diff options
Diffstat (limited to 'bin/tests/system/dupsigs/ns1')
-rw-r--r-- | bin/tests/system/dupsigs/ns1/named.args | 1 | ||||
-rw-r--r-- | bin/tests/system/dupsigs/ns1/named.conf.in | 33 | ||||
-rw-r--r-- | bin/tests/system/dupsigs/ns1/reset_keys.sh | 100 | ||||
-rw-r--r-- | bin/tests/system/dupsigs/ns1/signing.test.db.in | 18 |
4 files changed, 152 insertions, 0 deletions
diff --git a/bin/tests/system/dupsigs/ns1/named.args b/bin/tests/system/dupsigs/ns1/named.args new file mode 100644 index 0000000..231eed4 --- /dev/null +++ b/bin/tests/system/dupsigs/ns1/named.args @@ -0,0 +1 @@ +-D dupsigs-ns1 -X named.lock -m record,size,mctx -c named.conf -d 99 -g -U 4 -T maxcachesize=2097152 -T sigvalinsecs diff --git a/bin/tests/system/dupsigs/ns1/named.conf.in b/bin/tests/system/dupsigs/ns1/named.conf.in new file mode 100644 index 0000000..494ecfb --- /dev/null +++ b/bin/tests/system/dupsigs/ns1/named.conf.in @@ -0,0 +1,33 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + recursion no; + max-journal-size unlimited; + port @PORT@; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + pid-file "named.pid"; +}; + +zone "signing.test" { + type primary; + masterfile-format text; + allow-update { any; }; + file "signing.test.db"; + update-check-ksk yes; + key-directory "keys/signing.test"; + inline-signing yes; + auto-dnssec maintain; + sig-validity-interval 20 5; +}; diff --git a/bin/tests/system/dupsigs/ns1/reset_keys.sh b/bin/tests/system/dupsigs/ns1/reset_keys.sh new file mode 100644 index 0000000..4faa0bb --- /dev/null +++ b/bin/tests/system/dupsigs/ns1/reset_keys.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +zone=signing.test +rm -rf keys/signing.test +mkdir -p keys/signing.test + +timetodnssec() { + $PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]); + printf("%04u%02u%02u%02u%02u%02u\n", $y+1900,$m+1,$d,$H,$M,$S);' ${1} +} + +KEYDIR=keys/signing.test +KSK=`$KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone` + +ZSK0=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK1=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK2=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK3=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK4=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK5=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK6=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK7=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK8=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK9=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` + +# clear all times on all keys +for FILEN in keys/signing.test/*.key +do + $SETTIME -P none -A none -R none -I none -D none $FILEN +done + +BASE=`date +%s` +BASET=`timetodnssec $BASE` + +# reset the publish and activation time on the KSK +$SETTIME -P $BASET -A $BASET $KEYDIR/$KSK + +# reset the publish and activation time on the first ZSK +$SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0 + +# schedule the first roll +R1=`expr $BASE + 50` +R1T=`timetodnssec $R1` + +$SETTIME -I $R1T $KEYDIR/$ZSK0 +$SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1 + +# schedule the second roll (which includes the delete of the first key) +R2=`expr $R1 + 50` +R2T=`timetodnssec $R2` +DT=$R2 +DTT=`timetodnssec $DT` + +$SETTIME -D $DTT $KEYDIR/$ZSK0 +$SETTIME -I $R2T $KEYDIR/$ZSK1 +$SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2 + +# schedule the third roll +R3=`expr $R2 + 25` +R3T=`timetodnssec $R3` + +$SETTIME -D $R3T $KEYDIR/$ZSK1 +$SETTIME -I $R3T $KEYDIR/$ZSK2 +$SETTIME -P $R2T -A $R3T $KEYDIR/$ZSK3 + +$SETTIME -P $R3T $KEYDIR/$ZSK4 + +echo KSK=$KSK +echo ZSK0=$ZSK0 +echo ZSK1=$ZSK1 +echo ZSK2=$ZSK2 +echo ZSK3=$ZSK3 +echo ZSK4=$ZSK4 + +exit + +# schedule the fourth roll +# this isn't long enough for the signing to complete and would result in +# duplicate signatures, see +# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597 +R4=`expr $R3 + 10` +R4T=`timetodnssec $R4` + +$SETTIME -D $R4T $KEYDIR/$ZSK2 +$SETTIME -I $R4T $KEYDIR/$ZSK3 +$SETTIME -P $R3T -A $R4T $KEYDIR/$ZSK4 diff --git a/bin/tests/system/dupsigs/ns1/signing.test.db.in b/bin/tests/system/dupsigs/ns1/signing.test.db.in new file mode 100644 index 0000000..b522b6f --- /dev/null +++ b/bin/tests/system/dupsigs/ns1/signing.test.db.in @@ -0,0 +1,18 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 3600 +@ IN SOA ns root.ns 1996072700 3600 1800 86400 60 +@ NS ns +ns A 127.0.0.1 +ns AAAA ::1 + +$GENERATE 0-499 a${0,4,d} AAAA ::$ |