diff options
Diffstat (limited to 'bin/tests/system/dnssec/ns7')
| -rw-r--r-- | bin/tests/system/dnssec/ns7/named.conf.in | 75 | ||||
| -rw-r--r-- | bin/tests/system/dnssec/ns7/named.nosoa | 5 | ||||
| -rw-r--r-- | bin/tests/system/dnssec/ns7/nosoa.secure.example.db | 20 | ||||
| -rw-r--r-- | bin/tests/system/dnssec/ns7/sign.sh | 28 | ||||
| -rw-r--r-- | bin/tests/system/dnssec/ns7/split-rrsig.db.in | 19 |
5 files changed, 147 insertions, 0 deletions
diff --git a/bin/tests/system/dnssec/ns7/named.conf.in b/bin/tests/system/dnssec/ns7/named.conf.in new file mode 100644 index 0000000..2dc2a9c --- /dev/null +++ b/bin/tests/system/dnssec/ns7/named.conf.in @@ -0,0 +1,75 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS3 + +options { + query-source address 10.53.0.7; + notify-source 10.53.0.7; + transfer-source 10.53.0.7; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.7; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; + dnssec-validation yes; + minimal-responses yes; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "nsec3.example" { + type slave; + masters { 10.53.0.3; }; + file "nsec3.example.bk"; +}; + +zone "optout.example" { + type slave; + masters { 10.53.0.3; }; + file "optout.example.bk"; +}; + +zone "nsec3-unknown.example" { + type slave; + masters { 10.53.0.3; }; + file "nsec3-unknown.example.bk"; +}; + +zone "optout-unknown.example" { + type slave; + masters { 10.53.0.3; }; + file "optout-unknown.example.bk"; +}; + +zone "multiple.example" { + type slave; + masters { 10.53.0.3; }; + file "multiple.example.bk"; +}; + +zone "nosoa.secure.example" { + type master; + file "nosoa.secure.example.db"; +}; + +zone "split-rrsig" { + type master; + file "split-rrsig.db.signed"; + allow-update { any; }; +}; + +include "trusted.conf"; diff --git a/bin/tests/system/dnssec/ns7/named.nosoa b/bin/tests/system/dnssec/ns7/named.nosoa new file mode 100644 index 0000000..a7af1dd --- /dev/null +++ b/bin/tests/system/dnssec/ns7/named.nosoa @@ -0,0 +1,5 @@ +Copyright (C) Internet Systems Consortium, Inc. ("ISC") + +See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. + +Add -T nosoa. diff --git a/bin/tests/system/dnssec/ns7/nosoa.secure.example.db b/bin/tests/system/dnssec/ns7/nosoa.secure.example.db new file mode 100644 index 0000000..e894947 --- /dev/null +++ b/bin/tests/system/dnssec/ns7/nosoa.secure.example.db @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2010062400 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +@ IN NS ns +ns IN A 10.53.0.7 +a IN A 1.2.3.4 diff --git a/bin/tests/system/dnssec/ns7/sign.sh b/bin/tests/system/dnssec/ns7/sign.sh new file mode 100644 index 0000000..a4cf78f --- /dev/null +++ b/bin/tests/system/dnssec/ns7/sign.sh @@ -0,0 +1,28 @@ +#!/bin/sh -e +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +zone=split-rrsig +infile=split-rrsig.db.in +zonefile=split-rrsig.db + +k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone` +k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone` + +cat $infile $k1.key $k2.key >$zonefile + +$SIGNER -P -3 - -A -r $RANDFILE -o $zone -O full -f $zonefile.unsplit -e now-3600 -s now-7200 $zonefile > /dev/null 2>&1 +awk 'BEGIN { r = ""; } + $4 == "RRSIG" && $5 == "SOA" && r == "" { r = $0; next; } + { print } + END { print r }' $zonefile.unsplit > $zonefile.signed diff --git a/bin/tests/system/dnssec/ns7/split-rrsig.db.in b/bin/tests/system/dnssec/ns7/split-rrsig.db.in new file mode 100644 index 0000000..14300c3 --- /dev/null +++ b/bin/tests/system/dnssec/ns7/split-rrsig.db.in @@ -0,0 +1,19 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +split-rrsig. 3660 IN SOA . . ( + 1 ; serial + 3600 ; refresh (1 hour) + 3600 ; retry (1 hour) + 3600 ; expire (1 hour) + 3600 ; minimum (1 hour) + ) + 3660 NS ns.example. +a.split-rrsig. 3660 IN A 192.0.2.2 +b.split-rrsig. 3660 IN A 192.0.2.2 |