 2 300 20930723222131 20250705200724 55127 rsasha1.example. qrWtbMhGFKeRoXgphkmpTQJxI04Cl/hmtE81YuB9Em7F/cNAu7yFi0O4 ZDmm8qRyV4a7itK0Ce/WzFBrCp3CuyJ9MG3hyvJDtIoLTHtCL0QeMwDA j9V68ajgTBNYC1ZwhbDTiD53EJDjplU2U6lCB0zxzJkEE4wPdkotddjG Q6LOy0qSej4raIoOwptaTIkRXa0fAYXz696A2S8bDq74Z9Bw6qcYoj0X EwqFnngFS2Wf4scpeoplR/psRP6n345inw8duF+XieGdt8XSaBw3Qf/E h0eReXQcA/GFpRj4Rvevj+vN1LSBnuwZMd5aC3+xHYf99jAzPYdglScc Rv19qw== +rsasha1.example. 300 IN RRSIG DNSKEY 5 2 300 20930723222131 20250705200724 56181 rsasha1.example. hvncQdiu+zpcYQRPG19nmbpPPCCGFAT5s4dITGslA5/V764XGvuowX24 CuZMMTefS1KkR79GzRYuTOw/T+vbinMZcU1KvSWaSNsKwYUIsP6cYZXG DX8ug0X+eijggV2bm+43yGjjNKe00e+Aoj8xHNDJhyy+qbKOHUp87Fbc mAKwpq35gEeuBt13PaJxkuQZVxAe88F9TXwhmaUOrlGrj+5XASJR6Cz0 DmlW4p26X//Uvs44bbyDN/hxF1rGOu/D470Q4Lkhsu9B3wtG3vPoNwSv BaMoFU717YJ3a2li7mean6IXIvyCmS1YQk+EvNfcpiW9yPWHjB/0kycH 37HSDw== +; resign=20930723222131 +a.rsasha1.example. 300 IN A 10.0.0.1 +a.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. V0TqYXv83i25Ir50MPgxnWrdhhE1nIMCpAca7e7FKUrLkGlsypFzbTX+ 5hBHaYENXYr+Risr7B4ZdV0LQk4aXfmKqvPLqU0nYfsh/g86bq9wklaU R3QywkOEJqOfirpTWz/wybAE1ELasFncx/VaPrYQ8Zqw6H/Vb1yVSJWs ZqnfDFbZ7mYfEF4wgfc4St3UzjpuoDwfAhbwWg91t85UbYs0SvgYpgbS QLNL+/ltG0hLKNsIzp/aYQQ3IOeeiofDCDOZSl9k3KAezJofJUy3YRBb YVpbe89h6Gb6m4/kO17rLrwQLg7I90ctPgdqQSCKk8x0WzK3N1gfhxxM fcFnsw== +; resign=20930723222131 +a.rsasha1.example. 300 IN NSEC b.rsasha1.example. A RRSIG NSEC +a.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. MxKko8nlw+QysAsrOjR7UtXgHsEsvsDMji/riMT0PbSEDMPJv22hQHbs hDhBD7xNygGZ6bSIX6gXd2uBVfUePzmXCk5tBraXywZ173SvFy/cMJu/ Q9FAFkPKvyEAhswiYUnrXWnujyNmDUK8JFrjI7TSLzQ6mXh4+PO+7b4E GpRCyhArL0Ov1iDipA1CpxCGfLJNaY+kvA+8VPcxob78Ly7cv81kwafY oV635DUp6D4tqSYgPMgwJyOuiek9D7bZJIHPiH/59jWZ0Ik9TNC4EVNF 1Fy4VjdMAFGnW9KIAUWMfSIxImzbh7V17H3H4C96LMNZIWJJG9zxOtMf r6fS2Q== +; resign=20930723222131 +b.rsasha1.example. 300 IN A 10.0.0.2 +b.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. dM6MhQGCqyBNdEbr0YMS/+sUjNDrdkkBcKhrtZ271WDx07838oY9XbpZ v+cKtLuhk69Gm0xErN32k+Qaa+LhqP1YPdqmnyAEycUJXUE7HsH6E9Fz 8AKp/BDQshb209++d3JQxlbch9sqodpIRkxYIkTVJfBt6vsAstYwZHCF I8+PbjTn2zNkBZz0rmj5+AxDDNfnRmcPOoXVJXKNkasQgagSWr1bieb8 15CMDnk/PJhFpHdJ5NiQck8Y9bUMaz8mPBJpFeJwwssY3jCe2qb96IaJ e+XLRpJntHpZvBy3DpO0jA2WHf9WkS1/4toVh4ePHc+FgJBEUXJyPqXc OzjGog== +; resign=20930723222131 +b.rsasha1.example. 300 IN NSEC a.b.rsasha1.example. A RRSIG NSEC +b.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. VV6Z1mhegfATU+mN9gEqrL9oJNpPeZY+Ld7p9kp4oBL+omWo5c/DQ1LR xFUUA6mp1fm81vQwxkxqSwfixABF40lX82ooKQZkgOMKEDvsfkZR4dE5 bN5Dp0JUQTH9fuEX4mo9jrto0gPVKuI0PihHzNfgo8aBFIiXZA86D3/w phVgC+x/o/kZ5Keau01kY8DRxK8Fb1dU3FMjJB8gQFpPwv2wde8yxYgn HUql7sSkmFpQO9heh9+lPqQTwThaiM+PnYY7D96O/28Y4FTfS3D/RCnS Xb4gGM//gkbTmXPlFsaYqYeBdFJbkh0cI4YZxk4ynVXsWL1D0Nb2FqqS XnjBAQ== +; resign=20930723222131 +a.b.rsasha1.example. 300 IN A 10.0.0.1 +a.b.rsasha1.example. 300 IN RRSIG A 5 4 300 20930723222131 20250705200724 56181 rsasha1.example. Ctc9dyCVDi7ptbp/g2H5NmCmPSGhYTKcES2bCXz6xnByyISpjyrJjG9X 71RVB1ZfF9FIiaHu97K96zmYB0GsvhHiYx+WV0En3gYhzWEze3IoCrYf wxYkYwhYeaqRksl4utpDlzURUsxlqGbKw0XFT8vV8lm9nAg7E0hI10Bj VAVvc2Wuf3niV+GE0t2wXa17ccPeL78B7ab59extwCKG/gYLm8gJ547u 9kAdnw2Hi7FWBSXSoM02PESZLcN+GEWJ9Jc6O/m2aGSryer6W4UV8HLF TtN72HJvog1ky3RArlkUwvuwD2w8eiVHARN85t0hnykVT25K0q1dwIR+ d3B2Mw== +; resign=20930723222131 +a.b.rsasha1.example. 300 IN NSEC d.rsasha1.example. A RRSIG NSEC +a.b.rsasha1.example. 300 IN RRSIG NSEC 5 4 300 20930723222131 20250705200724 56181 rsasha1.example. U48IEvy4W8MhJaTxZvemh31MxAU6Xwn5K2MCJhu9MenDRWQqrmPSBKfo nIMSp+a1Wcjsu9UQgBDzoOTuNWKCSI5H2YwhGQsIpCYpIiK/j8X4DCqm cIS0ipTipTbLGPBHfgvwA1KFJhtMi0FOaqe9OXODZFJ3vCz5J/uvmG4H O8PADlUX1clFR4iipLhCa4bvfojUGMM401oDIIxaQLpsrbm1iOqjTvrm glnDQFvFvO3+3J4wLRuVDtV5Z21AhzLIgIXwhh1P4zI4B5aELHB8rrec W6CWkbb6WdZ/rHIiMspe03dby7aW5qbP5pwXwhiycqCqkIvlQAGaxphj 1Hcd3g== +; resign=20930723222131 +d.rsasha1.example. 300 IN A 10.0.0.4 +d.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. fMn2pTXdK3X+l5cwvP/Lk+luqWhC12mxkvK2GNScLGWG6xq9PZzzLUPU mAiEvzUnFPswZzKDgN99OORpPRJXNN7c0S3qqejBhEpz1kkDM1zTaFdY yGwzuNn9I5O6O+//adYkFZu/qCD90ggVA71KSUQVkHfdWt0WiqUdZExY sRbxDf36moVaJ+PtWnnvbXPcdlALouSv3msyf3FwIrfQcr9PpV9bE+rZ jKN+sab4n1/YkSBdFyTht2MSUzxKyfn+TgxCzBdGeSk00JNzyKBlDau8 ebmR7oYLQcAhj43v4u+wPbuilDw4tyhxcgrRMr5ZnjG7XzaivcoLpZMA umrQLw== +; resign=20930723222131 +d.rsasha1.example. 300 IN NSEC ns3.rsasha1.example. A RRSIG NSEC +d.