From: Evan Hunt Date: Thu, 3 Jul 2025 22:32:37 +0000 (-0700) Subject: convert delv tests to python X-Git-Tag: v9.21.11~13^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a457268d1544eea6f2e6ae52a9eb64bfe7456d8;p=thirdparty%2Fbind9.git convert delv tests to python move all dnssec tests using delv from the shell test to tests_delv.py, and remove tests.sh and tests_sh_dnssec.py. --- diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh deleted file mode 100644 index 89fcf1c6ab2..00000000000 --- a/bin/tests/system/dnssec/tests.sh +++ /dev/null @@ -1,238 +0,0 @@ -#!/bin/sh - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -set -e - -# shellcheck source=conf.sh -. ../conf.sh - -status=0 -n=1 - -delv_with_opts() { - "$DELV" -a ns1/trusted.conf -p "$PORT" "$@" -} - -if [ -x "${DELV}" ]; then - ret=0 - echo_i "checking positive validation NSEC using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.example >delv.out$n || ret=1 - grep "a.example..*10.0.0.1" delv.out$n >/dev/null || ret=1 - grep "a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking positive validation NSEC using dns_client (trusted-keys) ($n)" - "$DELV" -a ns1/trusted.keys -p "$PORT" @10.53.0.4 a a.example >delv.out$n || ret=1 - grep "a.example..*10.0.0.1" delv.out$n >/dev/null || ret=1 - grep "a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking positive validation NSEC3 using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.nsec3.example >delv.out$n || ret=1 - grep "a.nsec3.example..*10.0.0.1" delv.out$n >/dev/null || ret=1 - grep "a.nsec3.example..*RRSIG.A [0-9][0-9]* 3 300 .*" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - SP="[[:space:]]+" - - ret=0 - echo_i "checking positive validation OPTOUT using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.optout.example >delv.out$n || ret=1 - grep -Eq "^a\\.optout\\.example\\.""$SP""[0-9]+""$SP""IN""$SP""A""$SP""10.0.0.1" delv.out$n || ret=1 - grep -Eq "^a\\.optout\\.example\\.""$SP""[0-9]+""$SP""IN""$SP""RRSIG""$SP""A""$SP""$DEFAULT_ALGORITHM_NUMBER""$SP""3""$SP""300" delv.out$n || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking positive wildcard validation NSEC using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.wild.example >delv.out$n || ret=1 - grep "a.wild.example..*10.0.0.27" delv.out$n >/dev/null || ret=1 - grep -E "a.wild.example..*RRSIG.A [0-9]+ 2 3600 .*" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking positive wildcard validation NSEC3 using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.wild.nsec3.example >delv.out$n || ret=1 - grep -E "a.wild.nsec3.example..*10.0.0.6" delv.out$n >/dev/null || ret=1 - grep -E "a.wild.nsec3.example..*RRSIG.A [0-9][0-9]* 3 300.*" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking positive wildcard validation OPTOUT using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.wild.optout.example >delv.out$n || ret=1 - grep "a.wild.optout.example..*10.0.0.6" delv.out$n >/dev/null || ret=1 - grep "a.wild.optout.example..*RRSIG.A [0-9][0-9]* 3 300.*" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative validation NXDOMAIN NSEC using dns_client ($n)" - delv_with_opts @10.53.0.4 a q.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative validation NXDOMAIN NSEC3 using dns_client ($n)" - delv_with_opts @10.53.0.4 a q.nsec3.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative validation NXDOMAIN OPTOUT using dns_client ($n)" - delv_with_opts @10.53.0.4 a q.optout.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative validation NODATA OPTOUT using dns_client ($n)" - delv_with_opts @10.53.0.4 txt a.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative validation NODATA NSEC3 using dns_client ($n)" - delv_with_opts @10.53.0.4 txt a.nsec3.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative validation NODATA OPTOUT using dns_client ($n)" - delv_with_opts @10.53.0.4 txt a.optout.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative wildcard validation NSEC using dns_client ($n)" - delv_with_opts @10.53.0.4 txt b.wild.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative wildcard validation NSEC3 using dns_client ($n)" - delv_with_opts @10.53.0.4 txt b.wild.nsec3.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking negative wildcard validation OPTOUT using dns_client ($n)" - delv_with_opts @10.53.0.4 txt b.optout.nsec3.