# Make it absolute so that it continues to work after we cd.
TOP=`cd $TOP && pwd`
+# Default algorithm for testing
+DEFAULT_ALGORITHM=ECDSAP256SHA256
+DEFAULT_ALGORITHM_NUMBER=13
+DEFAULT_BITS=256
+
ARPANAME=$TOP/bin/tools/arpaname
CDS=$TOP/bin/dnssec/dnssec-cds
CHECKCONF=$TOP/bin/check/named-checkconf
-e "s/@EXTRAPORT6@/${EXTRAPORT6}/g" \
-e "s/@EXTRAPORT7@/${EXTRAPORT7}/g" \
-e "s/@EXTRAPORT8@/${EXTRAPORT8}/g" \
- -e "s/@CONTROLPORT@/${CONTROLPORT}/g" $1 > $2
+ -e "s/@CONTROLPORT@/${CONTROLPORT}/g" \
+ -e "s/@DEFAULT_ALGORITHM@/${DEFAULT_ALGORITHM}/g" \
+ -e "s/@DEFAULT_ALGORITHM_NUMBER@/${DEFAULT_ALGORITHM_NUMBER}/g" \
+ -e "s/@DEFAULT_BITS@/${DEFAULT_BITS}/g" \
+ $1 > $2
}
#
# Visual Studio build configurations are Release and Debug
VSCONF=Debug
+# Default algorithm for testing
+DEFAULT_ALGORITHM=ECDSAP256SHA256
+DEFAULT_ALGORITHM_NUMBER=13
+DEFAULT_BITS=256
+
ARPANAME=$TOP/Build/$VSCONF/arpaname@EXEEXT@
CHECKCONF=$TOP/Build/$VSCONF/named-checkconf@EXEEXT@
CHECKDS="$PYTHON `cygpath -w $TOP/bin/python/dnssec-checkds.py`"
-e "s/${atsign}EXTRAPORT6${atsign}/${EXTRAPORT6}/g" \
-e "s/${atsign}EXTRAPORT7${atsign}/${EXTRAPORT7}/g" \
-e "s/${atsign}EXTRAPORT8${atsign}/${EXTRAPORT8}/g" \
- -e "s/${atsign}CONTROLPORT${atsign}/${CONTROLPORT}/g" $1 > $2
+ -e "s/${atsign}CONTROLPORT${atsign}/${CONTROLPORT}/g" \
+ -e "s/${atsign}DEFAULT_ALGORITM${atsign}/${DEFAULT_ALGORITHM}/g" \
+ -e "s/${atsign}DEFAULT_ALGORITHM_NUMBER${atsign}/${DEFAULT_ALGORITHM_NUMBER}/g" \
+ -e "s/${atsign}DEFAULT_BITS${atsign}/${DEFAULT_BITS}/g" \
+ $1 > $2
}
#
zonefile=root.db
outfile=root.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=druz.pre
dlvzone=utld.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=child1.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
outfile=child3.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
outfile=child4.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=child5.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
zonefile=child7.utld.db
outfile=child7.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
zonefile=child8.utld.db
outfile=child8.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=child9.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=child10.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
outfile=child7.druz.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
zonefile=child8.druz.db
outfile=child8.druz.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=child9.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
zonefile=dlv.utld.db
outfile=dlv.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
zonefile=grand.child1.utld.db
outfile=grand.child1.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child3.signed
dlvzone=dlv.utld.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child4.signed
dlvzone=dlv.utld.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child5.signed
dlvzone=dlv.utld.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child7.signed
dlvzone=dlv.utld.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child8.signed
dlvzone=dlv.utld.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child9.signed
dlvzone=dlv.utld.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child10.signed
dlvzone=dlv.utld.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
zonefile=grand.child1.druz.db
outfile=grand.child1.druz.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child3.druz.signed
dlvzone=dlv.druz.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child4.druz.signed
dlvzone=dlv.druz.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child5.druz.signed
dlvzone=dlv.druz.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child7.druz.signed
dlvzone=dlv.druz.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child8.druz.signed
dlvzone=dlv.druz.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child9.druz.signed
dlvzone=dlv.druz.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=grand.child10.druz.signed
dlvzone=dlv.druz.
