diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 07:24:22 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 07:24:22 +0000 |
commit | 45d6379135504814ab723b57f0eb8be23393a51d (patch) | |
tree | d4f2ec4acca824a8446387a758b0ce4238a4dffa /bin/tests/system/mkeys/README | |
parent | Initial commit. (diff) | |
download | bind9-upstream.tar.xz bind9-upstream.zip |
Adding upstream version 1:9.16.44.upstream/1%9.16.44upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/mkeys/README')
-rw-r--r-- | bin/tests/system/mkeys/README | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/bin/tests/system/mkeys/README b/bin/tests/system/mkeys/README new file mode 100644 index 0000000..25637bf --- /dev/null +++ b/bin/tests/system/mkeys/README @@ -0,0 +1,34 @@ +Copyright (C) Internet Systems Consortium, Inc. ("ISC") + +SPDX-License-Identifier: MPL-2.0 + +This Source Code Form is subject to the terms of the Mozilla Public +License, v. 2.0. If a copy of the MPL was not distributed with this +file, you can obtain one at https://mozilla.org/MPL/2.0/. + +See the COPYRIGHT file distributed with this work for additional +information regarding copyright ownership. + +This is for testing RFC 5011 Automated Updates of DNSSEC Trust Anchors. + +ns1 is the root server that offers new KSKs and hosts one record for +testing. The TTL for the zone's records is 2 seconds. + +ns2 is a validator that uses managed keys. "-T mkeytimers=2/20/40" +is used so it will attempt do automated updates frequently. "-T tat=1" +is used so it will send TAT queries once per second. + +ns3 is a validator with a broken initializing key in trust-anchors. + +ns4 is a validator with a deliberately broken managed-keys.bind and +managed-keys.jnl, causing RFC 5011 initialization to fail. + +ns5 is a validator which is prevented from getting a response from the +root server, causing key refresh queries to fail. + +ns6 is a validator which has unsupported algorithms, one at start up, +one because of an algorithm rollover. + +ns7 is a validator with multiple views configured. It is used for +testing per-view rndc commands and checking interactions between options +related to and potentially affecting RFC 5011 processing. |