diff options
Diffstat (limited to 'bin/tests/system/checkconf')
272 files changed, 7231 insertions, 0 deletions
diff --git a/bin/tests/system/checkconf/altdb.conf b/bin/tests/system/checkconf/altdb.conf new file mode 100644 index 0000000..e40118c --- /dev/null +++ b/bin/tests/system/checkconf/altdb.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view override_bind chaos { + zone "version.bind" chaos { + type master; + database "_builtin version"; + }; +}; diff --git a/bin/tests/system/checkconf/altdlz.conf b/bin/tests/system/checkconf/altdlz.conf new file mode 100644 index 0000000..18539da --- /dev/null +++ b/bin/tests/system/checkconf/altdlz.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dlz external { + database "dlopen driver.so"; + search no; +}; + +zone "example.com" { + type master; + dlz external; +}; + +zone "." { + type redirect; + dlz external; +}; diff --git a/bin/tests/system/checkconf/ancient.conf b/bin/tests/system/checkconf/ancient.conf new file mode 100644 index 0000000..98189cc --- /dev/null +++ b/bin/tests/system/checkconf/ancient.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * Ancient options are fatal. + */ +options { + fake-iquery yes; +}; diff --git a/bin/tests/system/checkconf/bad-acl.conf b/bin/tests/system/checkconf/bad-acl.conf new file mode 100644 index 0000000..5095059 --- /dev/null +++ b/bin/tests/system/checkconf/bad-acl.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl a { + { "none"; }; + { !19.0.0.0/7; }; +}; + +options { + allow-query { a; }; +}; diff --git a/bin/tests/system/checkconf/bad-also-notify.conf b/bin/tests/system/checkconf/bad-also-notify.conf new file mode 100644 index 0000000..d93ff2d --- /dev/null +++ b/bin/tests/system/checkconf/bad-also-notify.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * Missing master in also-notify clause. + */ + +zone dummy { + type master; + file "xxxx"; + also-notify { xxxx; }; +}; diff --git a/bin/tests/system/checkconf/bad-catz-zone.conf b/bin/tests/system/checkconf/bad-catz-zone.conf new file mode 100644 index 0000000..6f0677a --- /dev/null +++ b/bin/tests/system/checkconf/bad-catz-zone.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + catalog-zones { + zone "nonexistent"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf b/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf new file mode 100644 index 0000000..24e6ef9 --- /dev/null +++ b/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + check-names primary warn; + check-names primary fail; +}; diff --git a/bin/tests/system/checkconf/bad-checknames-primary-dup.conf b/bin/tests/system/checkconf/bad-checknames-primary-dup.conf new file mode 100644 index 0000000..e746e84 --- /dev/null +++ b/bin/tests/system/checkconf/bad-checknames-primary-dup.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + check-names master warn; + check-names primary fail; +}; diff --git a/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf b/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf new file mode 100644 index 0000000..ea83d7e --- /dev/null +++ b/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + check-names slave ignore; + check-names secondary warn; +}; diff --git a/bin/tests/system/checkconf/bad-dnskey-validity.conf b/bin/tests/system/checkconf/bad-dnskey-validity.conf new file mode 100644 index 0000000..8c28ac5 --- /dev/null +++ b/bin/tests/system/checkconf/bad-dnskey-validity.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnskey-sig-validity 5000; /* maximum value 10 years, this is 14 */ +}; diff --git a/bin/tests/system/checkconf/bad-dnssec.conf b/bin/tests/system/checkconf/bad-dnssec.conf new file mode 100644 index 0000000..7f1d524 --- /dev/null +++ b/bin/tests/system/checkconf/bad-dnssec.conf @@ -0,0 +1,31 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone not-inline { + type slave; + masters { 127.0.0.1; }; + inline-signing no; + dnssec-dnskey-kskonly yes; + update-check-ksk yes; + dnssec-loadkeys-interval 10; + +}; + +zone inline { + type slave; + masters { 127.0.0.1; }; + inline-signing yes; + dnssec-dnskey-kskonly yes; + update-check-ksk yes; + dnssec-loadkeys-interval 10; +}; diff --git a/bin/tests/system/checkconf/bad-duplicate-key.conf b/bin/tests/system/checkconf/bad-duplicate-key.conf new file mode 100644 index 0000000..17f2237 --- /dev/null +++ b/bin/tests/system/checkconf/bad-duplicate-key.conf @@ -0,0 +1,36 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-validation yes; +}; + +trust-anchors { + example. initial-key 257 3 8 "AwEAAawvFp8GlBx8Qt6yaIqXkDe+nMkSk2HkTAG7qlVBo++AQwZ1j3Xl + 25IN4jsw0VTMbKUbafw9DYsVzztIwx1sNkKRLo6qP9SSkBL8RicQaafG + tURtsYI3oqte5qqLve1CUpRD8J06Pg1xkOxsDlz9sQAyiQrOyvMbykJY + kYrFYGLzYAgl/JtMyVVYlBl9pqxQuAPKYPOuO1axaad/wLN3+wTy/hcJ + fpvJpqzXlDF9bI5RmpoX/7geZ06vpcYJEoT0xkkmPlEl0ZjEDrm/WIaS + WG0/CEDpHcOXFz4OEczMVpY+lnuFfKybwF1WHFn2BwVEOS6cMM6ukIjI + NQyrszHhWUU="; +}; + +trust-anchors { + example. static-key 257 3 8 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbod + y0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQ + YfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX + 2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuw + E60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/ + Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn + 6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/bad-duplicate-primaries-1.conf b/bin/tests/system/checkconf/bad-duplicate-primaries-1.conf new file mode 100644 index 0000000..3bbabde --- /dev/null +++ b/bin/tests/system/checkconf/bad-duplicate-primaries-1.conf @@ -0,0 +1,15 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +primaries duplicate { 1.2.3.4; }; +primaries duplicate { 4.3.2.1; }; diff --git a/bin/tests/system/checkconf/bad-duplicate-primaries-2.conf b/bin/tests/system/checkconf/bad-duplicate-primaries-2.conf new file mode 100644 index 0000000..1d1c6f0 --- /dev/null +++ b/bin/tests/system/checkconf/bad-duplicate-primaries-2.conf @@ -0,0 +1,15 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +masters duplicate { 1.2.3.4; }; +primaries duplicate { 4.3.2.1; }; diff --git a/bin/tests/system/checkconf/bad-duplicate-root-key.conf b/bin/tests/system/checkconf/bad-duplicate-root-key.conf new file mode 100644 index 0000000..1cbc7d4 --- /dev/null +++ b/bin/tests/system/checkconf/bad-duplicate-root-key.conf @@ -0,0 +1,36 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-validation yes; +}; + +trust-anchors { + . initial-key 257 3 8 "AwEAAawvFp8GlBx8Qt6yaIqXkDe+nMkSk2HkTAG7qlVBo++AQwZ1j3Xl + 25IN4jsw0VTMbKUbafw9DYsVzztIwx1sNkKRLo6qP9SSkBL8RicQaafG + tURtsYI3oqte5qqLve1CUpRD8J06Pg1xkOxsDlz9sQAyiQrOyvMbykJY + kYrFYGLzYAgl/JtMyVVYlBl9pqxQuAPKYPOuO1axaad/wLN3+wTy/hcJ + fpvJpqzXlDF9bI5RmpoX/7geZ06vpcYJEoT0xkkmPlEl0ZjEDrm/WIaS + WG0/CEDpHcOXFz4OEczMVpY+lnuFfKybwF1WHFn2BwVEOS6cMM6ukIjI + NQyrszHhWUU="; +}; + +trusted-keys { + . 257 3 8 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbod + y0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQ + YfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX + 2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuw + E60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/ + Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn + 6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/bad-geoip-use-ecs.conf b/bin/tests/system/checkconf/bad-geoip-use-ecs.conf new file mode 100644 index 0000000..b22d008 --- /dev/null +++ b/bin/tests/system/checkconf/bad-geoip-use-ecs.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + geoip-use-ecs yes; +}; diff --git a/bin/tests/system/checkconf/bad-glue-cache-bogus.conf b/bin/tests/system/checkconf/bad-glue-cache-bogus.conf new file mode 100644 index 0000000..c264b26 --- /dev/null +++ b/bin/tests/system/checkconf/bad-glue-cache-bogus.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + glue-cache bogusvalue; +}; diff --git a/bin/tests/system/checkconf/bad-hint.conf b/bin/tests/system/checkconf/bad-hint.conf new file mode 100644 index 0000000..7214a00 --- /dev/null +++ b/bin/tests/system/checkconf/bad-hint.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "." { + type hint; + masterfile-format raw; + file "hint"; +}; diff --git a/bin/tests/system/checkconf/bad-in-view-dup.conf b/bin/tests/system/checkconf/bad-in-view-dup.conf new file mode 100644 index 0000000..5c6329c --- /dev/null +++ b/bin/tests/system/checkconf/bad-in-view-dup.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view a { + zone x { type master; file "x"; }; +}; + +view b { + zone x { type master; file "x"; }; + zone x { in-view a; }; +}; diff --git a/bin/tests/system/checkconf/bad-inline-options.conf b/bin/tests/system/checkconf/bad-inline-options.conf new file mode 100644 index 0000000..f7c62dd --- /dev/null +++ b/bin/tests/system/checkconf/bad-inline-options.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * inline-signing not allowed at options level. + */ +options { + inline-signing yes; +}; + +zone "." { + type primary; + file "root.db"; +}; diff --git a/bin/tests/system/checkconf/bad-inline-slave.conf b/bin/tests/system/checkconf/bad-inline-slave.conf new file mode 100644 index 0000000..10e9649 --- /dev/null +++ b/bin/tests/system/checkconf/bad-inline-slave.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + /* + * An inline-signing slave should be forced to have a file option + */ + + zone "." { + type slave; + inline-signing yes; + masters { 10.53.0.1; }; + };
\ No newline at end of file diff --git a/bin/tests/system/checkconf/bad-inline-view.conf b/bin/tests/system/checkconf/bad-inline-view.conf new file mode 100644 index 0000000..e46bd0b --- /dev/null +++ b/bin/tests/system/checkconf/bad-inline-view.conf @@ -0,0 +1,31 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * inline-signing not allowed at view level. + */ +view "a" { + inline-signing yes; + + zone "." { + type primary; + file "root.db.signed"; + }; +}; + +view "b" { + zone "." { + type primary; + file "root.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-interface-interval.conf b/bin/tests/system/checkconf/bad-interface-interval.conf new file mode 100644 index 0000000..ba8341a --- /dev/null +++ b/bin/tests/system/checkconf/bad-interface-interval.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + interface-interval 1x; +}; diff --git a/bin/tests/system/checkconf/bad-ipv4-prefix-dotted1.conf b/bin/tests/system/checkconf/bad-ipv4-prefix-dotted1.conf new file mode 100644 index 0000000..d7604eb --- /dev/null +++ b/bin/tests/system/checkconf/bad-ipv4-prefix-dotted1.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl myacl { + 127.1; /* Incomplete dotted IPv4 address / prefix */ +}; diff --git a/bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf b/bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf new file mode 100644 index 0000000..cb53741 --- /dev/null +++ b/bin/tests/system/checkconf/bad-ipv4-prefix-dotted2.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl myacl { + 127.1/8; /* No-zero bits */ +}; diff --git a/bin/tests/system/checkconf/bad-ipv4-prefix2.conf b/bin/tests/system/checkconf/bad-ipv4-prefix2.conf new file mode 100644 index 0000000..98e724a --- /dev/null +++ b/bin/tests/system/checkconf/bad-ipv4-prefix2.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl myacl { + 127; /* Non-dotted quad IPv4 address (0.0.0.127) / prefix without length. */ +}; diff --git a/bin/tests/system/checkconf/bad-kasp-define-default.conf b/bin/tests/system/checkconf/bad-kasp-define-default.conf new file mode 100644 index 0000000..569b1a8 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-define-default.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// 'default' is a built-in policy, redefinition not allowed. +dnssec-policy "default" { + signatures-refresh P5D; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "default"; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-define-insecure.conf b/bin/tests/system/checkconf/bad-kasp-define-insecure.conf new file mode 100644 index 0000000..060dde7 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-define-insecure.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// 'insecure' is a built-in policy, redefinition not allowed. +dnssec-policy "insecure" { + signatures-refresh P5D; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "insecure"; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-define-none.conf b/bin/tests/system/checkconf/bad-kasp-define-none.conf new file mode 100644 index 0000000..2bdff02 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-define-none.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// 'none' is a built-in policy, redefinition not allowed. +dnssec-policy "none" { + signatures-refresh P5D; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "none"; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-duplicate.conf b/bin/tests/system/checkconf/bad-kasp-duplicate.conf new file mode 100644 index 0000000..7f3ade6 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-duplicate.conf @@ -0,0 +1,15 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy a { }; +dnssec-policy a { }; diff --git a/bin/tests/system/checkconf/bad-kasp-key1.conf b/bin/tests/system/checkconf/bad-kasp-key1.conf new file mode 100644 index 0000000..b6bda15 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-key1.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "badalg" { + keys { + csk lifetime unlimited algorithm ceasarscipher; + }; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "badalg"; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-key2.conf b/bin/tests/system/checkconf/bad-kasp-key2.conf new file mode 100644 index 0000000..7e6a60e --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-key2.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "badalg" { + keys { + csk lifetime unlimited algorithm 8 4097; + }; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "badalg"; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-key3.conf b/bin/tests/system/checkconf/bad-kasp-key3.conf new file mode 100644 index 0000000..92806ff --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-key3.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "badalg" { + keys { + csk lifetime unlimited algorithm rsasha512 1023; + }; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "badalg"; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-key4.conf b/bin/tests/system/checkconf/bad-kasp-key4.conf new file mode 100644 index 0000000..c8e9ae6 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-key4.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "badalg" { + keys { + csk lifetime unlimited algorithm 5 511; + }; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "badalg"; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir1.conf.in b/bin/tests/system/checkconf/bad-kasp-keydir1.conf.in new file mode 100644 index 0000000..b0deaea --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-keydir1.conf.in @@ -0,0 +1,50 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * The same zone in different views is using different DNSSEC policies, so it + * may not have the same key-directory. + */ + + +key "keyforview1" { + algorithm @DEFAULT_HMAC@; + secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; +}; + +key "keyforview2" { + algorithm @DEFAULT_HMAC@; + secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; +}; + +view "example1" { + match-clients { key "keyforview1"; }; + + zone "example.net" { + type primary; + dnssec-policy "default"; + key-directory "."; + file "example1.db"; + }; +}; + +view "example2" { + match-clients { key "keyforview2"; }; + + zone "example.net" { + type primary; + dnssec-policy "insecure"; + key-directory "."; + file "example2.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir2.conf.in b/bin/tests/system/checkconf/bad-kasp-keydir2.conf.in new file mode 100644 index 0000000..699c193 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-keydir2.conf.in @@ -0,0 +1,48 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * No key-directory is set, so the default is used. + * Should fail because the same zone in different views is using different + * DNSSEC policies. + */ + +key "keyforview1" { + algorithm @DEFAULT_HMAC@; + secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; +}; + +key "keyforview2" { + algorithm @DEFAULT_HMAC@; + secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; +}; + +view "example1" { + match-clients { key "keyforview1"; }; + + zone "example.net" { + type primary; + dnssec-policy "default"; + file "example1.db"; + }; +}; + +view "example2" { + match-clients { key "keyforview2"; }; + + zone "example.net" { + type primary; + dnssec-policy "insecure"; + file "example2.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir3.conf.in b/bin/tests/system/checkconf/bad-kasp-keydir3.conf.in new file mode 100644 index 0000000..0dbd7e2 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-keydir3.conf.in @@ -0,0 +1,55 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * The zone in view "example1" inherits the key directory value from "options", + * but in view "example2" sets the key directory to the same value. This should + * be detected as an error because the zone is using different DNSSEC policies + * and should thus use different key directories. + */ + +key "keyforview1" { + algorithm @DEFAULT_HMAC@; + secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; +}; + +key "keyforview2" { + algorithm @DEFAULT_HMAC@; + secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; +}; + +options { + key-directory "keys"; +}; + +view "example1" { + match-clients { key "keyforview1"; }; + + zone "example.net" { + type primary; + /* key-directory inherited from options. */ + dnssec-policy "default"; + file "example1.db"; + }; +}; + +view "example2" { + match-clients { key "keyforview2"; }; + + zone "example.net" { + type primary; + dnssec-policy "insecure"; + key-directory "keys"; + file "example2.