diff options
Diffstat (limited to '')
28 files changed, 1222 insertions, 0 deletions
diff --git a/bin/tests/system/dlv/clean.sh b/bin/tests/system/dlv/clean.sh new file mode 100644 index 0000000..94cadc6 --- /dev/null +++ b/bin/tests/system/dlv/clean.sh @@ -0,0 +1,42 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +rm -f ns*/named.run +rm -f ns*/named.conf +rm -f ns1/K* +rm -f ns1/dsset-* +rm -f ns1/*.signed +rm -f ns1/signer.err +rm -f ns1/root.db +rm -f ns2/K* +rm -f ns2/dlvset-* +rm -f ns2/dsset-* +rm -f ns2/*.signed +rm -f ns2/*.pre +rm -f ns2/signer.err +rm -f ns2/druz.db +rm -f ns3/K* +rm -f ns3/*.db +rm -f ns3/*.signed +rm -f ns3/dlvset-* +rm -f ns3/dsset-* +rm -f ns3/keyset-* +rm -f ns1/trusted.conf ns5/trusted.conf +rm -f ns3/trusted-dlv.conf ns5/trusted-dlv.conf +rm -f ns3/signer.err +rm -f ns6/K* +rm -f ns6/*.db +rm -f ns6/*.signed +rm -f ns6/dsset-* +rm -f ns6/signer.err +rm -f */named.memstats +rm -f dig.out.ns*.test* +rm -f ns*/named.lock diff --git a/bin/tests/system/dlv/ns1/named.conf.in b/bin/tests/system/dlv/ns1/named.conf.in new file mode 100644 index 0000000..337558f --- /dev/null +++ b/bin/tests/system/dlv/ns1/named.conf.in @@ -0,0 +1,26 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; +}; + +zone "." { type master; file "root.signed"; }; +zone "rootservers.utld" { type master; file "rootservers.utld.db"; }; diff --git a/bin/tests/system/dlv/ns1/root.db.in b/bin/tests/system/dlv/ns1/root.db.in new file mode 100644 index 0000000..a4d4bd9 --- /dev/null +++ b/bin/tests/system/dlv/ns1/root.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 120 +@ SOA ns.rootservers.utld hostmaster.ns.rootservers.utld ( + 1 3600 1200 604800 60 ) +@ NS ns.rootservers.utld +ns A 10.53.0.1 +; +utld NS ns.utld +ns.utld A 10.53.0.2 +druz NS ns.druz +ns.druz A 10.53.0.2 diff --git a/bin/tests/system/dlv/ns1/rootservers.utld.db b/bin/tests/system/dlv/ns1/rootservers.utld.db new file mode 100644 index 0000000..8491ed0 --- /dev/null +++ b/bin/tests/system/dlv/ns1/rootservers.utld.db @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 120 +@ SOA ns hostmaster.ns 1 3600 1200 604800 60 +@ NS ns +ns A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh new file mode 100755 index 0000000..b815162 --- /dev/null +++ b/bin/tests/system/dlv/ns1/sign.sh @@ -0,0 +1,36 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +SYSTESTDIR=dlv + +(cd ../ns2 && $SHELL -e ./sign.sh || exit 1) + +echo_i "dlv/ns1/sign.sh" + +zone=. +infile=root.db.in +zonefile=root.db +outfile=root.signed + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err + +echo_i "signed $zone" + +keyfile_to_trusted_keys $keyname2 > trusted.conf +cp trusted.conf ../ns5 diff --git a/bin/tests/system/dlv/ns2/druz.db.in b/bin/tests/system/dlv/ns2/druz.db.in new file mode 100644 index 0000000..4e0f892 --- /dev/null +++ b/bin/tests/system/dlv/ns2/druz.db.in @@ -0,0 +1,47 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 120 +@ SOA ns hostmaster.ns 1 3600 1200 604800 60 +@ NS ns +ns A 10.53.0.2 +; +rootservers NS ns.rootservers +ns.rootservers A 10.53.0.1 +; +; +child1 NS ns.child1 +ns.child1 A 10.53.0.3 +; +child2 NS ns.child2 +ns.child2 A 10.53.0.4 +; +child3 NS ns.child3 +ns.child3 A 10.53.0.3 +; +child4 NS ns.child4 +ns.child4 A 10.53.0.3 +; +child5 NS ns.child5 +ns.child5 A 10.53.0.3 +; +child6 NS ns.child6 +ns.child6 A 10.53.0.4 +; +child7 NS ns.child7 +ns.child7 A 10.53.0.3 +; +child8 NS ns.child8 +ns.child8 A 10.53.0.3 +; +child9 NS ns.child9 +ns.child9 A 10.53.0.3 +; +child10 NS ns.child10 +ns.child10 A 10.53.0.3 diff --git a/bin/tests/system/dlv/ns2/hints b/bin/tests/system/dlv/ns2/hints new file mode 100644 index 0000000..381e86b --- /dev/null +++ b/bin/tests/system/dlv/ns2/hints @@ -0,0 +1,11 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +. 0 NS ns.rootservers.utld. +ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns2/named.conf.in b/bin/tests/system/dlv/ns2/named.conf.in new file mode 100644 index 0000000..b08bd13 --- /dev/null +++ b/bin/tests/system/dlv/ns2/named.conf.in @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; +}; + +zone "." { type hint; file "hints"; }; +zone "utld" { type master; file "utld.db"; }; +zone "druz" { type master; file "druz.signed"; }; diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh new file mode 100755 index 0000000..6f84d7a --- /dev/null +++ b/bin/tests/system/dlv/ns2/sign.