Create a signed zone file that contains malformed ZSKs with colliding
key tags. The ZSKs don't represent valid ECDSA keys and will cause a
crypto failure when attempting to use them. Sign the zone with KSK, with
the exception of one record which is "signed" with the invalid ZSKs.
Check that the resolver aborts the DNSSEC verification after
encountering the first crypto failure, indicating malformed DNSKEY.
Closes #5343
Backport of MR !11425
Merge branch 'backport-5343-count-invalid-keys-into-validation-fails-test-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!11427
projects / thirdparty / bind9.git / commitdiff