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir4.conf.in b/bin/tests/system/checkconf/bad-kasp-keydir4.conf.in new file mode 100644 index 0000000..af4a8f9 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-keydir4.conf.in @@ -0,0 +1,52 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * The zone inherits the key-directory from the "view" level. Both views use the + * same key-directory, but the zone uses a different DNSSEC policy per view. + * This is a configuration error. + */ + +key "keyforview1" { + algorithm @DEFAULT_HMAC@; + secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; +}; + +key "keyforview2" { + algorithm @DEFAULT_HMAC@; + secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; +}; + +view "example1" { + match-clients { key "keyforview1"; }; + + key-directory "keys"; + + zone "example.net" { + type primary; + dnssec-policy "default"; + file "example1.db"; + }; +}; + +view "example2" { + match-clients { key "keyforview2"; }; + + key-directory "keys"; + + zone "example.net" { + type primary; + dnssec-policy "insecure"; + file "example2.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir5.conf.in b/bin/tests/system/checkconf/bad-kasp-keydir5.conf.in new file mode 100644 index 0000000..1cca608 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-keydir5.conf.in @@ -0,0 +1,52 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * In one view, the zone inherits the key-directory from the "view" level, while + * in the other it is set explicitly at the "zone" level. In both cases, the + * same key-directory is used, but the zone uses a different DNSSEC policy per + * view. This is a configuration error. + */ + +key "keyforview1" { + algorithm @DEFAULT_HMAC@; + secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; +}; + +key "keyforview2" { + algorithm @DEFAULT_HMAC@; + secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; +}; + +view "example1" { + match-clients { key "keyforview1"; }; + + key-directory "keys"; + + zone "example.net" { + type primary; + dnssec-policy "default"; + file "example1.db"; + }; +}; + +view "example2" { + match-clients { key "keyforview2"; }; + + zone "example.net" { + type primary; + dnssec-policy "insecure"; + key-directory "keys"; + file "example2.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-policy-undefined-inherited-view.conf b/bin/tests/system/checkconf/bad-kasp-policy-undefined-inherited-view.conf new file mode 100644 index 0000000..12a26d3 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-policy-undefined-inherited-view.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * The dnssec-policy is not defined. Should also be caught if it is inherited. + */ + +view "test" { + dnssec-policy "notdefined"; + + zone "example.net" { + type primary; + file "example.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-kasp-policy-undefined-inherited.conf b/bin/tests/system/checkconf/bad-kasp-policy-undefined-inherited.conf new file mode 100644 index 0000000..48514ac --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp-policy-undefined-inherited.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * The dnssec-policy is not defined. Should also be caught if it is inherited. + */ + +options { + dnssec-policy "notdefined"; +}; + +zone "example.net" { + type primary; + file "example.db"; +}; diff --git a/bin/tests/system/checkconf/bad-kasp10.conf b/bin/tests/system/checkconf/bad-kasp10.conf new file mode 100644 index 0000000..3088fc9 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp10.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// One zone with dnssec-policy 'none', one zone with dnssec-policy 'insecure', +// both using the same zone file. + +zone "example1.net" { + type master; + file "example.db"; + dnssec-policy "none"; +}; + +zone "example2.net" { + type master; + file "example.db"; + dnssec-policy "insecure"; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp11.conf b/bin/tests/system/checkconf/bad-kasp11.conf new file mode 100644 index 0000000..7c0b0e9 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp11.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// One zone with a dnssec-policy, the other with allow-update, +// with the same zone file. + +zone "example1.net" { + type master; + file "example.db"; + dnssec-policy "default"; +}; + +zone "example2.net" { + type master; + file "example.db"; + allow-update { any; }; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp12.conf b/bin/tests/system/checkconf/bad-kasp12.conf new file mode 100644 index 0000000..67b8c85 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp12.conf @@ -0,0 +1,30 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// One zone with a dnssec-policy, the other with update-policy, +// with the same zone file. + +zone "example1.net" { + type master; + file "example.db"; + dnssec-policy "default"; +}; + +zone "example2.net" { + type master; + file "example.db"; + update-policy { + grant * self * TXT; + }; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp13.conf b/bin/tests/system/checkconf/bad-kasp13.conf new file mode 100644 index 0000000..e9078dd --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp13.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// One zone transitioning to insecure, the other with allow-update, +// with the same zone file. + +zone "example1.net" { + type master; + file "example.db"; + dnssec-policy "insecure"; +}; + +zone "example2.net" { + type master; + file "example.db"; + allow-update { any; }; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp2.conf b/bin/tests/system/checkconf/bad-kasp2.conf new file mode 100644 index 0000000..7f27906 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp2.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +include "good-kasp.conf"; + +// Bad zone configuration because this has dnssec-policy and other DNSSEC sign +// configuration options (auto-dnssec). +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "test"; + auto-dnssec maintain; + allow-update { any; }; +}; diff --git a/bin/tests/system/checkconf/bad-kasp3.conf b/bin/tests/system/checkconf/bad-kasp3.conf new file mode 100644 index 0000000..9e0c4b9 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp3.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +include "good-kasp.conf"; + +// Bad zone configuration because this has dnssec-policy with no matching +// dnssec-policy configuration (good-kasp.conf has "test", zone refers to +// "nosuchpolicy". +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "nosuchpolicy"; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp4.conf b/bin/tests/system/checkconf/bad-kasp4.conf new file mode 100644 index 0000000..b5aa470 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp4.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// Bad kasp configuration because this has an invalid duration for +// signatures-refresh. +dnssec-policy "badduration" { + signatures-refresh PT20Sabcd; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "badduration"; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp6.conf b/bin/tests/system/checkconf/bad-kasp6.conf new file mode 100644 index 0000000..b05130c --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp6.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// Two zones with dnssec-policy with the same zone file. + +zone "example1.net" { + type master; + file "example.db"; + dnssec-policy "default"; +}; + +zone "example2.net" { + type master; + file "example.db"; + dnssec-policy "default"; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp7.conf b/bin/tests/system/checkconf/bad-kasp7.conf new file mode 100644 index 0000000..05734a5 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp7.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// Two zones with dnssec-policy 'insecure' (transitioning to insecure) +// with the same zone file. + +zone "example1.net" { + type master; + file "example.db"; + dnssec-policy "insecure"; +}; + +zone "example2.net" { + type master; + file "example.db"; + dnssec-policy "insecure"; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp8.conf b/bin/tests/system/checkconf/bad-kasp8.conf new file mode 100644 index 0000000..fa27a40 --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp8.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// One zone with dnssec-policy, the other zone has 'dnssec-policy none', +// both with the same zone file. + +zone "example1.net" { + type master; + file "example.db"; + dnssec-policy "default"; +}; + +zone "example2.net" { + type master; + file "example.db"; + dnssec-policy "none"; +}; + diff --git a/bin/tests/system/checkconf/bad-kasp9.conf b/bin/tests/system/checkconf/bad-kasp9.conf new file mode 100644 index 0000000..a76436b --- /dev/null +++ b/bin/tests/system/checkconf/bad-kasp9.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// One zone with dnssec-policy, the other zone has 'dnssec-policy insecure' +// (transitioning to inseure), both with the same zone file. + +zone "example1.net" { + type master; + file "example.db"; + dnssec-policy "default"; +}; + +zone "example2.net" { + type master; + file "example.db"; + dnssec-policy "insecure"; +}; + diff --git a/bin/tests/system/checkconf/bad-keep-response-order.conf b/bin/tests/system/checkconf/bad-keep-response-order.conf new file mode 100644 index 0000000..a3685d7 --- /dev/null +++ b/bin/tests/system/checkconf/bad-keep-response-order.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + keep-response-order { + does_not_exist; + }; +}; diff --git a/bin/tests/system/checkconf/bad-ksk-without-zsk.conf b/bin/tests/system/checkconf/bad-ksk-without-zsk.conf new file mode 100644 index 0000000..66e1b7f --- /dev/null +++ b/bin/tests/system/checkconf/bad-ksk-without-zsk.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy ksk-without-zsk { + keys { + ksk lifetime 30d algorithm 13; + }; +}; + +zone "example" { + type primary; + file "example.db"; + dnssec-policy ksk-without-zsk; +}; diff --git a/bin/tests/system/checkconf/bad-lifetime.conf b/bin/tests/system/checkconf/bad-lifetime.conf new file mode 100644 index 0000000..f268076 --- /dev/null +++ b/bin/tests/system/checkconf/bad-lifetime.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + nta-lifetime 8d; +}; diff --git a/bin/tests/system/checkconf/bad-lmdb-mapsize-bogus.conf b/bin/tests/system/checkconf/bad-lmdb-mapsize-bogus.conf new file mode 100644 index 0000000..5655a16 --- /dev/null +++ b/bin/tests/system/checkconf/bad-lmdb-mapsize-bogus.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + lmdb-mapsize bogusvalue; +}; diff --git a/bin/tests/system/checkconf/bad-lmdb-mapsize-toolarge.conf b/bin/tests/system/checkconf/bad-lmdb-mapsize-toolarge.conf new file mode 100644 index 0000000..006ca7d --- /dev/null +++ b/bin/tests/system/checkconf/bad-lmdb-mapsize-toolarge.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + lmdb-mapsize 2048G; +}; diff --git a/bin/tests/system/checkconf/bad-lmdb-mapsize-toosmall.conf b/bin/tests/system/checkconf/bad-lmdb-mapsize-toosmall.conf new file mode 100644 index 0000000..5dd1720 --- /dev/null +++ b/bin/tests/system/checkconf/bad-lmdb-mapsize-toosmall.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + lmdb-mapsize 1; +}; diff --git a/bin/tests/system/checkconf/bad-lmdb-mapsize-unlimited.conf b/bin/tests/system/checkconf/bad-lmdb-mapsize-unlimited.conf new file mode 100644 index 0000000..f1e7b88 --- /dev/null +++ b/bin/tests/system/checkconf/bad-lmdb-mapsize-unlimited.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + lmdb-mapsize unlimited; +}; diff --git a/bin/tests/system/checkconf/bad-master-request-ixfr.conf b/bin/tests/system/checkconf/bad-master-request-ixfr.conf new file mode 100644 index 0000000..19384b3 --- /dev/null +++ b/bin/tests/system/checkconf/bad-master-request-ixfr.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * request-ixfr clause is not allowed in zone of type master. + */ + +zone dummy { + type master; + request-ixfr no; + file "xxxx"; +}; diff --git a/bin/tests/system/checkconf/bad-masters-dup.conf b/bin/tests/system/checkconf/bad-masters-dup.conf new file mode 100644 index 0000000..ed761c9 --- /dev/null +++ b/bin/tests/system/checkconf/bad-masters-dup.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.net" { + type secondary; + primaries { 192.168.1.1; }; + masters { 192.168.1.2; }; +}; diff --git a/bin/tests/system/checkconf/bad-maxcachettl.conf b/bin/tests/system/checkconf/bad-maxcachettl.conf new file mode 100644 index 0000000..47f0643 --- /dev/null +++ b/bin/tests/system/checkconf/bad-maxcachettl.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + max-cache-ttl 1x; +}; diff --git a/bin/tests/system/checkconf/bad-maxncachettl-1.conf b/bin/tests/system/checkconf/bad-maxncachettl-1.conf new file mode 100644 index 0000000..ad852c3 --- /dev/null +++ b/bin/tests/system/checkconf/bad-maxncachettl-1.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + max-ncache-ttl 1x; +}; diff --git a/bin/tests/system/checkconf/bad-maxncachettl-2.conf b/bin/tests/system/checkconf/bad-maxncachettl-2.conf new file mode 100644 index 0000000..ada5c83 --- /dev/null +++ b/bin/tests/system/checkconf/bad-maxncachettl-2.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view two { + max-ncache-ttl 604801; +}; diff --git a/bin/tests/system/checkconf/bad-maxncachettl-3.conf b/bin/tests/system/checkconf/bad-maxncachettl-3.conf new file mode 100644 index 0000000..771a0f3 --- /dev/null +++ b/bin/tests/system/checkconf/bad-maxncachettl-3.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view three { + max-ncache-ttl 4000000000; +}; +view four { + max-ncache-ttl -1; +}; diff --git a/bin/tests/system/checkconf/bad-maxncachettl-4.conf b/bin/tests/system/checkconf/bad-maxncachettl-4.conf new file mode 100644 index 0000000..d9cd939 --- /dev/null +++ b/bin/tests/system/checkconf/bad-maxncachettl-4.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view four { + max-ncache-ttl -1; +}; diff --git a/bin/tests/system/checkconf/bad-maxratio1.conf b/bin/tests/system/checkconf/bad-maxratio1.conf new file mode 100644 index 0000000..b6f6420 --- /dev/null +++ b/bin/tests/system/checkconf/bad-maxratio1.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone example { + type master; + masterfile-format map; + file "example.db"; + max-ixfr-ratio 0.9; +}; diff --git a/bin/tests/system/checkconf/bad-maxratio2.conf b/bin/tests/system/checkconf/bad-maxratio2.conf new file mode 100644 index 0000000..54fec84 --- /dev/null +++ b/bin/tests/system/checkconf/bad-maxratio2.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone example { + type master; + masterfile-format map; + file "example.db"; + max-ixfr-ratio 0%; +}; diff --git a/bin/tests/system/checkconf/bad-maxttlmap.conf b/bin/tests/system/checkconf/bad-maxttlmap.conf new file mode 100644 index 0000000..b2d8043 --- /dev/null +++ b/bin/tests/system/checkconf/bad-maxttlmap.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone example { + type master; + masterfile-format map; + file "example.db"; + max-zone-ttl 3600; +}; diff --git a/bin/tests/system/checkconf/bad-mincachettl.conf b/bin/tests/system/checkconf/bad-mincachettl.conf new file mode 100644 index 0000000..cd02c66 --- /dev/null +++ b/bin/tests/system/checkconf/bad-mincachettl.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + min-cache-ttl 1x; +}; diff --git a/bin/tests/system/checkconf/bad-minncachettl.conf b/bin/tests/system/checkconf/bad-minncachettl.conf new file mode 100644 index 0000000..1148bcc --- /dev/null +++ b/bin/tests/system/checkconf/bad-minncachettl.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + min-ncache-ttl 1x; +}; diff --git a/bin/tests/system/checkconf/bad-mirror-allow-recursion-none.conf b/bin/tests/system/checkconf/bad-mirror-allow-recursion-none.conf new file mode 100644 index 0000000..351b3dd --- /dev/null +++ b/bin/tests/system/checkconf/bad-mirror-allow-recursion-none.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + recursion yes; + allow-recursion { none; }; +}; + +zone "." { + type mirror; + masters { 127.0.0.1; }; +}; diff --git a/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf b/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf new file mode 100644 index 0000000..27ad850 --- /dev/null +++ b/bin/tests/system/checkconf/bad-mirror-explicit-notify-yes.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "." { + type mirror; + notify yes; +}; diff --git a/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf b/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf new file mode 100644 index 0000000..c9c8b03 --- /dev/null +++ b/bin/tests/system/checkconf/bad-mirror-non-root-zone-without-masters.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "foo." { + type mirror; +}; diff --git a/bin/tests/system/checkconf/bad-mirror-recursion-no.conf b/bin/tests/system/checkconf/bad-mirror-recursion-no.conf new file mode 100644 index 0000000..f5536ac --- /dev/null +++ b/bin/tests/system/checkconf/bad-mirror-recursion-no.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + recursion no; +}; + +zone "." { + type mirror; +}; diff --git a/bin/tests/system/checkconf/bad-mirror-zonename.conf b/bin/tests/system/checkconf/bad-mirror-zonename.conf new file mode 100644 index 0000000..6fc11c1 --- /dev/null +++ b/bin/tests/system/checkconf/bad-mirror-zonename.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "\0example" { + type mirror; + file "example.db"; +}; diff --git a/bin/tests/system/checkconf/bad-noddns.conf b/bin/tests/system/checkconf/bad-noddns.conf new file mode 100644 index 0000000..0e45c5c --- /dev/null +++ b/bin/tests/system/checkconf/bad-noddns.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone example { + type master; + file "example.db"; + auto-dnssec maintain; + allow-update { none; }; +}; diff --git a/bin/tests/system/checkconf/bad-notify-source-v6.conf b/bin/tests/system/checkconf/bad-notify-source-v6.conf new file mode 100644 index 0000000..ef53c96 --- /dev/null +++ b/bin/tests/system/checkconf/bad-notify-source-v6.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + notify-source-v6 fd92:7065:b8e:ffff::1 port 5300; +}; diff --git a/bin/tests/system/checkconf/bad-notify-source.conf b/bin/tests/system/checkconf/bad-notify-source.conf new file mode 100644 index 0000000..b950784 --- /dev/null +++ b/bin/tests/system/checkconf/bad-notify-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + notify-source 10.53.0.1 port 5300; +}; diff --git a/bin/tests/system/checkconf/bad-options-also-notify.conf b/bin/tests/system/checkconf/bad-options-also-notify.conf new file mode 100644 index 0000000..74714f7 --- /dev/null +++ b/bin/tests/system/checkconf/bad-options-also-notify.