echo "};"
}
+# keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
+# provided to a "trust-keys" section suitable for including in a
+# resolver's configuration file
+keyfile_to_trusted_keys() {
+ keyfile_to_keys "trusted-keys" "" $*
+}
+
# keyfile_to_static_keys: convert key data contained in the keyfile(s)
# provided to a *static-key* "trust-anchors" section suitable for including in
# a resolver's configuration file
cp trusted.conf ../ns7/trusted.conf
cp trusted.conf ../ns9/trusted.conf
+keyfile_to_trusted_keys "$ksk" > trusted.keys
+
# ...or with an initializing key.
keyfile_to_initial_ds "$ksk" > managed.conf
cp managed.conf ../ns4/managed.conf
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
+
+ ret=0
+ echo_i "checking positive validation NSEC using dns_client (trusted-keys) ($n)"
+ "$DELV" -a ns1/trusted.keys -p "$PORT" @10.53.0.4 a a.example > delv.out$n || ret=1
+ grep "a.example..*10.0.0.1" delv.out$n > /dev/null || ret=1
+ grep "a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*" delv.out$n > /dev/null || ret=1
+ n=$((n+1))
+ test "$ret" -eq 0 || echo_i "failed"
+ status=$((status+ret))
fi
echo_i "checking positive validation NSEC3 ($n)"
projects / thirdparty / bind9.git / commitdiff
