+3057. [bug] "rndc secroots" would abort after the first error
+ and so could miss some views. [RT #23488]
+
3054. [bug] Added elliptic curve support check in
GOST OpenSSL engine detection. [RT #23485]
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.599.8.5 2011/03/03 04:43:01 each Exp $ */
+/* $Id: server.c,v 1.599.8.6 2011/03/03 16:18:12 each Exp $ */
/*! \file */
isc_time_formattimestamp(&now, tbuf, sizeof(tbuf));
fprintf(fp, "%s\n", tbuf);
- nextview:
- for (view = ISC_LIST_HEAD(server->viewlist);
- view != NULL;
- view = ISC_LIST_NEXT(view, link))
- {
- if (ptr != NULL && strcmp(view->name, ptr) != 0)
- continue;
- if (secroots != NULL)
- dns_keytable_detach(&secroots);
- result = dns_view_getsecroots(view, &secroots);
- if (result == ISC_R_NOTFOUND) {
- result = ISC_R_SUCCESS;
- continue;
+ do {
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link))
+ {
+ if (ptr != NULL && strcmp(view->name, ptr) != 0)
+ continue;
+ if (secroots != NULL)
+ dns_keytable_detach(&secroots);
+ result = dns_view_getsecroots(view, &secroots);
+ if (result == ISC_R_NOTFOUND) {
+ result = ISC_R_SUCCESS;
+ continue;
+ }
+ fprintf(fp, "\n Start view %s\n\n", view->name);
+ result = dns_keytable_dump(secroots, fp);
+ if (result != ISC_R_SUCCESS)
+ fprintf(fp, " dumpsecroots failed: %s\n",
+ isc_result_totext(result));
}
- fprintf(fp, "\n Start view %s\n\n", view->name);
- CHECK(dns_keytable_dump(secroots, fp));
- }
- if (ptr != NULL) {
- ptr = next_token(&args, " \t");
if (ptr != NULL)
- goto nextview;
- }
+ ptr = next_token(&args, " \t");
+ } while (ptr != NULL);
cleanup:
if (secroots != NULL)
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: clean.sh,v 1.2.2.2 2011/03/01 23:15:18 marka Exp $
+# $Id: clean.sh,v 1.2.2.3 2011/03/03 16:18:12 each Exp $
rm -f random.data
rm -f ns1/K*
rm -f ns1/*.signed
rm -f ns1/*.db
-rm -f ns1/dlv.conf
+rm -f ns1/bind.keys
rm -f ns1/*.mkeys.jnl
rm -f ns1/*.mkeys
rm -f */named.run
rm -f ns2/*.mkeys
rm -f ns2/*.mkeys.jnl
rm -f dig.out.ns?.test*
+rm -f ns2/named.secroots
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: sign.sh,v 1.2.2.2 2011/03/01 23:15:20 marka Exp $
+# $Id: sign.sh,v 1.2.2.3 2011/03/03 16:18:12 each Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
infile=dlv.isc.org.db.in
zonefile=dlv.isc.org.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
-cat $infile $keyname.key > $zonefile
+dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+cat $infile $dlvkey.key > $zonefile
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
-cp root.db.in root.db
+zone=.
+infile=root.db.in
+zonefile=root.db
-# Configure the resolving server with a trusted key.
+rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+cat $infile $rootkey.key > $zonefile
+$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
-cat $keyname.key | grep -v '^; ' | $PERL -n -e '
+# Create bind.keys file for the use of the resolving server
+echo "managed-keys {" > bind.keys
+cat $dlvkey.key | grep -v '^; ' | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print <<EOF
+ "$dn" initial-key $flags $proto $alg "$key";
+EOF
+' >> bind.keys
+cat $rootkey.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
-managed-keys {
"$dn" initial-key $flags $proto $alg "$key";
-};
EOF
-' > dlv.conf
+' >> bind.keys
+echo "};" >> bind.keys
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named.conf,v 1.2.2.2 2011/03/01 23:15:21 marka Exp $ */
+/* $Id: named.conf,v 1.2.2.3 2011/03/03 16:18:12 each Exp $ */
// NS2
notify no;
dnssec-enable yes;
dnssec-validation yes;
- bindkeys-file "../ns1/dlv.conf";
+ bindkeys-file "../ns1/bind.keys";
dnssec-lookaside "auto";
};
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+};
+
view "in" {
recursion yes;
zone "." {
view "ch" ch {
match-clients { 127.0.0.1; };
};
+
+view "unused" {
+ match-clients { none; };
+};
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.2.2.2 2011/03/01 23:15:19 marka Exp $
+# $Id: tests.sh,v 1.2.2.3 2011/03/03 16:18:12 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=1
fi
+n=`expr $n + 1`
+echo "I:checking that only the DLV key was imported from bind.keys ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 secroots 2>&1 | sed 's/^/I:ns2 /'
+linecount=`grep "\./RSAMD5/.* ; managed" ns2/named.secroots | wc -l`
+[ "$linecount" -eq 0 ] || ret=1
+linecount=`grep "dlv.isc.org/RSAMD5/.* ; managed" ns2/named.secroots | wc -l`
+[ "$linecount" -eq 2 ] || ret=1
+linecount=`cat ns2/named.secroots | wc -l`
+[ "$linecount" -eq 13 ] || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
exit $status
projects / thirdparty / bind9.git / commitdiff