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxrrset" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking 1-server insecurity proof NSEC using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.insecure.example >delv.out$n || ret=1 - grep "a.insecure.example..*10.0.0.1" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking 1-server insecurity proof NSEC3 using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.insecure.nsec3.example >delv.out$n || ret=1 - grep "a.insecure.nsec3.example..*10.0.0.1" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking 1-server insecurity proof OPTOUT using dns_client ($n)" - delv_with_opts @10.53.0.4 a a.insecure.optout.example >delv.out$n || ret=1 - grep "a.insecure.optout.example..*10.0.0.1" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking 1-server negative insecurity proof NSEC using dns_client ($n)" - delv_with_opts @10.53.0.4 a q.insecure.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking 1-server negative insecurity proof NSEC3 using dns_client ($n)" - delv_with_opts @10.53.0.4 a q.insecure.nsec3.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking 1-server negative insecurity proof OPTOUT using dns_client ($n)" - delv_with_opts @10.53.0.4 a q.insecure.optout.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: ncache nxdomain" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking failed validation using dns_client ($n)" - delv_with_opts +cd @10.53.0.4 a a.bogus.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: RRSIG failed to verify" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking that validation fails when key record is missing using dns_client ($n)" - delv_with_opts +cd @10.53.0.4 a a.b.keyless.example >delv.out$n 2>&1 || ret=1 - grep "resolution failed: insecurity proof failed" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) - - ret=0 - echo_i "checking that validation succeeds when a revoked key is encountered using dns_client ($n)" - delv_with_opts +cd @10.53.0.4 soa revkey.example >delv.out$n 2>&1 || ret=1 - grep "fully validated" delv.out$n >/dev/null || ret=1 - n=$((n + 1)) - test "$ret" -eq 0 || echo_i "failed" - status=$((status + ret)) -fi - -echo_i "exit status: $status" -[ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/dnssec/tests_delv.py b/bin/tests/system/dnssec/tests_delv.py new file mode 100644 index 00000000000..5e5f375ab79 --- /dev/null +++ b/bin/tests/system/dnssec/tests_delv.py @@ -0,0 +1,160 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import os +import re +import subprocess + +import pytest + +import isctest + + +pytestmark = pytest.mark.skipif(bool(os.getenv("TSAN_OPTIONS", "")), reason="TSAN") + + +# helper functions +def grep_c(regex, data): + blob = data.splitlines() + results = [x for x in blob if re.search(regex, x)] + return len(results) + + +# run delv +def delv(*args, tkeys=False): + delv_cmd = [os.environ.get("DELV")] + + tfile = "ns1/trusted.keys" if tkeys else "ns1/trusted.conf" + delv_cmd.extend(["@10.53.0.4", "-a", tfile, "-p", os.environ["PORT"]]) + delv_cmd.extend(args) + + return ( + isctest.run.cmd(delv_cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + .stdout.decode("utf-8") + .strip() + ) + + +def test_positive_validation_delv(): + # check positive validation NSEC + response = delv("a", "a.example") + assert grep_c("a.example..*10.0.0.1", response) + assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response) + + # check positive validation NSEC (trsuted-keys) + response = delv("a", "a.example", tkeys=True) + assert grep_c("a.example..*10.0.0.1", response) + assert grep_c("a.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response) + + # check positive validation NSEC3 + response = delv("a", "a.nsec3.example") + assert grep_c("a.nsec3.example..*10.0.0.1", response) + assert grep_c("a.nsec3.example..*.RRSIG.A [0-9][0-9]* 3 300 .*", response) + + # check positive validation OPTOUT + response = delv("a", "a.optout.example") + assert grep_c("a.optout.example..*10.0.0.1", response) + assert grep_c("a.optout.example..*.RRSIG.A [0-9][0-9]* 3 300 .*", response) + + # check positive wildcard validation NSEC + response = delv("a", "a.wild.example") + assert grep_c("a.wild.example..*10.0.0.27", response) + assert grep_c("a.wild.example..*.RRSIG.A [0-9][0-9]* 2 3600 .