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +SYSTESTDIR=dlv + +(cd ../ns3 && $SHELL -e ./sign.sh || exit 1) + +echo_i "dlv/ns2/sign.sh" + +zone=druz. +infile=druz.db.in +zonefile=druz.db +outfile=druz.pre +dlvzone=utld. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err + +$CHECKZONE -q -D -i none druz druz.pre | +sed '/IN DNSKEY/s/\([a-z0-9A-Z/]\{10\}\)[a-z0-9A-Z/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed + +echo_i "signed $zone" diff --git a/bin/tests/system/dlv/ns2/utld.db b/bin/tests/system/dlv/ns2/utld.db new file mode 100644 index 0000000..66f559d --- /dev/null +++ b/bin/tests/system/dlv/ns2/utld.db @@ -0,0 +1,49 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 120 +@ SOA ns hostmaster.ns 1 3600 1200 604800 60 +@ NS ns +ns A 10.53.0.2 +; +rootservers NS ns.rootservers +ns.rootservers A 10.53.0.1 +; +dlv NS ns.dlv +ns.dlv A 10.53.0.3 +; +child1 NS ns.child1 +ns.child1 A 10.53.0.3 +; +child2 NS ns.child2 +ns.child2 A 10.53.0.4 +; +child3 NS ns.child3 +ns.child3 A 10.53.0.3 +; +child4 NS ns.child4 +ns.child4 A 10.53.0.3 +; +child5 NS ns.child5 +ns.child5 A 10.53.0.3 +; +child6 NS ns.child6 +ns.child6 A 10.53.0.4 +; +child7 NS ns.child7 +ns.child7 A 10.53.0.3 +; +child8 NS ns.child8 +ns.child8 A 10.53.0.3 +; +child9 NS ns.child9 +ns.child9 A 10.53.0.3 +; +child10 NS ns.child10 +ns.child10 A 10.53.0.3 diff --git a/bin/tests/system/dlv/ns3/child.db.in b/bin/tests/system/dlv/ns3/child.db.in new file mode 100644 index 0000000..11df807 --- /dev/null +++ b/bin/tests/system/dlv/ns3/child.db.in @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 120 +@ SOA ns hostmaster.ns 1 3600 1200 604800 60 +@ NS ns +ns A 10.53.0.3 +foo TXT foo +bar TXT bar +grand NS ns.grand +ns.grand A 10.53.0.6 diff --git a/bin/tests/system/dlv/ns3/dlv.db.in b/bin/tests/system/dlv/ns3/dlv.db.in new file mode 100644 index 0000000..fdc8ce9 --- /dev/null +++ b/bin/tests/system/dlv/ns3/dlv.db.in @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 120 +@ SOA ns hostmaster.ns 1 3600 1200 604800 60 +@ NS ns +ns A 10.53.0.3 diff --git a/bin/tests/system/dlv/ns3/hints b/bin/tests/system/dlv/ns3/hints new file mode 100644 index 0000000..381e86b --- /dev/null +++ b/bin/tests/system/dlv/ns3/hints @@ -0,0 +1,11 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +. 0 NS ns.rootservers.utld. +ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns3/named.conf.in b/bin/tests/system/dlv/ns3/named.conf.in new file mode 100644 index 0000000..42d712b --- /dev/null +++ b/bin/tests/system/dlv/ns3/named.conf.in @@ -0,0 +1,42 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; +}; + +zone "." { type hint; file "hints"; }; +zone "dlv.utld" { type master; file "dlv.signed"; }; +zone "child1.utld" { type master; file "child1.signed"; }; // dlv +zone "child3.utld" { type master; file "child3.signed"; }; // dlv +zone "child4.utld" { type master; file "child4.signed"; }; // dlv +zone "child5.utld" { type master; file "child5.signed"; }; // dlv +zone "child7.utld" { type master; file "child7.signed"; }; // no dlv +zone "child8.utld" { type master; file "child8.signed"; }; // no dlv +zone "child9.utld" { type master; file "child9.signed"; }; // dlv +zone "child10.utld" { type master; file "child.db.in"; }; // dlv unsigned +zone "child1.druz" { type master; file "child1.druz.signed"; }; // dlv +zone "child3.druz" { type master; file "child3.druz.signed"; }; // dlv +zone "child4.druz" { type master; file "child4.druz.signed"; }; // dlv +zone "child5.druz" { type master; file "child5.druz.signed"; }; // dlv +zone "child7.druz" { type master; file "child7.druz.signed"; }; // no dlv +zone "child8.druz" { type master; file "child8.druz.signed"; }; // no dlv +zone "child9.druz" { type master; file "child9.druz.signed"; }; // dlv +zone "child10.druz" { type master; file "child.db.in"; }; // dlv unsigned diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh new file mode 100755 index 0000000..bcc9922 --- /dev/null +++ b/bin/tests/system/dlv/ns3/sign.sh @@ -0,0 +1,286 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +(cd ../ns6 && $SHELL -e ./sign.sh) + +echo_i "dlv/ns3/sign.sh" + +dlvzone=dlv.utld. +dlvsets= +dssets= + +zone=child1.utld. +infile=child.db.in +zonefile=child1.utld.db +outfile=child1.