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + also-notify { missing; }; +}; + +zone "example.net" { + type slave; + masters { 192.168.1.1; }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-def-options.conf b/bin/tests/system/checkconf/bad-parental-agents-def-options.conf new file mode 100644 index 0000000..2091155 --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-def-options.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + parental-agents { 192.168.1.2; }; +}; + +zone "example.net" { + type primary; + file "example.net.db"; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-def-view.conf b/bin/tests/system/checkconf/bad-parental-agents-def-view.conf new file mode 100644 index 0000000..47c062a --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-def-view.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "test" { + parental-agents { 192.168.1.2; }; + zone "example.net" { + type primary; + file "example.net.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-def-view2.conf b/bin/tests/system/checkconf/bad-parental-agents-def-view2.conf new file mode 100644 index 0000000..aa65a4d --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-def-view2.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "test" { + parental-agents "net" { + 192.168.1.2; + }; + zone "example.net" { + type primary; + file "example.net.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-def-zone.conf b/bin/tests/system/checkconf/bad-parental-agents-def-zone.conf new file mode 100644 index 0000000..e2a8389 --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-def-zone.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.net" { + type primary; + file "example.net.db"; + parental-agents "net" { 192.168.1.1; }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-dup.conf b/bin/tests/system/checkconf/bad-parental-agents-dup.conf new file mode 100644 index 0000000..cb5ac44 --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-dup.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.net" { + type primary; + file "example.net.db"; + parental-agents { 192.168.1.1; }; + parental-agents { 192.168.1.1; }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-dupdef.conf b/bin/tests/system/checkconf/bad-parental-agents-dupdef.conf new file mode 100644 index 0000000..7ca88f7 --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-dupdef.conf @@ -0,0 +1,26 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +parental-agents "net" { + 192.168.1.1; +}; + +parental-agents "net" { + 192.168.1.2; +}; + +zone "example.net" { + type primary; + file "example.net.db"; + parental-agents { "net"; }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-empty.conf b/bin/tests/system/checkconf/bad-parental-agents-empty.conf new file mode 100644 index 0000000..f61de06 --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-empty.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +parental-agents "net" { }; + +zone "example.net" { + type primary; + file "example.net.db"; + parental-agents { "net"; }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-empty2.conf b/bin/tests/system/checkconf/bad-parental-agents-empty2.conf new file mode 100644 index 0000000..93b8f7b --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-empty2.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.net" { + type primary; + file "example.net.db"; + parental-agents { }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-mirror.conf b/bin/tests/system/checkconf/bad-parental-agents-mirror.conf new file mode 100644 index 0000000..62926e2 --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-mirror.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "." { + type mirror; + file "root.mirror"; + parental-agents { 192.168.1.1; }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-agents-notfound.conf b/bin/tests/system/checkconf/bad-parental-agents-notfound.conf new file mode 100644 index 0000000..98075c4 --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-agents-notfound.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +parental-agents "com" { + 192.168.1.2; +}; + +zone "example.net" { + type primary; + file "example.net.db"; + parental-agents { "net"; }; +}; diff --git a/bin/tests/system/checkconf/bad-parental-source-v6.conf b/bin/tests/system/checkconf/bad-parental-source-v6.conf new file mode 100644 index 0000000..1b053d0 --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-source-v6.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + parental-source-v6 fd92:7065:b8e:ffff::1 port 5300; +}; diff --git a/bin/tests/system/checkconf/bad-parental-source.conf b/bin/tests/system/checkconf/bad-parental-source.conf new file mode 100644 index 0000000..9587b3e --- /dev/null +++ b/bin/tests/system/checkconf/bad-parental-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + parental-source 10.53.0.1 port 5300; +}; diff --git a/bin/tests/system/checkconf/bad-port.conf b/bin/tests/system/checkconf/bad-port.conf new file mode 100644 index 0000000..9650c8f --- /dev/null +++ b/bin/tests/system/checkconf/bad-port.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 99999; +}; diff --git a/bin/tests/system/checkconf/bad-primaries-key.conf b/bin/tests/system/checkconf/bad-primaries-key.conf new file mode 100644 index 0000000..f592293 --- /dev/null +++ b/bin/tests/system/checkconf/bad-primaries-key.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone example { + type secondary; + primaries { 1.2.3.4 key a..b; }; +}; diff --git a/bin/tests/system/checkconf/bad-primaries-notfound.conf b/bin/tests/system/checkconf/bad-primaries-notfound.conf new file mode 100644 index 0000000..4640098 --- /dev/null +++ b/bin/tests/system/checkconf/bad-primaries-notfound.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +primaries "net" { + 192.168.1.2; +}; + +zone "example.net" { + type secondary; + primaries { "foo"; }; +}; diff --git a/bin/tests/system/checkconf/bad-printtime.conf b/bin/tests/system/checkconf/bad-printtime.conf new file mode 100644 index 0000000..80a53cb --- /dev/null +++ b/bin/tests/system/checkconf/bad-printtime.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +logging { + channel one { + file "one.out"; + print-time bogus; + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-acl.conf b/bin/tests/system/checkconf/bad-rate-limit-acl.conf new file mode 100644 index 0000000..06543fb --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-acl.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + responses-per-second 10; + exempt-clients { localhost; localnets; unknownacl; }; + log-only yes; + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-all-per-second.conf b/bin/tests/system/checkconf/bad-rate-limit-all-per-second.conf new file mode 100644 index 0000000..aae353e --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-all-per-second.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + all-per-second 1001; // greater than DNS_RRL_MAX_RATE + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-errors-per-second.conf b/bin/tests/system/checkconf/bad-rate-limit-errors-per-second.conf new file mode 100644 index 0000000..b2c6097 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-errors-per-second.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + errors-per-second 1001; // greater than DNS_RRL_MAX_RATE + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-ipv4-prefix-length.conf b/bin/tests/system/checkconf/bad-rate-limit-ipv4-prefix-length.conf new file mode 100644 index 0000000..b728575 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-ipv4-prefix-length.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + ipv4-prefix-length 33; // greater than bits in address + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-ipv6-prefix-length.conf b/bin/tests/system/checkconf/bad-rate-limit-ipv6-prefix-length.conf new file mode 100644 index 0000000..6b5fda5 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-ipv6-prefix-length.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + ipv6-prefix-length 65; // max 64 + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-max-table-size.conf b/bin/tests/system/checkconf/bad-rate-limit-max-table-size.conf new file mode 100644 index 0000000..95309db --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-max-table-size.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + max-table-size 30; // less than min-table-size default of 500 + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-nodata-per-second.conf b/bin/tests/system/checkconf/bad-rate-limit-nodata-per-second.conf new file mode 100644 index 0000000..ecfb5f8 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-nodata-per-second.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + nodata-per-second 1001; // greater than DNS_RRL_MAX_RATE + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-nxdomains-per-second.conf b/bin/tests/system/checkconf/bad-rate-limit-nxdomains-per-second.conf new file mode 100644 index 0000000..77c5749 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-nxdomains-per-second.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + nxdomains-per-second 1001; // greater than DNS_RRL_MAX_RATE + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-qps-scale.conf b/bin/tests/system/checkconf/bad-rate-limit-qps-scale.conf new file mode 100644 index 0000000..0dc4532 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-qps-scale.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + qps-scale 0; // must be greater than zero + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-referrals-per-second.conf b/bin/tests/system/checkconf/bad-rate-limit-referrals-per-second.conf new file mode 100644 index 0000000..0ea4836 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-referrals-per-second.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + referrals-per-second 1001; // greater than DNS_RRL_MAX_RATE + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-responses-per-second.conf b/bin/tests/system/checkconf/bad-rate-limit-responses-per-second.conf new file mode 100644 index 0000000..8187244 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-responses-per-second.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + responses-per-second 1001; // greater than DNS_RRL_MAX_RATE + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-slip.conf b/bin/tests/system/checkconf/bad-rate-limit-slip.conf new file mode 100644 index 0000000..15d270c --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-slip.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + slip 11; // greater than default of 10 + }; +}; diff --git a/bin/tests/system/checkconf/bad-rate-limit-window.conf b/bin/tests/system/checkconf/bad-rate-limit-window.conf new file mode 100644 index 0000000..7ded786 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rate-limit-window.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rate-limit { + window 3601; // greater than default of 3600 + }; +}; diff --git a/bin/tests/system/checkconf/bad-root-mixed-key.conf b/bin/tests/system/checkconf/bad-root-mixed-key.conf new file mode 100644 index 0000000..7035066 --- /dev/null +++ b/bin/tests/system/checkconf/bad-root-mixed-key.conf @@ -0,0 +1,41 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + # This key (19036) is to be phased out starting in 2017. It will + # remain in the root zone for some time after its successor key + # has been added. It will remain this file until it is removed from + # the root zone. + . static-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF + FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX + bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD + X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz + W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS + Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq + QxA+Uk1ihz0="; + + # This key (20326) was published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/bin/tests/system/checkconf/bad-rpz-too-many-zones.conf b/bin/tests/system/checkconf/bad-rpz-too-many-zones.conf new file mode 100644 index 0000000..9861529 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rpz-too-many-zones.conf @@ -0,0 +1,148 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + response-policy { + zone "max1"; + zone "max2"; + zone "max3"; + zone "max4"; + zone "max5"; + zone "max6"; + zone "max7"; + zone "max8"; + zone "max9"; + zone "max10"; + zone "max11"; + zone "max12"; + zone "max13"; + zone "max14"; + zone "max15"; + zone "max16"; + zone "max17"; + zone "max18"; + zone "max19"; + zone "max20"; + zone "max21"; + zone "max22"; + zone "max23"; + zone "max24"; + zone "max25"; + zone "max26"; + zone "max27"; + zone "max28"; + zone "max29"; + zone "max30"; + zone "max31"; + zone "max32"; + zone "max33"; + zone "max34"; + zone "max35"; + zone "max36"; + zone "max37"; + zone "max38"; + zone "max39"; + zone "max40"; + zone "max41"; + zone "max42"; + zone "max43"; + zone "max44"; + zone "max45"; + zone "max46"; + zone "max47"; + zone "max48"; + zone "max49"; + zone "max50"; + zone "max51"; + zone "max52"; + zone "max53"; + zone "max54"; + zone "max55"; + zone "max56"; + zone "max57"; + zone "max58"; + zone "max59"; + zone "max60"; + zone "max61"; + zone "max62"; + zone "max63"; + zone "max64"; + zone "max65"; + }; +}; + +zone "max1" { type master; file "rpz.db"; }; +zone "max2" { type master; file "rpz.db"; }; +zone "max3" { type master; file "rpz.db"; }; +zone "max4" { type master; file "rpz.db"; }; +zone "max5" { type master; file "rpz.db"; }; +zone "max6" { type master; file "rpz.db"; }; +zone "max7" { type master; file "rpz.db"; }; +zone "max8" { type master; file "rpz.db"; }; +zone "max9" { type master; file "rpz.db"; }; +zone "max10" { type master; file "rpz.db"; }; +zone "max11" { type master; file "rpz.db"; }; +zone "max12" { type master; file "rpz.db"; }; +zone "max13" { type master; file "rpz.db"; }; +zone "max14" { type master; file "rpz.db"; }; +zone "max15" { type master; file "rpz.db"; }; +zone "max16" { type master; file "rpz.db"; }; +zone "max17" { type master; file "rpz.db"; }; +zone "max18" { type master; file "rpz.db"; }; +zone "max19" { type master; file "rpz.db"; }; +zone "max20" { type master; file "rpz.db"; }; +zone "max21" { type master; file "rpz.db"; }; +zone "max22" { type master; file "rpz.db"; }; +zone "max23" { type master; file "rpz.db"; }; +zone "max24" { type master; file "rpz.db"; }; +zone "max25" { type master; file "rpz.db"; }; +zone "max26" { type master; file "rpz.db"; }; +zone "max27" { type master; file "rpz.db"; }; +zone "max28" { type master; file "rpz.db"; }; +zone "max29" { type master; file "rpz.db"; }; +zone "max30" { type master; file "rpz.db"; }; +zone "max31" { type master; file "rpz.db"; }; +zone "max32" { type master; file "rpz.db"; }; +zone "max33" { type master; file "rpz.db"; }; +zone "max34" { type master; file "rpz.db"; }; +zone "max35" { type master; file "rpz.db"; }; +zone "max36" { type master; file "rpz.db"; }; +zone "max37" { type master; file "rpz.db"; }; +zone "max38" { type master; file "rpz.db"; }; +zone "max39" { type master; file "rpz.db"; }; +zone "max40" { type master; file "rpz.db"; }; +zone "max41" { type master; file "rpz.db"; }; +zone "max42" { type master; file "rpz.db"; }; +zone "max43" { type master; file "rpz.db"; }; +zone "max44" { type master; file "rpz.db"; }; +zone "max45" { type master; file "rpz.db"; }; +zone "max46" { type master; file "rpz.db"; }; +zone "max47" { type master; file "rpz.db"; }; +zone "max48" { type master; file "rpz.db"; }; +zone "max49" { type master; file "rpz.db"; }; +zone "max50" { type master; file "rpz.db"; }; +zone "max51" { type master; file "rpz.db"; }; +zone "max52" { type master; file "rpz.db"; }; +zone "max53" { type master; file "rpz.db"; }; +zone "max54" { type master; file "rpz.db"; }; +zone "max55" { type master; file "rpz.db"; }; +zone "max56" { type master; file "rpz.db"; }; +zone "max57" { type master; file "rpz.db"; }; +zone "max58" { type master; file "rpz.db"; }; +zone "max59" { type master; file "rpz.db"; }; +zone "max60" { type master; file "rpz.db"; }; +zone "max61" { type master; file "rpz.db"; }; +zone "max62" { type master; file "rpz.db"; }; +zone "max63" { type master; file "rpz.db"; }; +zone "max64" { type master; file "rpz.db"; }; +zone "max65" { type master; file "rpz.db"; }; diff --git a/bin/tests/system/checkconf/bad-rpz-ttl.conf b/bin/tests/system/checkconf/bad-rpz-ttl.conf new file mode 100644 index 0000000..d54bba9 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rpz-ttl.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com." { + type master; + file "example.com.zone"; +}; + +options { + response-policy { + zone "example.com." policy given; + } + max-policy-ttl 1x; +}; diff --git a/bin/tests/system/checkconf/bad-rpz-update.conf b/bin/tests/system/checkconf/bad-rpz-update.conf new file mode 100644 index 0000000..304b46c --- /dev/null +++ b/bin/tests/system/checkconf/bad-rpz-update.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com." { + type master; + file "example.com.zone"; +}; + +options { + response-policy { + zone "example.com." + policy given + min-update-interval 5x; + }; +}; diff --git a/bin/tests/system/checkconf/bad-rpz-zone.conf b/bin/tests/system/checkconf/bad-rpz-zone.conf new file mode 100644 index 0000000..4aadc61 --- /dev/null +++ b/bin/tests/system/checkconf/bad-rpz-zone.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + response-policy { + zone "nonexistent"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-sharedwritable1.conf b/bin/tests/system/checkconf/bad-sharedwritable1.conf new file mode 100644 index 0000000..e646b91 --- /dev/null +++ b/bin/tests/system/checkconf/bad-sharedwritable1.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone a { + type master; + file "shared.db"; +}; +zone b { + type slave; + file "shared.db"; + masters { 1.2.3.4; }; +}; diff --git a/bin/tests/system/checkconf/bad-sharedwritable2.conf b/bin/tests/system/checkconf/bad-sharedwritable2.conf new file mode 100644 index 0000000..2224053 --- /dev/null +++ b/bin/tests/system/checkconf/bad-sharedwritable2.