*", response) + + # check positive wildcard validation NSEC3 + response = delv("a", "a.wild.nsec3.example") + assert grep_c("a.wild.nsec3.example..*10.0.0.6", response) + assert grep_c("a.wild.nsec3.example..*.RRSIG.A [0-9][0-9]* 3 300 .*", response) + + # check positive wildcard validation OPTOUT + response = delv("a", "a.wild.optout.example") + assert grep_c("a.wild.optout.example..*10.0.0.6", response) + assert grep_c("a.wild.optout.example..*.RRSIG.A [0-9][0-9]* 3 300 .*", response) + + +def test_negative_validation_delv(): + # checking negative validation NXDOMAIN NSEC + response = delv("a", "q.example") + assert grep_c("resolution failed: ncache nxdomain", response) + + # checking negative validation NODATA NSEC + response = delv("txt", "a.example") + assert grep_c("resolution failed: ncache nxrrset", response) + + # checking negative validation NXDOMAIN NSEC3 + response = delv("a", "q.nsec3.example") + assert grep_c("resolution failed: ncache nxdomain", response) + + # checking negative validation NODATA NSEC3 + response = delv("txt", "a.nsec3.example") + assert grep_c("resolution failed: ncache nxrrset", response) + + # checking negative validation NXDOMAIN OPTOUT + response = delv("a", "q.optout.example") + assert grep_c("resolution failed: ncache nxdomain", response) + + # checking negative validation NODATA OPTOUT + response = delv("txt", "a.optout.example") + assert grep_c("resolution failed: ncache nxrrset", response) + + # checking negative wildcard validation NSEC + response = delv("txt", "b.wild.example") + assert grep_c("resolution failed: ncache nxrrset", response) + + # checking negative wildcard validation NSEC3 + response = delv("txt", "b.wild.nsec3.example") + assert grep_c("resolution failed: ncache nxrrset", response) + + # checking negative wildcard validation OPTOUT + response = delv("txt", "b.wild.optout.example") + assert grep_c("resolution failed: ncache nxrrset", response) + + +def test_insecure_validation_delv(): + # check 1-server insecurity proof NSEC + response = delv("a", "a.insecure.example") + assert grep_c("a.insecure.example..*10.0.0.1", response) + + # check 1-server insecurity proof NSEC3 + response = delv("a", "a.insecure.nsec3.example") + assert grep_c("a.insecure.nsec3.example..*10.0.0.1", response) + + # check 1-server insecurity proof NSEC3 + response = delv("a", "a.insecure.optout.example") + assert grep_c("a.insecure.optout.example..*10.0.0.1", response) + + # check 1-server negative insecurity proof NSEC + response = delv("a", "q.insecure.example") + assert grep_c("resolution failed: ncache nxdomain", response) + + # check 1-server negative insecurity proof NSEC3 + response = delv("a", "q.insecure.nsec3.example") + assert grep_c("resolution failed: ncache nxdomain", response) + + # check 1-server negative insecurity proof OPTOUT + response = delv("a", "q.insecure.optout.example") + assert grep_c("resolution failed: ncache nxdomain", response) + + +def test_validation_failure_delv(): + # check failed validation due to bogus data + response = delv("+cd", "a", "a.bogus.example") + assert grep_c("resolution failed: RRSIG failed to verify", response) + + # check failed validation due to missing key record + response = delv("+cd", "a", "a.b.keyless.example") + assert grep_c("resolution failed: insecurity proof failed", response) + + +def test_revoked_key_delv(): + # check failed validation succeeds when a revoked key is encountered + response = delv("+cd", "soa", "revkey.example") + assert grep_c("fully validated", response) diff --git a/bin/tests/system/dnssec/tests_sh_dnssec.py b/bin/tests/system/dnssec/tests_sh_dnssec.py deleted file mode 100644 index 8448082c8ca..00000000000 --- a/bin/tests/system/dnssec/tests_sh_dnssec.py +++ /dev/null @@ -1,180 +0,0 @@ -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -import pytest - -pytestmark = pytest.mark.extra_artifacts( - [ - ".hypothesis/examples/*", - "K*", - "canonical*", - "delv.out*", - "dig.out.*", - "dsfromkey.out.*", - "named.secroots.*", - "nsupdate.out.*", - "python.out.*", - "rndc.out.*", - "signing.out.