echo "$zone" >> zones
}
+sign_dspublish() {
+ cp template.db.in "$zonefile"
+ keytimes="-P $T -P sync $T -A $T"
+ CSK=$($KEYGEN -k default $keytimes $zone 2> keygen.out.$zone)
+ $SETTIME -s -g $O -k $O $T -r $O $T -z $O $T -d $R $T "$CSK" > settime.out.$zone 2>&1
+ cat "$zonefile" "${CSK}.key" > "$infile"
+ private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >> "$infile"
+ cp $infile $zonefile
+ $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile > signer.out.$zone.1 2>&1
+ cp "dsset-${zone}." ../ns2/
+}
+
+sign_dsremoved() {
+ cp template.db.in "$zonefile"
+ keytimes="-P $Y -P sync $Y -A $Y"
+ CSK=$($KEYGEN -k default $keytimes $zone 2> keygen.out.$zone)
+ $SETTIME -s -g $H -k $O $T -r $O $T -z $O $T -d $U $T "$CSK" > settime.out.$zone 2>&1
+ cat "$zonefile" "${CSK}.key" > "$infile"
+ private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >> "$infile"
+ cp $infile $zonefile
+ $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile > signer.out.$zone.1 2>&1
+ cp "dsset-${zone}." ../ns2/
+}
+
# Short environment variable names for key states and times.
H="HIDDEN"
R="RUMOURED"
bad.${checkds}.dspublish.ns2-4-6
do
setup "${zn}"
- cp template.db.in "$zonefile"
- keytimes="-P $T -P sync $T -A $T"
- CSK=$($KEYGEN -k default $keytimes $zone 2> keygen.out.$zone)
- $SETTIME -s -g $O -k $O $T -r $O $T -z $O $T -d $R $T "$CSK" > settime.out.$zone 2>&1
- cat "$zonefile" "${CSK}.key" > "$infile"
- private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >> "$infile"
- cp $infile $zonefile
- $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile > signer.out.$zone.1 2>&1
-
- cp "dsset-${zone}." ../ns2/
+ sign_dspublish
done
done
bad.${checkds}.dsremoved.ns5-6-7
do
setup "${zn}"
- cp template.db.in "$zonefile"
- keytimes="-P $Y -P sync $Y -A $Y"
- CSK=$($KEYGEN -k default $keytimes $zone 2> keygen.out.$zone)
- $SETTIME -s -g $H -k $O $T -r $O $T -z $O $T -d $U $T "$CSK" > settime.out.$zone 2>&1
- cat "$zonefile" "${CSK}.key" > "$infile"
- private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >> "$infile"
- cp $infile $zonefile
- $SIGNER -S -z -x -s now-1h -e now+30d -o $zone -O raw -f "${zonefile}.signed" $infile > signer.out.$zone.1 2>&1
-
- cp "dsset-${zone}." ../ns2/
+ sign_dsremoved
done
done
+
+setup "no-ent.ns2"
+sign_dspublish
+
+setup "no-ent.ns5"
+sign_dsremoved
keystate_check(parent, "resolver.explicit.dsremoved.ns5.", "DSRemoved")
+def test_checkds_no_ent(named_port):
+ # We create resolver instances that will be used to send queries.
+ server = dns.resolver.Resolver()
+ server.nameservers = ["10.53.0.9"]
+ server.port = named_port
+
+ parent = dns.resolver.Resolver()
+ parent.nameservers = ["10.53.0.2"]
+ parent.port = named_port
+
+ zone_check(server, "no-ent.ns2.")
+ wait_for_log(
+ "ns9/named.run",
+ "zone no-ent.ns2/IN (signed): checkds: DS response from 10.53.0.2",
+ )
+ keystate_check(parent, "no-ent.ns2.", "DSPublish")
+
+ zone_check(server, "no-ent.ns5.")
+ wait_for_log(
+ "ns9/named.run",
+ "zone no-ent.ns5/IN (signed): checkds: DS response from 10.53.0.5",
+ )
+ keystate_check(parent, "no-ent.ns5.", "DSRemoved")
+
+
def test_checkds_dspublished(named_port):
checkds_dspublished(named_port, "explicit")
checkds_dspublished(named_port, "yes")
projects / thirdparty / bind9.git / commitdiff
