From: Peter van Dijk Date: Mon, 9 Jan 2017 11:01:40 +0000 (+0100) Subject: reinstate jdnssec usage now that it supports ECDSA X-Git-Tag: rec-4.1.0-alpha1~350^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6222e298e1efd13b9dddf40b299d1ce6333687b;p=thirdparty%2Fpdns.git reinstate jdnssec usage now that it supports ECDSA --- diff --git a/regression-tests/tests/verify-dnssec-zone/command b/regression-tests/tests/verify-dnssec-zone/command index 70fe36d31e..0573b0b546 100755 --- a/regression-tests/tests/verify-dnssec-zone/command +++ b/regression-tests/tests/verify-dnssec-zone/command @@ -3,7 +3,7 @@ for zone in $(grep 'zone ' named.conf | cut -f2 -d\" | grep -v '^\(example.com\ do TFILE=$(mktemp tmp.XXXXXXXXXX) drill -p $port axfr $zone @$nameserver | ldns-read-zone -z > $TFILE - for validator in "ldns-verify-zone -V2" named-checkzone + for validator in "ldns-verify-zone -V2" jdnssec-verifyzone named-checkzone do echo --- $validator $zone if [ "$validator" = "named-checkzone" ] diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result b/regression-tests/tests/verify-dnssec-zone/expected_result index 074ec83493..f3cbe2196b 100644 --- a/regression-tests/tests/verify-dnssec-zone/expected_result +++ b/regression-tests/tests/verify-dnssec-zone/expected_result @@ -1,6 +1,10 @@ --- ldns-verify-zone -V2 test.com RETVAL: 0 +--- jdnssec-verifyzone test.com +zone verified. +RETVAL: 0 + --- named-checkzone test.com zone test.com/IN: test.com/MX 'smtp-servers.test.com' has no address records (A or AAAA) zone test.com/IN: sub.test.test.com/NS 'ns-test.example.net.test.com' has no address records (A or AAAA) @@ -11,6 +15,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 test.dyndns RETVAL: 0 +--- jdnssec-verifyzone test.dyndns +zone verified. +RETVAL: 0 + --- named-checkzone test.dyndns zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed) OK @@ -19,6 +27,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 wtest.com RETVAL: 0 +--- jdnssec-verifyzone wtest.com +zone verified. +RETVAL: 0 + --- named-checkzone wtest.com zone wtest.com/IN: wtest.com/MX 'smtp-servers.wtest.com' is a CNAME (illegal) zone wtest.com/IN: loaded serial 2005092501 (DNSSEC signed) @@ -28,6 +40,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 dnssec-parent.com RETVAL: 0 +--- jdnssec-verifyzone dnssec-parent.com +zone verified. +RETVAL: 0 + --- named-checkzone dnssec-parent.com zone dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) OK @@ -36,6 +52,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 delegated.dnssec-parent.com RETVAL: 0 +--- jdnssec-verifyzone delegated.dnssec-parent.com +zone verified. +RETVAL: 0 + --- named-checkzone delegated.dnssec-parent.com zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) OK @@ -44,6 +64,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com RETVAL: 0 +--- jdnssec-verifyzone secure-delegated.dnssec-parent.com +zone verified. +RETVAL: 0 + --- named-checkzone secure-delegated.dnssec-parent.com zone secure-delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) OK @@ -52,6 +76,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 minimal.com RETVAL: 0 +--- jdnssec-verifyzone minimal.com +zone verified. +RETVAL: 0 + --- named-checkzone minimal.com zone minimal.com/IN: loaded serial 2000081501 (DNSSEC signed) OK @@ -60,6 +88,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 tsig.com RETVAL: 0 +--- jdnssec-verifyzone tsig.com +zone verified. +RETVAL: 0 + --- named-checkzone tsig.com zone tsig.com/IN: loaded serial 2000081501 (DNSSEC signed) OK @@ -68,6 +100,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 stest.com RETVAL: 0 +--- jdnssec-verifyzone stest.com +zone verified. +RETVAL: 0 + --- named-checkzone stest.com zone stest.com/IN: loaded serial 2000081501 (DNSSEC signed) OK @@ -76,6 +112,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 cdnskey-cds-test.com RETVAL: 0 +--- jdnssec-verifyzone cdnskey-cds-test.com +zone verified. +RETVAL: 0 + --- named-checkzone cdnskey-cds-test.com zone cdnskey-cds-test.com/IN: loaded serial 2005092501 (DNSSEC signed) OK diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout index 8f41144cf9..f26eb8144b 100644 --- a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout +++ b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout @@ -1,6 +1,10 @@ --- ldns-verify-zone -V2 test.com RETVAL: 0 +--- jdnssec-verifyzone test.com +zone verified. +RETVAL: 0 + --- named-checkzone test.com zone test.com/IN: test.com/MX 'smtp-servers.test.com' has no address records (A or AAAA) zone test.com/IN: sub.test.test.com/NS 'ns-test.example.net.test.com' has no address records (A or AAAA) @@ -11,6 +15,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 test.dyndns RETVAL: 0 +--- jdnssec-verifyzone test.dyndns +zone verified. +RETVAL: 0 + --- named-checkzone test.dyndns zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed) OK @@ -19,6 +27,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 wtest.com RETVAL: 0 +--- jdnssec-verifyzone wtest.com +zone verified. +RETVAL: 0 + --- named-checkzone wtest.com zone wtest.com/IN: wtest.com/MX 'smtp-servers.wtest.com' is a CNAME (illegal) zone wtest.com/IN: loaded serial 2005092501 (DNSSEC signed) @@ -31,6 +43,10 @@ Error: there is no NSEC(3) for ent.ent.auth-ent.dnssec-parent.com. There were errors in the zone RETVAL: 11 +--- jdnssec-verifyzone dnssec-parent.com +zone verified. +RETVAL: 0 + --- named-checkzone dnssec-parent.com zone dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) OK @@ -39,6 +55,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 delegated.dnssec-parent.com RETVAL: 0 +--- jdnssec-verifyzone delegated.dnssec-parent.com +zone verified. +RETVAL: 0 + --- named-checkzone delegated.dnssec-parent.com zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) OK @@ -47,6 +67,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com RETVAL: 0 +--- jdnssec-verifyzone secure-delegated.dnssec-parent.com +zone verified. +RETVAL: 0 + --- named-checkzone secure-delegated.dnssec-parent.com zone secure-delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) OK @@ -55,6 +79,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 minimal.com RETVAL: 0 +--- jdnssec-verifyzone minimal.com +zone verified. +RETVAL: 0 + --- named-checkzone minimal.com zone minimal.com/IN: loaded serial 2000081501 (DNSSEC signed) OK @@ -63,6 +91,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 tsig.com RETVAL: 0 +--- jdnssec-verifyzone tsig.com +zone verified. +RETVAL: 0 + --- named-checkzone tsig.com zone tsig.com/IN: loaded serial 2000081501 (DNSSEC signed) OK @@ -71,6 +103,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 stest.com RETVAL: 0 +--- jdnssec-verifyzone stest.com +zone verified. +RETVAL: 0 + --- named-checkzone stest.com zone stest.com/IN: loaded serial 2000081501 (DNSSEC signed) OK @@ -79,6 +115,10 @@ RETVAL: 0 --- ldns-verify-zone -V2 cdnskey-cds-test.com RETVAL: 0 +--- jdnssec-verifyzone cdnskey-cds-test.com +zone verified. +RETVAL: 0 + --- named-checkzone cdnskey-cds-test.com zone cdnskey-cds-test.com/IN: loaded serial 2005092501 (DNSSEC signed) OK