From: Matthijs Mekking <matthijs@isc.org>
Date: Mon, 24 Jun 2024 08:01:37 +0000 (+0200)
Subject: Move dnssec-policy to kasp-fips.conf.in
X-Git-Tag: alessio/regression/026024a6ae~27^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=93326e3e180f4cb2d5fe0b01ba99941d5ec74355;p=thirdparty%2Fbind9.git

Move dnssec-policy to kasp-fips.conf.in

All dnssec-policy configurations are here, so why not this one?
---

diff --git a/bin/tests/system/kasp/ns6/named.conf.in b/bin/tests/system/kasp/ns6/named.conf.in
index a8a74d32042..dfb2433c736 100644
--- a/bin/tests/system/kasp/ns6/named.conf.in
+++ b/bin/tests/system/kasp/ns6/named.conf.in
@@ -94,12 +94,6 @@ zone "step1.csk-algorithm-roll.kasp" {
 	dnssec-policy "csk-algoroll";
 };
 
-dnssec-policy "modified" {
-	keys {
-		csk lifetime unlimited algorithm rsasha256 2048;
-	};
-};
-
 zone example {
 	type primary;
 	file "example.db";
diff --git a/bin/tests/system/kasp/ns6/named2.conf.in b/bin/tests/system/kasp/ns6/named2.conf.in
index e037e8d3357..be352863694 100644
--- a/bin/tests/system/kasp/ns6/named2.conf.in
+++ b/bin/tests/system/kasp/ns6/named2.conf.in
@@ -172,12 +172,6 @@ zone "step6.csk-algorithm-roll.kasp" {
 	dnssec-policy "csk-algoroll";
 };
 
-dnssec-policy "modified" {
-	keys {
-		csk lifetime unlimited algorithm rsasha256 2048;
-	};
-};
-
 zone example {
 	type primary;
 	file "example.db";
diff --git a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
index 810b91d6ada..dc234d0c21b 100644
--- a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
+++ b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
@@ -24,6 +24,12 @@ dnssec-policy "nsec3" {
 	nsec3param iterations 0 optout no salt-length 0;
 };
 
+dnssec-policy "modified" {
+	keys {
+		csk lifetime unlimited algorithm rsasha256 2048;
+	};
+};
+
 dnssec-policy "rsasha256" {
 	signatures-refresh P5D;
 	signatures-validity 30d;