*", - "*/K*", - "*/dsset-*", - "*/managed.conf", - "*/trusted.conf", - "*/*.bk", - "*/*.jnl", - "*/*.jbk", - "*/*.signed", - "*/*.mkeys*", - "*/managed-keys.bind", - "ans*/ans.run", - "ans*/query.log", - "ns1/managed.key.id", - "ns1/root.db", - "ns1/trusted.keys", - "ns2/algroll.db", - "ns2/badparam.db", - "ns2/badparam.db.bad", - "ns2/cdnskey-update.secure.db", - "ns2/cdnskey-update.secure.id", - "ns2/cdnskey-x.secure.db", - "ns2/cdnskey.secure.db", - "ns2/cds-update.secure.db", - "ns2/cds-update.secure.id", - "ns2/cds-x.secure.db", - "ns2/cds.secure.db", - "ns2/dnskey-rrsigs-stripped.db", - "ns2/dnskey-rrsigs-stripped.db.next", - "ns2/dnskey-rrsigs-stripped.db.stripped", - "ns2/child.ds-rrsigs-stripped.db", - "ns2/ds-rrsigs-stripped.db", - "ns2/ds-rrsigs-stripped.db.next", - "ns2/ds-rrsigs-stripped.db.stripped", - "ns2/example.db", - "ns2/in-addr.arpa.db", - "ns2/lazy-ksk.db", - "ns2/managed.db", - "ns2/nsec3chain-test.db", - "ns2/peer-ns-spoof.db", - "ns2/peer.peer-ns-spoof.db", - "ns2/peer.peer-ns-spoof.db.next", - "ns2/peer.peer-ns-spoof.db.stripped", - "ns2/settime.out.updatecheck-kskonly.secure.ksk", - "ns2/settime.out.updatecheck-kskonly.secure.zsk", - "ns2/single-nsec3.db", - "ns2/too-many-iterations.db", - "ns2/inconsistent.db", - "ns2/trusted.db", - "ns2/updatecheck-kskonly.secure.db", - "ns2/updatecheck-kskonly.secure.ksk.id", - "ns2/updatecheck-kskonly.secure.ksk.key", - "ns2/updatecheck-kskonly.secure.zsk.id", - "ns2/updatecheck-kskonly.secure.zsk.id2", - "ns2/updatecheck-kskonly.secure.zsk.id3", - "ns2/updatecheck-kskonly.secure.zsk.key", - "ns3/NSEC", - "ns3/NSEC3", - "ns3/auto-nsec.example.db", - "ns3/auto-nsec3.example.db", - "ns3/badds.example.db", - "ns3/bogus.example.db", - "ns3/digest-alg-unsupported.example.db", - "ns3/disabled.managed.db", - "ns3/disabled.trusted.db", - "ns3/dname-at-apex-nsec3.example.db", - "ns3/dnskey-nsec3-unknown.example.db", - "ns3/dnskey-nsec3-unknown.example.db.tmp", - "ns3/dnskey-unknown.example.db", - "ns3/dnskey-unknown.example.db.tmp", - "ns3/dnskey-unsupported-2.example.db", - "ns3/dnskey-unsupported.example.db", - "ns3/dnskey-unsupported.example.db.tmp", - "ns3/ds-unsupported.example.db", - "ns3/dynamic.example.db", - "ns3/enabled.managed.db", - "ns3/enabled.trusted.db", - "ns3/example.bk", - "ns3/expired.example.db", - "ns3/expiring.example.db", - "ns3/extended-ds-unknown-oid.example.db", - "ns3/extended-ds-unknown-oid.example.db.stage1", - "ns3/extended-ds-unknown-oid.example.db.stage2", - "ns3/extradsoid.example.db", - "ns3/extradsunknownoid.example.db", - "ns3/extradsunknownoid.example.db.stage1", - "ns3/extradsunknownoid.example.db.stage2", - "ns3/future.example.db", - "ns3/keyless.example.db", - "ns3/kskonly.example.db", - "ns3/localkey.example.db", - "ns3/lower.example.db", - "ns3/managed-future.example.db", - "ns3/multiple.example.db", - "ns3/nsec3-unknown.example.db", - "ns3/nsec3.example.db", - "ns3/nsec3.nsec3.example.db", - "ns3/nsec3.optout.example.db", - "ns3/nsec3chain-test.bk", - "ns3/occluded.example.db", - "ns3/optout-unknown.example.db", - "ns3/optout.example.db", - "ns3/optout.nsec3.example.db", - "ns3/optout.optout.example.db", - "ns3/revkey.example.db", - "ns3/revoked.managed.db", - "ns3/revoked.trusted.db", - "ns3/rfc2335.example.bk", - "ns3/rsasha256.example.db", - "ns3/rsasha256oid.example.db", - "ns3/rsasha512.example.db", - "ns3/rsasha512oid.example.db", - "ns3/secure.below-cname.example.db", - "ns3/secure.example.db", - "ns3/secure.managed.db", - "ns3/secure.nsec3.example.db", - "ns3/secure.optout.example.db", - "ns3/secure.trusted.db", - "ns3/siginterval.conf", - "ns3/siginterval.example.db", - "ns3/split-dnssec.example.db", - "ns3/split-smart.example.db", - "ns3/target.peer-ns-spoof.db", - "ns3/trusted-future.key", - "ns3/ttlpatch.example.db", - "ns3/ttlpatch.example.db.patched", - "ns3/unknownoid.example.db", - "ns3/unknownoid.example.db.stage1", - "ns3/unknownoid.example.db.stage2", - "ns3/unsupported.managed.db", - "ns3/unsupported.managed.db.tmp", - "ns3/unsupported.trusted.db", - "ns3/unsupported.trusted.db.tmp", - "ns3/update-nsec3.example.db", - "ns3/update-nsec3.example.db.signed", - "ns3/upper.example.db", - "ns3/upper.example.db.lower", - "ns4/managed.conf", - "ns4/named.secroots", - "ns4/named_dump.db", - "ns4/named_dump.db.*", - "ns5/broken.conf", - "ns5/revoked.conf", - "ns5/many-trusted.conf", - "ns5/many-managed.conf", - "ns6/optout-tld.db", - "ns6/split-rrsig.db", - "ns6/split-rrsig.db.unsplit", - "ns9/trusted-localkey.conf", - ] -) - - -def test_dnssec(run_tests_sh): - run_tests_sh()