From: Libor Peltan Date: Mon, 12 Oct 2020 16:29:24 +0000 (+0200) Subject: kzonecheck: clarify if the dnssec-checks shall be done X-Git-Tag: v3.1.0~337^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7bca3032ca7efb6dae5f09f0c3568e893a1cab6b;p=thirdparty%2Fknot-dns.git kzonecheck: clarify if the dnssec-checks shall be done --- diff --git a/doc/man/kzonecheck.1in b/doc/man/kzonecheck.1in index 1cb017024f..f2756ca118 100644 --- a/doc/man/kzonecheck.1in +++ b/doc/man/kzonecheck.1in @@ -49,7 +49,8 @@ Zone origin. If not specified, the origin is determined from the file name (possibly removing the \fB\&.zone\fP suffix). .TP \fB\-d\fP, \fB\-\-dnssec\fP \fBon\fP|\fBoff\fP -Also check DNSSEC\-related records if present in the zone file. +Also check DNSSEC\-related records. The default is to decide based on the +existence of a RRSIG for SOA. .TP \fB\-t\fP, \fB\-\-time\fP \fItime\fP Current time specification. Use UNIX timestamp, YYYYMMDDHHmmSS diff --git a/doc/man_kzonecheck.rst b/doc/man_kzonecheck.rst index ba60ae4712..793c919bc8 100644 --- a/doc/man_kzonecheck.rst +++ b/doc/man_kzonecheck.rst @@ -26,7 +26,8 @@ Options (possibly removing the ``.zone`` suffix). **-d**, **--dnssec** **on**\|\ **off** - Also check DNSSEC-related records if present in the zone file. + Also check DNSSEC-related records. The default is to decide based on the + existence of a RRSIG for SOA. **-t**, **--time** *time* Current time specification. Use UNIX timestamp, YYYYMMDDHHmmSS diff --git a/src/knot/events/handlers/refresh.c b/src/knot/events/handlers/refresh.c index 2593cce69f..78cfbbb043 100644 --- a/src/knot/events/handlers/refresh.c +++ b/src/knot/events/handlers/refresh.c @@ -165,7 +165,7 @@ static int xfr_validate(zone_contents_t *zone) .cb = err_handler_logger }; - ret = sem_checks_process(zone, false, &handler, time(NULL)); + ret = sem_checks_process(zone, SEMCHECK_MANDATORY_ONLY, &handler, time(NULL)); if (ret != KNOT_EOK) { // error is logged by the error handler return ret; diff --git a/src/knot/zone/semantic-check.c b/src/knot/zone/semantic-check.c index ab89188659..29e6384bd5 100644 --- a/src/knot/zone/semantic-check.c +++ b/src/knot/zone/semantic-check.c @@ -180,8 +180,8 @@ static const struct check_function CHECK_FUNCTIONS[] = { { check_cname, MANDATORY }, { check_dname, MANDATORY }, { check_delegation, MANDATORY }, // mandatory for apex, optional for others - { check_submission, OPTIONAL }, { check_ds, OPTIONAL }, + { check_submission, NSEC | NSEC3 }, { check_rrsig, NSEC | NSEC3 }, { check_rrsig_signed, NSEC | NSEC3 }, { check_nsec_bitmap, NSEC | NSEC3 }, @@ -1198,7 +1198,7 @@ static void check_dnskey(zone_contents_t *zone, sem_handler_t *handler) } } -int sem_checks_process(zone_contents_t *zone, bool optional, sem_handler_t *handler, +int sem_checks_process(zone_contents_t *zone, semcheck_optional_t optional, sem_handler_t *handler, time_t time) { if (zone == NULL || handler == NULL) { @@ -1213,9 +1213,10 @@ int sem_checks_process(zone_contents_t *zone, bool optional, sem_handler_t *hand .time = time, }; - if (optional) { + if (optional != SEMCHECK_MANDATORY_ONLY) { data.level |= OPTIONAL; - if (zone->dnssec) { + if (optional == SEMCHECK_DNSSEC || + (optional == SEMCHECK_AUTO_DNSSEC && zone->dnssec)) { knot_rdataset_t *nsec3param = node_rdataset(zone->apex, KNOT_RRTYPE_NSEC3PARAM); if (nsec3param != NULL) { diff --git a/src/knot/zone/semantic-check.h b/src/knot/zone/semantic-check.h index 6622aea875..c11149f746 100644 --- a/src/knot/zone/semantic-check.h +++ b/src/knot/zone/semantic-check.h @@ -19,6 +19,13 @@ #include "knot/zone/node.h" #include "knot/zone/contents.h" +typedef enum { + SEMCHECK_MANDATORY_ONLY, + SEMCHECK_NO_DNSSEC, + SEMCHECK_AUTO_DNSSEC, + SEMCHECK_DNSSEC, +} semcheck_optional_t; + /*! *\brief Internal error constants. */ @@ -123,5 +130,5 @@ struct sem_handler { * \retval KNOT_ESEMCHECK found semantic error * \retval KNOT_EINVAL or other error */ -int sem_checks_process(zone_contents_t *zone, bool optional, sem_handler_t *handler, +int sem_checks_process(zone_contents_t *zone, semcheck_optional_t optional, sem_handler_t *handler, time_t time); diff --git a/src/knot/zone/zone-load.c b/src/knot/zone/zone-load.c index 5799c5a210..93ee1e459e 100644 --- a/src/knot/zone/zone-load.c +++ b/src/knot/zone/zone-load.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. +/* Copyright (C) 2020 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -35,7 +35,8 @@ int zone_load_contents(conf_t *conf, const knot_dname_t *zone_name, conf_val_t val = conf_zone_get(conf, C_SEM_CHECKS, zone_name); zloader_t zl; - int ret = zonefile_open(&zl, zonefile, zone_name, conf_bool(&val), time(NULL)); + int ret = zonefile_open(&zl, zonefile, zone_name, + conf_bool(&val) ? SEMCHECK_AUTO_DNSSEC : SEMCHECK_MANDATORY_ONLY, time(NULL)); free(zonefile); if (ret != KNOT_EOK) { return ret; diff --git a/src/knot/zone/zonefile.c b/src/knot/zone/zonefile.c index 5dd20abaa2..026a9370e9 100644 --- a/src/knot/zone/zonefile.c +++ b/src/knot/zone/zonefile.c @@ -137,7 +137,7 @@ static void process_data(zs_scanner_t *scanner) } int zonefile_open(zloader_t *loader, const char *source, - const knot_dname_t *origin, bool semantic_checks, time_t time) + const knot_dname_t *origin, semcheck_optional_t semantic_checks, time_t time) { if (!loader) { return KNOT_EINVAL; diff --git a/src/knot/zone/zonefile.h b/src/knot/zone/zonefile.h index df7c161fe7..7fff6b6bae 100644 --- a/src/knot/zone/zonefile.h +++ b/src/knot/zone/zonefile.