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone a { + type slave; + file "shared.db"; + masters { 1.2.3.4; }; +}; +zone b { + type slave; + file "shared.db"; + masters { 1.2.3.4; }; +}; diff --git a/bin/tests/system/checkconf/bad-sharedzone1.conf b/bin/tests/system/checkconf/bad-sharedzone1.conf new file mode 100644 index 0000000..a8255ad --- /dev/null +++ b/bin/tests/system/checkconf/bad-sharedzone1.conf @@ -0,0 +1,31 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "first" { + match-clients { + "none"; + }; + zone "clone" { + type master; + file "xxx"; + }; +}; +view "second" { + match-clients { + "any"; + }; + zone "clone" { + in-view "first"; + type slave; + }; +}; diff --git a/bin/tests/system/checkconf/bad-sharedzone2.conf b/bin/tests/system/checkconf/bad-sharedzone2.conf new file mode 100644 index 0000000..fbe601a --- /dev/null +++ b/bin/tests/system/checkconf/bad-sharedzone2.conf @@ -0,0 +1,33 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "first" { + match-clients { + "none"; + }; + zone "clone" { + type master; + file "xxx"; + }; +}; +view "second" { + match-clients { + "any"; + }; + zone "clone" { + in-view "first"; + forward only; + forwarders { 10.0.0.100; }; + type slave; + }; +}; diff --git a/bin/tests/system/checkconf/bad-sharedzone3.conf b/bin/tests/system/checkconf/bad-sharedzone3.conf new file mode 100644 index 0000000..2adc554 --- /dev/null +++ b/bin/tests/system/checkconf/bad-sharedzone3.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view first { + zone shared.example { + in-view second; + }; +}; + +view second { + zone shared.example { + type master; + file "shared.example.db"; + }; +}; diff --git a/bin/tests/system/checkconf/bad-sig-validity.conf b/bin/tests/system/checkconf/bad-sig-validity.conf new file mode 100644 index 0000000..1744eba --- /dev/null +++ b/bin/tests/system/checkconf/bad-sig-validity.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + sig-validity-interval 5000; +}; diff --git a/bin/tests/system/checkconf/bad-static-initial-1.conf b/bin/tests/system/checkconf/bad-static-initial-1.conf new file mode 100644 index 0000000..91a5c10 --- /dev/null +++ b/bin/tests/system/checkconf/bad-static-initial-1.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + example. initial-ds 60724 5 1 "D74CF845955A0DFE604AF215E948E67D2EA94FF3"; + example. static-ds 60724 5 2 "29E79B9064EE1A11DF3BFF19581DDFED7952C22CC204ACE17B6007EB1437E9E6"; +}; diff --git a/bin/tests/system/checkconf/bad-static-initial-2.conf b/bin/tests/system/checkconf/bad-static-initial-2.conf new file mode 100644 index 0000000..3b4754d --- /dev/null +++ b/bin/tests/system/checkconf/bad-static-initial-2.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + example. initial-ds 60724 5 1 "D74CF845955A0DFE604AF215E948E67D2EA94FF3"; + example. static-key 257 3 5 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbody0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQYfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuwE60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/bad-static-initial-3.conf b/bin/tests/system/checkconf/bad-static-initial-3.conf new file mode 100644 index 0000000..c396d9c --- /dev/null +++ b/bin/tests/system/checkconf/bad-static-initial-3.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + example. static-ds 60724 5 1 "D74CF845955A0DFE604AF215E948E67D2EA94FF3"; + example. initial-key 257 3 5 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbody0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQYfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuwE60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/bad-static-initial-4.conf b/bin/tests/system/checkconf/bad-static-initial-4.conf new file mode 100644 index 0000000..2170d52 --- /dev/null +++ b/bin/tests/system/checkconf/bad-static-initial-4.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + example. initial-key 257 3 5 "AwEAAawvFp8GlBx8Qt6yaIqXkDe+nMkSk2HkTAG7qlVBo++AQwZ1j3Xl25IN4jsw0VTMbKUbafw9DYsVzztIwx1sNkKRLo6qP9SSkBL8RicQaafGtURtsYI3oqte5qqLve1CUpRD8J06Pg1xkOxsDlz9sQAyiQrOyvMbykJYkYrFYGLzYAgl/JtMyVVYlBl9pqxQuAPKYPOuO1axaad/wLN3+wTy/hcJfpvJpqzXlDF9bI5RmpoX/7geZ06vpcYJEoT0xkkmPlEl0ZjEDrm/WIaSWG0/CEDpHcOXFz4OEczMVpY+lnuFfKybwF1WHFn2BwVEOS6cMM6ukIjINQyrszHhWUU="; + example. static-key 257 3 5 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbody0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQYfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuwE60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/bad-stub-masters-dialup.conf b/bin/tests/system/checkconf/bad-stub-masters-dialup.conf new file mode 100644 index 0000000..9944e82 --- /dev/null +++ b/bin/tests/system/checkconf/bad-stub-masters-dialup.conf @@ -0,0 +1,36 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +controls { /* empty */ }; +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + heartbeat-interval 2; + recursion no; +}; +zone "." { + type hint; + file "hint"; +}; +zone "example." { + type stub; + dialup notify; + notify no; + file "example.bk"; + // masters { 10.53.0.1; }; +}; diff --git a/bin/tests/system/checkconf/bad-transfer-source-v6.conf b/bin/tests/system/checkconf/bad-transfer-source-v6.conf new file mode 100644 index 0000000..da182ff --- /dev/null +++ b/bin/tests/system/checkconf/bad-transfer-source-v6.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + transfer-source-v6 fd92:7065:b8e:ffff::1 port 5300; +}; diff --git a/bin/tests/system/checkconf/bad-transfer-source.conf b/bin/tests/system/checkconf/bad-transfer-source.conf new file mode 100644 index 0000000..315c410 --- /dev/null +++ b/bin/tests/system/checkconf/bad-transfer-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + transfer-source 10.53.0.1 port 5300; +}; diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf new file mode 100644 index 0000000..4af25b0 --- /dev/null +++ b/bin/tests/system/checkconf/bad-tsig.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* Bad secret */ +key "badtsig" { + algorithm hmac-md5; + secret "jEdD+BPKg=="; +}; + diff --git a/bin/tests/system/checkconf/bad-unpaired-keys.conf b/bin/tests/system/checkconf/bad-unpaired-keys.conf new file mode 100644 index 0000000..63b6dc2 --- /dev/null +++ b/bin/tests/system/checkconf/bad-unpaired-keys.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy unpaired-keys { + keys { + /* zsk without ksk */ + zsk lifetime 30d algorithm 13; + /* ksk without zsk */ + ksk lifetime 30d algorithm 7; + }; +}; + +zone "example" { + type primary; + file "example.db"; + dnssec-policy unpaired-keys; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy1.conf b/bin/tests/system/checkconf/bad-update-policy1.conf new file mode 100644 index 0000000..6eedd9d --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy1.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * self TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy10.conf b/bin/tests/system/checkconf/bad-update-policy10.conf new file mode 100644 index 0000000..29ed061 --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy10.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * krb5-selfsub TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy11.conf b/bin/tests/system/checkconf/bad-update-policy11.conf new file mode 100644 index 0000000..8f9e873 --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy11.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * ms-selfsub TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy12.conf b/bin/tests/system/checkconf/bad-update-policy12.conf new file mode 100644 index 0000000..1d42cdc --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy12.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * external TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy13.conf b/bin/tests/system/checkconf/bad-update-policy13.conf new file mode 100644 index 0000000..38973f6 --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy13.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant a-key-name name TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy14.conf b/bin/tests/system/checkconf/bad-update-policy14.conf new file mode 100644 index 0000000..2cd0ef5 --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy14.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant a-key-name subdomain TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy15.conf b/bin/tests/system/checkconf/bad-update-policy15.conf new file mode 100644 index 0000000..a2a354a --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy15.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant a-key-name wildcard TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy2.conf b/bin/tests/system/checkconf/bad-update-policy2.conf new file mode 100644 index 0000000..c83303f --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy2.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * selfsub TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy3.conf b/bin/tests/system/checkconf/bad-update-policy3.conf new file mode 100644 index 0000000..4856adb --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy3.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * selfwild TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy4.conf b/bin/tests/system/checkconf/bad-update-policy4.conf new file mode 100644 index 0000000..4bf1f5c --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy4.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * ms-self TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy5.conf b/bin/tests/system/checkconf/bad-update-policy5.conf new file mode 100644 index 0000000..a1853f8 --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy5.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * krb5-self TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy6.conf b/bin/tests/system/checkconf/bad-update-policy6.conf new file mode 100644 index 0000000..b1ef09c --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy6.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * ms-subdomain TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy7.conf b/bin/tests/system/checkconf/bad-update-policy7.conf new file mode 100644 index 0000000..1469b94 --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy7.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * krb5-subdomain TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy8.conf b/bin/tests/system/checkconf/bad-update-policy8.conf new file mode 100644 index 0000000..9e263ee --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy8.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * tcp-self TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-update-policy9.conf b/bin/tests/system/checkconf/bad-update-policy9.conf new file mode 100644 index 0000000..23fcb66 --- /dev/null +++ b/bin/tests/system/checkconf/bad-update-policy9.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * 6to4-self TXT; + }; +}; diff --git a/bin/tests/system/checkconf/bad-validation-auto-key.conf b/bin/tests/system/checkconf/bad-validation-auto-key.conf new file mode 100644 index 0000000..bd6f547 --- /dev/null +++ b/bin/tests/system/checkconf/bad-validation-auto-key.conf @@ -0,0 +1,26 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-validation auto; +}; + +trust-anchors { + . static-key 257 3 8 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbod + y0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQ + YfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX + 2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuw + E60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/ + Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn + 6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/bad-view-also-notify.conf b/bin/tests/system/checkconf/bad-view-also-notify.conf new file mode 100644 index 0000000..6dd9a4c --- /dev/null +++ b/bin/tests/system/checkconf/bad-view-also-notify.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view example { + also-notify { missing; }; + zone "example.net" { + type slave; + masters { 192.168.1.1; }; + }; +}; diff --git a/bin/tests/system/checkconf/bad-zsk-without-ksk.conf b/bin/tests/system/checkconf/bad-zsk-without-ksk.conf new file mode 100644 index 0000000..31b031c --- /dev/null +++ b/bin/tests/system/checkconf/bad-zsk-without-ksk.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy zsk-without-ksk { + keys { + zsk lifetime 30d algorithm 13; + }; +}; + +zone "example" { + type primary; + file "example.db"; + dnssec-policy zsk-without-ksk; +}; diff --git a/bin/tests/system/checkconf/check-dup-records-fail.conf b/bin/tests/system/checkconf/check-dup-records-fail.conf new file mode 100644 index 0000000..a655681 --- /dev/null +++ b/bin/tests/system/checkconf/check-dup-records-fail.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + check-integrity yes; // default is yes +}; + +zone "check-dup-records" { + type master; + file "check-dup-records.db"; + check-dup-records fail; +}; + diff --git a/bin/tests/system/checkconf/check-dup-records.db b/bin/tests/system/checkconf/check-dup-records.db new file mode 100644 index 0000000..558686c --- /dev/null +++ b/bin/tests/system/checkconf/check-dup-records.db @@ -0,0 +1,33 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + MX 10 mail + +mail A 10.0.0.1 +ns2 A 10.53.0.2 + +; following records are not de-duplicated +; and will be matched by check-dup-records +duplicate HIP ( 2 200100107B1A74DF365639CC39F1D578 + AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D + rvs.example.com. ) +duplicate HIP ( 2 200100107B1A74DF365639CC39F1D578 + AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D + RVS.example.com. ) diff --git a/bin/tests/system/checkconf/check-missing-zone.conf b/bin/tests/system/checkconf/check-missing-zone.conf new file mode 100644 index 0000000..e33ad54 --- /dev/null +++ b/bin/tests/system/checkconf/check-missing-zone.conf @@ -0,0 +1,26 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view missing { + zone missing.example { + type master; + file "missing.example.db"; + }; +}; + +view good { + zone shared.example { + type master; + file "shared.example.db"; + }; +}; diff --git a/bin/tests/system/checkconf/check-mixed-keys.conf b/bin/tests/system/checkconf/check-mixed-keys.conf new file mode 100644 index 0000000..1dd018d --- /dev/null +++ b/bin/tests/system/checkconf/check-mixed-keys.conf @@ -0,0 +1,43 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + # This key (19036) is to be phased out starting in 2017. It will + # remain in the root zone for some time after its successor key + # has been added. It will remain this file until it is removed from + # the root zone. + . static-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF + FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX + bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD + X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz + W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS + Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq + QxA+Uk1ihz0="; +}; + +managed-keys { + # This key (20326) was published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/bin/tests/system/checkconf/check-mx-cname-fail.conf b/bin/tests/system/checkconf/check-mx-cname-fail.conf new file mode 100644 index 0000000..611fb2c --- /dev/null +++ b/bin/tests/system/checkconf/check-mx-cname-fail.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + check-integrity yes; // default is yes +}; + +zone "check-mx-cname" { + type master; + file "check-mx-cname.db"; + check-mx-cname fail; +}; diff --git a/bin/tests/system/checkconf/check-mx-cname.db b/bin/tests/system/checkconf/check-mx-cname.db new file mode 100644 index 0000000..dc30f08 --- /dev/null +++ b/bin/tests/system/checkconf/check-mx-cname.db @@ -0,0 +1,26 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + MX 10 mail + +; MX points to a CNAME which is detected by check-mx-cname +mail CNAME ns2 + +ns2 A 10.53.0.2 diff --git a/bin/tests/system/checkconf/check-mx-fail.conf b/bin/tests/system/checkconf/check-mx-fail.conf new file mode 100644 index 0000000..408b1b4 --- /dev/null +++ b/bin/tests/system/checkconf/check-mx-fail.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + check-integrity yes; // default is yes +}; + +zone "check-mx" { + type master; + file "check-mx.db"; + check-mx fail; +}; diff --git a/bin/tests/system/checkconf/check-mx.db b/bin/tests/system/checkconf/check-mx.db new file mode 100644 index 0000000..dced644 --- /dev/null +++ b/bin/tests/system/checkconf/check-mx.db @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 +; MX appears to be an address and will be detected by check-mx + MX 10 10.0.0.1 + +ns2 A 10.53.0.2 diff --git a/bin/tests/system/checkconf/check-names-fail.conf b/bin/tests/system/checkconf/check-names-fail.conf new file mode 100644 index 0000000..8137747 --- /dev/null +++ b/bin/tests/system/checkconf/check-names-fail.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + check-integrity yes; // default is yes +}; + +zone "check-names" { + type master; + file "check-names.db"; + check-names fail; +}; diff --git a/bin/tests/system/checkconf/check-names.db b/bin/tests/system/checkconf/check-names.db new file mode 100644 index 0000000..0274ec9 --- /dev/null +++ b/bin/tests/system/checkconf/check-names.db @@ -0,0 +1,28 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + MX 10 mail + +mail A 10.0.0.1 +ns2 A 10.53.0.2 + +; the RDATA of this record contains a name that may be considered +; invalid and will be detected by check-names configuration. +check-names SRV 1 2 3 _underscore diff --git a/bin/tests/system/checkconf/check-root-ksk-2010.conf b/bin/tests/system/checkconf/check-root-ksk-2010.conf new file mode 100644 index 0000000..d422635 --- /dev/null +++ b/bin/tests/system/checkconf/check-root-ksk-2010.conf @@ -0,0 +1,26 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + # This key (19036) is to be phased out starting in 2017. It will + # remain in the root zone for some time after its successor key + # has been added. It will remain this file until it is removed from + # the root zone. + . