# Clean up after zone transfer tests.
#
-rm -f verylarge
+rm -f */*.jnl
+rm -f */named.conf
rm -f */named.memstats
rm -f */named.run */ans.run
-rm -f */named.conf
+rm -f */named.run.prev
rm -f Kxxx.*
+rm -f check.out.*
rm -f dig.out.*
rm -f jp.out.ns3.*
+rm -f nextpart.out.*
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
rm -f ns*/named.lock
-rm -f */*.jnl
rm -f ns1/example.db ns1/unixtime.db ns1/yyyymmddvv.db ns1/update.db ns1/other.db ns1/keytests.db
rm -f ns1/many.test.db
rm -f ns1/maxjournal.db
rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key
+rm -f ns1/sample.db
rm -f ns1/sha512.key ns1/ddns.key
+rm -f ns10/_default.tsigkeys
+rm -f ns10/example.com.db
+rm -f ns10/in-addr.db
rm -f ns2/example.bk
+rm -f ns2/sample.db
rm -f ns2/update.bk ns2/update.alt.bk
rm -f ns3/*.signed
rm -f ns3/K*
rm -f ns3/too-big.test.db
rm -f ns5/local.db
rm -f ns6/in-addr.db
-rm -f ns7/in-addr.db
-rm -f ns7/example.com.db
rm -f ns7/_default.tsigkeys
-rm -f ns8/in-addr.db
-rm -f ns8/example.com.db
+rm -f ns7/example.com.db
+rm -f ns7/in-addr.db
rm -f ns8/_default.tsigkeys
-rm -f ns9/in-addr.db
-rm -f ns9/example.com.db
+rm -f ns8/example.com.db
+rm -f ns8/in-addr.db
rm -f ns9/_default.tsigkeys
-rm -f ns10/example.com.db
-rm -f ns10/in-addr.db
-rm -f ns10/_default.tsigkeys
+rm -f ns9/denyname.example.db
+rm -f ns9/example.com.db
+rm -f ns9/in-addr.db
rm -f nsupdate.out*
rm -f typelist.out.*
-rm -f ns1/sample.db
-rm -f ns2/sample.db
-rm -f update.out.*
-rm -f check.out.*
rm -f update.out.*
-rm -f ns*/managed-keys.bind* ns*/*.mkeys*
-rm -f nextpart.out.*
-rm -f */named.run.prev
+rm -f verylarge
algorithm hmac-sha256;
};
+key subkey {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
controls {
inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
grant EXAMPLE.COM ms-subdomain _tcp.example.com SRV;
};
};
+
+zone "denyname.example" {
+ type master;
+ file "denyname.example.db";
+ update-policy {
+ deny subkey name denyname.example;
+ grant subkey subdomain denyname.example;
+ };
+};
cp -f ns8/example.com.db.in ns8/example.com.db
cp -f ns9/in-addr.db.in ns9/in-addr.db
cp -f ns9/example.com.db.in ns9/example.com.db
+cp -f ns9/example.com.db.in ns9/denyname.example.db
cp -f ns10/in-addr.db.in ns10/in-addr.db
cp -f ns10/example.com.db.in ns10/example.com.db
grep "TXT.*everywhere" dig.out.2.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
+n=`expr $n + 1`
+ret=0
+echo_i "check 'grant' in deny name + grant subdomain ($n)"
+$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
+key hmac-sha256:subkey 1234abcd8765
+server 10.53.0.9 ${PORT}
+zone denyname.example
+update add foo.denyname.example 3600 IN TXT added
+send
+EOF
+$DIG $DIGOPTS +tcp @10.53.0.9 foo.denyname.example TXT > dig.out.ns9.test$n
+grep "added" dig.out.ns9.test$n > /dev/null || ret=1
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
+
+n=`expr $n + 1`
+ret=0
+echo_i "check 'deny' in deny name + grant subdomain ($n)"
+$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
+key hmac-sha256:subkey 1234abcd8765
+server 10.53.0.9 ${PORT}
+zone denyname.example
+update add denyname.example 3600 IN TXT added
+send
+EOF
+$DIG $DIGOPTS +tcp @10.53.0.9 denyname.example TXT > dig.out.ns9.test$n
+grep "added" dig.out.ns9.test$n > /dev/null && ret=1
+[ $ret = 0 ] || { echo_i "failed"; status=1; }
+
n=`expr $n + 1`
ret=0
echo_i "check that changes to the DNSKEY RRset TTL do not have side effects ($n)"
projects / thirdparty / bind9.git / commitdiff