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. G+FZFvRZm4GXf/zfkLH7gWKuTxIhZ3rO/iP9e4Xg2Dcz9Jt/yCIXVkr4 I7bbBOnE8NGS43E55NILYS3aA7llzJtutENqBw9TRW3EcqFlYsFUBUeK T/FCV3zEYlEPeiO82jK7l+1CpiVeVvbX3pLYDrME/lbYeu8KUYsj/fBa Iq5S8mnWD7ZzR7KiSBQU97bn0YAi9pyhA4t3YqrR1MClf3/lpzLq5Rv9 YSzW+7O/jpvCGUotr3bgOpZWtZ0v5QxKdf8Anx6KHgH9n6ZdbareopeO y8mKVk0FmtuYZefMm/0n8uU0aYrwf38bpLMQMcqrT9gVaAPullFC9D/R Z670cw== +; resign=20930723222131 +ns3.rsasha1.example. 300 IN A 10.53.0.3 +ns3.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. V/B0gi6v54YeufttfGwEVEy8+UivueXqqb2BOj+U4wMpFcunT71Y5Sqf iTs5uH42EkyKbBrz+wXyx4ar4VNSp0ONA3oPx0rZTFA6FV18L7BkYPtW Mh2Fs2qxc4XdGUgHqt4K3LT4ond7a2hek0aBA7EWc0hggs2YflE60766 zmjK/OWaUinG/bZqM1KaaMMlporXaGp9yDyvs6ikgI0YKaQd5GtOK5XC xEJPsIovvyvChXPP/OFPnqOjcXS7zZtxey4krqFUe3Ttbb7sQGrAqv2f 59cB7TO5O/uMZ+iy4Q4sih1FPuDYoBCVT/9LzyOp7glyHyvq4Emp9QkA zlYGKg== +; resign=20930723222131 +ns3.rsasha1.example. 300 IN NSEC z.rsasha1.example. A RRSIG NSEC +ns3.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. NpqZAR5fkDzDzqBYzeKD+FbAtMWHj0rcKsJloAsO4bNqAH5575v07oAz CtqIU8QD55zSya6glTWXOImUtPZia7KQAq84k85UmEnI7idDezpO5g5a gwDb8p6/L8a5YFL0i7QmjVjxGxWha7E2dDma3fDIICaF/sMqixE6Qi06 NBXvVwbPYsI27tXEDugigEEoO6mmwUxih8O0ifOjy9rVh8zA7UTT0NtI ZavRYz5grUZ6Otrqf6q1d27PaGxRvBjltmXBZTSmQvHVexkjPlrLcIIN LygvWnYIZfY8csF+5gOlYN6jR6eTnMgjy0Xf4kitUjXAI4apeBe1/nRO P3HlQw== +; resign=20930723222131 +z.rsasha1.example. 300 IN A 10.0.0.26 +z.rsasha1.example. 300 IN RRSIG A 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. K8Cz5MTHdD6loMbfXOSCuwTwsuwGUmqmI7BlKhRULTk5RZRDrXPfiBQa Hr2umtzrnclgm+LSpuFrRPoQOWaJ1cAXzpM8bF+WvL8UKasIxBD5rxzW en/QvmfpgQQH/LwUW+MnsIMuDxs8P5GQ4267crMPfZ7kwaA69FIz/TCJ B0mt5bw/6I7MABqxD3YfZ69uxh04WtjhHFGTBV9CUhsvB1IXgSU7udKg 2+ZTJJqRf4+6hy3ztJFy28HRcBHPkdcJ1AR++pPb8PTFTIUdBqzZQ8h7 kFYQP6jOP34rw8HuvNB6El5scCr7emhMt0yuEdA4+hbQc8UUU7qo1z4C l/gj+A== +; resign=20930723222131 +z.rsasha1.example. 300 IN NSEC rsasha1.example. A RRSIG NSEC +z.rsasha1.example. 300 IN RRSIG NSEC 5 3 300 20930723222131 20250705200724 56181 rsasha1.example. eJ35f6tSE8yUMR+z+vnJwdg8eAS/VM2e0oVaGLD5JBwboocJW45IaRv0 DIbq62NBt+BHSv2LZlKXaZwA+rNGmcDXqhlscTMYoqIu2AItNBRJaQwj 3aF3AySSOADG1obymVM+HLVO12kifQTJBSPHUcpuvtBtnz1o4POaBFAa icCJf33cNirEDIYWGTmc2MejhrvfU/uuy3YIHUFYkAiX6WISva9pmNiJ pPq+5zRUZpsFISHc0W6coUuwgyQlVLmziTVesfgxSER0rp0BJ/B7M14+ xvWPSoHHhSU0fR8DkzUWJA6hbEpgB7sLNDL4NPnaUDiZGdTXCGzXbnum Ttcm8Q== +; resign=20930723222131 diff --git a/bin/tests/system/dnssec/ns3/rsasha256.example.db.in b/bin/tests/system/dnssec/ns3/rsasha256.example.db.in deleted file mode 100644 index f6c4fabdd31..00000000000 --- a/bin/tests/system/dnssec/ns3/rsasha256.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/rsasha256oid.example.db.in b/bin/tests/system/dnssec/ns3/rsasha256oid.example.db.in deleted file mode 100644 index f6c4fabdd31..00000000000 --- a/bin/tests/system/dnssec/ns3/rsasha256oid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/rsasha512.example.db.in b/bin/tests/system/dnssec/ns3/rsasha512.example.db.in deleted file mode 100644 index f6c4fabdd31..00000000000 --- a/bin/tests/system/dnssec/ns3/rsasha512.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/rsasha512oid.example.db.in b/bin/tests/system/dnssec/ns3/rsasha512oid.example.db.in deleted file mode 100644 index f6c4fabdd31..00000000000 --- a/bin/tests/system/dnssec/ns3/rsasha512oid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in b/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in deleted file mode 100644 index 14971bd7a6f..00000000000 --- a/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/secure.example.db.in b/bin/tests/system/dnssec/ns3/secure.example.db.in index 5859ebcdc5e..decb1eb3f03 100644 --- a/bin/tests/system/dnssec/ns3/secure.example.db.in +++ b/bin/tests/system/dnssec/ns3/secure.example.db.in @@ -38,8 +38,8 @@ ns.private A 10.53.0.2 insecure NS ns2.insecure ns2.insecure A 10.53.0.2 -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 +nosoa NS ns6.nosoa +ns6.nosoa A 10.53.0.6 normalthenrrsig A 10.0.0.28 rrsigonly A 10.0.0.29 diff --git a/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in deleted file mode 100644 index 15fe621fd09..00000000000 --- a/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/secure.optout.example.db.in b/bin/tests/system/dnssec/ns3/secure.optout.example.db.in deleted file mode 100644 index 15fe621fd09..00000000000 --- a/bin/tests/system/dnssec/ns3/secure.optout.example.db.in +++ /dev/null @@ -1,35 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - diff --git a/bin/tests/system/dnssec/ns3/siginterval.example.db.in b/bin/tests/system/dnssec/ns3/siginterval.example.db.in deleted file mode 100644 index ec6603a91f8..00000000000 --- a/bin/tests/system/dnssec/ns3/siginterval.example.