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF + FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX + bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD + X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz + W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS + Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq + QxA+Uk1ihz0="; +}; diff --git a/bin/tests/system/checkconf/check-root-ksk-2017.conf b/bin/tests/system/checkconf/check-root-ksk-2017.conf new file mode 100644 index 0000000..72f6fb4 --- /dev/null +++ b/bin/tests/system/checkconf/check-root-ksk-2017.conf @@ -0,0 +1,29 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + # This key (20326) was published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/bin/tests/system/checkconf/check-root-ksk-both.conf b/bin/tests/system/checkconf/check-root-ksk-both.conf new file mode 100644 index 0000000..88c308f --- /dev/null +++ b/bin/tests/system/checkconf/check-root-ksk-both.conf @@ -0,0 +1,41 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + # This key (19036) is to be phased out starting in 2017. It will + # remain in the root zone for some time after its successor key + # has been added. It will remain this file until it is removed from + # the root zone. + . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF + FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX + bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD + X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz + W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS + Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq + QxA+Uk1ihz0="; + + # This key (20326) was published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/bin/tests/system/checkconf/check-root-static-ds.conf b/bin/tests/system/checkconf/check-root-static-ds.conf new file mode 100644 index 0000000..eb37b85 --- /dev/null +++ b/bin/tests/system/checkconf/check-root-static-ds.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + . static-ds 20326 8 2 "E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; +}; diff --git a/bin/tests/system/checkconf/check-root-static-key.conf b/bin/tests/system/checkconf/check-root-static-key.conf new file mode 100644 index 0000000..7be5304 --- /dev/null +++ b/bin/tests/system/checkconf/check-root-static-key.conf @@ -0,0 +1,29 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + # This key (20326) was published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . static-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/bin/tests/system/checkconf/check-root-trusted-key.conf b/bin/tests/system/checkconf/check-root-trusted-key.conf new file mode 100644 index 0000000..65261a8 --- /dev/null +++ b/bin/tests/system/checkconf/check-root-trusted-key.conf @@ -0,0 +1,29 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trusted-keys { + # This key (20326) was published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/bin/tests/system/checkconf/check-srv-cname-fail.conf b/bin/tests/system/checkconf/check-srv-cname-fail.conf new file mode 100644 index 0000000..e5f9349 --- /dev/null +++ b/bin/tests/system/checkconf/check-srv-cname-fail.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + check-integrity yes; // default is yes +}; + +zone "check-srv-cname" { + type master; + file "check-srv-cname.db"; + check-srv-cname fail; +}; diff --git a/bin/tests/system/checkconf/check-srv-cname.db b/bin/tests/system/checkconf/check-srv-cname.db new file mode 100644 index 0000000..0671ab1 --- /dev/null +++ b/bin/tests/system/checkconf/check-srv-cname.db @@ -0,0 +1,28 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 + MX 10 mail + +mail A 10.0.0.1 +ns2 A 10.53.0.2 + +check-srv-cname SRV 1 2 3 target +; SRV points to a CNAME which is detected by check-srv-cname configuration +target CNAME mail diff --git a/bin/tests/system/checkconf/check-wildcard-no.conf b/bin/tests/system/checkconf/check-wildcard-no.conf new file mode 100644 index 0000000..beb641a --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard-no.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "check-wildcard" { + type primary; + file "check-wildcard.db"; + check-wildcard no; +}; diff --git a/bin/tests/system/checkconf/check-wildcard.conf b/bin/tests/system/checkconf/check-wildcard.conf new file mode 100644 index 0000000..263f8b4 --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "check-wildcard" { + type primary; + file "check-wildcard.db"; + check-wildcard yes; +}; diff --git a/bin/tests/system/checkconf/check-wildcard.db b/bin/tests/system/checkconf/check-wildcard.db new file mode 100644 index 0000000..1db5af0 --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard.db @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 +ns2 A 10.53.0.2 +; an interior wildcard name +foo.* TXT The owner name contains an interior wildcard diff --git a/bin/tests/system/checkconf/clean.sh b/bin/tests/system/checkconf/clean.sh new file mode 100644 index 0000000..0d6001d --- /dev/null +++ b/bin/tests/system/checkconf/clean.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +rm -f bad-kasp-keydir1.conf +rm -f bad-kasp-keydir2.conf +rm -f bad-kasp-keydir3.conf +rm -f bad-kasp-keydir4.conf +rm -f bad-kasp-keydir5.conf +rm -f checkconf.out* +rm -f diff.out* +rm -f good-kasp.conf.in +rm -f good-server-christmas-tree.conf +rm -f good.conf.in good.conf.out badzero.conf *.out +rm -f ns*/named.lock +rm -rf test.keydir diff --git a/bin/tests/system/checkconf/deprecated-masterfile-format-map.conf b/bin/tests/system/checkconf/deprecated-masterfile-format-map.conf new file mode 100644 index 0000000..634ca14 --- /dev/null +++ b/bin/tests/system/checkconf/deprecated-masterfile-format-map.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { ::1; }; + masterfile-format map; +}; diff --git a/bin/tests/system/checkconf/deprecated.conf b/bin/tests/system/checkconf/deprecated.conf new file mode 100644 index 0000000..82a555d --- /dev/null +++ b/bin/tests/system/checkconf/deprecated.conf @@ -0,0 +1,43 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +server 1.2.3.4 { + query-source 10.10.10.10 dscp 10; +}; + +options { + dnssec-validation yes; + dscp 10; +}; + +trusted-keys { + fake.trusted. 257 3 8 + "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF + FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX + bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD + X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz + W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS + Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq + QxA+Uk1ihz0="; +}; + +managed-keys { + fake.managed. initial-key 257 3 8 + "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/bin/tests/system/checkconf/dlz-bad.conf b/bin/tests/system/checkconf/dlz-bad.conf new file mode 100644 index 0000000..b279ccf --- /dev/null +++ b/bin/tests/system/checkconf/dlz-bad.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dlz one { + database "one"; +}; + +dlz two { + database "two"; + search no; +}; + +zone master { + type master; + database "none"; + dlz two; +}; diff --git a/bin/tests/system/checkconf/dnssec.1 b/bin/tests/system/checkconf/dnssec.1 new file mode 100644 index 0000000..ac79651 --- /dev/null +++ b/bin/tests/system/checkconf/dnssec.1 @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-enable no; +}; diff --git a/bin/tests/system/checkconf/dnssec.2 b/bin/tests/system/checkconf/dnssec.2 new file mode 100644 index 0000000..6eaa372 --- /dev/null +++ b/bin/tests/system/checkconf/dnssec.2 @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view view1 { + match-clients { any; }; + dnssec-validation yes; +}; + +view view2 { + match-clients { none; }; + dnssec-validation auto; +}; + +view view3 { + match-clients { none; }; + auto-dnssec maintain; +}; diff --git a/bin/tests/system/checkconf/dnssec.3 b/bin/tests/system/checkconf/dnssec.3 new file mode 100644 index 0000000..93b6ac2 --- /dev/null +++ b/bin/tests/system/checkconf/dnssec.3 @@ -0,0 +1,34 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view view1 { + match-clients { any; }; +}; + +view view2 { + match-clients { none; }; +}; + +view view3 { + match-clients { none; }; + dnssec-validation auto; +}; + +view view4 { + match-clients { none; }; +}; + +view view5 { + match-clients { none; }; + auto-dnssec off; +}; diff --git a/bin/tests/system/checkconf/dnssec.4 b/bin/tests/system/checkconf/dnssec.4 new file mode 100644 index 0000000..53e5d91 --- /dev/null +++ b/bin/tests/system/checkconf/dnssec.4 @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "test" { + type primary; + file "test.db"; + auto-dnssec maintain; +}; diff --git a/bin/tests/system/checkconf/good-acl.conf b/bin/tests/system/checkconf/good-acl.conf new file mode 100644 index 0000000..be32923 --- /dev/null +++ b/bin/tests/system/checkconf/good-acl.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl a { + { "none"; }; + { !19.0.0.0/8; }; +}; + +options { + allow-query { a; }; +}; diff --git a/bin/tests/system/checkconf/good-allow-update-forwarding-view.conf b/bin/tests/system/checkconf/good-allow-update-forwarding-view.conf new file mode 100644 index 0000000..5bc9232 --- /dev/null +++ b/bin/tests/system/checkconf/good-allow-update-forwarding-view.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + allow-update-forwarding { any; }; +}; diff --git a/bin/tests/system/checkconf/good-allow-update-forwarding.conf b/bin/tests/system/checkconf/good-allow-update-forwarding.conf new file mode 100644 index 0000000..d7e89be --- /dev/null +++ b/bin/tests/system/checkconf/good-allow-update-forwarding.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + allow-update-forwarding { any; }; +}; diff --git a/bin/tests/system/checkconf/good-allow-update-view.conf b/bin/tests/system/checkconf/good-allow-update-view.conf new file mode 100644 index 0000000..da799a2 --- /dev/null +++ b/bin/tests/system/checkconf/good-allow-update-view.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + allow-update { any; }; +}; diff --git a/bin/tests/system/checkconf/good-allow-update.conf b/bin/tests/system/checkconf/good-allow-update.conf new file mode 100644 index 0000000..6b7a67e --- /dev/null +++ b/bin/tests/system/checkconf/good-allow-update.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + allow-update { any; }; +}; diff --git a/bin/tests/system/checkconf/good-class.conf b/bin/tests/system/checkconf/good-class.conf new file mode 100644 index 0000000..2f8c321 --- /dev/null +++ b/bin/tests/system/checkconf/good-class.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "example" class00 { }; diff --git a/bin/tests/system/checkconf/good-dnskey-validity-3660.conf b/bin/tests/system/checkconf/good-dnskey-validity-3660.conf new file mode 100644 index 0000000..4e0a7ee --- /dev/null +++ b/bin/tests/system/checkconf/good-dnskey-validity-3660.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnskey-sig-validity 3660; /* maximum value 10 years */ +}; diff --git a/bin/tests/system/checkconf/good-dnskey-validity-zero.conf b/bin/tests/system/checkconf/good-dnskey-validity-zero.conf new file mode 100644 index 0000000..5da41b8 --- /dev/null +++ b/bin/tests/system/checkconf/good-dnskey-validity-zero.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnskey-sig-validity 0; /* 0 is disabled */ +}; diff --git a/bin/tests/system/checkconf/good-ds-key-1.conf b/bin/tests/system/checkconf/good-ds-key-1.conf new file mode 100644 index 0000000..de7de84 --- /dev/null +++ b/bin/tests/system/checkconf/good-ds-key-1.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + example. initial-ds 60724 5 1 "D74CF845955A0DFE604AF215E948E67D2EA94FF3"; + example. initial-key 257 3 5 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbody0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQYfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuwE60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/good-ds-key-2.conf b/bin/tests/system/checkconf/good-ds-key-2.conf new file mode 100644 index 0000000..060fb2f --- /dev/null +++ b/bin/tests/system/checkconf/good-ds-key-2.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + example. static-ds 60724 5 1 "D74CF845955A0DFE604AF215E948E67D2EA94FF3"; + example. static-key 257 3 5 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbody0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQYfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuwE60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/good-dup-managed-key.conf b/bin/tests/system/checkconf/good-dup-managed-key.conf new file mode 100644 index 0000000..2f91247 --- /dev/null +++ b/bin/tests/system/checkconf/good-dup-managed-key.conf @@ -0,0 +1,33 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-validation yes; +}; + +trust-anchors { + example. initial-key 257 3 8 "AwEAAawvFp8GlBx8Qt6yaIqXkDe+nMkSk2HkTAG7qlVBo++AQwZ1j3Xl + 25IN4jsw0VTMbKUbafw9DYsVzztIwx1sNkKRLo6qP9SSkBL8RicQaafG + tURtsYI3oqte5qqLve1CUpRD8J06Pg1xkOxsDlz9sQAyiQrOyvMbykJY + kYrFYGLzYAgl/JtMyVVYlBl9pqxQuAPKYPOuO1axaad/wLN3+wTy/hcJ + fpvJpqzXlDF9bI5RmpoX/7geZ06vpcYJEoT0xkkmPlEl0ZjEDrm/WIaS + WG0/CEDpHcOXFz4OEczMVpY+lnuFfKybwF1WHFn2BwVEOS6cMM6ukIjI + NQyrszHhWUU="; + example. initial-key 257 3 8 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbod + y0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQ + YfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX + 2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuw + E60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/ + Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn + 6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/good-dup-trusted-key.conf b/bin/tests/system/checkconf/good-dup-trusted-key.conf new file mode 100644 index 0000000..46089c4 --- /dev/null +++ b/bin/tests/system/checkconf/good-dup-trusted-key.conf @@ -0,0 +1,33 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-validation yes; +}; + +trusted-keys { + example. 257 3 8 "AwEAAawvFp8GlBx8Qt6yaIqXkDe+nMkSk2HkTAG7qlVBo++AQwZ1j3Xl + 25IN4jsw0VTMbKUbafw9DYsVzztIwx1sNkKRLo6qP9SSkBL8RicQaafG + tURtsYI3oqte5qqLve1CUpRD8J06Pg1xkOxsDlz9sQAyiQrOyvMbykJY + kYrFYGLzYAgl/JtMyVVYlBl9pqxQuAPKYPOuO1axaad/wLN3+wTy/hcJ + fpvJpqzXlDF9bI5RmpoX/7geZ06vpcYJEoT0xkkmPlEl0ZjEDrm/WIaS + WG0/CEDpHcOXFz4OEczMVpY+lnuFfKybwF1WHFn2BwVEOS6cMM6ukIjI + NQyrszHhWUU="; + example. 257 3 8 "AwEAAZtP9+RAA+W33A97e+HnnH8WTXzCWiEICyWj1B6rvZ9hd50ysbod + y0NLx7b3vZ1bzMLxLSRAr/n3Wi0TDZ1fvCKZhennfW8Wlc7ulCvHntSQ + YfKHUP0YWEo84sQAqIi850N1aiddj6CidwFo9JNW/HQ+8yarfrnGMFhX + 2STtkE0hNJ/R6JYKmD2EH7k1nyqJd08ibrEt55DuV4BiUjyyERdVbsuw + E60jVqAwCKyVBYXb2sI+zv1yPNDBIANd6KTgnq6YWzx5ZodQP3W4K7Z/ + Bk3EKmVCvrTKZK/ADLAKaL0/6DD07+1jXA4BiNyoZTLTapkudkGad+Rn + 6zqCkwuMmrU="; +}; diff --git a/bin/tests/system/checkconf/good-glue-cache.conf b/bin/tests/system/checkconf/good-glue-cache.conf new file mode 100644 index 0000000..fd5524b --- /dev/null +++ b/bin/tests/system/checkconf/good-glue-cache.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + glue-cache yes; +}; diff --git a/bin/tests/system/checkconf/good-initial-ds.conf b/bin/tests/system/checkconf/good-initial-ds.conf new file mode 100644 index 0000000..b54a2b3 --- /dev/null +++ b/bin/tests/system/checkconf/good-initial-ds.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + example. initial-ds 60724 5 2 "29E79B9064EE1A11DF3BFF19581DDFED7952C22CC204ACE17B6007EB1437E9E6"; +}; diff --git a/bin/tests/system/checkconf/good-interface-interval.conf b/bin/tests/system/checkconf/good-interface-interval.conf new file mode 100644 index 0000000..60c50b3 --- /dev/null +++ b/bin/tests/system/checkconf/good-interface-interval.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + interface-interval 1h; +}; diff --git a/bin/tests/system/checkconf/good-kasp.conf b/bin/tests/system/checkconf/good-kasp.conf new file mode 100644 index 0000000..1a12d9f --- /dev/null +++ b/bin/tests/system/checkconf/good-kasp.conf @@ -0,0 +1,68 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * This is just a random selection of DNSSEC configuration options. + */ + +/* cut here */ +dnssec-policy "test" { + dnskey-ttl 3600; + keys { + ksk key-directory lifetime P1Y algorithm ecdsa256; + zsk lifetime P30D algorithm 13; + csk key-directory lifetime unlimited algorithm rsasha256 2048; + }; + max-zone-ttl 86400; + nsec3param iterations 5 optout no salt-length 8; + parent-ds-ttl 7200; + parent-propagation-delay PT1H; + publish-safety PT3600S; + retire-safety PT3600S; + signatures-refresh P3D; + signatures-validity P2W; + signatures-validity-dnskey P14D; + zone-propagation-delay PT5M; +}; +options { + dnssec-policy "default"; +}; +zone "example1" { + type master; + file "example1.db"; + inline-signing yes; +}; +zone "example2" { + type master; + file "example2.db"; + allow-update { + "any"; + }; + dnssec-policy "test"; +}; +zone "example3" { + type master; + file "example3.db"; + inline-signing yes; + dnssec-policy "default"; +}; +zone "dnssec-policy-none-shared-zonefile1" { + type master; + file "shared.db"; + dnssec-policy "none"; +}; +zone "dnssec-policy-none-shared-zonefile2" { + type master; + file "shared.db"; + dnssec-policy "none"; +}; diff --git a/bin/tests/system/checkconf/good-key-directory.conf b/bin/tests/system/checkconf/good-key-directory.conf new file mode 100644 index 0000000..45befff --- /dev/null +++ b/bin/tests/system/checkconf/good-key-directory.conf @@ -0,0 +1,73 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "internet" { + keys { + ksk key-directory lifetime unlimited algorithm ecdsa256; + zsk key-directory lifetime P90D algorithm ecdsa256; + }; + + nsec3param iterations 15 optout no salt-length 8; +}; + +dnssec-policy "intranet" { + keys { + ksk key-directory lifetime unlimited algorithm ecdsa256; + zsk key-directory lifetime P30D algorithm ecdsa256; + }; + nsec3param iterations 15 optout no salt-length 8; +}; + +dnssec-policy "localhost" { + keys { + ksk key-directory lifetime unlimited algorithm ecdsa256; + zsk key-directory lifetime P30D algorithm ecdsa256; + }; + nsec3param iterations 15 optout no salt-length 8; +}; + +options { + key-directory "global/keys"; +}; + +view "localhost" { + match-clients { 127.0.0.1; ::1; }; + zone "example.com" IN { + type primary; + file "localhost/example.com.zone"; + dnssec-policy "localhost"; + inline-signing yes; + }; +}; + +view "external" { + match-clients { 0/0; }; + key-directory "external/keys"; + zone "example.com" IN { + type primary; + file "external/example.com.zone"; + dnssec-policy "internet"; + inline-signing yes; + }; +}; + +view "internal" { + match-clients { ::/0; }; + key-directory "internal/keys"; + zone "example.com" IN { + type primary; + file "internal/example.com.zone"; + dnssec-policy "intranet"; + inline-signing yes; + }; +}; diff --git a/bin/tests/system/checkconf/good-lmdb-mapsize-largest.conf b/bin/tests/system/checkconf/good-lmdb-mapsize-largest.conf new file mode 100644 index 0000000..a55b835 --- /dev/null +++ b/bin/tests/system/checkconf/good-lmdb-mapsize-largest.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + lmdb-mapsize 1024G; +}; diff --git a/bin/tests/system/checkconf/good-lmdb-mapsize-smallest.conf b/bin/tests/system/checkconf/good-lmdb-mapsize-smallest.conf new file mode 100644 index 0000000..4478706 --- /dev/null +++ b/bin/tests/system/checkconf/good-lmdb-mapsize-smallest.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + lmdb-mapsize 1M; +}; diff --git a/bin/tests/system/checkconf/good-masterfile-format-raw.conf b/bin/tests/system/checkconf/good-masterfile-format-raw.conf new file mode 100644 index 0000000..b6f3cbf --- /dev/null +++ b/bin/tests/system/checkconf/good-masterfile-format-raw.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { ::1; }; + masterfile-format raw; +}; diff --git a/bin/tests/system/checkconf/good-masterfile-format-text.conf b/bin/tests/system/checkconf/good-masterfile-format-text.conf new file mode 100644 index 0000000..8138058 --- /dev/null +++ b/bin/tests/system/checkconf/good-masterfile-format-text.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { ::1; }; + masterfile-format text; +}; diff --git a/bin/tests/system/checkconf/good-masters-and-primaries.conf b/bin/tests/system/checkconf/good-masters-and-primaries.conf new file mode 100644 index 0000000..d84657f --- /dev/null +++ b/bin/tests/system/checkconf/good-masters-and-primaries.conf @@ -0,0 +1,15 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +masters a { 1.2.3.4; }; +primaries b { 1.2.3.4; }; diff --git a/bin/tests/system/checkconf/good-maxcachettl.conf b/bin/tests/system/checkconf/good-maxcachettl.conf new file mode 100644 index 0000000..58f6901 --- /dev/null +++ b/bin/tests/system/checkconf/good-maxcachettl.conf @@ -0,0 +1,34 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + max-cache-ttl 0; +}; +view two { + max-cache-ttl 86400; +}; +view three { + max-cache-ttl 4000000000; +}; +view four { + max-cache-ttl 3600s; +}; +view five { + max-cache-ttl 1h; +}; +view six { + max-cache-ttl 1d; +}; +view seven { + max-cache-ttl 1w; +}; diff --git a/bin/tests/system/checkconf/good-maxncachettl.conf b/bin/tests/system/checkconf/good-maxncachettl.conf new file mode 100644 index 0000000..80dc753 --- /dev/null +++ b/bin/tests/system/checkconf/good-maxncachettl.conf @@ -0,0 +1,34 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + max-ncache-ttl 0; +}; +view two { + max-ncache-ttl 86400; +}; +view three { + max-ncache-ttl 604800; +}; +view four { + max-ncache-ttl 3600s; +}; +view five { + max-ncache-ttl 1h; +}; +view six { + max-ncache-ttl 1d; +}; +view seven { + max-ncache-ttl 1w; +}; diff --git a/bin/tests/system/checkconf/good-maxratio1.conf b/bin/tests/system/checkconf/good-maxratio1.conf new file mode 100644 index 0000000..add6b1a --- /dev/null +++ b/bin/tests/system/checkconf/good-maxratio1.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone example { + type master; + masterfile-format map; + file "example.db"; + max-ixfr-ratio 50%; +}; diff --git a/bin/tests/system/checkconf/good-maxratio2.conf b/bin/tests/system/checkconf/good-maxratio2.conf new file mode 100644 index 0000000..be61ae2 --- /dev/null +++ b/bin/tests/system/checkconf/good-maxratio2.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone example { + type master; + masterfile-format map; + file "example.db"; + max-ixfr-ratio unlimited; +}; diff --git a/bin/tests/system/checkconf/good-mincachettl.conf b/bin/tests/system/checkconf/good-mincachettl.conf new file mode 100644 index 0000000..b619a73 --- /dev/null +++ b/bin/tests/system/checkconf/good-mincachettl.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + min-cache-ttl 0; +}; +view two { + min-cache-ttl 30; +}; +view three { + min-cache-ttl 60; +}; +view four { + min-cache-ttl 90s; +}; +view five { + min-cache-ttl 1m; +}; diff --git a/bin/tests/system/checkconf/good-minncachettl.conf b/bin/tests/system/checkconf/good-minncachettl.conf new file mode 100644 index 0000000..3e4101b --- /dev/null +++ b/bin/tests/system/checkconf/good-minncachettl.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + min-ncache-ttl 0; +}; +view two { + min-ncache-ttl 30; +}; +view three { + min-ncache-ttl 60; +}; +view four { + min-ncache-ttl 90s; +}; +view five { + min-ncache-ttl 1m; +}; diff --git a/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf b/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf new file mode 100644 index 0000000..09bbf94 --- /dev/null +++ b/bin/tests/system/checkconf/good-mirror-inherited-notify-yes.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + notify yes; +}; + +zone "." { + type mirror; +}; diff --git a/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf b/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf new file mode 100644 index 0000000..9723b7a --- /dev/null +++ b/bin/tests/system/checkconf/good-mirror-root-zone-without-masters.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "." { + type mirror; +}; diff --git a/bin/tests/system/checkconf/good-nested.conf b/bin/tests/system/checkconf/good-nested.conf new file mode 100644 index 0000000..12a027c --- /dev/null +++ b/bin/tests/system/checkconf/good-nested.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl a { 127.0.0.1; ::1; }; +acl b { a; }; +acl c { !b; }; + +options { + allow-query { c; }; +}; diff --git a/bin/tests/system/checkconf/good-notify-source-v6.conf b/bin/tests/system/checkconf/good-notify-source-v6.conf new file mode 100644 index 0000000..797f966 --- /dev/null +++ b/bin/tests/system/checkconf/good-notify-source-v6.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + notify-source-v6 fd92:7065:b8e:ffff::1; +}; diff --git a/bin/tests/system/checkconf/good-notify-source.conf b/bin/tests/system/checkconf/good-notify-source.conf new file mode 100644 index 0000000..6b97314 --- /dev/null +++ b/bin/tests/system/checkconf/good-notify-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + notify-source 10.53.0.1; +}; diff --git a/bin/tests/system/checkconf/good-options-also-notify.conf b/bin/tests/system/checkconf/good-options-also-notify.conf new file mode 100644 index 0000000..75066ef --- /dev/null +++ b/bin/tests/system/checkconf/good-options-also-notify.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + also-notify { missing; }; +}; + +zone "example.net" { + type slave; + notify no; + masters { 192.168.1.1; }; +}; diff --git a/bin/tests/system/checkconf/good-parental-source-v6.conf b/bin/tests/system/checkconf/good-parental-source-v6.conf new file mode 100644 index 0000000..fe998f1 --- /dev/null +++ b/bin/tests/system/checkconf/good-parental-source-v6.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + parental-source-v6 fd92:7065:b8e:ffff::1; +}; diff --git a/bin/tests/system/checkconf/good-parental-source.conf b/bin/tests/system/checkconf/good-parental-source.conf new file mode 100644 index 0000000..e45856a --- /dev/null +++ b/bin/tests/system/checkconf/good-parental-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + parental-source 10.53.0.1; +}; diff --git a/bin/tests/system/checkconf/good-printtime.conf b/bin/tests/system/checkconf/good-printtime.conf new file mode 100644 index 0000000..06bb7be --- /dev/null +++ b/bin/tests/system/checkconf/good-printtime.conf @@ -0,0 +1,35 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +logging { + channel one { + file "one.out"; + print-time no; + }; + channel two { + file "two.out"; + print-time yes; + }; + channel three { + file "three.out"; + print-time local; + }; + channel four { + file "four.out"; + print-time iso8601; + }; + channel five { + file "five.out"; + print-time iso8601-utc; + }; +}; diff --git a/bin/tests/system/checkconf/good-response-dot.conf b/bin/tests/system/checkconf/good-response-dot.conf new file mode 100644 index 0000000..68bd96e --- /dev/null +++ b/bin/tests/system/checkconf/good-response-dot.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com." { + type master; + file "example.com.zone"; +}; + +options { + response-policy { + zone "example.com." policy given; + }; +}; diff --git a/bin/tests/system/checkconf/good-rpz-ttl.conf b/bin/tests/system/checkconf/good-rpz-ttl.conf new file mode 100644 index 0000000..b40a3d5 --- /dev/null +++ b/bin/tests/system/checkconf/good-rpz-ttl.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com." { + type master; + file "example.com.zone"; +}; + +options { + response-policy { + zone "example.com." policy given; + } + max-policy-ttl 1h; +}; diff --git a/bin/tests/system/checkconf/good-rpz-update.conf b/bin/tests/system/checkconf/good-rpz-update.conf new file mode 100644 index 0000000..2ad6bc1 --- /dev/null +++ b/bin/tests/system/checkconf/good-rpz-update.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com." { + type master; + file "example.com.zone"; +}; + +options { + response-policy { + zone "example.com." + policy given + min-update-interval 5m; + }; +}; diff --git a/bin/tests/system/checkconf/good-rrset-order-none.conf b/bin/tests/system/checkconf/good-rrset-order-none.conf new file mode 100644 index 0000000..f0818ca --- /dev/null +++ b/bin/tests/system/checkconf/good-rrset-order-none.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + rrset-order { + order none; + }; +}; diff --git a/bin/tests/system/checkconf/good-static-ds.conf b/bin/tests/system/checkconf/good-static-ds.conf new file mode 100644 index 0000000..be7412a --- /dev/null +++ b/bin/tests/system/checkconf/good-static-ds.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +trust-anchors { + example. static-ds 60724 5 2 "29E79B9064EE1A11DF3BFF19581DDFED7952C22CC204ACE17B6007EB1437E9E6"; +}; diff --git a/bin/tests/system/checkconf/good-transfer-source-v6.conf b/bin/tests/system/checkconf/good-transfer-source-v6.conf new file mode 100644 index 0000000..0527b85 --- /dev/null +++ b/bin/tests/system/checkconf/good-transfer-source-v6.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + transfer-source-v6 fd92:7065:b8e:ffff::1; +}; diff --git a/bin/tests/system/checkconf/good-transfer-source.conf b/bin/tests/system/checkconf/good-transfer-source.conf new file mode 100644 index 0000000..df23d1c --- /dev/null +++ b/bin/tests/system/checkconf/good-transfer-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + transfer-source 10.53.0.1; +}; diff --git a/bin/tests/system/checkconf/good-update-policy1.conf b/bin/tests/system/checkconf/good-update-policy1.conf new file mode 100644 index 0000000..b696d8d --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy1.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * self * TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy10.conf b/bin/tests/system/checkconf/good-update-policy10.conf new file mode 100644 index 0000000..7035741 --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy10.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * krb5-subdomain . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy11.conf b/bin/tests/system/checkconf/good-update-policy11.conf new file mode 100644 index 0000000..8d1027f --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy11.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * tcp-self . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy12.conf b/bin/tests/system/checkconf/good-update-policy12.conf new file mode 100644 index 0000000..10f1f3f --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy12.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * 6to4-self . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy2.conf b/bin/tests/system/checkconf/good-update-policy2.conf new file mode 100644 index 0000000..06a35ab --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy2.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * self . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy3.conf b/bin/tests/system/checkconf/good-update-policy3.conf new file mode 100644 index 0000000..1468a71 --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy3.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * selfsub . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy4.conf b/bin/tests/system/checkconf/good-update-policy4.conf new file mode 100644 index 0000000..6296bb2 --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy4.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * selfsub * TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy5.conf b/bin/tests/system/checkconf/good-update-policy5.conf new file mode 100644 index 0000000..2c900bb --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy5.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * selfwild * TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy6.conf b/bin/tests/system/checkconf/good-update-policy6.conf new file mode 100644 index 0000000..e615812 --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy6.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * selfwild . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy7.conf b/bin/tests/system/checkconf/good-update-policy7.conf new file mode 100644 index 0000000..5beb004 --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy7.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * krb5-self . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy8.conf b/bin/tests/system/checkconf/good-update-policy8.conf new file mode 100644 index 0000000..496bc90 --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy8.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * ms-self . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-update-policy9.conf b/bin/tests/system/checkconf/good-update-policy9.conf new file mode 100644 index 0000000..691287a --- /dev/null +++ b/bin/tests/system/checkconf/good-update-policy9.conf @@ -0,0 +1,20 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "example.com" { + type master; + file "example.com.db"; + update-policy { + grant * ms-subdomain . TXT; + }; +}; diff --git a/bin/tests/system/checkconf/good-view-also-notify.conf b/bin/tests/system/checkconf/good-view-also-notify.conf new file mode 100644 index 0000000..2efb9b0 --- /dev/null +++ b/bin/tests/system/checkconf/good-view-also-notify.conf @@ -0,0 +1,21 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view example { + also-notify { missing; }; + zone "example.net" { + type slave; + notify no; + masters { 192.168.1.1; }; + }; +}; diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf new file mode 100644 index 0000000..0ecdb68 --- /dev/null +++ b/bin/tests/system/checkconf/good.conf @@ -0,0 +1,289 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * This is just a random selection of configuration options. + */ + +/* cut here */ +dnssec-policy "test" { + dnskey-ttl 3600; + keys { + ksk key-directory lifetime P1Y algorithm 13 256; + zsk key-directory lifetime P30D algorithm 13; + csk key-directory lifetime P30D algorithm 8 2048; + }; + max-zone-ttl 86400; + nsec3param ; + parent-ds-ttl 7200; + parent-propagation-delay PT1H; + publish-safety PT3600S; + purge-keys P90D; + retire-safety PT3600S; + signatures-refresh P3D; + signatures-validity P2W; + signatures-validity-dnskey P14D; + zone-propagation-delay PT5M; +}; +options { + avoid-v4-udp-ports { + 100; + }; + avoid-v6-udp-ports { + 100; + }; + blackhole { + 10.0.0.0/8; + }; + coresize 1073741824; + datasize 104857600; + directory "."; + dscp 41; + dump-file "named_dumpdb"; + files 1000; + heartbeat-interval 30; + hostname none; + interface-interval 30; + keep-response-order { + 10.0.10.0/24; + }; + listen-on port 90 { + "any"; + }; + listen-on port 100 dscp 33 { + 127.0.0.1/32; + }; + listen-on-v6 port 53 dscp 57 { + "none"; + }; + match-mapped-addresses yes; + memstatistics-file "named.memstats"; + pid-file none; + port 5300; + querylog yes; + recursing-file "named.recursing"; + recursive-clients 3000; + serial-query-rate 100; + server-id none; + update-quota 200; + check-names primary warn; + check-names secondary ignore; + max-cache-size 20000000000000; + nta-lifetime 604800; + nta-recheck 604800; + validate-except { + "corp"; + }; + dnssec-policy "test"; + max-ixfr-ratio 90%; + transfer-source 0.0.0.0 dscp 63; + zone-statistics none; +}; +parental-agents "parents" { + 10.10.10.11; + 10.10.10.12; +}; +view "first" { + match-clients { + "none"; + }; + zone "example1" { + type master; + file "xxx"; + update-policy local; + max-ixfr-ratio 20%; + notify-source 10.10.10.10 port 53 dscp 55; + }; + zone "clone" { + type master; + file "yyy"; + inline-signing yes; + max-ixfr-ratio unlimited; + }; + dnssec-validation auto; + zone-statistics terse; +}; +view "second" { + match-clients { + "any"; + }; + zone "example1" { + type master; + file "zzz"; + update-policy local; + zone-statistics yes; + }; + zone "example2" { + type static-stub; + forward only; + forwarders { + 10.53.0.4; + }; + zone-statistics no; + }; + zone "example3" { + type static-stub; + server-addresses { + 1.2.3.4; + }; + }; + zone "clone" { + in-view "first"; + }; + zone "." { + type redirect; + masters { + 1.2.3.4; + }; + }; + dnssec-validation auto; + zone-statistics full; +}; +view "third" { + match-clients { + "none"; + }; + zone "clone" { + in-view "first"; + forward only; + forwarders { + 10.0.0.100; + }; + }; + zone "dnssec" { + type master; + file "file"; + allow-update { + "any"; + }; + dnssec-policy "default"; + }; + zone "p" { + type primary; + file "pfile"; + inline-signing yes; + }; + zone "s" { + type secondary; + file "sfile"; + inline-signing yes; + masters { + 1.2.3.4; + }; + notify primary-only; + }; +}; +view "fourth" { + zone "dnssec-test" { + type master; + file "dnssec-test.db"; + inline-signing yes; + parental-agents { + 1.2.3.4; + 1.2.3.5; + }; + dnssec-policy "test"; + parental-source 10.10.10.10 port 53 dscp 55; + }; + zone "dnssec-default" { + type master; + file "dnssec-default.db"; + inline-signing yes; + parental-agents { + "parents"; + }; + dnssec-policy "default"; + }; + zone "dnssec-inherit" { + type master; + file "dnssec-inherit.db"; + inline-signing yes; + }; + zone "dnssec-none" { + type master; + file "dnssec-none.db"; + dnssec-policy "none"; + }; + zone "dnssec-view1" { + type master; + file "dnssec-view41.db"; + inline-signing yes; + dnssec-policy "test"; + }; + zone "dnssec-view2" { + type master; + file "dnssec-view42.db"; + inline-signing yes; + }; + zone "dnssec-view3" { + type master; + file "dnssec-view43.db"; + dnssec-policy "none"; + key-directory "keys"; + }; + zone "dnssec-view4" { + type master; + file "dnssec-view44.db"; + dnssec-policy "none"; + }; + dnssec-policy "default"; + key-directory "."; +}; +view "fifth" { + zone "dnssec-view1" { + type master; + file "dnssec-view51.db"; + inline-signing yes; + dnssec-policy "test"; + }; + zone "dnssec-view2" { + type master; + file "dnssec-view52.db"; + inline-signing yes; + dnssec-policy "test"; + key-directory "keys"; + }; + zone "dnssec-view3" { + type master; + file "dnssec-view53.db"; + inline-signing yes; + dnssec-policy "default"; + key-directory "keys"; + }; + zone "dnssec-view4" { + type master; + file "dnssec-view54.db"; + dnssec-policy "none"; + }; + key-directory "."; +}; +view "chaos" chaos { + zone "hostname.bind" chaos { + type master; + database "_builtin hostname"; + inline-signing yes; + }; +}; +dyndb "name" "library.so" { + this; + \}; + is a { + "test" { \{ of; the; }; + } bracketed; + "text \""; + system; +}; +key "mykey" { + algorithm "hmac-md5"; + secret "qwertyuiopasdfgh"; +}; diff --git a/bin/tests/system/checkconf/good.zonelist b/bin/tests/system/checkconf/good.zonelist new file mode 100644 index 0000000..08a5665 --- /dev/null +++ b/bin/tests/system/checkconf/good.zonelist @@ -0,0 +1,24 @@ +example1 IN first master +clone IN first master +example1 IN second master +example2 IN second static-stub +example3 IN second static-stub +clone IN second in-view first +. IN second redirect +clone IN third in-view first +dnssec IN third master +p IN third primary +s IN third secondary +dnssec-test IN fourth master +dnssec-default IN fourth master +dnssec-inherit IN fourth master +dnssec-none IN fourth master +dnssec-view1 IN fourth master +dnssec-view2 IN fourth master +dnssec-view3 IN fourth master +dnssec-view4 IN fourth master +dnssec-view1 IN fifth master +dnssec-view2 IN fifth master +dnssec-view3 IN fifth master +dnssec-view4 IN fifth master +hostname.bind chaos chaos master diff --git a/bin/tests/system/checkconf/hint-nofile.conf b/bin/tests/system/checkconf/hint-nofile.conf new file mode 100644 index 0000000..1d1dee2 --- /dev/null +++ b/bin/tests/system/checkconf/hint-nofile.