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
cp ../ns3/dsset-$subdomain.example$TP .
done
-keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
infile=in-addr.arpa.db.in
zonefile=in-addr.arpa.db
-keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
infile=badparam.db.in
zonefile=badparam.db
-keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
-keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
+keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone`
+keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
listen-on-v6 { none; };
recursion yes;
notify yes;
- disable-algorithms . { DSA; };
+ disable-algorithms . { @DEFAULT_ALGORITHM@; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv;
if [ -x ${DELV} ] ; then
ret=0
- echo_i "checking postive validation NSEC using dns_client ($n)"
+ echo_i "checking positive validation NSEC using dns_client ($n)"
$DELV $DELVOPTS @10.53.0.4 a a.example > delv.out$n || ret=1
grep "a.example..*10.0.0.1" delv.out$n > /dev/null || ret=1
- grep "a.example..*.RRSIG.A 3 2 300 .*" delv.out$n > /dev/null || ret=1
+ grep "a.example..*.RRSIG.A $DEFAULT_ALGORITHM_NUMBER 2 300 .*" delv.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "checking positive wildcard validation NSEC using dns_client ($n)"
$DELV $DELVOPTS @10.53.0.4 a a.wild.example > delv.out$n || ret=1
grep "a.wild.example..*10.0.0.27" delv.out$n > /dev/null || ret=1
- grep "a.wild.example..*RRSIG.A 3 2 300.*" delv.out$n > /dev/null || ret=1
+ grep -E "a.wild.example..*RRSIG.A [0-9]+ 2 300.*" delv.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
-echo_i "checking that lookups succeed after disabling a algorithm works ($n)"
+echo_i "checking that lookups succeed after disabling an algorithm ($n)"
ret=0
$DIG $DIGOPTS +noauth example. SOA @10.53.0.2 \
> dig.out.ns2.test$n || ret=1
ret=0
$DIG $DIGOPTS +norec +nocrypto DNSKEY . \
@10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1
-grep '256 3 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
-grep 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
+grep -E '256 [0-9]+ 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
+grep -E 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
$DIG $DIGOPTS +norec +nocrypto DS example \
@10.53.0.1 > dig.out.ds.ns1.test$n || ret=1
-grep 'DS.* 3 [12] \[omitted]' dig.out.ds.ns1.test$n > /dev/null || ret=1
+grep -E 'DS.* [0-9]+ [12] \[omitted]' dig.out.ds.ns1.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
zonefile=signed.db.signed
outfile=signed.db.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
zonefile=signed.db.signed
outfile=signed.db.signed
-keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
zsk_standby None
keyttl None
-algorithm policy DSA:
+algorithm policy RSASHA256:
inherits None
directory None
- algorithm DSA
+ algorithm RSASHA256
coverage None
- ksk_keysize 1024
+ ksk_keysize 2048
zsk_keysize 2048
ksk_rollperiod None
zsk_rollperiod None
zsk_standby None
keyttl None
+algorithm policy ECDSAP256SHA256:
+ inherits None
+ directory None
+ algorithm ECDSAP256SHA256
+ coverage None
+ ksk_keysize None
+ zsk_keysize None
+ ksk_rollperiod None
+ zsk_rollperiod None
+ ksk_prepublish None
+ ksk_postpublish None
+ zsk_prepublish None
+ zsk_postpublish None
+ ksk_standby None
+ zsk_standby None
+ keyttl None
+
policy extra:
inherits default
directory None
# print algorithm policies
print(pp.alg_policy['RSASHA1'])
- print(pp.alg_policy['DSA'])
+ print(pp.alg_policy['RSASHA256'])
+ print(pp.alg_policy['ECDSAP256SHA256'])
# print another named policy
print(pp.named_policy['extra'])
infile=example.db.in
zonefile=example.db
-keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >> $zonefile
infile=example.db.in
zonefile=example.db
-keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
prog=$0
args=""
-alg="-a RSAMD5 -b 1024"
+alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
quiet=0
msg1="cryptography"
copy_setports ns1/named.conf.in ns1/named.conf
-key=`$KEYGEN -Cq -K ns1 -a DSA -b 512 -n HOST -T KEY key.example.nil.`
+key=`$KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.`
cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
projects / thirdparty / bind9.git / commitdiff
