From: Matthijs Mekking <matthijs@isc.org>
Date: Wed, 10 Aug 2022 13:24:21 +0000 (+0200)
Subject: Test checkconf NSEC3 and incompatible algorithm
X-Git-Tag: v9.18.7~20^2~4
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=b0ae2e4da7bfc09dfacb6695ecba7e48f4cb5b5a;p=thirdparty%2Fbind9.git

Test checkconf NSEC3 and incompatible algorithm

The check code for this already exists, but was untested.

(cherry picked from commit 1996eaee547e046c8314cdb4a50a02eb9e59ce3f)
---

diff --git a/bin/tests/system/checkconf/bad-kasp-nsec3-alg.conf b/bin/tests/system/checkconf/bad-kasp-nsec3-alg.conf
new file mode 100644
index 00000000000..ff25ecea38d
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-kasp-nsec3-alg.conf
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy "badnsec3alg" {
+	keys {
+		csk lifetime unlimited algorithm rsasha1;
+	};
+	nsec3param iterations 0 optout 0 salt-length 0;
+};
+
+zone "example.net" {
+	type primary;
+	file "example.db";
+	dnssec-policy "badnsec3alg";
+};