Move dnssec-policy to kasp-fips.conf.in

All dnssec-policy configurations are here, so why not this one?

diff --git a/bin/tests/system/kasp/ns6/named.conf.in b/bin/tests/system/kasp/ns6/named.conf.in
index a8a74d320426bd73d287a6291eec43411a8dce81..dfb2433c7364898d991d62fcec449cbe3b34c2bf 100644 (file)
--- a/bin/tests/system/kasp/ns6/named.conf.in
+++ b/bin/tests/system/kasp/ns6/named.conf.in
@@ -94,12 +94,6 @@ zone "step1.csk-algorithm-roll.kasp" {
        dnssec-policy "csk-algoroll";
 };
 
-dnssec-policy "modified" {
-       keys {
-               csk lifetime unlimited algorithm rsasha256 2048;
-       };
-};
-
 zone example {
        type primary;
        file "example.db";

diff --git a/bin/tests/system/kasp/ns6/named2.conf.in b/bin/tests/system/kasp/ns6/named2.conf.in
index e037e8d3357341a0f7925fefc3fd1c3ff685297c..be35286369421e753636e3ed59a624f671bd6d19 100644 (file)
--- a/bin/tests/system/kasp/ns6/named2.conf.in
+++ b/bin/tests/system/kasp/ns6/named2.conf.in
@@ -172,12 +172,6 @@ zone "step6.csk-algorithm-roll.kasp" {
        dnssec-policy "csk-algoroll";
 };
 
-dnssec-policy "modified" {
-       keys {
-               csk lifetime unlimited algorithm rsasha256 2048;
-       };
-};
-
 zone example {
        type primary;
        file "example.db";

diff --git a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
index 810b91d6ada2bbcc77e6a5bb2b39dee3b78a5b83..dc234d0c21bd835d5da81625e9cb526d3333bd01 100644 (file)
--- a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
+++ b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
@@ -24,6 +24,12 @@ dnssec-policy "nsec3" {
        nsec3param iterations 0 optout no salt-length 0;
 };
 
+dnssec-policy "modified" {
+       keys {
+               csk lifetime unlimited algorithm rsasha256 2048;
+       };
+};
+
 dnssec-policy "rsasha256" {
        signatures-refresh P5D;
        signatures-validity 30d;