While it is meant to be used for transitioning a zone to insecure,
add a test case where a zone uses the "insecure" policy immediately.
The zone will go through DNSSEC maintenance, but the outcome should
be the same as 'dnssec-policy none;', that is the zone should be
unsigned.
dnssec-policy "none";
};
+/* A zone that is initially set to insecure. */
+zone "insecure.kasp" {
+ type primary;
+ file "insecure.kasp.db";
+ dnssec-policy "insecure";
+};
+
/* A master zone with dnssec-policy but keys already created. */
zone "dnssec-keygen.kasp" {
type primary;
infile="${zone}.db.infile"
cp template.db.in $zonefile
+# Set up zone that stays unsigned.
+zone="insecure.kasp"
+echo_i "setting up zone: $zone"
+zonefile="${zone}.db"
+infile="${zone}.db.infile"
+cp template.db.in $zonefile
+
# Some of these zones already have keys.
zone="dnssec-keygen.kasp"
$KEYGEN -k rsasha1 -l policies/kasp.conf $zone > keygen.out.$zone.1 2>&1
check_apex
check_subdomain
+#
+# Zone: insecure.kasp.
+#
+set_zone "insecure.kasp"
+set_policy "insecure" "0" "0"
+set_server "ns3" "10.53.0.3"
+
+key_clear "KEY1"
+key_clear "KEY2"
+key_clear "KEY3"
+key_clear "KEY4"
+
+check_keys
+check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"
+check_apex
+check_subdomain
+
#
# Zone: unlimited.kasp.
#
projects / thirdparty / bind9.git / commitdiff
