git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Fri, 31 May 2024 11:08:38 +0000 (13:08 +0200)
committer	Nicki Křížek <nicki@isc.org>
	Mon, 10 Jun 2024 16:51:27 +0000 (18:51 +0200)
commit	2f5c670ce9efb7bf617bbd8316f5199b47358286
tree	3d7220b6ad600f66d92d13fceb8e1b0bd2ca5c6e	tree \| snapshot
parent	4a0118c16e1671a2c0c47947dee32c2c725c3e97	commit \| diff

Add new test cases with DNSSEC signing

kasp-max-types-per-name (named2.conf.in):
An unsigned zone with RR type count on a name right below the
configured limit. Then sign the zone using KASP. Adding a RRSIG would
push it over the RR type limit per name. Signing should fail, but
the server should not crash, nor end up in infinite resign-attempt loop.

kasp-max-records-per-type-dnskey (named1.conf.in):
Test with low max-record-per-rrset limit and a DNSSEC policy requiring
more than the limit. Signing should fail.

kasp-max-types-per-name (named1.conf.in):
Each RRSIG(covered type) is counted as an individual RR type. Test the
corner case where a signed zone, which is just below the limit-1,
adds a new type - doing so would trigger signing for the new type and
thus increase the number of "types" by 2, pushing it over the limit
again.

(cherry picked from commit 14e5230f897a178221b606c242b8fbcb357704aa)

bin/tests/system/masterformat/ns1/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/masterformat/ns4/compile.sh	[new file with mode: 0755]	blob
bin/tests/system/masterformat/ns4/kasp.db	[new file with mode: 0644]	blob
bin/tests/system/masterformat/ns4/named1.conf.in	[new file with mode: 0644]	blob
bin/tests/system/masterformat/ns4/named2.conf.in	[new file with mode: 0644]	blob
bin/tests/system/masterformat/ns4/template.db	[new file with mode: 0644]	blob
bin/tests/system/masterformat/setup.sh		diff \| blob \| blame \| history
bin/tests/system/masterformat/tests.sh		diff \| blob \| blame \| history