#
# A zone that is signed with an unsupported DNSKEY algorithm (3).
-# Algorithm 7 is replaced by 3 in the zone and dsset.
+# Algorithm 7 is replaced by 255 in the zone and dsset.
#
zone=dnskey-unsupported.example.
infile=dnskey-unsupported.example.db.in
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
-awk '$4 == "DNSKEY" { $7 = 3; print } $4 == "RRSIG" { $6 = 3; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
+awk '$4 == "DNSKEY" { $7 = 255; print } $4 == "RRSIG" { $6 = 255; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
#
-# A zone with a published unsupported DNSKEY algorithm (DSA).
+# A zone with a published unsupported DNSKEY algorithm (Reserved).
# Different from above because this key is not intended for signing.
#
zone=dnskey-unsupported-2.example.
ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-cat "$infile" "$ksk.key" "$zsk.key" dsa.key > "$zonefile"
+cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
# "$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile"
ret=0
dig_with_opts +noauth +noadd +nodnssec +adflag @10.53.0.3 dnskey-unsupported-2.example DNSKEY > dig.out.test$n
grep "status: NOERROR," dig.out.test$n > /dev/null || ret=1
-grep "dnskey-unsupported-2\.example\..*IN.*DNSKEY.*257 3 3" dig.out.test$n > /dev/null || ret=1
+grep "dnskey-unsupported-2\.example\..*IN.*DNSKEY.*257 3 255" dig.out.test$n > /dev/null || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
./bin/tests/system/dnssec/ns1/sign.sh SH 2000,2001,2002,2003,2004,2006,2007,2008,2009,2010,2011,2012,2013,2014,2016,2017,2018
./bin/tests/system/dnssec/ns2/rfc2335.example.db X 2004,2018
./bin/tests/system/dnssec/ns2/sign.sh SH 2000,2001,2002,2003,2004,2006,2007,2008,2009,2010,2011,2012,2014,2015,2016,2017,2018
-./bin/tests/system/dnssec/ns3/dsa.key X 2018
./bin/tests/system/dnssec/ns3/sign.sh SH 2000,2001,2002,2004,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018
+./bin/tests/system/dnssec/ns3/unsupported-algorithm.key X 2018
./bin/tests/system/dnssec/ns5/.gitignore X 2015,2018
./bin/tests/system/dnssec/ns5/sign.sh SH 2015,2016,2017,2018
./bin/tests/system/dnssec/ns6/named.args X 2013,2014,2016,2018