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2018 CZ.NIC, z.s.p.o. +/* Copyright (C) 2020 CZ.NIC, z.s.p.o. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -36,7 +36,7 @@ typedef struct zcreator { */ typedef struct { char *source; /*!< Zone source file. */ - bool semantic_checks; /*!< Do semantic checks. */ + semcheck_optional_t semantic_checks; /*!< Do semantic checks. */ sem_handler_t *err_handler; /*!< Semantic checks error handler. */ zcreator_t *creator; /*!< Loader context. */ zs_scanner_t scanner; /*!< Zone scanner. */ @@ -59,7 +59,7 @@ void err_handler_logger(sem_handler_t *handler, const zone_contents_t *zone, * \retval NULL on error. */ int zonefile_open(zloader_t *loader, const char *source, - const knot_dname_t *origin, bool semantic_checks, time_t time); + const knot_dname_t *origin, semcheck_optional_t semantic_checks, time_t time); /*! * \brief Loads zone from a zone file. diff --git a/src/utils/kzonecheck/main.c b/src/utils/kzonecheck/main.c index b36dbf65a5..72c6d36e5a 100644 --- a/src/utils/kzonecheck/main.c +++ b/src/utils/kzonecheck/main.c @@ -22,6 +22,7 @@ #include "contrib/tolower.h" #include "libknot/libknot.h" #include "knot/common/log.h" +#include "knot/zone/semantic-check.h" #include "utils/common/params.h" #include "utils/kzonecheck/zone_check.h" @@ -62,7 +63,7 @@ int main(int argc, char *argv[]) { const char *origin = NULL; bool verbose = false; - bool dnssec = true; // default value for --dnssec + semcheck_optional_t optional = SEMCHECK_AUTO_DNSSEC; // default value for --dnssec knot_time_t check_time = (knot_time_t)time(NULL); /* Long options. */ @@ -96,7 +97,7 @@ int main(int argc, char *argv[]) print_version(PROGRAM_NAME); return EXIT_SUCCESS; case 'd': - dnssec = str2bool(optarg); + optional = str2bool(optarg) ? SEMCHECK_DNSSEC : SEMCHECK_NO_DNSSEC; break; case 't': if (knot_time_parse("YMDhms|#|+-#U|+-#", @@ -145,7 +146,7 @@ int main(int argc, char *argv[]) knot_dname_t *dname = knot_dname_from_str_alloc(zonename); free(zonename); - int ret = zone_check(filename, dname, stdout, dnssec, (time_t)check_time); + int ret = zone_check(filename, dname, stdout, optional, (time_t)check_time); knot_dname_free(dname, NULL); log_close(); diff --git a/src/utils/kzonecheck/zone_check.c b/src/utils/kzonecheck/zone_check.c index 2c421f31b0..f45be89ce3 100644 --- a/src/utils/kzonecheck/zone_check.c +++ b/src/utils/kzonecheck/zone_check.c @@ -63,7 +63,7 @@ static void print_statistics(err_handler_stats_t *stats) } int zone_check(const char *zone_file, const knot_dname_t *zone_name, - FILE *outfile, bool dnssec, time_t time) + FILE *outfile, semcheck_optional_t optional, time_t time) { err_handler_stats_t stats = { .handler = { .cb = err_callback }, @@ -71,7 +71,7 @@ int zone_check(const char *zone_file, const knot_dname_t *zone_name, }; zloader_t zl; - int ret = zonefile_open(&zl, zone_file, zone_name, dnssec, time); + int ret = zonefile_open(&zl, zone_file, zone_name, optional, time); if (ret != KNOT_EOK) { return ret; } diff --git a/src/utils/kzonecheck/zone_check.h b/src/utils/kzonecheck/zone_check.h index ba88a54fbc..9e38115159 100644 --- a/src/utils/kzonecheck/zone_check.h +++ b/src/utils/kzonecheck/zone_check.h @@ -16,7 +16,8 @@ #pragma once +#include "knot/zone/semantic-check.h" #include "libknot/libknot.h" int zone_check(const char *zone_file, const knot_dname_t *zone_name, - FILE *outfile, bool dnssec, time_t time); + FILE *outfile, semcheck_optional_t optional, time_t time); diff --git a/tests/knot/semantic_check_data/cdnskey.cds b/tests/knot/semantic_check_data/cdnskey.cds index 354ad8114a..6ce5610950 100644 --- a/tests/knot/semantic_check_data/cdnskey.cds +++ b/tests/knot/semantic_check_data/cdnskey.cds @@ -1,10 +1,123 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 CDS 53851 8 2 6F8129D687EC387C948E6F4B0AC9AA01481CCEBF7570AFEC582897E7725122D6 -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + dEDk41MHSAAoc2eboWOXxGQHYFj1gXuD/gfX + Qz6HEq44narP0IHuOWt4ni9HUhYDBuanPp7S + j/8nYnZc6gdpMg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + 1HFpOHudUJp7hvrsTmdX6qt+X0I4K9RYo/Uy + gpWbJBNhNsPVENVrw8AabhnPaETJGbreS/4T + slgbxM1Ks/erzA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + EA9rtC9Ub4LPDwS6Q8wE4g9nGddbVrg9ivHN + oHQzUjTFlxtn8gFPaJkUfHwqwg3PsSVGagyx + Bjsool21k/TG7A== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144147 25752 example.com. + YLQPkC55O9bpQI/Hg/Ih91UkieeM3wtQvJMT + ro3QJ2eDImSyeoIbWsF+ghtoQ+6IUulXLu3k + PtDViOe2tfaL/Q== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + 1J1lDp/FQFgAGv7EFeDTAru7rUIcUCc7bkYj + 8OlczfdQjo9IfS5MFg6MqIrE/KPC18CDX1Ki + DzaCFaMGDlavjQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 25752 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + hRcbHnvrTqCb215+XsIn96tvHacV5d15lcnS + h91pg8Htes3H0vOoG98C5oWXoj7RM4V/tDoH + /0ahiLyRzRnvBA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 20197 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + JLKC5uLW1+JPkOyVcc8D6B6lCC/0FOlak/Qd + Na6Nb33hi9io1HMFI1eYiG7u7lxWmXsKnBo9 + ONROz+WYGds++Q== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + pgi1+O/TWU6WCmLLYEibCYj+RzbcOuodnF1i + wlBQxDZLTcGYG+1KEC0spZTN1nQncEfdeEKc + jnYQUa0izPQRnA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + MaFyQcB908WIXS+RiLeLXiKdjOo/R6tl9AM/ + 6xokhcvRqQzuyQeoH4snUvcht0m5ghz09Km7 + MPN0uzJcXIGg0Q== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144147 20197 example.com. + Vdo7aYGIByxiC85dyqLKrrNAYYDFBnKXm8uE + rYSXBMWiQoFHwzvlavyqhUWlEABfvYD0pUrX + PZ27Hz8rPFCSLQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144147 25752 example.com. + 9Llt7e4nm8uMLqliT2NZJINmAmLmKDYqjloj + Q3/wNI4K+J0RUmWpg3f6xODVkKjjuVnwpxkK + eWV9zqY4jUTAGg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144147 25752 example.com. + lZSHyLdXGFvoL9fhk26y70ifFwui2A5bpdir + Su7VhfsnNdLgNuCceRXbYwxQaUyODCl7dcJ9 + UkRzq2eDs0evKQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144147 25752 example.com. + dDE1XApt4lZ9u20Z/vXwhJxE27AZJQzKwLkk + jpwEDVJo6/SdV2smB7s7+qmGnSKhIehVpUFX + wv3/3YaFxSTifQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.both b/tests/knot/semantic_check_data/cdnskey.delete.both index d9bd660d43..b3b840bd06 100644 --- a/tests/knot/semantic_check_data/cdnskey.delete.both +++ b/tests/knot/semantic_check_data/cdnskey.delete.both @@ -1,10 +1,113 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDS 0 0 0 00 -example.com. 3600 CDNSKEY 0 3 0 AA== -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + uHjgn9WEMdw/d//q2ZhGF1GAQItK9UPyByET + VDuZgER/JBHuFd1/MMEkkFmCRneXuVudSnki + aXiza0GLV0ujfw== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + 39YAhtx1qe9sbJ/6N1fS7F4QLS9iqagdbQN4 + w6VRyMRrseRY16G2n3Th9yw1+R9aXOazb6iP + BL6azQJiUCZJ5g== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + EXv3vV7Njpz59INdubRpDsGANROKfEhqBzQ8 + zSL1vujpUOdaZWqmS3uoKusxHCghJacCFeUA + KQNrWNuZHT2S8g== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144234 36859 example.com. + LgXpsIgBZBO03iU6D2nqsbmal6AK51ev21Cj + PQFfFBLQ+ARqyE3k7mlTK4A+/UfIpWgpkKnz + St4SbtL3r6GK+g== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + l/Uak3BSxeoEO8n42GtZkS1aTdEV590rAuwS + Jvt8Gzyj1S5Aqx5Tytm+nb93ZtO3eSL2OpJg + p7tdmPjtHKxYpg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 36859 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + jNkK9sXUo8jTJ2snaD+3Mao2q0m5UjyZ7ykD + 6yQqTJ2xgldvTCyuu/YlSCoR9gli8pOGz+KT + 3YA9HjG46ob8ug== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 65430 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + id6EVGBrg2vZm6vIIGNhSukuI2Uv6/MzZiJk + C1N9k5P3zAP6Es9aLp9m4cR8qGIdUu3DZ3AU + ngKndEZvk5YUUg== ) + 3600 CDS 0 0 0 ( + 00 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + mDmiCviPRxQ1BiinR2+/lQ/KabHgIu/LSKZ2 + yZFsgiF8YF4IT8mJc/qiKVtaCWLK4Sszxk/F + P8kMTmTKORT40Q== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + O1KH8u+VPLnd5TwGPRbv7VpMss+Mjwr+nIOE + UxSS7unksPUldU0e9qXby0fydlN5LTf/L0sD + daMwGOA2fuD/dA== ) + 3600 CDNSKEY 0 3 0 ( + AA== + ) ; ZSK; alg = 0 ; key id = 768 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144234 36859 example.com. + Hj8WJNT51BdqA6szAI7sn8gZftHY6/1/Y7qQ + DRsunh1J1cNRuqHtLBnRKpVdteZ4znNKnavb + uoC6kzSzbRiJzQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144234 65430 example.com. + 7YGVqSgaiHXwY+GdMkUJXZyqkGvkfA8LliB6 + 6Nn4AvuETs4lX080MNq3dWmjI/tHSg5ptQz7 + Hukvd6cYWNgtBQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144234 36859 example.com. + SVatJA8FhwAotw625XttyhgD8Rcp4ukcidii + By06YX9e5rCgOHOvjsHwA57kBBzcZg0ZXAbF + SOhDdUQibKaRSg== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144234 36859 example.com. + D+r82Tvm8eGuYrJKVCUMw1Gz+tevXwE2IGoG + 7pXErKbDv13p/eFAPsRdUKtdmsOq4mHSxQuZ + GVGAULfJjcs3pQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey index 89b834c687..366edaf37a 100644 --- a/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey +++ b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cdnskey @@ -1,10 +1,113 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDS 0 0 0 00 -example.com. 3600 CDNSKEY 0 3 0 BA== -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + wXvCukXPMbON0oD2nKINzyauQRgeYE/kIYKZ + pYaMwV5Z6yZ9SKSSy7oRBn7t1+rOmGI69NSx + 3WHXaRiLjcH1Sg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + XNdl4tiEhUPOpEgwGO2njssc8QMB8IeP5QDM + 9/LZJUPZ0hZ76F7fX9C3X3edgysEoDFR1HAE + JdTxkJ5Oqv7Xig== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + Or2a9ZLl2FnBmNM1KbUcgAjgLKRS6O9H4XmK + VAGM3QxutaTZuF1sjsz+kNh6yrT38eLm5B8M + PLCxUmkTSUmgeA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144623 39533 example.com. + 5SBXb1HpSfhPinO3hadK7E0lhRHwyUAsjZpy + /7jTO7/uUNXD6asY9V6kvOJmRgMpSeXFJKFw + +Vsyx0jifistyg== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + TQSEqjdF8egQ1YjZPdVXrX+pngPHTdCgwJFR + AefWVHOLsMADS3/LL5G+pZTSldB3j3Xo4Na/ + 1tsuCgNmV+58xA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39533 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + VARBBNSEYzAbBYxgdQi/epYgWFaGnL49509p + CeZWg4LO4jhjVT7uyhsSQny2wyahP2Y37YeO + d+sY503BNpqzMQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 59324 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + YRhAwruTjWmu6drb4+iJ/QOwQg8dnGur8LH7 + bsn1ZCHQYNDHiIai8JqikqzkhEYKIK8HIqT8 + F2RY/LqFxKebjg== ) + 3600 CDS 0 0 0 ( + 00 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + cHTGBug23nTe/aS09JaakuG4wa9EEbWxL3gu + LQpCK8HV/JMsNSGqh1FsUlX92y4tSIvJn+Lx + vvdN+Qzh+zASHg== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + GU9Q/CipUscofDL6uhT2ZmhQoyApLX9zbyfN + dG5XW6sXYaB94hVSiT2DSyt19fyQwYoKK2Br + fJwy4pI890kKoQ== ) + 3600 CDNSKEY 0 3 0 ( + BA== + ) ; ZSK; alg = 0 ; key id = 1792 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144623 39533 example.com. + CXeUfFxa7aT2tivKLovVQ2CA0HYZxxlUrbm1 + voABTNkU7lb5W9Z7GQ/VDugd8QeKNK8YWOaQ + Tdl79jkL1rQKXw== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144623 59324 example.com. + sd+fzJmLLIoFIcbKCJ+rHE+tOs0PwHjjY9ml + Dsbel1k5sANI4xR8iMv6YAEhcpvb0S+8Nd7h + 7BT45SkKVtyFsQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144623 39533 example.com. + VGa9LkgVATBLHOwMBNc6g74iXCCSXnWWNs8O + ndoXk4ZMMRRkmaxSWXH2pBdJLZPL5f26aEVl + 4toVcsE722LoFA== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144623 39533 example.com. + i+94RvIQBBEOza7Y963huNEWYrqt/VT/eE1E + Gqx5kngvZgZ7wO8tcOsaE7ctb69SvgZwRR9c + RBgb2N6ezo9OxA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds index 5ba0ddeab0..9d63eb9ddd 100644 --- a/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds +++ b/tests/knot/semantic_check_data/cdnskey.delete.invalid.cds @@ -1,10 +1,113 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDS 0 0 0 01 -example.com. 3600 CDNSKEY 0 3 0 AA== -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + 1CRyeUic9BIwBWcjk95VQJktQng6f3dLQm64 + JwGGqivUM3Hgp7URguNIx0BsCvfo67NIpk7N + mMIFwMkMGOHmgg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + pB4+Z3ltuzY+/NkAeCb9LOS7Zlh7QLfHKimR + JPtvdOuIhd8vB0NZLzcYX0lIkrqyP3LadbrS + u8r9BMIlu4cKpg== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + x8XhP7r3/glI7AenoSLVmfqhZXQfj6YllgxA + jkVxExiM9OJZOPdyeDTuRyUD1PFiBOEsP7Wu + vNgWA9eyQFOslA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144646 56106 example.com. + TCn7V7sHR2TNY5ywyEpbYZMegZwTX+I/TPeO + 76D3WORu9pN0kJWjGPAebwTvL/a7p8xS8B9U + X9ivUVFORG+mJA== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + cOjtacSzGkoh6bO4clqYPM2y+g5ezQUtCNdx + iRqickHCvQnL9OM/h7V8txqEsSulG5ZCeW+O + LDhDQDUchpNv7A== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 56106 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + pB2mCNXFJ8e+UaMeMmy1LSCv6TJ92Fs3kFxY + I8NyZPyGvfePpMlzWZr7Bw7wS6G6Jhayhj94 + MMJ4lM/5+ZzVJw== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 45911 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + uOAPEzDkPNI9Uo2N+iiRkIb2p1Y0VhgqwUom + +Dssd6X0CEdQEmD8YQ43Cuq9ZNwk8Bm+lgm3 + X+ImdIKeE4MvNQ== ) + 3600 CDS 0 0 0 ( + 01 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + IN5tLpm7OKjIL4VpucR1ero1Gv5UEyVqjzB9 + rRJefwUtlZFKNaTbU0oQD33vQXEjUiIMr66b + zIC3Ju/YtYFDLg== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + f8VJa9GRwSWNmg0AR4nA3OD4X8im7BriZjME + 2ypYUOJkdIafolyb0LDz7XWTaVsFHQWO0z+J + 14g0CgCroTm3pQ== ) + 3600 CDNSKEY 0 3 0 ( + AA== + ) ; ZSK; alg = 0 ; key id = 768 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144646 45911 example.com. + 89oeIQuH82i2RYIj/fnX/71s8kspDHcI8lIa + R02OZZ9bF37bi6LbGkypdXpmxN9/rEjk4ThF + IHRX2USEPtl+wQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144646 56106 example.com. + Hgf4SgtoV0IHsF6feSP8YqeibPTtwZelLpLs + hux/D94MFKtYa6OseyzT3qIDdixav+mlI2ud + 0JyflYZ6MCBlxg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144646 56106 example.com. + XdhVQ3Na3LsvdtT2HwdsM3ItiD3UH0HO6TZD + W6/jy8r0NA6fTN4b4oVr6wSqHAQIQVYUbWER + 7pav2Ek03LDa0Q== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144646 56106 example.com. + dVTxTNAfZy5sa0SW8eme+KMx3hByBnPIrRlF + zGDsGN1Xzw3OBhsTmuOwhbnZSnnvdBrhBOJw + 8eU/6zpcZypyFQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.invalid b/tests/knot/semantic_check_data/cdnskey.invalid index 9c971aba26..6937db5f17 100644 --- a/tests/knot/semantic_check_data/cdnskey.invalid +++ b/tests/knot/semantic_check_data/cdnskey.invalid @@ -1,10 +1,123 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 CDS 53851 8 2 668159D684EC387C948E6F4B0AC9AA01481CCEBF7570AFEC582897E7725122D6 -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + fIUb0+hjrELDVphcGgDZemNVpq1TBgyTt184 + 9YnzaAhADynsscEd5iZRjuA5r7mlI/M9fFtU + l6wpEmqAs7sG5w== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + 86HnJEU3jP+bL9JmnY+2TGwna7DGtUVvgdhu + slzGQWN3EHb51vx1fHQGGfQlJ4P4ch5US3TE + 1rd/OKNUBE+p7w== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + 33SrrSRr8KwasK7qfxYAPxP//dj8Y9i95oza + 2Fwvt23QxfZS3TBLqMyMA6G/nmXyavUxsye8 + C+mks7QsS7HJCA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144725 7800 example.com. + WRb17ehBEEjIVl//Zw8vtDmbnTY6eLWe2KQ2 + +E+pCMEK0QE1qXwcethJ9PkM+gKFmN9RscXH + DjrmWIAfgndjsA== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + VxRHPS89GaMJvJ1xL8/HulwW75tDXUZ6nYlI + 8VCFOMB7vU+SoZhaaoZu4YcCZqzjzfZLl8Lt + SEaXZPQbnpkhyA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 7800 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + MWndPmlRdffYHO8Z2quMkXq80Nm3PNmWpTix + xJLJ71Oph+ta4XaTuiza6AQgVkCSzrfwoTuJ + UKHL13s4/IrRGg== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 