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "." { + type hint; + file "nonexistent.db"; +}; diff --git a/bin/tests/system/checkconf/in-view-good.conf b/bin/tests/system/checkconf/in-view-good.conf new file mode 100644 index 0000000..afda587 --- /dev/null +++ b/bin/tests/system/checkconf/in-view-good.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view internal { + zone shared.example { + type master; + file "shared.example.db"; + }; +}; + +view external { + zone shared.example { + in-view internal; + }; +}; diff --git a/bin/tests/system/checkconf/inline-bad.conf b/bin/tests/system/checkconf/inline-bad.conf new file mode 100644 index 0000000..2eb23a5 --- /dev/null +++ b/bin/tests/system/checkconf/inline-bad.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl "transferees" {}; +masters "stealthMasters" {127.0.0.1;}; +masters "publicSlaves" {127.0.0.1;}; +zone "example.net" { + type slave; + key-directory "/var/lib/bind/example.net"; + auto-dnssec maintain; + inline-signing yes; + masters { stealthMasters; }; + notify explicit; + also-notify { publicSlaves; }; + allow-transfer { localhost; transferees; }; +}; + diff --git a/bin/tests/system/checkconf/inline-good.conf b/bin/tests/system/checkconf/inline-good.conf new file mode 100644 index 0000000..60c3b1e --- /dev/null +++ b/bin/tests/system/checkconf/inline-good.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl "transferees" {}; +masters "stealthMasters" {127.0.0.1;}; +masters "publicSlaves" {127.0.0.1;}; +zone "example.net" { + type slave; + file "/var/cache/bind/example.net.db"; + key-directory "/var/lib/bind/example.net"; + auto-dnssec maintain; + inline-signing yes; + masters { stealthMasters; }; + notify explicit; + also-notify { publicSlaves; }; + allow-transfer { localhost; transferees; }; +}; + diff --git a/bin/tests/system/checkconf/inline-no.conf b/bin/tests/system/checkconf/inline-no.conf new file mode 100644 index 0000000..64657f9 --- /dev/null +++ b/bin/tests/system/checkconf/inline-no.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +acl "transferees" {}; +masters "stealthMasters" {127.0.0.1;}; +masters "publicSlaves" {127.0.0.1;}; +zone "example.net" { + type slave; + key-directory "/var/lib/bind/example.net"; + auto-dnssec maintain; + inline-signing no; + masters { stealthMasters; }; + notify explicit; + also-notify { publicSlaves; }; + allow-transfer { localhost; transferees; }; +}; + diff --git a/bin/tests/system/checkconf/kasp-and-other-dnssec-options.conf b/bin/tests/system/checkconf/kasp-and-other-dnssec-options.conf new file mode 100644 index 0000000..6e86d90 --- /dev/null +++ b/bin/tests/system/checkconf/kasp-and-other-dnssec-options.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +include "good-kasp.conf"; + +zone "nsec3.net" { + type master; + file "nsec3.db"; + dnssec-policy "test"; + auto-dnssec maintain; + dnskey-sig-validity 3600; + dnssec-dnskey-kskonly yes; + dnssec-secure-to-insecure yes; + dnssec-update-mode maintain; + inline-signing no; + sig-validity-interval 3600; + update-check-ksk yes; +}; diff --git a/bin/tests/system/checkconf/kasp-bad-keylen.conf b/bin/tests/system/checkconf/kasp-bad-keylen.conf new file mode 100644 index 0000000..7e3465f --- /dev/null +++ b/bin/tests/system/checkconf/kasp-bad-keylen.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "bad-keylen" { + keys { + csk lifetime P10Y algorithm rsasha1 511; + }; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "bad-keylen"; +}; diff --git a/bin/tests/system/checkconf/kasp-bad-nsec3-alg.conf b/bin/tests/system/checkconf/kasp-bad-nsec3-alg.conf new file mode 100644 index 0000000..474c1d8 --- /dev/null +++ b/bin/tests/system/checkconf/kasp-bad-nsec3-alg.conf @@ -0,0 +1,26 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "bad-salt" { + keys { + csk lifetime unlimited algorithm rsasha1; + }; + nsec3param ; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "bad-salt"; +}; + diff --git a/bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf b/bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf new file mode 100644 index 0000000..2333ca7 --- /dev/null +++ b/bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf @@ -0,0 +1,61 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "rsasha1" { + keys { + csk lifetime P10Y algorithm nsec3rsasha1 1024; + }; + nsec3param iterations 150; +}; + +dnssec-policy "rsasha1-bad" { + keys { + csk lifetime P10Y algorithm nsec3rsasha1 1024; + }; + nsec3param iterations 151; +}; + +dnssec-policy "rsasha256" { + keys { + csk lifetime P10Y algorithm rsasha256 2048; + }; + nsec3param iterations 150; +}; + +dnssec-policy "rsasha256-bad" { + keys { + csk lifetime P10Y algorithm rsasha256 2048; + }; + nsec3param iterations 151; +}; + +dnssec-policy "rsasha512" { + keys { + csk lifetime P10Y algorithm rsasha512 4096; + }; + nsec3param iterations 150; +}; + +dnssec-policy "rsasha512-bad" { + keys { + csk lifetime P10Y algorithm rsasha512 4096; + }; + nsec3param iterations 151; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "default"; + inline-signing yes; +}; diff --git a/bin/tests/system/checkconf/kasp-bad-nsec3-salt.conf b/bin/tests/system/checkconf/kasp-bad-nsec3-salt.conf new file mode 100644 index 0000000..3465c39 --- /dev/null +++ b/bin/tests/system/checkconf/kasp-bad-nsec3-salt.conf @@ -0,0 +1,23 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "bad-salt" { + nsec3param salt "pepper"; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "bad-salt"; +}; + diff --git a/bin/tests/system/checkconf/kasp-ignore-keylen.conf b/bin/tests/system/checkconf/kasp-ignore-keylen.conf new file mode 100644 index 0000000..b1f1af0 --- /dev/null +++ b/bin/tests/system/checkconf/kasp-ignore-keylen.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +dnssec-policy "warn-length" { + keys { + // Algorithm 13 has predefined length, warn about length param. + csk lifetime unlimited algorithm ecdsa256 2048; + }; +}; + +zone "example.net" { + type master; + file "example.db"; + dnssec-policy "warn-length"; + inline-signing yes; +}; + diff --git a/bin/tests/system/checkconf/max-cache-size-good.conf b/bin/tests/system/checkconf/max-cache-size-good.conf new file mode 100644 index 0000000..bb12775 --- /dev/null +++ b/bin/tests/system/checkconf/max-cache-size-good.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + max-cache-size 60%; +}; diff --git a/bin/tests/system/checkconf/max-ttl.conf b/bin/tests/system/checkconf/max-ttl.conf new file mode 100644 index 0000000..ec97de5 --- /dev/null +++ b/bin/tests/system/checkconf/max-ttl.conf @@ -0,0 +1,34 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + directory "."; + max-zone-ttl 600; +}; + +zone "maxttl1.example" { + type master; + file "maxttl-bad.db"; +}; + +zone "maxttl2.example" { + type master; + file "maxttl-bad.db"; + max-zone-ttl 300; +}; + +zone "maxttl3.example" { + type master; + file "maxttl-bad.db"; + max-zone-ttl 120; +}; diff --git a/bin/tests/system/checkconf/maxttl-bad.conf b/bin/tests/system/checkconf/maxttl-bad.conf new file mode 100644 index 0000000..aa764be --- /dev/null +++ b/bin/tests/system/checkconf/maxttl-bad.conf @@ -0,0 +1,24 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + directory "."; + max-zone-ttl 8000w; +}; + +zone "maxttl.example" { + type master; + file "maxttl-bad.db"; +}; + + diff --git a/bin/tests/system/checkconf/maxttl-bad.db b/bin/tests/system/checkconf/maxttl-bad.db new file mode 100644 index 0000000..978f0ec --- /dev/null +++ b/bin/tests/system/checkconf/maxttl-bad.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 +ns2 A 10.53.0.2 + MX 10 mail + +a 600 A 10.0.0.1 +mail 900 A 10.0.0.2 diff --git a/bin/tests/system/checkconf/maxttl.db b/bin/tests/system/checkconf/maxttl.db new file mode 100644 index 0000000..3ad695e --- /dev/null +++ b/bin/tests/system/checkconf/maxttl.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 +ns2 A 10.53.0.2 + MX 10 mail + +a A 10.0.0.1 +mail A 10.0.0.2 diff --git a/bin/tests/system/checkconf/notify.conf b/bin/tests/system/checkconf/notify.conf new file mode 100644 index 0000000..d6e324a --- /dev/null +++ b/bin/tests/system/checkconf/notify.conf @@ -0,0 +1,84 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view one { + notify master-only; + + # also-notify inconsistent with master-only notify option + zone "slave" { + type slave; + masters { 1.2.3.4; }; + also-notify { 5.6.7.8; }; + }; + + # OK + zone "master" { + type master; + file "filename"; + also-notify { 5.6.7.8; }; + }; +}; + +view two { + notify no; + + # also-notify inconsistent with notify option at the view level + zone "slave" { + type slave; + masters { 1.2.3.4; }; + also-notify { 5.6.7.8; }; + }; + + # OK + zone "master" { + type master; + file "filename"; + notify yes; + also-notify { 5.6.7.8; }; + }; +}; + +view three { + # also-notify inconsistent with notify option at the zone level + zone "slave" { + type slave; + masters { 1.2.3.4; }; + notify no; + also-notify { 5.6.7.8; }; + }; + + # OK + zone "master" { + type master; + file "filename"; + also-notify { 5.6.7.8; }; + }; +}; + +view four { + also-notify { 5.6.7.8; }; + + # OK + zone "slave" { + type slave; + masters { 1.2.3.4; }; + notify master-only; + }; + + # OK + zone "master" { + type master; + file "filename"; + notify no; + }; +}; diff --git a/bin/tests/system/checkconf/portrange-good.conf b/bin/tests/system/checkconf/portrange-good.conf new file mode 100644 index 0000000..c4eb582 --- /dev/null +++ b/bin/tests/system/checkconf/portrange-good.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + avoid-v4-udp-ports { + 1935; + 2605; + 4321; + 6514; + range 8610 8614; + }; +}; diff --git a/bin/tests/system/checkconf/range.conf b/bin/tests/system/checkconf/range.conf new file mode 100644 index 0000000..b389ecb --- /dev/null +++ b/bin/tests/system/checkconf/range.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 999999; + dscp 222; + listen-on port 100 dscp 444 { + 127.0.0.1/32; + }; +}; + +zone "example" { + type master; + file "example.db"; +}; diff --git a/bin/tests/system/checkconf/servestale.stale-refresh-time.0.conf b/bin/tests/system/checkconf/servestale.stale-refresh-time.0.conf new file mode 100644 index 0000000..3ff6b0d --- /dev/null +++ b/bin/tests/system/checkconf/servestale.stale-refresh-time.0.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + stale-refresh-time 0; +}; diff --git a/bin/tests/system/checkconf/servestale.stale-refresh-time.29.conf b/bin/tests/system/checkconf/servestale.stale-refresh-time.29.conf new file mode 100644 index 0000000..9e0669c --- /dev/null +++ b/bin/tests/system/checkconf/servestale.stale-refresh-time.29.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + stale-refresh-time 29; +}; diff --git a/bin/tests/system/checkconf/shared.example.db b/bin/tests/system/checkconf/shared.example.db new file mode 100644 index 0000000..5dcdd1b --- /dev/null +++ b/bin/tests/system/checkconf/shared.example.db @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 0 SOA . . 0 0 0 0 0 +@ 0 NS . diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh new file mode 100644 index 0000000..c978efe --- /dev/null +++ b/bin/tests/system/checkconf/tests.sh @@ -0,0 +1,643 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +status=0 +n=0 + +mkdir keys + +n=`expr $n + 1` +echo_i "checking that named-checkconf handles a known good config ($n)" +ret=0 +$CHECKCONF good.conf > checkconf.out$n 2>&1 || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf prints a known good config ($n)" +ret=0 +awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in +[ -s good.conf.in ] || ret=1 +$CHECKCONF -p good.conf.in > checkconf.out$n || ret=1 +grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1 +cmp good.conf.in good.conf.out || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -x removes secrets ($n)" +ret=0 +# ensure there is a secret and that it is not the check string. +grep 'secret "' good.conf.in > /dev/null || ret=1 +grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1 +$CHECKCONF -p -x good.conf.in > checkconf.out$n || ret=1 +grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1 +grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +for bad in bad-*.conf +do + n=`expr $n + 1` + echo_i "checking that named-checkconf detects error in $bad ($n)" + ret=0 + $CHECKCONF $bad > checkconf.out$n 2>&1 + if [ $? -ne 1 ]; then ret=1; fi + grep "^$bad:[0-9]*: " < checkconf.out$n > /dev/null || ret=1 + case $bad in + bad-update-policy[123].conf) + pat="identity and name fields are not the same" + grep "$pat" < checkconf.out$n > /dev/null || ret=1 + ;; + bad-update-policy[4589].conf|bad-update-policy1[01].conf) + pat="name field not set to placeholder value" + grep "$pat" < checkconf.out$n > /dev/null || ret=1 + ;; + bad-update-policy[67].conf|bad-update-policy1[2345].conf) + pat="missing name field type '.*' found" + grep "$pat" < checkconf.out$n > /dev/null || ret=1 + ;; + esac + if [ $ret -ne 0 ]; then echo_i "failed"; fi + status=`expr $status + $ret` +done + +for good in good-*.conf +do + n=`expr $n + 1` + echo_i "checking that named-checkconf detects no error in $good ($n)" + ret=0 + $CHECKCONF $good > checkconf.out$n 2>&1 + if [ $? -ne 0 ]; then echo_i "failed"; ret=1; fi + status=`expr $status + $ret` +done + +n=`expr $n + 1` +echo_i "checking that ancient options report a fatal error ($n)" +ret=0 +$CHECKCONF ancient.conf > ancient.out 2>&1 && ret=1 +grep "no longer exists" ancient.out > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z catches missing hint file ($n)" +ret=0 +$CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1 +grep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf catches range errors ($n)" +ret=0 +$CHECKCONF range.conf > checkconf.out$n 2>&1 && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf warns of notify inconsistencies ($n)" +ret=0 +$CHECKCONF notify.conf > checkconf.out$n 2>&1 +warnings=`grep "'notify' is disabled" < checkconf.out$n | wc -l` +[ $warnings -eq 3 ] || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf dnssec warnings ($n)" +ret=0 +# dnssec.1: dnssec-enable is obsolete +$CHECKCONF dnssec.1 > checkconf.out$n.1 2>&1 +grep "'dnssec-enable' is obsolete and should be removed" < checkconf.out$n.1 > /dev/null || ret=1 +# dnssec.2: auto-dnssec warning +$CHECKCONF dnssec.2 > checkconf.out$n.2 2>&1 +grep 'auto-dnssec may only be ' < checkconf.out$n.2 > /dev/null || ret=1 +# dnssec.3: should have no warnings (other than deprecation warning) +$CHECKCONF dnssec.3 > checkconf.out$n.3 2>&1 +grep "option 'auto-dnssec' is deprecated" < checkconf.out$n.3 > /dev/null || ret=1 +lines=$(wc -l < "checkconf.out$n.3") +if [ $lines != 1 ]; then ret=1; fi +# dnssec.4: should have specific deprecation warning +$CHECKCONF dnssec.4 > checkconf.out$n.4 2>&1 +grep "'auto-dnssec' option is deprecated and will be removed in BIND 9\.19" < checkconf.out$n.4 > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf deprecate warnings ($n)" +ret=0 +$CHECKCONF deprecated.conf > checkconf.out$n.1 2>&1 +grep "option 'managed-keys' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1 +grep "option 'trusted-keys' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1 +grep "option 'dscp' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1 +grep "token 'dscp' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` +# set -i to ignore deprecate warnings +$CHECKCONF -i deprecated.conf > checkconf.out$n.2 2>&1 +grep '.