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP +cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child3.utld. +infile=child.db.in +zonefile=child3.utld.db +outfile=child3.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP +cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child4.utld. +infile=child.db.in +zonefile=child4.utld.db +outfile=child4.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child5.utld. +infile=child.db.in +zonefile=child5.utld.db +outfile=child5.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP +cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child7.utld. +infile=child.db.in +zonefile=child7.utld.db +outfile=child7.signed + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP +cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile + +$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child8.utld. +infile=child.db.in +zonefile=child8.utld.db +outfile=child8.signed + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child9.utld. +infile=child.db.in +zonefile=child9.utld.db +outfile=child9.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + +zone=child10.utld. +infile=child.db.in +zonefile=child10.utld.db +outfile=child10.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + +zone=child1.druz. +infile=child.db.in +zonefile=child1.druz.db +outfile=child1.druz.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" +dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP +cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child3.druz. +infile=child.db.in +zonefile=child3.druz.db +outfile=child3.druz.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" +dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP +cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child4.druz. +infile=child.db.in +zonefile=child4.druz.db +outfile=child4.druz.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" +dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child5.druz. +infile=child.db.in +zonefile=child5.druz.db +outfile=child5.druz.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" +dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP +cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child7.druz. +infile=child.db.in +zonefile=child7.druz.db +outfile=child7.druz.signed +dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP +cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile + +$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child8.druz. +infile=child.db.in +zonefile=child8.druz.db +outfile=child8.druz.signed + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=child9.druz. +infile=child.db.in +zonefile=child9.druz.db +outfile=child9.druz.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + +zone=child10.druz. +infile=child.db.in +zonefile=child10.druz.db +outfile=child10.druz.signed +dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" +dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=dlv.utld. +infile=dlv.db.in +zonefile=dlv.utld.db +outfile=dlv.signed + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + +keyfile_to_trusted_keys $keyname2 > trusted-dlv.conf +cp trusted-dlv.conf ../ns5 + +cp $dssets ../ns2 diff --git a/bin/tests/system/dlv/ns4/child.db b/bin/tests/system/dlv/ns4/child.db new file mode 100644 index 0000000..c123f70 --- /dev/null +++ b/bin/tests/system/dlv/ns4/child.db @@ -0,0 +1,34 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 120 +@ SOA ns hostmaster.ns 1 3600 1200 604800 60 +@ NS ns +ns A 10.53.0.3 +; +rootservers NS ns.rootservers +ns.rootservers A 10.53.0.1 +; +child1 NS ns.child1 +ns.child1 A 10.53.0.3 +; +child2 NS ns.child2 +ns.child2 A 10.53.0.4 +; +child3 NS ns.child3 +ns.child3 A 10.53.0.3 +; +child4 NS ns.child4 +ns.child4 A 10.53.0.3 +; +child5 NS ns.child5 +ns.child5 A 10.53.0.3 +; +child6 NS ns.child5 +ns.child6 A 10.53.0.4 diff --git a/bin/tests/system/dlv/ns4/hints b/bin/tests/system/dlv/ns4/hints new file mode 100644 index 0000000..381e86b --- /dev/null +++ b/bin/tests/system/dlv/ns4/hints @@ -0,0 +1,11 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +. 