46605 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + GRVgc202uXoxu8f36V/Tc4r9BzCKK07SCmS6 + MCJ+mXO7PCv4RIzN9Dp8t6sVuDb5smLe6cV6 + 5lgyPYJwr1TVJA== ) + 3600 CDS 53851 8 2 ( + 668159D684EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + r+OpHWsZ0enCPKtUIZFXSb/8YbLdfYb3Ihpt + n/5kAWbOkkkVzAJX2/sCrVExMCVcP/nFSIIf + hACGKBjTvuLFLA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + buNL2/GqYvtwcXMPSiOeaEB5L6r5InyVxzaJ + 1PaaJigmJHbdNKGFl8ijDiH7WBdQECb8M3oU + zeuWGebSLuy0AQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144725 7800 example.com. + wYB3zuX5/bt3Pg2nz9F0j6MK1bkY19QvDcRb + pk/0rHXLbSjTepbIwy8O0KbJndHy+a70fN5p + 3dBGN5J56KymFg== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144725 46605 example.com. + pXWJCUC0kKqWpjZetDhGJLNPpXGqc8sJZ9wY + HKs4Sd734p+Gr45vnJ94pGYjjtZi9bwPo2nF + DmFP5K3NLACG+Q== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144725 7800 example.com. + Khv6ptUd4l4SgJI/H+L6Ls/gQHnmmQJcg0fB + xv7zECmQfQFguVIJ1bmoz4jP26ejsNH1pG+o + Wz9U7I5oWsDzYg== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144725 7800 example.com. + z8omQAty9S0cNyFATnM8DZ+RbMly/7staAmc + RF+PmOp/E7FtdKOZe5+ega/+aQV9VpePYXMA + UwmIeeYYU2pAJQ== ) diff --git a/tests/knot/semantic_check_data/cdnskey.invalid.param b/tests/knot/semantic_check_data/cdnskey.invalid.param index 07f78db7d0..2814ddd6ad 100644 --- a/tests/knot/semantic_check_data/cdnskey.invalid.param +++ b/tests/knot/semantic_check_data/cdnskey.invalid.param @@ -1,10 +1,123 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 CDS 53851 4 2 6F8129D687EC387C948E6F4B0AC9AA01481CCEBF7570AFEC582897E7725122D6 -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + tBomI7xR670RBUw9IjNL2A5eMVKtYqDUdhiq + XJI3CFdb4j6plfdUF75SfaiCP70aLX8Atzxm + 2RAzpR6M2Q3gbQ== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + 8mHEeq/7fnXpM/CaOFsIqTKyTrixQVZr8V+P + Lwn641YbbKniEP+KacrJ7Ul2jt2jCT2cnxC0 + b9XicHENmd0phA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + f8ZdC3vD/oIltQLyL4zBmwo9rRyijN183BGw + L6iZ6DnH4BASlUyrGa0IceRH4yD5pP+gnhCc + lBzWFgvtEIyPPQ== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144756 33730 example.com. + UK+oQx75Gdn82LKBzht8KxrtwPE5JCBhEMcR + hRhHTeMqRUjbbeEOSWRdjg/36329yNYrxC60 + l7bBcqolo9dDmw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + kr0M2egbhUXhH0i6fYiSl+zRH1pU7XhamCdO + nPhMEgFa3CsGp61kCuZFulpY0ODh8WrAPZcO + qC0tCj5Bz7nWZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 33730 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 7fs6TMYYlkkxI1PCunVT9dxcxWVGXu1N7xVv + 2EUyVYMXSn/Z04URNTaxXcoWuDafy99G8rcT + oPycl2oOhc+s0w== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 60664 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + WpjHrB8ZfAhOSjq79gAaPEiQgSxvEatTi8nC + AYYpGs4dc1n54iYZ4IjCfMW/etlkZsMzXbVE + s6t+Dj/gJ3JKZg== ) + 3600 CDS 53851 4 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + IAgBYDhTIYQvmF2vUy72TWoRlPJQGyGErJuT + 0xxZDStaSfoAVM3Hr6VEqIq7R3B+Xel/urDM + WYUbIAinEnvpOw== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + IpzPg5fx+O1HUqjN0lR1Bbo6Zx/Lq1wrrJvv + Y518ooGelg8Q2wH7NgScsyhLY342+MHk0fKX + RcxRzfaFohiEZg== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144756 33730 example.com. + WMqSVG8Tcq7e5E2y8oHThr6Ip7ASu/35m10m + TzsEANrlFf0e1Z6XG5ca/6//NSolXoTu6jBx + 2kvnsX2bA222PA== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144756 60664 example.com. + LLGAWxuAhlKM/3i9+FFGngy6Zqo6NsxdXScR + wgVe3Ilw+3vU/Nih70uRE/xUjZpfFBOlMEk6 + EBSf/DJr6awY/A== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144756 33730 example.com. + mpcGxsR9c/K6wuaJCeFds1kg0af6Xj8K24o6 + FHzqn60w7HXXNnDjxS0jPTHpaVUkWhuKUcCR + 9EcvMW7uwVfULQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144756 33730 example.com. + gLwhcu1t0qloiWb5/XHuv0PAQZ+ChmDdMuMS + qS3hi0VPk9cscMjd7ZH7shJBH+9KKMI6YbMz + VGU4MSCj5/kT0A== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nocdnskey b/tests/knot/semantic_check_data/cdnskey.nocdnskey index 40c3096c51..a7bac63bc6 100644 --- a/tests/knot/semantic_check_data/cdnskey.nocdnskey +++ b/tests/knot/semantic_check_data/cdnskey.nocdnskey @@ -1,9 +1,101 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDS 53851 8 2 6F8129D687EC387C948E6F4B0AC9AA01481CCEBF7570AFEC582897E7725122D6 -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + 0JDLQ/bZj4SSmqvLPAzt1v/UUb8mfJQnuLC9 + B1CL4oRD45Hw00KgmbE7xgJVflYZJxfx7KIw + ydsB0/1/dMJzbA== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + Mnk/oSM7sdAhGYbWUMLpYFR1ahcvULo/8z42 + giRwzAX8HiqvxxkqRCFbvzYeRkZLLw0fYTeR + Mqit0zQuWuc0ow== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + qPQblbJyzHdmhqYhYx4wfUHWe3SYGUA65hZR + UFYcx99Vhs1CXUobjCk9NBedRbBHR04kQ5Bo + /72fhuCPJFIC1Q== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144854 39620 example.com. + H5So5m0YdxOBU3k0+pi6KOgPNF2V4hU+GLxa + c0JdGnALP4Wz6lWCdMRPXIaMjImb3TK9vFti + 89lB/2MMDe4dTw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + 6R8b9KzH06NQ/4AUqrmp8rFmY0AmHpbW/vhj + xLul6ON720xvdeKBzi0nLSeTdUO8/gK8s8jh + RmJ8Fw279eXXZQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39620 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + hfwsa6JnfqjMRma2PlO+gt8qqLytVIygLZHB + 5APAuz2cheZCMD8A2kyt5NziCCj6szmCK4oZ + fColPGaDgYtpmA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 6821 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144854 6821 example.com. + UbEQQoX5j1FVOqpkQBqckaG4WnCd7+4dBJax + 5sgjHQnfSSwKGfJx0zxd3ZbPCEKj+Ymrhpsm + nqfPzVRZhUPKuQ== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144854 6821 example.com. + Sc/K9xI1C9rzujnllO5o7sKoJiEKFUEfPxt8 + gsxs3sb9Q1s0/uSocrPc2OcaLgEzuFGS5FzA + fg7HcgZN63I5TA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144854 39620 example.com. + ykGu61Yjp24MJjp0wIYV20LSQ9ovRHT0zqp2 + CSvlROIVpbUGlNjAAKJdWwYJAqNUD571gJ7E + TkhrLEIX02ySqw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144854 39620 example.com. + ye5pM/p8OWbdRNhLfbfWsY6lG8lr0Ae80LKv + rVOCMhAowrtKmDL6hUByovCV7MjCIYwGM26C + Vl9CRmrWwJEULw== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144854 39620 example.com. + JHP3TuxCuZ+N0lWtRI7Xl0qIcHSrn/X+WDUr + 0cVBfQTsFrAZs14bJhvw0zMGgONAgnFsXlxg + QmAqIPmpRvKtnA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nocds b/tests/knot/semantic_check_data/cdnskey.nocds index 8966caf495..ecb3188519 100644 --- a/tests/knot/semantic_check_data/cdnskey.nocds +++ b/tests/knot/semantic_check_data/cdnskey.nocds @@ -1,9 +1,110 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + GDfM/H4m+FRVp3M/KsOv//eMFaL1LnyrIi8O + pUSht1KyYDRoVqSL72XTy1aAJJ49Sd0uq+4U + acekI3Xi9OpvXg== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + ICtOUMZr415dJb22HWsrjbYfW7q6hh6gxD2i + EikMQAkPncdBHHd7dCrjy1/4CPhixn/BnDfV + ZwF87k2Sa7EV8w== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + IokJy9LCiCaOPsluuBKYnwkesiPwsU/KZdA9 + jK25UmdfD1uU8AA63OOciTZQSv9NI+Q4nzl3 + LyqkRWFKToMz9A== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144849 42608 example.com. + kuhtgHhoeIwJ8IG08x+Tp5M7kQ+LzWoH/hTs + V17ZSyPD06YvMEmv9vdB+ATLd+j3uNYnMd4n + HW7Jh/ocOWg6+Q== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + p9BANIrBFV9hX2qwbzydeiubQkm9qstpzvUe + OFMDOEyyQxI+8s2nfHI76KmRliHuM7fOM9B5 + e8wNmEeVd9JJmQ== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 42608 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 5sv4MetMS4KWSgyzvn658Prs0A8tLaWFhRJD + E9IznhGY2ogp8Z/uSIqh8QWzf1kQvfDUQiav + kOx4CNa3dSx/ZA== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 8616 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144849 8616 example.com. + DeZBLj99QbyGhalCZ4UOmBJO/RLNgrPsAdaW + swYSg18lvE7jmLn9vxkUVZu0G6z43tulSb+a + lQT8m+U+PlusNA== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144849 8616 example.com. + IlysaALuak04Zbh0+104PHAuQgnYDBTLpvz+ + BgirzX9Vp+pg4yZVelAXsaDbcj2ZrXrwBjpo + +DHj53HmZygj4g== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144849 42608 example.com. + dJhB1Xmd3G1ueRVnFU+M4yc379LH0UrpBcNS + xHzjVd+vWtpNGPq03Wi3sczA9UUkXE0F5n22 + 6ZNR5XAswf+SYw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144849 42608 example.com. + 3DTwpPojzX4r9ZWeKo+zmJw+2L/uqrtoAZEv + ncPJG0AGB9QVzjLFiRg0BV4GiDZCl2Hh4onl + OShOi5Nt0GXp5Q== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144849 42608 example.com. + 1m2PpD3S6/5x3Kkes+1JgbHtsm0xlnKrNCmF + xeBvCl55D98zSvs0DjfRjFowAg22nWJkvsWo + 3N1vnfFZpzmPPA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.nodnskey b/tests/knot/semantic_check_data/cdnskey.nodnskey index 8f8e458a46..461e05a58d 100644 --- a/tests/knot/semantic_check_data/cdnskey.nodnskey +++ b/tests/knot/semantic_check_data/cdnskey.nodnskey @@ -1,9 +1,111 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 CDS 53851 8 2 6F8129D687EC387C948E6F4B0AC9AA01481CCEBF7570AFEC582897E7725122D6 -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + Tng1e4Zs8LvGZJqp75aBSX9Ci9bsncY+w8+K + rfYdoVe/Smq0I+Hgtygcq0Twc7llW0rwtZ8R + jQpbXbp+XNDi3g== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + OcKfgxtnriGsC/9wV9yI71wIVzR+71j3sZ3+ + ZGVqAo2bWR8QRULa5g5lQpIxlayN7w6xi6vV + IVWY3vauy59pPQ== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + CtZFcGvbco6ZreotcmfSYl8SlRdN/JiSuoOG + KtdauRz9+a+xkT2k1Wy6dADfLpwHwXL8yElg + /LdNXKEWK96HcQ== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144347 19649 example.com. + 6GVUlXemDUb6W9IID4qK+PPDSizeURGJEJlN + Hoof218/H/k8/BLNphFIGpdhCC2jHnAx2Nxd + Af65dTLtt7OBjQ== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + LiJCYpav6haPA3M3GhTZ/L6wtSqS7e9mwKsU + TdBkZ71RS8qmXsITLz5bFHMSy7K8mCuQIdTT + J3cGkbguNBqgJg== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 19649 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + j18Cd+0frtc1WPeWn8bwdxYd9iTe7XsqTwnO + W46ZpPJPGBq/n31+7/N9TRAtXulE2r+rJDRF + mMooK5qrWOtqvw== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 24385 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + 8O0L6xxTnGMccrMSjaG2/MtljkSOls/BIwoX + eUmB9nJvDQNd8jg9XtNYUGG79dmysetBrNQl + TohQ1BEVGTJwig== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + CLjvJJOAZVToWUQQX06ySDkKo4QO4YcN2vhl + JZZ2a1hA2ranrzpeE8cslGKme5lxHKr8Y1ev + ffWfrz8KoQVW+A== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + TaPgzUzL+fPwEUNyusjCb6OZOF3DtlMNh3eY + ZTvogl2eRq84NA+mfzPmh0NXqVDbsVHGHq1B + mJoxuMtIt4G5Rg== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144347 19649 example.com. + 5sY/Q/1tP9qPMAHyQVMtbFQ0gO24rofCLg/D + /BaXTvjp5bnWhGuv1wFbSCyEreYr072Va08t + JdntIC8Prt/1MQ== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144347 