From: Mark Andrews Date: Thu, 8 Aug 2024 02:31:23 +0000 (+1000) Subject: Add good dnssec-policy tag-range variants test examples X-Git-Tag: v9.21.1~19^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7decd7a65b381b15edf985b32ec61f212375a99;p=thirdparty%2Fbind9.git Add good dnssec-policy tag-range variants test examples --- diff --git a/bin/tests/system/checkconf/good-dnssec-policy-range.conf b/bin/tests/system/checkconf/good-dnssec-policy-range.conf new file mode 100644 index 00000000000..68f9afdd0b9 --- /dev/null +++ b/bin/tests/system/checkconf/good-dnssec-policy-range.conf @@ -0,0 +1,26 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy restricted-range { + keys { + ksk lifetime unlimited algorithm rsasha256 tag-range 0 32767 2048; + zsk lifetime unlimited algorithm rsasha256 tag-range 0 32767; + }; +}; + +dnssec-policy unrestricted-range { + keys { + ksk lifetime unlimited algorithm rsasha256 2048; + zsk lifetime unlimited algorithm rsasha256; + }; +}; diff --git a/bin/tests/system/checkconf/good.conf.in b/bin/tests/system/checkconf/good.conf.in index e326f7ce749..f7e8cc8415b 100644 --- a/bin/tests/system/checkconf/good.conf.in +++ b/bin/tests/system/checkconf/good.conf.in @@ -23,7 +23,7 @@ dnssec-policy "test" { }; dnskey-ttl 3600; keys { - ksk key-directory lifetime P1Y algorithm 13; + ksk key-directory lifetime P1Y algorithm 13 tag-range 0 32767; zsk lifetime P30D algorithm 13; csk key-store "hsm" lifetime P30D algorithm 8 2048; };