SHA256="R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="
VIEW1="YPfMoAk6h+3iN8MDRQC004iSNHY="
VIEW2="4xILSZQnuO1UKubXHkYUsvBRPu8="
+VIEW3="C1Azf+gGPMmxrUg/WQINP6eV9Y0="
###############################################################################
# Key properties #
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
+key "keyforview3" {
+ algorithm "hmac-sha1";
+ secret "C1Azf+gGPMmxrUg/WQINP6eV9Y0=";
+};
+
dnssec-policy "test" {
keys {
csk key-directory lifetime 0 algorithm 14;
file "example2.db";
};
};
+
+view "example3" {
+ match-clients { key "keyforview3"; };
+ zone "example.net" {
+ in-view example2;
+ };
+};
check_subdomain
dnssec_verify
+# Test with views.
set_zone "example.net"
set_server "ns4" "10.53.0.4"
TSIG="hmac-sha1:keyforview1:$VIEW1"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
+TSIG="hmac-sha1:keyforview3:$VIEW3"
+wait_for_nsec
+check_keys
+check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example2"
+check_apex
+dnssec_verify
+n=$((n+1))
+# check subdomain
+echo_i "check TXT example.net (in-view example2) rrset is signed correctly ($n)"
+ret=0
+dig_with_opts "view.${ZONE}" "@${SERVER}" TXT > "dig.out.$DIR.test$n.txt" || log_error "dig view.${ZONE} TXT failed"
+grep "status: NOERROR" "dig.out.$DIR.test$n.txt" > /dev/null || log_error "mismatch status in DNS response"
+grep "view.${ZONE}\..*${DEFAULT_TTL}.*IN.*TXT.*view2" "dig.out.$DIR.test$n.txt" > /dev/null || log_error "missing view.${ZONE} TXT record in response"
+check_signatures TXT "dig.out.$DIR.test$n.txt" "ZSK"
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
# Clear TSIG.
TSIG=""
projects / thirdparty / bind9.git / commitdiff
