git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Fri, 16 Jun 2023 15:06:28 +0000 (17:06 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Thu, 20 Jul 2023 09:04:23 +0000 (11:04 +0200)
commit	d3bf732697e767aa0b7c61a13c4fef41fcd7b44a
tree	019d45a141fc8a09d0294cf9e54a589be2d18bb7	tree \| snapshot
parent	9f75f472f61f908c5e98e4699f828fdd80472da0	commit \| diff

Update dnssec system test

The dnssec system test has some tests that use auto-dnssec. Update
these tests to make use of dnssec-policy.

Remove any 'rndc signing -nsec3param' commands because with
dnssec-policy you set the NSEC3 parameters in the configuration.

Remove now duplicate tests that checked if CDS and CDNSKEY RRsets
are signed with KSK only (the dnssec-dnskey-kskonly option worked
in combination with auto-dnssec).

Also remove the publish-inactive.example test case because such
use cases are no longer supported (only with manual signing).

The auto-nsec and auto-nsec3 zones need to use an alternative
algorithm because duplicate lines in dnssec-policy/keys are ignored.

bin/tests/system/dnssec/clean.sh		diff \| blob \| blame \| history
bin/tests/system/dnssec/ns2/cdnskey-kskonly.secure.db.in	[deleted file]	blob \| blame \| history
bin/tests/system/dnssec/ns2/cds-kskonly.secure.db.in	[deleted file]	blob \| blame \| history
bin/tests/system/dnssec/ns2/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/dnssec/ns2/sign.sh		diff \| blob \| blame \| history
bin/tests/system/dnssec/ns3/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/dnssec/ns3/siginterval1.conf		diff \| blob \| blame \| history
bin/tests/system/dnssec/ns3/siginterval2.conf		diff \| blob \| blame \| history
bin/tests/system/dnssec/ns3/sign.sh		diff \| blob \| blame \| history
bin/tests/system/dnssec/tests.sh		diff \| blob \| blame \| history