From: Matthijs Mekking Date: Wed, 21 Apr 2021 14:37:17 +0000 (+0200) Subject: Add test for "insecure" policy X-Git-Tag: v9.17.13~26^2~3 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=9c6ff463fdd26aab45dd95b68d6c0816da753545;p=thirdparty%2Fbind9.git Add test for "insecure" policy While it is meant to be used for transitioning a zone to insecure, add a test case where a zone uses the "insecure" policy immediately. The zone will go through DNSSEC maintenance, but the outcome should be the same as 'dnssec-policy none;', that is the zone should be unsigned. --- diff --git a/bin/tests/system/kasp/ns3/named.conf.in b/bin/tests/system/kasp/ns3/named.conf.in index 28e9c6aee32..6e6f7bfa06e 100644 --- a/bin/tests/system/kasp/ns3/named.conf.in +++ b/bin/tests/system/kasp/ns3/named.conf.in @@ -100,6 +100,13 @@ zone "unsigned.kasp" { dnssec-policy "none"; }; +/* A zone that is initially set to insecure. */ +zone "insecure.kasp" { + type primary; + file "insecure.kasp.db"; + dnssec-policy "insecure"; +}; + /* A master zone with dnssec-policy but keys already created. */ zone "dnssec-keygen.kasp" { type primary; diff --git a/bin/tests/system/kasp/ns3/setup.sh b/bin/tests/system/kasp/ns3/setup.sh index 2ffca051e93..55e862856cf 100644 --- a/bin/tests/system/kasp/ns3/setup.sh +++ b/bin/tests/system/kasp/ns3/setup.sh @@ -79,6 +79,13 @@ zonefile="${zone}.db" infile="${zone}.db.infile" cp template.db.in $zonefile +# Set up zone that stays unsigned. +zone="insecure.kasp" +echo_i "setting up zone: $zone" +zonefile="${zone}.db" +infile="${zone}.db.infile" +cp template.db.in $zonefile + # Some of these zones already have keys. zone="dnssec-keygen.kasp" $KEYGEN -k rsasha1 -l policies/kasp.conf $zone > keygen.out.$zone.1 2>&1 diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index 6f184c196b3..a2969fd9f9e 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -784,6 +784,23 @@ check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" check_apex check_subdomain +# +# Zone: insecure.kasp. +# +set_zone "insecure.kasp" +set_policy "insecure" "0" "0" +set_server "ns3" "10.53.0.3" + +key_clear "KEY1" +key_clear "KEY2" +key_clear "KEY3" +key_clear "KEY4" + +check_keys +check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" +check_apex +check_subdomain + # # Zone: unlimited.kasp. #