0 NS ns.rootservers.utld. +ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns4/named.conf.in b/bin/tests/system/dlv/ns4/named.conf.in new file mode 100644 index 0000000..805b5f3 --- /dev/null +++ b/bin/tests/system/dlv/ns4/named.conf.in @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable no; +}; + +zone "." { type hint; file "hints"; }; +zone "child2.utld" { type master; file "child.db"; }; +zone "child6.utld" { type master; file "child.db"; }; diff --git a/bin/tests/system/dlv/ns5/hints b/bin/tests/system/dlv/ns5/hints new file mode 100644 index 0000000..381e86b --- /dev/null +++ b/bin/tests/system/dlv/ns5/hints @@ -0,0 +1,11 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +. 0 NS ns.rootservers.utld. +ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns5/named.conf.in b/bin/tests/system/dlv/ns5/named.conf.in new file mode 100644 index 0000000..9e3b195 --- /dev/null +++ b/bin/tests/system/dlv/ns5/named.conf.in @@ -0,0 +1,31 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +include "trusted.conf"; +include "trusted-dlv.conf"; + +options { + query-source address 10.53.0.5; + notify-source 10.53.0.5; + transfer-source 10.53.0.5; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.5; }; + listen-on-v6 { none; }; + recursion yes; + acache-enable yes; + notify yes; + dnssec-enable yes; + dnssec-validation yes; + dnssec-lookaside "." trust-anchor "dlv.utld"; +}; + +zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/dlv/ns5/rndc.conf b/bin/tests/system/dlv/ns5/rndc.conf new file mode 100644 index 0000000..02bce92 --- /dev/null +++ b/bin/tests/system/dlv/ns5/rndc.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +key "cc64b3d1db63fc88d7cb5d2f9f57d258" { + algorithm hmac-sha256; + secret "34f88008d07deabbe65bd01f1d233d47"; +}; + +options { + default-server 10.53.0.5; + default-port 5353; +}; diff --git a/bin/tests/system/dlv/ns6/child.db.in b/bin/tests/system/dlv/ns6/child.db.in new file mode 100644 index 0000000..09a942e --- /dev/null +++ b/bin/tests/system/dlv/ns6/child.db.in @@ -0,0 +1,15 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 120 +@ SOA ns hostmaster.ns6 1 3600 1200 604800 60 +@ NS ns +ns A 10.53.0.6 +foo TXT foo +bar TXT bar diff --git a/bin/tests/system/dlv/ns6/hints b/bin/tests/system/dlv/ns6/hints new file mode 100644 index 0000000..381e86b --- /dev/null +++ b/bin/tests/system/dlv/ns6/hints @@ -0,0 +1,11 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +. 0 NS ns.rootservers.utld. +ns.rootservers.utld. 0 A 10.53.0.1 diff --git a/bin/tests/system/dlv/ns6/named.conf.in b/bin/tests/system/dlv/ns6/named.conf.in new file mode 100644 index 0000000..fe5c68d --- /dev/null +++ b/bin/tests/system/dlv/ns6/named.conf.in @@ -0,0 +1,41 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.6; + notify-source 10.53.0.6; + transfer-source 10.53.0.6; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.6; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; +}; + +zone "." { type hint; file "hints"; }; +zone "grand.child1.utld" { type master; file "grand.child1.signed"; }; +zone "grand.child3.utld" { type master; file "grand.child3.signed"; }; +zone "grand.child4.utld" { type master; file "grand.child4.signed"; }; +zone "grand.child5.utld" { type master; file "grand.child5.signed"; }; +zone "grand.child7.utld" { type master; file "grand.child7.signed"; }; +zone "grand.child8.utld" { type master; file "grand.child8.signed"; }; +zone "grand.child9.utld" { type master; file "grand.child9.signed"; }; +zone "grand.child10.utld" { type master; file "grand.child10.signed"; }; +zone "grand.child1.druz" { type master; file "grand.child1.druz.signed"; }; +zone "grand.child3.druz" { type master; file "grand.child3.druz.signed"; }; +zone "grand.child4.druz" { type master; file "grand.child4.druz.signed"; }; +zone "grand.child5.druz" { type master; file "grand.child5.druz.signed"; }; +zone "grand.child7.druz" { type master; file "grand.child7.druz.signed"; }; +zone "grand.child8.druz" { type master; file "grand.child8.druz.signed"; }; +zone "grand.child9.druz" { type master; file "grand.child9.druz.signed"; }; +zone "grand.child10.druz" { type master; file "grand.child10.druz.signed"; }; diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh new file mode 100755 index 0000000..1e39862 --- /dev/null +++ b/bin/tests/system/dlv/ns6/sign.sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +SYSTESTDIR=dlv + +echo_i "dlv/ns6/sign.sh" + +zone=grand.child1.utld. +infile=child.db.in +zonefile=grand.child1.utld.db +outfile=grand.child1.signed + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child3.utld. +infile=child.db.in +zonefile=grand.child3.utld.db +outfile=grand.child3.signed +dlvzone=dlv.utld. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child4.utld. +infile=child.db.in +zonefile=grand.child4.utld.db +outfile=grand.child4.signed +dlvzone=dlv.utld. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child5.utld. +infile=child.db.in +zonefile=grand.child5.utld.db +outfile=grand.child5.signed +dlvzone=dlv.utld. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child7.utld. +infile=child.db.in +zonefile=grand.child7.utld.db +outfile=grand.child7.signed +dlvzone=dlv.utld. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child8.utld. +infile=child.db.in +zonefile=grand.child8.utld.db +outfile=grand.child8.signed +dlvzone=dlv.utld. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child9.utld. +infile=child.db.in +zonefile=grand.child9.utld.db +outfile=grand.child9.signed +dlvzone=dlv.utld. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + +zone=grand.child10.utld. +infile=child.db.in +zonefile=grand.child10.utld.db +outfile=grand.child10.signed +dlvzone=dlv.utld. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + +zone=grand.child1.druz. +infile=child.db.in +zonefile=grand.child1.druz.db +outfile=grand.child1.druz.signed + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child3.druz. +infile=child.db.in +zonefile=grand.child3.druz.db +outfile=grand.child3.druz.signed +dlvzone=dlv.druz. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child4.druz. +infile=child.db.in +zonefile=grand.child4.druz.db +outfile=grand.child4.druz.signed +dlvzone=dlv.druz. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child5.druz. +infile=child.db.in +zonefile=grand.child5.druz.db +outfile=grand.child5.druz.signed +dlvzone=dlv.druz. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child7.druz. +infile=child.db.in +zonefile=grand.child7.druz.db +outfile=grand.child7.druz.signed +dlvzone=dlv.druz. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child8.druz. +infile=child.db.in +zonefile=grand.child8.druz.db +outfile=grand.child8.druz.signed +dlvzone=dlv.druz. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + + +zone=grand.child9.druz. +infile=child.db.in +zonefile=grand.child9.druz.db +outfile=grand.child9.druz.signed +dlvzone=dlv.druz. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" + +zone=grand.child10.druz. +infile=child.db.in +zonefile=grand.child10.druz.db +outfile=grand.child10.druz.signed +dlvzone=dlv.druz. + +keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo_i "signed $zone" diff --git a/bin/tests/system/dlv/prereq.sh b/bin/tests/system/dlv/prereq.sh new file mode 100644 index 0000000..a0d4e9c --- /dev/null +++ b/bin/tests/system/dlv/prereq.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +exec $SHELL ../testcrypto.sh diff --git a/bin/tests/system/dlv/setup.sh b/bin/tests/system/dlv/setup.sh new file mode 100644 index 0000000..0a2aad7 --- /dev/null +++ b/bin/tests/system/dlv/setup.sh @@ -0,0 +1,24 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +test -r $RANDFILE || $GENRANDOM 400 $RANDFILE + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns4/named.conf.in ns4/named.conf +copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf + +(cd ns1 && $SHELL -e sign.sh) diff --git a/bin/tests/system/dlv/tests.sh b/bin/tests/system/dlv/tests.sh new file mode 100644 index 0000000..fdf31d9 --- /dev/null +++ b/bin/tests/system/dlv/tests.sh @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +status=0 +n=0 + +rm -f dig.out.* + +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}" + +echo_i "checking that DNSKEY reference by DLV validates as secure ($n)" +ret=0 +$DIG $DIGOPTS child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +echo_i "checking that child DNSKEY reference by DLV validates as secure ($n)" +ret=0 +$DIG $DIGOPTS grand.child1.utld dnskey @10.53.0.5 > dig.out.ns5.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +echo_i "checking that SOA reference by DLV in a DRUZ with DS validates as secure ($n)" +ret=0 +$DIG $DIGOPTS child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +echo_i "checking that child SOA reference by DLV in a DRUZ with DS validates as secure ($n)" +ret=0 +$DIG $DIGOPTS grand.child1.druz soa @10.53.0.5 > dig.out.ns5.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns5.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 |