Move dnssec-policy to kasp-fips.conf.in

All dnssec-policy configurations are here, so why not this one?

(cherry picked from commit 93326e3e180f4cb2d5fe0b01ba99941d5ec74355)

diff --git a/bin/tests/system/kasp/ns6/named.conf.in b/bin/tests/system/kasp/ns6/named.conf.in
index 7b0cba84782c65b271ddc51b9c9a02b4c48d5de1..8215531f3e23430e963a10effe6a063aaf60dcd6 100644 (file)
--- a/bin/tests/system/kasp/ns6/named.conf.in
+++ b/bin/tests/system/kasp/ns6/named.conf.in
@@ -89,12 +89,6 @@ zone "step1.csk-algorithm-roll.kasp" {
        dnssec-policy "csk-algoroll";
 };
 
-dnssec-policy "modified" {
-       keys {
-               csk lifetime unlimited algorithm rsasha256 2048;
-       };
-};
-
 zone example {
        type primary;
        file "example.db";

diff --git a/bin/tests/system/kasp/ns6/named2.conf.in b/bin/tests/system/kasp/ns6/named2.conf.in
index 087fa7716f2d33210412497583ccda512ebc7088..cd209e7a529d12d5650e03d98b18a97ffe64726f 100644 (file)
--- a/bin/tests/system/kasp/ns6/named2.conf.in
+++ b/bin/tests/system/kasp/ns6/named2.conf.in
@@ -177,12 +177,6 @@ zone "step6.csk-algorithm-roll.kasp" {
        dnssec-policy "csk-algoroll";
 };
 
-dnssec-policy "modified" {
-       keys {
-               csk lifetime unlimited algorithm rsasha256 2048;
-       };
-};
-
 zone example {
        type primary;
        file "example.db";

diff --git a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
index 810b91d6ada2bbcc77e6a5bb2b39dee3b78a5b83..dc234d0c21bd835d5da81625e9cb526d3333bd01 100644 (file)
--- a/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
+++ b/bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in
@@ -24,6 +24,12 @@ dnssec-policy "nsec3" {
        nsec3param iterations 0 optout no salt-length 0;
 };
 
+dnssec-policy "modified" {
+       keys {
+               csk lifetime unlimited algorithm rsasha256 2048;
+       };
+};
+
 dnssec-policy "rsasha256" {
        signatures-refresh P5D;
        signatures-validity 30d;