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2012042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ NS ns -ns A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/sign-rsasha1-1024.sh b/bin/tests/system/dnssec/ns3/sign-rsasha1-1024.sh index 20e4bc52dd7..981d4af52b2 100644 --- a/bin/tests/system/dnssec/ns3/sign-rsasha1-1024.sh +++ b/bin/tests/system/dnssec/ns3/sign-rsasha1-1024.sh @@ -20,8 +20,8 @@ zone=rsasha1-1024.example k1=$("$KEYGEN" -a rsasha1 -b 1024 $zone) k2=$("$KEYGEN" -a rsasha1 -b 1024 -f KSK $zone) -cat $zone.db.in $k1.key $k2.key >$zone.tmp -# use maximum expirey period (-e 2^31-1-3600) +cat template.db.in $k1.key $k2.key >$zone.tmp +# use maximum expiry period (-e 2^31-1-3600) # use output format full for easy extraction of KSK (-O full) "$SIGNER" -e +2147480047 -o $zone -f $zone.db -O full $zone.tmp rm -f $k1.key $k1.private $k2.key $k2.private $zone.tmp diff --git a/bin/tests/system/dnssec/ns3/sign-rsasha1.sh b/bin/tests/system/dnssec/ns3/sign-rsasha1.sh index c62f3fe660f..ce2afa254f6 100644 --- a/bin/tests/system/dnssec/ns3/sign-rsasha1.sh +++ b/bin/tests/system/dnssec/ns3/sign-rsasha1.sh @@ -20,8 +20,8 @@ zone=rsasha1.example k1=$("$KEYGEN" -a rsasha1 $zone) k2=$("$KEYGEN" -a rsasha1 -f KSK $zone) -cat $zone.db.in $k1.key $k2.key >$zone.tmp -# use maximum expirey period (-e 2^31-1-3600) +cat template.db.in $k1.key $k2.key >$zone.tmp +# use maximum expiry period (-e 2^31-1-3600) # use output format full for easy extraction of KSK (-O full) -"$SIGNER" +2147480047 -o $zone -f $zone.db -O full $zone.tmp +"$SIGNER" -e +2147480047 -o $zone -f $zone.db -O full $zone.tmp rm -f $k1.key $k1.private $k2.key $k2.private $zone.tmp diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index 58da7378f03..b7ec530e3c9 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -77,6 +77,14 @@ done echo_i "ns3/sign.sh: example zones" +# first set up some insecure zones: +cp template.db.in insecure.example.db +cp template.db.in insecure.below-cname.example.db +cp template.db.in insecure.nsec3.example.db +cp template.db.in insecure.optout.example.db +cp extrakey.example.db.in extrakey.example.db + +# now the signed zones: zone=secure.example. infile=secure.example.db.in zonefile=secure.example.db @@ -92,7 +100,7 @@ cat "$zonefile" "$zonefile".signed >"$zonefile".tmp mv "$zonefile".tmp "$zonefile".signed zone=bogus.example. -infile=bogus.example.db.in +infile=template.db.in zonefile=bogus.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -102,7 +110,7 @@ cat "$infile" "$keyname.key" >"$zonefile" "$SIGNER" -z -o "$zone" "$zonefile" >/dev/null zone=dynamic.example. -infile=dynamic.example.db.in +infile=template.db.in zonefile=dynamic.example.db keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -113,7 +121,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" "$SIGNER" -o "$zone" "$zonefile" >/dev/null zone=keyless.example. -infile=generic.example.db.in +infile=template.db.in zonefile=keyless.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -134,7 +142,7 @@ rm -f "$zonefiletmp" # NSEC3/NSEC test zone # zone=secure.nsec3.example. -infile=secure.nsec3.example.db.in +infile=template.db.in zonefile=secure.nsec3.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -147,7 +155,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # NSEC3/NSEC3 test zone # zone=nsec3.nsec3.example. -infile=nsec3.nsec3.example.db.in +infile=template.db.in zonefile=nsec3.nsec3.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -160,7 +168,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # OPTOUT/NSEC3 test zone # zone=optout.nsec3.example. -infile=optout.nsec3.example.db.in +infile=template.db.in zonefile=optout.nsec3.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -186,7 +194,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # OPTOUT/NSEC test zone # zone=secure.optout.example. -infile=secure.optout.example.db.in +infile=template.db.in zonefile=secure.optout.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -199,7 +207,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # OPTOUT/NSEC3 test zone # zone=nsec3.optout.example. -infile=nsec3.optout.example.db.in +infile=template.db.in zonefile=nsec3.optout.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -212,7 +220,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # OPTOUT/OPTOUT test zone # zone=optout.optout.example. -infile=optout.optout.example.db.in +infile=template.db.in zonefile=optout.optout.