git.ipfire.org Git - thirdparty/bind9.git/commit

]> git.ipfire.org Git - thirdparty/bind9.git/commit

projects / thirdparty / bind9.git / commit

author	Nicki Křížek <nicki@isc.org>
	Thu, 11 Sep 2025 12:27:34 +0000 (14:27 +0200)
committer	Nicki Křížek <nicki@isc.org>
	Mon, 5 Jan 2026 14:02:51 +0000 (15:02 +0100)
commit	024d67eca9bbcabc3a9118d28258768e03239022
tree	519c7d2b002e8b99cea3c771dd079c59f51e3676	tree \| snapshot
parent	9e7ad999f412b402db5afcfba48fe7d8de64bc28	commit \| diff

Test that DNSSEC validation is aborted on malformed DNSKEY

Create a signed zone file that contains malformed ZSKs with colliding
key tags. The ZSKs don't represent valid ECDSA keys and will cause a
crypto failure when attempting to use them. Sign the zone with KSK, with
the exception of one record which is "signed" with the invalid ZSKs.

Check that the resolver aborts the DNSSEC verification after
encountering the first crypto failure, indicating malformed DNSKEY.

(cherry picked from commit 1a2e46d364c8f706c02f3a3681195b03680419e8)

bin/tests/system/dnssec-malformed-dnskey/ns2/example.db.in	[new file with mode: 0644]	blob
bin/tests/system/dnssec-malformed-dnskey/ns2/named.conf.j2	[new file with mode: 0644]	blob
bin/tests/system/dnssec-malformed-dnskey/ns2/trusted.conf.j2	[new file with mode: 0644]	blob
bin/tests/system/dnssec-malformed-dnskey/ns3/named.conf.j2	[new file with mode: 0644]	blob
bin/tests/system/dnssec-malformed-dnskey/ns3/trusted.conf.j2	[new symlink]	blob
bin/tests/system/dnssec-malformed-dnskey/tests_malformed_dnskey.py	[new file with mode: 0644]	blob

Mirror of https://gitlab.isc.org/isc-projects/bind9.git

RSS Atom