From: Michał Kępień <michal@isc.org>
Date: Tue, 26 Jun 2018 10:19:41 +0000 (+0200)
Subject: Do not use IANA DNSSEC keys in the "rpz" system test
X-Git-Tag: v9.13.2~18^2~1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=ff6b717955dda877d202779d7763edd19c0e15a9;p=thirdparty%2Fbind9.git

Do not use IANA DNSSEC keys in the "rpz" system test

With "dnssec-validation" now defaulting to "auto", it needs to be
explicitly set to "yes" (the previous default value) for all validating
resolvers used in system tests.  Ensure that requirement is satisfied by
the resolvers used in the "rpz" system test.
---

diff --git a/bin/tests/system/rpz/ns2/named.conf.in b/bin/tests/system/rpz/ns2/named.conf.in
index f4f4550ddb7..15226401e9b 100644
--- a/bin/tests/system/rpz/ns2/named.conf.in
+++ b/bin/tests/system/rpz/ns2/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 };
 
 key rndc_key {
diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in
index 091cceaa531..851a055bc9d 100644
--- a/bin/tests/system/rpz/ns3/named.conf.in
+++ b/bin/tests/system/rpz/ns3/named.conf.in
@@ -26,6 +26,8 @@ options {
 	listen-on-v6 { none; };
 	notify yes;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "bl"					max-policy-ttl 100;
diff --git a/bin/tests/system/rpz/ns4/named.conf.in b/bin/tests/system/rpz/ns4/named.conf.in
index 03d0ca0abda..04d6d188fd0 100644
--- a/bin/tests/system/rpz/ns4/named.conf.in
+++ b/bin/tests/system/rpz/ns4/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on-v6 { none; };
 	notify no;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 };
 
 include "../trusted.conf";
diff --git a/bin/tests/system/rpz/ns5/named.conf.in b/bin/tests/system/rpz/ns5/named.conf.in
index 025cff5ff9b..00d07252939 100644
--- a/bin/tests/system/rpz/ns5/named.conf.in
+++ b/bin/tests/system/rpz/ns5/named.conf.in
@@ -28,6 +28,8 @@ options {
 	notify-delay 0;
 	notify yes;
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	# turn rpz on or off
 	include "rpz-switch";
diff --git a/bin/tests/system/rpz/ns6/named.conf.in b/bin/tests/system/rpz/ns6/named.conf.in
index ccd177f1b2f..1cf738399b5 100644
--- a/bin/tests/system/rpz/ns6/named.conf.in
+++ b/bin/tests/system/rpz/ns6/named.conf.in
@@ -22,6 +22,8 @@ options {
 	forward only;
 	forwarders { 10.53.0.3; };
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "policy1" min-update-interval 0;
diff --git a/bin/tests/system/rpz/ns7/named.conf.in b/bin/tests/system/rpz/ns7/named.conf.in
index 8c5c15d10e2..842f709923d 100644
--- a/bin/tests/system/rpz/ns7/named.conf.in
+++ b/bin/tests/system/rpz/ns7/named.conf.in
@@ -20,6 +20,8 @@ options {
 	listen-on { 10.53.0.7; };
 	listen-on-v6 { none; };
 	minimal-responses no;
+	recursion yes;
+	dnssec-validation yes;
 
 	response-policy {
 	    zone "policy2";