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -238,7 +246,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U). # zone=nsec3-unknown.example. -infile=nsec3-unknown.example.db.in +infile=template.db.in zonefile=nsec3-unknown.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -251,7 +259,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A optout nsec3 zone with a unknown nsec3 hash algorithm (-U). # zone=optout-unknown.example. -infile=optout-unknown.example.db.in +infile=template.db.in zonefile=optout-unknown.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -265,7 +273,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # Algorithm 7 is replaced by 100 in the zone and dsset. # zone=dnskey-unknown.example -infile=dnskey-unknown.example.db.in +infile=template.db.in zonefile=dnskey-unknown.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -284,7 +292,7 @@ $DSFROMKEY -A -f ${zonefile}.signed "$zone" >"$DSFILE" # Algorithm 7 is replaced by 255 in the zone and dsset. # zone=dnskey-unsupported.example -infile=dnskey-unsupported.example.db.in +infile=template.db.in zonefile=dnskey-unsupported.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -303,7 +311,7 @@ $DSFROMKEY -A -f ${zonefile}.signed "$zone" >"$DSFILE" # digest for another DNSKEY # zone=digest-alg-unsupported.example. -infile=digest-alg-unsupported.example.db.in +infile=template.db.in zonefile=digest-alg-unsupported.example.db cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone") @@ -327,7 +335,7 @@ $DSFROMKEY -2 -A -f ${zonefile}.signed "$zone" | tail -1 >>"$DSFILE" # to mimic unsupported DS digest (see ns5/many_anchors). # zone=ds-unsupported.example. -infile=ds-unsupported.example.db.in +infile=template.db.in zonefile=ds-unsupported.example.db cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone") @@ -345,13 +353,13 @@ mv "$zonefile".tmp "$zonefile".signed # Different from above because this key is not intended for signing. # zone=dnskey-unsupported-2.example -infile=dnskey-unsupported-2.example.db.in +infile=template.db.in zonefile=dnskey-unsupported-2.example.db ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") -cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key >"$zonefile" +cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key.in >"$zonefile" "$SIGNER" -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" >/dev/null @@ -360,7 +368,7 @@ cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key >"$zonefile" # Algorithm 7 is replaced by 100 in the zone and dsset. # zone=dnskey-nsec3-unknown.example -infile=dnskey-nsec3-unknown.example.db.in +infile=template.db.in zonefile=dnskey-nsec3-unknown.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -378,7 +386,7 @@ $DSFROMKEY -A -f ${zonefile}.signed "$zone" >"$DSFILE" # A multiple parameter nsec3 zone. # zone=multiple.example. -infile=multiple.example.db.in +infile=template.db.in zonefile=multiple.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -386,23 +394,23 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" "$SIGNER" -z -O full -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC" || ( $4 == "RRSIG" && $5 == "NSEC" ) { print }' "$zonefile".signed >NSEC +awk '$4 == "NSEC" || ( $4 == "RRSIG" && $5 == "NSEC" ) { print }' "$zonefile".signed >NSEC.db "$SIGNER" -z -O full -u3 - -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >NSEC3 +awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >NSEC3.db "$SIGNER" -z -O full -u3 AAAA -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3 +awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3.db "$SIGNER" -z -O full -u3 BBBB -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3 +awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3.db "$SIGNER" -z -O full -u3 CCCC -o "$zone" "$zonefile" >/dev/null -awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3 +awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >>NSEC3.db "$SIGNER" -z -O full -u3 DDDD -o "$zone" "$zonefile" >/dev/null -cat NSEC NSEC3 >>"$zonefile".signed +cat NSEC.db NSEC3.db >>"$zonefile".signed # # A RSASHA256 zone. # zone=rsasha256.example. -infile=rsasha256.example.db.in +infile=template.db.in zonefile=rsasha256.example.db keyname=$("$KEYGEN" -q -a RSASHA256 "$zone") @@ -415,7 +423,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A RSASHA512 zone. # zone=rsasha512.example. -infile=rsasha512.example.db.in +infile=template.db.in zonefile=rsasha512.example.db keyname=$("$KEYGEN" -q -a RSASHA512 "$zone") @@ -428,7 +436,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A RSASHA256OID zone. # zone=rsasha256oid.example. -infile=rsasha256oid.example.db.in +infile=template.db.in zonefile=rsasha256oid.example.db keyname=$("$KEYGEN" -q -a RSASHA256OID "$zone") @@ -441,7 +449,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # A RSASHA512OID zone. # zone=rsasha512oid.example. -infile=rsasha512oid.example.db.in +infile=template.db.in zonefile=rsasha512oid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -456,7 +464,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # 1.2.840.113549.1.1.14 # zone=unknownoid.example -infile=unknownoid.example.db.in +infile=template.db.in zonefile=unknownoid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -481,7 +489,7 @@ sed "s/\(2[0-9]* 2[0-9]*\) [1-9][0-9]* unknownoid.example./\1 ${tag} unknownoid. # A PRIVATEOID zone with a extra DS record for a non-existent DNSKEY. # zone=extradsoid.example. -infile=extradsoid.example.db.in +infile=template.db.in zonefile=extradsoid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -502,7 +510,7 @@ keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") # the DNSKEY RRset with using this unknown OID. # zone=extradsunknownoid.example -infile=extradsunknownoid.example.db.in +infile=template.db.in zonefile=extradsunknownoid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -536,7 +544,7 @@ sed 's/CwYJKoZIhvcN/CwYJKoZIhvcO/' <"$keyname.key" | "$DSFROMKEY" -2A -f - "$zon # match the DNSKEY RRset with using this unknown OID. # zone=extended-ds-unknown-oid.example -infile=extended-ds-unknown-oid.example.db.in +infile=template.db.in zonefile=extended-ds-unknown-oid.example.db keyname=$("$KEYGEN" -q -a RSASHA512OID "$zone") @@ -568,7 +576,7 @@ fi # A zone with the DNSKEY set only signed by the KSK # zone=kskonly.example. -infile=kskonly.example.db.in +infile=template.db.in zonefile=kskonly.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") @@ -580,7 +588,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # A zone with the expired signatures # zone=expired.example. -infile=expired.example.db.in +infile=template.db.in zonefile=expired.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") @@ -593,7 +601,7 @@ rm -f "$kskname.*" "$zskname.*" # A NSEC3 signed zone that will have a DNSKEY added to it via UPDATE. # zone=update-nsec3.example. -infile=update-nsec3.example.db.in +infile=template.db.in zonefile=update-nsec3.example.db kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") @@ -606,7 +614,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # extra keys not in the initial signed zone. # zone=auto-nsec.example. -infile=auto-nsec.example.db.in +infile=template.db.in zonefile=auto-nsec.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") @@ -621,7 +629,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # extra keys not in the initial signed zone. # zone=auto-nsec3.example. -infile=auto-nsec3.example.db.in +infile=template.db.in zonefile=auto-nsec3.example.db kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") @@ -635,7 +643,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # Secure below cname test zone. # zone=secure.below-cname.example. -infile=secure.below-cname.example.db.in +infile=template.db.in zonefile=secure.below-cname.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -645,7 +653,7 @@ cat "$infile" "$keyname.key" >"$zonefile" # Patched TTL test zone. # zone=ttlpatch.example. -infile=ttlpatch.example.db.in +infile=template.db.in zonefile=ttlpatch.example.db signedfile=ttlpatch.example.db.signed patchedfile=ttlpatch.example.db.patched @@ -661,7 +669,7 @@ $CHECKZONE -D -s full "$zone" $signedfile 2>/dev/null \ # Separate DNSSEC records. # zone=split-dnssec.example. -infile=split-dnssec.example.db.in +infile=template.db.in zonefile=split-dnssec.example.db signedfile=split-dnssec.example.db.signed @@ -675,7 +683,7 @@ echo "\$INCLUDE \"$signedfile\"" >>"$zonefile" # Separate DNSSEC records smart signing. # zone=split-smart.example. -infile=split-smart.example.db.in +infile=template.db.in zonefile=split-smart.example.db signedfile=split-smart.example.db.signed @@ -690,7 +698,7 @@ echo "\$INCLUDE \"$signedfile\"" >>"$zonefile" # Zone with signatures about to expire, but no private key to replace them # zone="expiring.example." -infile="expiring.example.db.in" +infile="template.db.in" zonefile="expiring.example.db" signedfile="expiring.example.db.signed" kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -704,15 +712,15 @@ mv -f "${kskname}.private" "${kskname}.private.moved" # A zone where the signer's name has been forced to uppercase. # zone="upper.example." -infile="upper.example.db.in" +infile="template.db.in" zonefile="upper.example.db" lower="upper.example.db.lower" signedfile="upper.example.db.signed" kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") cp "$infile" "$zonefile" -"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" >/dev/null -$CHECKZONE -D upper.example $lower 2>/dev/null \ +"$SIGNER" -P -S -o "$zone" -f "$lower" "$zonefile" >/dev/null +$CHECKZONE -D upper.example "$lower" 2>/dev/null \ | sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' >$signedfile # @@ -720,18 +728,19 @@ $CHECKZONE -D upper.example $lower 2>/dev/null \ # upper case. # zone="LOWER.EXAMPLE." -infile="lower.example.db.in" +infile="template.db.in" zonefile="lower.example.db" signedfile="lower.example.db.signed" +sed -e 's/ns3/NS3/' -e 's/mname1/MNAME1/' "$infile" >"$zonefile" kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") -cp "$infile" "$zonefile" "$SIGNER" -P -S -o "$zone" "$zonefile" >/dev/null # # An inline signing zone # zone=inline.example. +cp template.db.in inline.example.db kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -739,7 +748,7 @@ zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") # A zone which will change its signatures-validity # zone=siginterval.example -infile=siginterval.example.db.in +infile=template.db.in zonefile=siginterval.example.db kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone") zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -747,10 +756,9 @@ cp "$infile" "$zonefile" # # A zone with a bad DS in the parent -# (sourced from bogus.example.db.in) # zone=badds.example. -infile=bogus.example.db.in +infile=template.db.in zonefile=badds.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -764,7 +772,7 @@ sed -e 's/bogus/badds/g' dsset-badds.example. # Same as badds, but locally trusted by the forwarder # zone=localkey.example. -infile=bogus.example.db.in +infile=template.db.in zonefile=localkey.example.db keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -779,7 +787,7 @@ keyfile_to_static_keys $keyname >../ns9/trusted-localkey.conf # A zone with future signatures. # zone=future.example -infile=future.example.db.in +infile=template.db.in zonefile=future.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -791,7 +799,7 @@ cp -f "$kskname.key" trusted-future.key # A zone with future signatures. # zone=managed-future.example -infile=managed-future.example.db.in +infile=template.db.in zonefile=managed-future.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") @@ -802,7 +810,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" # A zone with a revoked key # zone=revkey.example. -infile=generic.example.db.in +infile=template.db.in zonefile=revkey.example.db ksk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -3fk "$zone") @@ -848,12 +856,16 @@ cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \ # We only need to generate the dsset. # zone=rsasha1.example +infile=rsasha1.example.db.in zonefile=rsasha1.example.db +cp $infile $zonefile awk '$4 == "DNSKEY" && $5 == 257 { print }' "$zonefile" \ | $DSFROMKEY -f - "$zone" >"dsset-${zone}." zone=rsasha1-1024.example +infile=rsasha1-1024.example.db.in zonefile=rsasha1-1024.example.db +cp $infile $zonefile awk '$4 == "DNSKEY" && $5 == 257 { print }' "$zonefile" \ | $DSFROMKEY -f - "$zone" >"dsset-${zone}." diff --git a/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in b/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in deleted file mode 100644 index 55b38776dad..00000000000 --- a/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in +++ /dev/null @@ -1,38 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -child NS ns2.example. -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/split-smart.example.db.in b/bin/tests/system/dnssec/ns3/split-smart.example.db.in deleted file mode 100644 index 55b38776dad..00000000000 --- a/bin/tests/system/dnssec/ns3/split-smart.example.db.in +++ /dev/null @@ -1,38 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a A 10.0.0.3 -*.wild A 10.0.0.6 -child NS ns2.example. -insecure NS ns.insecure -ns.insecure A 10.53.0.3 -secure NS ns.secure -ns.secure A 10.53.0.3 -nsec3 NS ns.nsec3 -ns.nsec3 A 10.53.0.3 -optout NS ns.optout -ns.optout A 10.53.0.3 -02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns2/insecure.secure.example.db b/bin/tests/system/dnssec/ns3/template.db.in similarity index 93% rename from bin/tests/system/dnssec/ns2/insecure.secure.example.db rename to bin/tests/system/dnssec/ns3/template.db.in index 62862f53056..f603e448ff3 100644 --- a/bin/tests/system/dnssec/ns2/insecure.secure.example.db +++ b/bin/tests/system/dnssec/ns3/template.db.in @@ -17,10 +17,11 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) - NS ns2 -ns2 A 10.53.0.2 + NS ns3 +ns3 A 10.53.0.3 a A 10.0.0.1 +a.b A 10.0.0.1 b A 10.0.0.2 d A 10.0.0.4 z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in b/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in deleted file mode 100644 index 14971bd7a6f..00000000000 --- a/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in +++ /dev/null @@ -1,26 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/unknownoid.example.db.in b/bin/tests/system/dnssec/ns3/unknownoid.example.db.in deleted file mode 100644 index f6c4fabdd31..00000000000 --- a/bin/tests/system/dnssec/ns3/unknownoid.example.db.in +++ /dev/null @@ -1,28 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2009102722 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a diff --git a/bin/tests/system/dnssec/ns3/unsupported-algorithm.key b/bin/tests/system/dnssec/ns3/unsupported-algorithm.key.in similarity index 100% rename from bin/tests/system/dnssec/ns3/unsupported-algorithm.key rename to bin/tests/system/dnssec/ns3/unsupported-algorithm.key.in diff --git a/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in b/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in deleted file mode 100644 index 34006877b35..00000000000 --- a/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in +++ /dev/null @@ -1,40 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2000042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) - NS ns -ns A 10.53.0.3 - -a A 10.0.0.1 -b A 10.0.0.2 -d A 10.0.0.4 -z A 10.0.0.26 -a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 -x CNAME a - -private NS ns.private -ns.private A 10.53.0.2 - -insecure NS ns.insecure -ns.insecure A 10.53.0.2 - -nosoa NS ns.nosoa -ns.nosoa A 10.53.0.6 - -normalthenrrsig A 10.0.0.28 -rrsigonly A 10.0.0.29 diff --git a/bin/tests/system/dnssec/ns3/upper.example.db.in b/bin/tests/system/dnssec/ns3/upper.example.db.in deleted file mode 100644 index ec6603a91f8..00000000000 --- a/bin/tests/system/dnssec/ns3/upper.example.db.in +++ /dev/null @@ -1,21 +0,0 @@ -; Copyright (C) Internet Systems Consortium, Inc. ("ISC") -; -; SPDX-License-Identifier: MPL-2.0 -; -; This Source Code Form is subject to the terms of the Mozilla Public -; License, v. 2.0. If a copy of the MPL was not distributed with this -; file, you can obtain one at https://mozilla.org/MPL/2.0/. -; -; See the COPYRIGHT file distributed with this work for additional -; information regarding copyright ownership. - -$TTL 300 ; 5 minutes -@ IN SOA mname1. . ( - 2012042407 ; serial - 20 ; refresh (20 seconds) - 20 ; retry (20 seconds) - 1814400 ; expire (3 weeks) - 3600 ; minimum (1 hour) - ) -@ NS ns -ns A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns6/nosoa.secure.example.db b/bin/tests/system/dnssec/ns6/nosoa.secure.example.db.in similarity index 93% rename from bin/tests/system/dnssec/ns6/nosoa.secure.example.db rename to bin/tests/system/dnssec/ns6/nosoa.secure.example.db.in index 6b7af125534..85044d4168b 100644 --- a/bin/tests/system/dnssec/ns6/nosoa.secure.example.db +++ b/bin/tests/system/dnssec/ns6/nosoa.secure.example.db.in @@ -17,6 +17,6 @@ $TTL 300 ; 5 minutes 1814400 ; expire (3 weeks) 3600 ; minimum (1 hour) ) -@ IN NS ns -ns IN A 10.53.0.6 +@ IN NS ns6 +ns6 IN A 10.53.0.6 a IN A 1.2.3.4 diff --git a/bin/tests/system/dnssec/ns6/sign.sh b/bin/tests/system/dnssec/ns6/sign.sh index 74ae836f718..f2e231f2358 100644 --- a/bin/tests/system/dnssec/ns6/sign.sh +++ b/bin/tests/system/dnssec/ns6/sign.sh @@ -18,6 +18,13 @@ set -e echo_i "ns6/sign.sh" +# set up unsigned zone first +zone=nosoa.secure.example. +infile=nosoa.secure.example.db.in +zonefile=nosoa.secure.example.db +cp "$infile" "$zonefile" + +# now sign the others zone=optout-tld infile=optout-tld.db.in zonefile=optout-tld.db diff --git a/bin/tests/system/dnssec/tests_badkey.py b/bin/tests/system/dnssec/tests_badkey.py index b646789e3a9..ca883f81e7b 100644 --- a/bin/tests/system/dnssec/tests_badkey.py +++ b/bin/tests/system/dnssec/tests_badkey.py @@ -11,9 +11,39 @@ from dns import flags +import pytest + import isctest +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + def test_misconfigured_validation(): # check that validation fails with a misconfigured trust anchor msg = isctest.query.create("example.", "SOA") diff --git a/bin/tests/system/dnssec/tests_delv.py b/bin/tests/system/dnssec/tests_delv.py index 5e5f375ab79..6ed76fe90fe 100644 --- a/bin/tests/system/dnssec/tests_delv.py +++ b/bin/tests/system/dnssec/tests_delv.py @@ -18,7 +18,35 @@ import pytest import isctest -pytestmark = pytest.mark.skipif(bool(os.getenv("TSAN_OPTIONS", "")), reason="TSAN") +pytestmark = [ + pytest.mark.skipif(bool(os.getenv("TSAN_OPTIONS", "")), reason="TSAN"), + pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] + ), +] # helper functions diff --git a/bin/tests/system/dnssec/tests_policy.py b/bin/tests/system/dnssec/tests_policy.py index bbeb8189b3e..d76a0ed5f0a 100644 --- a/bin/tests/system/dnssec/tests_policy.py +++ b/bin/tests/system/dnssec/tests_policy.py @@ -14,9 +14,39 @@ import time from dns import rdatatype +import pytest + import isctest +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + def is_rrsig_soa(rrset): return rrset.rdtype == rdatatype.RRSIG and rrset.covers == rdatatype.SOA diff --git a/bin/tests/system/dnssec/tests_signing.py b/bin/tests/system/dnssec/tests_signing.py index a5919e78d9a..617c62234f0 100644 --- a/bin/tests/system/dnssec/tests_signing.py +++ b/bin/tests/system/dnssec/tests_signing.py @@ -23,6 +23,34 @@ pytest.importorskip("dns", minversion="2.0.0") import isctest +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + # helper functions def grep_c(regex, filename): with open(filename, "r", encoding="utf-8") as f: @@ -171,10 +199,10 @@ def test_update_signing(): # check that the NSEC3 record for the apex is properly signed # when a DNSKEY is added via UPDATE key = keygen( - "-q3fk", "-a", os.environ["DEFAULT_ALGORITHM"], "update-nsec3.example." + "-Kns3", "-q3fk", "-a", os.environ["DEFAULT_ALGORITHM"], "update-nsec3.example." ) - with open(f"{key}.key", "r", encoding="utf-8") as f: + with open(f"ns3/{key}.key", "r", encoding="utf-8") as f: dnskey = f.read().splitlines()[-1] dnskey = " ".join(dnskey.split()[3:]) diff --git a/bin/tests/system/dnssec/tests_tat.py b/bin/tests/system/dnssec/tests_tat.py index 5f527d0964c..97b5a253f38 100644 --- a/bin/tests/system/dnssec/tests_tat.py +++ b/bin/tests/system/dnssec/tests_tat.py @@ -14,9 +14,39 @@ import re from dns import edns +import pytest + import isctest +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + def test_tat_queries(servers): ns1 = servers["ns1"] ns6 = servers["ns6"] diff --git a/bin/tests/system/dnssec/tests_validation.py b/bin/tests/system/dnssec/tests_validation.py index 8c9bc78554a..74cb7c6dffc 100644 --- a/bin/tests/system/dnssec/tests_validation.py +++ b/bin/tests/system/dnssec/tests_validation.py @@ -18,12 +18,40 @@ from dns import edns, flags, name, rcode, rdataclass, rdatatype import pytest -pytest.importorskip("dns", minversion="2.0.0") import isctest import isctest.mark from isctest.util import param +pytest.importorskip("dns", minversion="2.0.0") +pytestmark = pytest.mark.extra_artifacts( + [ + "*/K*", + "*/dsset-*", + "*/*.bk", + "*/*.conf", + "*/*.db", + "*/*.id", + "*/*.jnl", + "*/*.jbk", + "*/*.key", + "*/*.signed", + "*/settime.out.*", + "ans*/ans.run", + "*/trusted.keys", + "*/*.bad", + "*/*.next", + "*/*.stripped", + "*/*.tmp", + "*/*.stage?", + "*/*.patched", + "*/*.lower", + "*/*.upper", + "*/*.unsplit", + ] +) + + # helper functions def grep_q(regex, filename): with open(filename, "r", encoding="utf-8") as f: @@ -64,7 +92,7 @@ def test_insecure_glue(): isctest.check.rr_count_eq(res.answer, 1) isctest.check.rr_count_eq(res.authority, 1) isctest.check.rr_count_eq(res.additional, 1) - assert str(res.additional[0].name) == "ns.insecure.example." + assert str(res.additional[0].name) == "ns3.insecure.example." addrs = [str(a) for a in res.additional[0]] assert "10.53.0.3" in addrs @@ -1271,11 +1299,12 @@ def test_broken_servers(): isctest.check.noadflag(res) -def test_pending_ds(): +def test_pending_ds(servers): # check that a query against a validating resolver succeeds when there is # a negative cache entry with trust level "pending" for the DS. prime # with a +cd DS query to produce the negative cache entry, then send a # query that uses that entry as part of the validation process. + ns4 = servers["ns4"] ns4.rndc("flush", log=False) msg = isctest.query.create("insecure.example", "DS", cd=True) res = isctest.query.tcp(msg, "10.53.0.4")