24385 example.com. + UlLhm8Nb6g0jUIs1ldjW4OedzzLXDjCllRSm + +6WQuBK1uA7vboyqYVvLxxyFZCxgz6xV02iK + eawtsKsOnlfGCg== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144347 19649 example.com. + ZRDwnV+YyfKPI58ASagzoCo+qWTscYZZa6j+ + wr4axJ7jtIO6Firy4R1GlO6NXmN5vcjHAj90 + NZ26ezRgCMCFQQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144347 19649 example.com. + c5ILb+AR9BIinFp6mCogN+jwR8067Fm9LT9Y + AWaR3pqUC4d+Qdo4pkODLkmhAaSQLJCyPyYB + TQ7OFkQCC49MtA== ) diff --git a/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey b/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey index 03617807dd..70241abc0d 100644 --- a/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey +++ b/tests/knot/semantic_check_data/cdnskey.orphan.cdnskey @@ -1,11 +1,135 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 CDNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 CDS 53851 8 2 6F8129D687EC387C948E6F4B0AC9AA01481CCEBF7570AFEC582897E7725122D6 -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + pdj652v0OfPO/McP8sNpxoE+adY+Qim5je8m + TQPcudU3gm7I2L+YqU/ujX1NUOyhUAhzRng7 + m6nfrudJebq15g== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + 7/X57I7FmbSlgxxeaE3Xgoot7KxN6nxtDb0E + mEEZNwdLCpjgaftaXXXM3NaZ1W2sdoECCrlz + R4/75kqrmNpYPw== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + 0tcHIXXPEKy1tpc+Of6s2hTdQ5dGh1IoIoxY + se9paUUfhoF2oH5Pb8HP3rNyWLiTqXh4/lxV + vFLi4rR5zojxLA== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144945 39996 example.com. + kbImDj5vgk5VG9MI+4HJ4FtwnJ4ykSbk8vNY + e49ibkZChGsTtIzLwdcNAmOk7w/em67FkGBi + oxqCj6b3G0C45w== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + R4pG7HF8CbXgbo4N6UqdSnE8CaClNUw6v/di + aScNknRS0eLPOKmpANe0tyiwBV1bRQyjpmxq + fgZ9Oxac7plIJw== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 39996 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + cJdrUmmcxe9JKHwHHAkJ8mO1J63Cm6Qoln56 + CUya+eWuF1A3u9L3wumvY2rAXvzBpplLXeUN + GIN0GgLHejH6QQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 56026 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + srEjUMAQ4Z/yc22bas+P0ly30IVbZaIIlli9 + H7avBz013fn90vDRDLiLuHAMvW++xdDJypcg + Sr+9I9+nv6jzRA== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + inhdpEZ+2W4EM1HSiVZdJa4xT5S319D0x3b5 + eJpskw/EV/Rx1X87FCr8FP18iBOszsWJjQQq + Z66eAxIhpBcb7A== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + TA7UxWd+j6bOXKPxo3XuKlIy87/HvIPGoELS + WQyrON5IURgGw/2YWD0M5xw852jl27USezzo + pai940D3+VGeOQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 CDNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144945 39996 example.com. + CSk6oHNIsj3XQgXpPtFOhf4dTv/Wu/vnJfJs + Lpc3IoApBMxrpSIzfM/c72JtjSVzjJcdo6kL + n71WM21CsMcQ4A== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144945 56026 example.com. + hsml4IaJtzvMdvaMTR3MzeCT5fMHJ46rCY0y + 8DTAvK7/Z6LHbF4G7yRh9ozwcyZbB006cMdc + 4XUFDtEPK62DGw== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144945 39996 example.com. + 1cNj6TJEHFxLXFYVt3RU3wC8Wz/F5bfjy8/W + jEJdrnVzo1ihmJWoY48e9MlvsGXnGe4+GUrl + HSS+2bsGOS7DyA== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144945 39996 example.com. + 5mtXYcvidkSnG12dZof3xSEaH2eOsV2fuBvb + 8Eb6XEuPfD9v5g2mweyZYrBtowEsTA9IOsly + 6AWT5PfZbNAe+Q== ) diff --git a/tests/knot/semantic_check_data/cdnskey.orphan.cds b/tests/knot/semantic_check_data/cdnskey.orphan.cds index 7be1c00582..54732de01f 100644 --- a/tests/knot/semantic_check_data/cdnskey.orphan.cds +++ b/tests/knot/semantic_check_data/cdnskey.orphan.cds @@ -1,12 +1,138 @@ -;; Zone dump (Knot DNS 2.5.0-dev) -example.com. 3600 SOA dns2.example.com. hostmaster.example.com. 2010135808 10800 3600 1209600 7200 -example.com. 3600 NS dns2.example.com. -example.com. 3600 MX 10 mail.example.com. -example.com. 3600 DNSKEY 256 3 8 AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVwYkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEeCUJfyc/mRXcmh5uYl1JvzAM1zprtljZt -example.com. 3600 DNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 DNSKEY 257 3 8 AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKfjqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU80AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbmLIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpMCLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRndpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n/4lgdSiBtvByLCXoWEYIGRs= -example.com. 3600 DNSKEY 257 3 8 AwEAAaulfU2biYVBiUsGwAyCXbA+gm0yWgH2Z71S16R2YNERlb0he9Od28DcFd0HbaKdFnw/CtX7Z2UWs6/IRu8QmHGn6SKDsLzZ5StdPsJDKilfvSlEcQeqrRAncug1SnA5BogNQSD0/02Yw5KDGn7ALCSYlNgOgy7l+D/urlkuxgsPWvqYXnlxaIcKt96fndwmkfZ5eF+WAqxguaNcvm146NA53wRrWx8BQbcHk1R+WcQGqFcVOlifCs9zV+87QJy2H660QKqOVDgt8PF8QmRRJqzOKpu29T+Vd1dM3zjBJ7deLaNH2E5p7Bbp1eeOCeOtWpCG6XfaRmZIF3ZWVM6Ways= -example.com. 3600 CDNSKEY 257 3 8 AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYToARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5WmnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Tax7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCNbGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4NodQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQEHYAd/AP8YgaovS8N1fJyh0= -example.com. 3600 CDS 53851 8 2 6F8129D687EC387C948E6F4B0AC9AA01481CCEBF7570AFEC582897E7725122D6 -example.com. 0 CDS 56474 8 2 260E7ADB07D1ECC40DEE79EFF6527CF7119C0AFC1CFA5DAC1ADFE342568CF32D -dns2.example.com. 3600 A 192.0.2.1 +example.com. 3600 IN SOA dns2.example.com. hostmaster.example.com. ( + 2010135808 ; serial + 10800 ; refresh (3 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 3600 RRSIG SOA 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + ThTlvNtautK64IeJRxNCr5acLrRu8jXkTR3N + y5TlXrei2DIagbPja++4vLjhUJAcKTGndD+x + wgMrDpCY6pMAYQ== ) + 3600 NS dns2.example.com. + 3600 RRSIG NS 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + 3OJiG3v9Nq9OHkyysT3A6PNPRVn9sYTQkHNS + 6JL5BzLCQ+uYKJBCu0ZPxDlYpbYnO0HKQ7Ta + iZYCjm7vzqtvwA== ) + 3600 MX 10 mail.example.com. + 3600 RRSIG MX 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + 9vi3n2cVyr+ghB0ql4Wc8vhpLfAuclopapXw + BQV328nEwftj0okcPz4Z7Iye9by4X6NDd13x + vzWXDKjZCSxLJg== ) + 7200 NSEC dns2.example.com. NS SOA MX RRSIG NSEC DNSKEY CDS CDNSKEY + 7200 RRSIG NSEC 13 2 7200 ( + 20601231235959 20201012144942 8996 example.com. + HP8iIlUO+EKFRgoHUrQWLcaX8oSGEb/tldEP + GcJKM+rGMeJvxXOJnjSskUm7AyRK1TKK4RqE + xaOHTgIz1uUkzw== ) + 3600 DNSKEY 256 3 8 ( + AwEAAdKraxDdGTL4HDOkXTDI1Md1UdHuYhVw + YkB+u2umVjTJ1H9Qb2oBryqwXI+gklnuCqrH + 1znkDvzGEAeHRQUCbtKbjmqErTAcRRHW3D+6 + jsOGXzbyGCfbyzRBwsbNCLWr3ONpPi5JOWEe + CUJfyc/mRXcmh5uYl1JvzAM1zprtljZt + ) ; ZSK; alg = RSASHA256 ; key id = 48849 + 3600 DNSKEY 256 3 13 ( + bkP3kBcYNsUB6jpKA764AJeNBzGJjNIRPxDl + 2wK1O7I/bvZDILscWSMUsSRmxZuPWGLjevpp + Tve1UMe+dP9VIA== + ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 8996 + 3600 DNSKEY 257 3 8 ( + AwEAAaulfU2biYVBiUsGwAyCXbA+gm0yWgH2 + Z71S16R2YNERlb0he9Od28DcFd0HbaKdFnw/ + CtX7Z2UWs6/IRu8QmHGn6SKDsLzZ5StdPsJD + KilfvSlEcQeqrRAncug1SnA5BogNQSD0/02Y + w5KDGn7ALCSYlNgOgy7l+D/urlkuxgsPWvqY + XnlxaIcKt96fndwmkfZ5eF+WAqxguaNcvm14 + 6NA53wRrWx8BQbcHk1R+WcQGqFcVOlifCs9z + V+87QJy2H660QKqOVDgt8PF8QmRRJqzOKpu2 + 9T+Vd1dM3zjBJ7deLaNH2E5p7Bbp1eeOCeOt + WpCG6XfaRmZIF3ZWVM6Ways= + ) ; KSK; alg = RSASHA256 ; key id = 56474 + 3600 DNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 DNSKEY 257 3 8 ( + AwEAAetE6qfN/GbtMmvM0PXUTyskauES2FKf + jqLVz7EQlfS8iAFWLi1eHjHXDkueZ1OYRzQ4 + IBy6MIsce4XVXLQoS8njtfaU7c5NZvktH5la + 7JuH32KYr3PdWL5KDsUdED3GSxfNV+DbcYU8 + 0AZxTxy6Bm6EP+DztL1dpYrmqr8JRl+qlSbm + LIrPemZFUEQzhiepcYMWviDUz+ixSVzjEzpM + CLsrNxA30Ziiq9GKA8KKlFHdAmxuNcH0TzRn + dpo6bu5nKyJHiREIazHVuPBEzUmHtcWETCDs + 9UVsbji2Z2ozqLz9cqnfYV/kOD+OZBAqvZ0n + /4lgdSiBtvByLCXoWEYIGRs= + ) ; KSK; alg = RSASHA256 ; key id = 19420 + 3600 DNSKEY 257 3 13 ( + 1OgEqruDg7pI2dTIRMdP9ihhdl3wFngZW9bP + E4jMg4ByKKoKM/C1QN4Q+BQiQDkcprwE9vLf + D/cLgFNspjcBgQ== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 63865 + 3600 RRSIG DNSKEY 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + 9d2q8pWH1AftoDmPq3DNblta3oPV+6ROZmVR + BvjHj7xJjI27aY514C0qNkQVhioe2mhQjikO + gyxvkWwBV/owPg== ) + 3600 CDS 53851 8 2 ( + 6F8129D687EC387C948E6F4B0AC9AA01481C + CEBF7570AFEC582897E7725122D6 ) + 3600 CDS 56474 8 2 ( + 260E7ADB07D1ECC40DEE79EFF6527CF7119C + 0AFC1CFA5DAC1ADFE342568CF32D ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + E7iVsJZjRyGbjMUADsi9Chz74+t1W75zTPmm + MYVD77dkRHiEpN41MJB6Z7Fn1lNOE6f8q2B5 + iL/3UXULB1vpwA== ) + 3600 RRSIG CDS 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + fsMqYcBDcTBtaDEqDTYrHHivnuQKb629drhm + 77RFfBxFJAxlq176PzaddA++zHfWsBgIlJzy + VHFy3S3huuyfaQ== ) + 3600 CDNSKEY 257 3 8 ( + AwEAAcQ1EqTPebcJyUnpxO3Xjx6ehRtsiZYT + oARoJsJG12XR6Ci9yy4SCCsejtaWIFO4XVfM + 2BHzFWqmABtQHtN7AazXAFMLsrSE4DYbgk5W + mnQv5Jloi6jhhmmXwr8EOi3HR2jdG0gVq/Ta + x7ztNNZsflJrs3rZs2TVO00BkyyOkmO35jCN + bGPUwm5cW1vse137BMa7jAcMyNLPIiQubj1/ + mJcIyzF2duvfpjBTgEmSvNcXqLfYFjK8lG4N + odQG8AcK0MvWqN4mxW/hK0U9nMSjhCnfzPg5 + tjyqdheWRyhkLGjM/mR7gBhtqoSPMr+2KMJQ + EHYAd/AP8YgaovS8N1fJyh0= + ) ; KSK; alg = RSASHA256 ; key id = 53851 + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144942 8996 example.com. + hhpJcQ4cMcq9fLNtZrTEVAMGB2bjMwcDvv4C + Sss9wWDBNxIVOsi4x3j/08PZTqbfmYePWtK8 + k2R5GOOK1lpVlw== ) + 3600 RRSIG CDNSKEY 13 2 3600 ( + 20601231235959 20201012144942 63865 example.com. + xU82j/dJf8oBd1Ti2lHH0YoxBvgCQo2MOdwJ + yOc6fDrT/c39rCMT//VoDmmKj3SavQ92ABBt + 18JqxCXK7+tnYQ== ) +dns2.example.com. 3600 IN A 192.0.2.1 + 3600 RRSIG A 13 3 3600 ( + 20601231235959 20201012144942 8996 example.com. + D3O6XOYrOT1tlCieJJvw7zys0ClqXcCvs5+D + qSEpKcE6RNNeJG2d3SJg95fbO+eTkw30MROF + ajnNh5xJ+8xsMQ== ) + 7200 NSEC example.com. A RRSIG NSEC + 7200 RRSIG NSEC 13 3 7200 ( + 20601231235959 20201012144942 8996 example.com. + sGBFze6wRGj8n0B8izUNHO2ufA72sR55U3OQ + RLYTx2XqBRvdmapMKK6QDu/6lmwqgYMbjiBJ + XqDLv/1RP4DisQ== ) diff --git a/tests/knot/test_semantic_check.in b/tests/knot/test_semantic_check.in index f3bbea3dee..f9cd4a9bd2 100644 --- a/tests/knot/test_semantic_check.in +++ b/tests/knot/test_semantic_check.in @@ -166,7 +166,6 @@ test_correct_no_dnssec "rrsig_rdata_ttl.signed" test_correct_no_dnssec "duplicate.signature" test_correct_no_dnssec "missing.signed" test_correct_no_dnssec "dnskey_param_error.signed" -test_correct_no_dnssec "invalid_ds.signed" test_correct_no_dnssec "cdnskey.invalid" test_correct_no_dnssec "cdnskey.invalid.param" test_correct_no_dnssec "cdnskey.nocds"