From: Mark Andrews <marka@isc.org>
Date: Wed, 21 Apr 2021 01:57:46 +0000 (+1000)
Subject: Check dnssec-policy nsec3param iterations limit
X-Git-Tag: v9.17.13~36^2~7
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=aa26cde2aea459d682f6f609a7c902ef9a7a35eb;p=thirdparty%2Fbind9.git

Check dnssec-policy nsec3param iterations limit
---

diff --git a/bin/tests/system/checkconf/bad-kasp-iterations.conf b/bin/tests/system/checkconf/bad-kasp-iterations.conf
new file mode 100644
index 00000000000..041ca7678e7
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-kasp-iterations.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy too-many-iterations {
+	nsec3param iterations 151;
+};
diff --git a/bin/tests/system/checkconf/good-kasp-iterations.conf b/bin/tests/system/checkconf/good-kasp-iterations.conf
new file mode 100644
index 00000000000..e197957cf57
--- /dev/null
+++ b/bin/tests/system/checkconf/good-kasp-iterations.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy max-iterations {
+	nsec3param iterations 150;
+};