diff options
Diffstat (limited to '')
-rw-r--r-- | bin/tests/system/inline/ns3/master.db.in | 19 | ||||
-rw-r--r-- | bin/tests/system/inline/ns3/master2.db.in | 21 | ||||
-rw-r--r-- | bin/tests/system/inline/ns3/master3.db.in | 22 | ||||
-rw-r--r-- | bin/tests/system/inline/ns3/master4.db.in | 22 | ||||
-rw-r--r-- | bin/tests/system/inline/ns3/master5.db.in | 22 | ||||
-rw-r--r-- | bin/tests/system/inline/ns3/named.conf.in | 170 | ||||
-rwxr-xr-x | bin/tests/system/inline/ns3/sign.sh | 176 |
7 files changed, 452 insertions, 0 deletions
diff --git a/bin/tests/system/inline/ns3/master.db.in b/bin/tests/system/inline/ns3/master.db.in new file mode 100644 index 0000000..67e1510 --- /dev/null +++ b/bin/tests/system/inline/ns3/master.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 diff --git a/bin/tests/system/inline/ns3/master2.db.in b/bin/tests/system/inline/ns3/master2.db.in new file mode 100644 index 0000000..1bbeb9d --- /dev/null +++ b/bin/tests/system/inline/ns3/master2.db.in @@ -0,0 +1,21 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042408 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +e A 10.0.0.5 diff --git a/bin/tests/system/inline/ns3/master3.db.in b/bin/tests/system/inline/ns3/master3.db.in new file mode 100644 index 0000000..f78a950 --- /dev/null +++ b/bin/tests/system/inline/ns3/master3.db.in @@ -0,0 +1,22 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042409 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +c A 10.0.0.3 +e A 10.0.0.5 diff --git a/bin/tests/system/inline/ns3/master4.db.in b/bin/tests/system/inline/ns3/master4.db.in new file mode 100644 index 0000000..0dc04a9 --- /dev/null +++ b/bin/tests/system/inline/ns3/master4.db.in @@ -0,0 +1,22 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 hostmaster. ( + 2000042410 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +c A 10.0.0.3 +e A 10.0.0.5 diff --git a/bin/tests/system/inline/ns3/master5.db.in b/bin/tests/system/inline/ns3/master5.db.in new file mode 100644 index 0000000..9bad591 --- /dev/null +++ b/bin/tests/system/inline/ns3/master5.db.in @@ -0,0 +1,22 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042411 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +c A 10.0.0.3 +e A 10.0.0.5 diff --git a/bin/tests/system/inline/ns3/named.conf.in b/bin/tests/system/inline/ns3/named.conf.in new file mode 100644 index 0000000..1dff0b5 --- /dev/null +++ b/bin/tests/system/inline/ns3/named.conf.in @@ -0,0 +1,170 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS3 + +include "../../common/rndc.key"; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + try-tcp-refresh no; + notify-delay 0; + allow-new-zones yes; +}; + +zone "bits" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + allow-update-forwarding { any; }; + file "bits.bk"; + sig-signing-signatures 1; // force incremental processing +}; + +server 10.53.0.4 { request-ixfr no; }; + +zone "noixfr" { + type slave; + masters { 10.53.0.4; }; + inline-signing yes; + auto-dnssec maintain; + allow-update-forwarding { any; }; + file "noixfr.bk"; +}; + +zone "master" { + type master; + inline-signing yes; + auto-dnssec maintain; + file "master.db"; + notify explicit; + also-notify { + 10.53.0.3; + }; +}; + +zone "dynamic" { + type master; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + file "dynamic.db"; +}; + +zone "updated" { + type master; + inline-signing yes; + auto-dnssec maintain; + allow-update { none; }; + file "updated.db"; +}; + +zone "expired" { + type master; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + file "expired.db"; +}; + +zone "retransfer" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "retransfer.bk"; +}; + +zone "nsec3" { + type master; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + file "nsec3.db"; +}; + +zone "externalkey" { + type master; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + file "externalkey.db"; +}; + +zone "retransfer3" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "retransfer3.bk"; +}; + +zone "inactiveksk" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + dnssec-dnskey-kskonly yes; + file "inactiveksk.bk"; +}; + +zone "inactivezsk" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "inactivezsk.bk"; +}; + +zone "nokeys" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "nokeys.bk"; +}; + +zone "delayedkeys" { + type master; + inline-signing yes; + auto-dnssec maintain; + file "delayedkeys.db"; +}; + +zone "removedkeys-primary" { + type master; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + also-notify { 10.53.0.2; }; + file "removedkeys-primary.db"; +}; + +zone "removedkeys-secondary" { + type slave; + masters { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "removedkeys-secondary.bk"; +}; diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh new file mode 100755 index 0000000..735d8ea --- /dev/null +++ b/bin/tests/system/inline/ns3/sign.sh @@ -0,0 +1,176 @@ +#!/bin/sh -e +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +zone=bits +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=noixfr +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=master +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=dynamic +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=updated +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db +$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1 +cp master2.db.in updated.db + +# signatures are expired and should be regenerated on startup +zone=expired +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db +$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1 + +zone=retransfer +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=nsec3 +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=retransfer3 +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=inactiveksk +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 -f KSK $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=inactivezsk +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone` +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=delayedkeys +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +# Keys for the "delayedkeys" zone should not be initially accessible. +mv K${zone}.+*+*.* ../ + +zone=removedkeys-primary +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` + +zone=removedkeys-secondary +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` + +for s in a c d h k l m q z +do + zone=test-$s + keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +done + +for s in b f i o p t v +do + zone=test-$s + keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` + keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` +done + +zone=externalkey +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private + +for alg in ECCGOST ECDSAP256SHA256 NSEC3RSASHA1 DSA +do + case $alg in + DSA) + $SHELL ../checkdsa.sh 2> /dev/null || continue + checkfile=../checkdsa + touch $checkfile ;; + ECCGOST) + fail=0 + $KEYGEN -q -r $RANDFILE -a eccgost test > /dev/null 2>&1 || fail=1 + rm -f Ktest* + [ $fail != 0 ] && continue + checkfile=../checkgost + touch $checkfile ;; + ECDSAP256SHA256) + fail=0 + $KEYGEN -q -r $RANDFILE -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1 + rm -f Ktest* + [ $fail != 0 ] && continue + $SHELL ../checkdsa.sh 2> /dev/null || continue + checkfile=../checkecdsa + touch $checkfile ;; + *) ;; + esac + + k1=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone` + k2=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` + k3=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` + k4=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone` + $DSFROMKEY -T 1200 $k4 >> ../ns1/root.db + + # Convert k1 and k2 in to External Keys. + rm -f $k1.private + mv $k1.key a-file + $IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 || + ( echo "importkey failed: $alg"; rm -f $checkfile ) + rm -f $k2.private + mv $k2.key a-file + $IMPORTKEY -f a-file $zone > /dev/null 2>&1 || + ( echo "importkey failed: $alg"; rm -f $checkfile ) +done |