*' < checkconf.out$n.2 > /dev/null && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf servestale warnings ($n)" +ret=0 +$CHECKCONF servestale.stale-refresh-time.0.conf > checkconf.out$n.1 2>&1 +grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` +ret=0 +$CHECKCONF servestale.stale-refresh-time.29.conf > checkconf.out$n.1 2>&1 +grep "'stale-refresh-time' should either be 0 or otherwise 30 seconds or higher" < checkconf.out$n.1 > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "range checking fields that do not allow zero ($n)" +ret=0 +for field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do + cat > badzero.conf << EOF +options { + $field 0; +}; +EOF + $CHECKCONF badzero.conf > checkconf.out$n.1 2>&1 + [ $? -eq 1 ] || { echo_i "options $field failed" ; ret=1; } + cat > badzero.conf << EOF +view dummy { + $field 0; +}; +EOF + $CHECKCONF badzero.conf > checkconf.out$n.2 2>&1 + [ $? -eq 1 ] || { echo_i "view $field failed" ; ret=1; } + cat > badzero.conf << EOF +options { + $field 0; +}; +view dummy { +}; +EOF + $CHECKCONF badzero.conf > checkconf.out$n.3 2>&1 + [ $? -eq 1 ] || { echo_i "options + view $field failed" ; ret=1; } + cat > badzero.conf << EOF +zone dummy { + type secondary; + primaries { 0.0.0.0; }; + $field 0; +}; +EOF + $CHECKCONF badzero.conf > checkconf.out$n.4 2>&1 + [ $? -eq 1 ] || { echo_i "zone $field failed" ; ret=1; } +done +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking options allowed in inline-signing secondaries ($n)" +ret=0 +$CHECKCONF bad-dnssec.conf > checkconf.out$n.1 2>&1 +l=`grep "dnssec-dnskey-kskonly.*requires inline" < checkconf.out$n.1 | wc -l` +[ $l -eq 1 ] || ret=1 +$CHECKCONF bad-dnssec.conf > checkconf.out$n.2 2>&1 +l=`grep "dnssec-loadkeys-interval.*requires inline" < checkconf.out$n.2 | wc -l` +[ $l -eq 1 ] || ret=1 +$CHECKCONF bad-dnssec.conf > checkconf.out$n.3 2>&1 +l=`grep "update-check-ksk.*requires inline" < checkconf.out$n.3 | wc -l` +[ $l -eq 1 ] || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check file + inline-signing for secondary zones ($n)" +$CHECKCONF inline-no.conf > checkconf.out$n.1 2>&1 +l=`grep "missing 'file' entry" < checkconf.out$n.1 | wc -l` +[ $l -eq 0 ] || ret=1 +$CHECKCONF inline-good.conf > checkconf.out$n.2 2>&1 +l=`grep "missing 'file' entry" < checkconf.out$n.2 | wc -l` +[ $l -eq 0 ] || ret=1 +$CHECKCONF inline-bad.conf > checkconf.out$n.3 2>&1 +l=`grep "missing 'file' entry" < checkconf.out$n.3 | wc -l` +[ $l -eq 1 ] || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf DLZ warnings ($n)" +ret=0 +$CHECKCONF dlz-bad.conf > checkconf.out$n 2>&1 +grep "'dlz' and 'database'" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking for missing key directory warning ($n)" +ret=0 +rm -rf test.keydir +$CHECKCONF warn-keydir.conf > checkconf.out$n.1 2>&1 +l=`grep "'test.keydir' does not exist" < checkconf.out$n.1 | wc -l` +[ $l -eq 1 ] || ret=1 +touch test.keydir +$CHECKCONF warn-keydir.conf > checkconf.out$n.2 2>&1 +l=`grep "'test.keydir' is not a directory" < checkconf.out$n.2 | wc -l` +[ $l -eq 1 ] || ret=1 +rm -f test.keydir +mkdir test.keydir +$CHECKCONF warn-keydir.conf > checkconf.out$n.3 2>&1 +l=`grep "key-directory" < checkconf.out$n.3 | wc -l` +[ $l -eq 0 ] || ret=1 +rm -rf test.keydir +if [ $ret -ne 0 ]; then echo_i "failed"; fi + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)" +ret=0 +$CHECKCONF -z max-ttl.conf > check.out 2>&1 +grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 +grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 +grep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z catches invalid max-ttl ($n)" +ret=0 +$CHECKCONF -z max-ttl-bad.conf > checkconf.out$n 2>&1 && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z skips zone check with alternate databases ($n)" +ret=0 +$CHECKCONF -z altdb.conf > checkconf.out$n 2>&1 || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z skips zone check with DLZ ($n)" +ret=0 +$CHECKCONF -z altdlz.conf > checkconf.out$n 2>&1 || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z fails on view with ANY class ($n)" +ret=0 +$CHECKCONF -z view-class-any1.conf > checkconf.out$n 2>&1 && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z fails on view with CLASS255 class ($n)" +ret=0 +$CHECKCONF -z view-class-any2.conf > checkconf.out$n 2>&1 && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z passes on view with IN class ($n)" +ret=0 +$CHECKCONF -z view-class-in1.conf > checkconf.out$n 2>&1 || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf -z passes on view with CLASS1 class ($n)" +ret=0 +$CHECKCONF -z view-class-in2.conf > checkconf.out$n 2>&1 || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that check-names fails as configured ($n)" +ret=0 +$CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1 +grep "near '_underscore': bad name (check-names)" < checkconf.out$n > /dev/null || ret=1 +grep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that check-mx fails as configured ($n)" +ret=0 +$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1 +grep "near '10.0.0.1': MX is an address" < checkconf.out$n > /dev/null || ret=1 +grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that check-dup-records fails as configured ($n)" +ret=0 +$CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1 +grep "has semantically identical records" < checkconf.out$n > /dev/null || ret=1 +grep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that check-mx fails as configured ($n)" +ret=0 +$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1 +grep "failed: MX is an address" < checkconf.out$n > /dev/null || ret=1 +grep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that check-mx-cname fails as configured ($n)" +ret=0 +$CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1 +grep "MX.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1 +grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that check-srv-cname fails as configured ($n)" +ret=0 +$CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1 +grep "SRV.* is a CNAME (illegal)" < checkconf.out$n > /dev/null || ret=1 +grep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that named-checkconf -p properly print a port range ($n)" +ret=0 +$CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1 +grep "range 8610 8614;" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that named-checkconf -z handles in-view ($n)" +ret=0 +$CHECKCONF -z in-view-good.conf > checkconf.out$n 2>&1 || ret=1 +grep "zone shared.example/IN: loaded serial" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that named-checkconf -z returns error when a later view is okay ($n)" +ret=0 +$CHECKCONF -z check-missing-zone.conf > checkconf.out$n 2>&1 && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that named-checkconf prints max-cache-size <percentage> correctly ($n)" +ret=0 +$CHECKCONF -p max-cache-size-good.conf > checkconf.out$n 2>&1 || ret=1 +grep "max-cache-size 60%;" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that named-checkconf -l prints out the zone list ($n)" +ret=0 +$CHECKCONF -l good.conf | +grep -v "is deprecated" | +grep -v "is not implemented" | +grep -v "is not recommended" | +grep -v "no longer exists" | +grep -v "is obsolete" > checkconf.out$n || ret=1 +diff good.zonelist checkconf.out$n > diff.out$n || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'dnssec-lookaside auto;' generates a warning ($n)" +ret=0 +$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)" +ret=0 +$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'dnssec-lookaside . trust-anchor dlv.example.com;' generates a warning ($n)" +ret=0 +$CHECKCONF warn-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "option 'dnssec-lookaside' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)" +ret=0 +$CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1 +[ -s checkconf.out$n ] || ret=1 +grep "key without the updated" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not generate a warning ($n)" +ret=0 +$CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1 +[ -s checkconf.out$n ] && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that the 2017 ICANN ROOT KSK alone does not generate a warning ($n)" +ret=0 +$CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1 +[ -s checkconf.out$n ] && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that a static root key generates a warning ($n)" +ret=0 +$CHECKCONF check-root-static-key.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that a static root DS trust anchor generates a warning ($n)" +ret=0 +$CHECKCONF check-root-static-ds.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "static entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that a trusted-keys entry for root generates a warning ($n)" +ret=0 +$CHECKCONF check-root-trusted-key.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "trusted-keys entry for the root zone WILL FAIL" checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that using trust-anchors and managed-keys generates an error ($n)" +ret=0 +$CHECKCONF check-mixed-keys.conf > checkconf.out$n 2>/dev/null && ret=1 +grep "use of managed-keys is not allowed" checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'geoip-use-ecs no' generates a warning ($n)" +ret=0 +$CHECKCONF warn-geoip-use-ecs.conf > checkconf.out$n 2>/dev/null || ret=1 +[ -s checkconf.out$n ] || ret=1 +grep "'geoip-use-ecs' is obsolete" < checkconf.out$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf kasp errors ($n)" +ret=0 +$CHECKCONF kasp-and-other-dnssec-options.conf > checkconf.out$n 2>&1 && ret=1 +grep "'inline-signing yes;' must also be configured explicitly for zones using dnssec-policy without a configured 'allow-update' or 'update-policy'" < checkconf.out$n > /dev/null || ret=1 +grep "'auto-dnssec maintain;' cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 +grep "dnskey-sig-validity: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 +grep "dnssec-dnskey-kskonly: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 +grep "dnssec-secure-to-insecure: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 +grep "dnssec-update-mode: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 +grep "sig-validity-interval: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 +grep "update-check-ksk: cannot be configured if dnssec-policy is also set" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf kasp nsec3 iterations errors ($n)" +ret=0 +$CHECKCONF kasp-bad-nsec3-iter.conf > checkconf.out$n 2>&1 && ret=1 +grep "dnssec-policy: nsec3 iterations value 151 out of range" < checkconf.out$n > /dev/null || ret=1 +lines=$(wc -l < "checkconf.out$n") +if [ $lines -ne 3 ]; then ret=1; fi +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf kasp nsec3 algorithm errors ($n)" +ret=0 +$CHECKCONF kasp-bad-nsec3-alg.conf > checkconf.out$n 2>&1 && ret=1 +grep "dnssec-policy: cannot use nsec3 with algorithm 'RSASHA1'" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf kasp key errors ($n)" +ret=0 +$CHECKCONF kasp-bad-keylen.conf > checkconf.out$n 2>&1 && ret=1 +grep "dnssec-policy: key with algorithm rsasha1 has invalid key length 511" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking named-checkconf kasp predefined key length ($n)" +ret=0 +$CHECKCONF kasp-ignore-keylen.conf > checkconf.out$n 2>&1 || ret=1 +grep "dnssec-policy: key algorithm ecdsa256 has predefined length; ignoring length value 2048" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that a good 'kasp' configuration is accepted ($n)" +ret=0 +$CHECKCONF good-kasp.conf > checkconf.out$n 2>/dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "checking that named-checkconf prints a known good kasp config ($n)" +ret=0 +awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good-kasp.conf > good-kasp.conf.in +[ -s good-kasp.conf.in ] || ret=1 +$CHECKCONF -p good-kasp.conf.in | grep -v '^good-kasp.conf.in:' > good-kasp.conf.out 2>&1 || ret=1 +cmp good-kasp.conf.in good-kasp.conf.out || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that max-ixfr-ratio 100% generates a warning ($n)" +ret=0 +$CHECKCONF warn-maxratio1.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "exceeds 100%" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that *-source options with specified port generate warnings ($n)" +ret=0 +$CHECKCONF warn-transfer-source.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "not recommended" < checkconf.out$n > /dev/null || ret=1 +$CHECKCONF warn-notify-source.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "not recommended" < checkconf.out$n > /dev/null || ret=1 +$CHECKCONF warn-parental-source.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "not recommended" < checkconf.out$n > /dev/null || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that using both max-zone-ttl and dnssec-policy generates a warning ($n)" +ret=0 +$CHECKCONF warn-kasp-max-zone-ttl.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "option 'max-zone-ttl' is ignored when used together with 'dnssec-policy'" < checkconf.out$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=$((n+1)) +echo_i "check that masterfile-format map generates deprecation warning ($n)" +ret=0 +$CHECKCONF deprecated-masterfile-format-map.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "is deprecated" < checkconf.out$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check that masterfile-format text and raw don't generate deprecation warning ($n)" +ret=0 +$CHECKCONF good-masterfile-format-text.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "is deprecated" < checkconf.out$n >/dev/null && ret=1 +$CHECKCONF good-masterfile-format-raw.conf > checkconf.out$n 2>/dev/null || ret=1 +grep "is deprecated" < checkconf.out$n >/dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "check that 'check-wildcard no;' succeeds as configured ($n)" +ret=0 +$CHECKCONF -z check-wildcard-no.conf > checkconf.out$n 2>&1 || ret=1 +grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'check-wildcard yes;' warns as configured ($n)" +ret=0 +$CHECKCONF -z check-wildcard.conf > checkconf.out$n 2>&1 || ret=1 +grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +rmdir keys + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/checkconf/view-class-any1.conf b/bin/tests/system/checkconf/view-class-any1.conf new file mode 100644 index 0000000..8b39456 --- /dev/null +++ b/bin/tests/system/checkconf/view-class-any1.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "example" any { }; diff --git a/bin/tests/system/checkconf/view-class-any2.conf b/bin/tests/system/checkconf/view-class-any2.conf new file mode 100644 index 0000000..049ccf6 --- /dev/null +++ b/bin/tests/system/checkconf/view-class-any2.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "example" class255 { }; diff --git a/bin/tests/system/checkconf/view-class-in1.conf b/bin/tests/system/checkconf/view-class-in1.conf new file mode 100644 index 0000000..1d203e6 --- /dev/null +++ b/bin/tests/system/checkconf/view-class-in1.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "example" in { }; diff --git a/bin/tests/system/checkconf/view-class-in2.conf b/bin/tests/system/checkconf/view-class-in2.conf new file mode 100644 index 0000000..38b356e --- /dev/null +++ b/bin/tests/system/checkconf/view-class-in2.conf @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +view "example" class1 { }; diff --git a/bin/tests/system/checkconf/warn-dlv-auto.conf b/bin/tests/system/checkconf/warn-dlv-auto.conf new file mode 100644 index 0000000..598edd2 --- /dev/null +++ b/bin/tests/system/checkconf/warn-dlv-auto.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-lookaside auto; +}; diff --git a/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf b/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf new file mode 100644 index 0000000..d274731 --- /dev/null +++ b/bin/tests/system/checkconf/warn-dlv-dlv.example.com.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-lookaside . trust-anchor dlv.example.com; +}; diff --git a/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf b/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf new file mode 100644 index 0000000..47bea02 --- /dev/null +++ b/bin/tests/system/checkconf/warn-dlv-dlv.isc.org.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + dnssec-lookaside . trust-anchor dlv.isc.org; +}; diff --git a/bin/tests/system/checkconf/warn-geoip-use-ecs.conf b/bin/tests/system/checkconf/warn-geoip-use-ecs.conf new file mode 100644 index 0000000..9b95003 --- /dev/null +++ b/bin/tests/system/checkconf/warn-geoip-use-ecs.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + geoip-use-ecs no; +}; diff --git a/bin/tests/system/checkconf/warn-kasp-max-zone-ttl.conf b/bin/tests/system/checkconf/warn-kasp-max-zone-ttl.conf new file mode 100644 index 0000000..0d3139d --- /dev/null +++ b/bin/tests/system/checkconf/warn-kasp-max-zone-ttl.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * The dnssec-policy is not defined. Should also be caught if it is inherited. + */ + +options { + dnssec-policy default; +}; + +zone "example.net" { + type primary; + file "example.db"; + inline-signing yes; + max-zone-ttl 600; +}; diff --git a/bin/tests/system/checkconf/warn-keydir.conf b/bin/tests/system/checkconf/warn-keydir.conf new file mode 100644 index 0000000..7aa4536 --- /dev/null +++ b/bin/tests/system/checkconf/warn-keydir.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * key-directory defined but doesn't exist. + */ +options { + directory "."; +}; + +zone dummy { + type master; + file "xxxx"; + key-directory "test.keydir"; +}; diff --git a/bin/tests/system/checkconf/warn-maxratio1.conf b/bin/tests/system/checkconf/warn-maxratio1.conf new file mode 100644 index 0000000..31af34b --- /dev/null +++ b/bin/tests/system/checkconf/warn-maxratio1.conf @@ -0,0 +1,19 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone example { + type master; + masterfile-format map; + file "example.db"; + max-ixfr-ratio 101%; +}; diff --git a/bin/tests/system/checkconf/warn-notify-source.conf b/bin/tests/system/checkconf/warn-notify-source.conf new file mode 100644 index 0000000..4d840cc --- /dev/null +++ b/bin/tests/system/checkconf/warn-notify-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + notify-source 10.53.0.1 port 100; +}; diff --git a/bin/tests/system/checkconf/warn-parental-source.conf b/bin/tests/system/checkconf/warn-parental-source.conf new file mode 100644 index 0000000..2bbb34b --- /dev/null +++ b/bin/tests/system/checkconf/warn-parental-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + parental-source 10.53.0.1 port 100; +}; diff --git a/bin/tests/system/checkconf/warn-transfer-source.conf b/bin/tests/system/checkconf/warn-transfer-source.conf new file mode 100644 index 0000000..eb31041 --- /dev/null +++ b/bin/tests/system/checkconf/warn-transfer-source.conf @@ -0,0 +1,22 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port 5300; +}; + +zone example { + type secondary; + primaries { 1.2.3.4; }; + transfer-source 10.53.0.1 port 100; +}; |