summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/inline/ns3
diff options
context:
space:
mode:
Diffstat (limited to 'bin/tests/system/inline/ns3')
-rw-r--r--bin/tests/system/inline/ns3/include.db.in12
-rw-r--r--bin/tests/system/inline/ns3/named.conf.in181
-rw-r--r--bin/tests/system/inline/ns3/primary.db.in21
-rw-r--r--bin/tests/system/inline/ns3/primary2.db.in23
-rw-r--r--bin/tests/system/inline/ns3/primary3.db.in24
-rw-r--r--bin/tests/system/inline/ns3/primary4.db.in24
-rw-r--r--bin/tests/system/inline/ns3/primary5.db.in24
-rw-r--r--bin/tests/system/inline/ns3/primary6.db.in26
-rw-r--r--bin/tests/system/inline/ns3/primary7.db.in26
-rwxr-xr-xbin/tests/system/inline/ns3/sign.sh159
10 files changed, 520 insertions, 0 deletions
diff --git a/bin/tests/system/inline/ns3/include.db.in b/bin/tests/system/inline/ns3/include.db.in
new file mode 100644
index 0000000..c46a6a8
--- /dev/null
+++ b/bin/tests/system/inline/ns3/include.db.in
@@ -0,0 +1,12 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+f A 10.0.0.7
diff --git a/bin/tests/system/inline/ns3/named.conf.in b/bin/tests/system/inline/ns3/named.conf.in
new file mode 100644
index 0000000..6b3b3cd
--- /dev/null
+++ b/bin/tests/system/inline/ns3/named.conf.in
@@ -0,0 +1,181 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS3
+
+include "../../common/rndc.key";
+
+controls {
+ inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ try-tcp-refresh no;
+ notify-delay 0;
+ allow-new-zones yes;
+ dnssec-validation no;
+};
+
+zone "bits" {
+ type secondary;
+ primaries { 10.53.0.2; };
+ inline-signing yes;
+ auto-dnssec maintain;
+ allow-update-forwarding { any; };
+ file "bits.bk";
+ sig-signing-signatures 1; // force incremental processing
+};
+
+server 10.53.0.4 { request-ixfr no; };
+
+zone "noixfr" {
+ type secondary;
+ primaries { 10.53.0.4; };
+ inline-signing yes;
+ auto-dnssec maintain;
+ allow-update-forwarding { any; };
+ file "noixfr.bk";
+};
+
+zone "primary" {
+ type primary;
+ inline-signing yes;
+ auto-dnssec maintain;
+ file "primary.db";
+ notify explicit;
+ also-notify {
+ 10.53.0.3;
+ };
+};
+
+zone "dynamic" {
+ type primary;
+ inline-signing yes;
+ auto-dnssec maintain;
+ allow-update { any; };
+ file "dynamic.db";
+};
+
+zone "updated" {
+ type primary;
+ inline-signing yes;
+ auto-dnssec maintain;
+ allow-update { none; };
+ file "updated.db";
+};
+
+zone "expired" {
+ type primary;
+ inline-signing yes;
+ auto-dnssec maintain;
+ allow-update { any; };
+ file "expired.db";
+};
+
+zone "retransfer" {
+ type secondary;
+ primaries { 10.53.0.2; };
+ inline-signing yes;
+ auto-dnssec maintain;
+ file "retransfer.bk";
+};
+
+zone "nsec3" {
+ type primary;
+ inline-signing yes;
+ auto-dnssec maintain;
+ allow-update { any; };
+ file "nsec3.db";
+};
+
+zone "externalkey" {
+ type primary;
+ inline-signing yes;
+ auto-dnssec maintain;
+ dnssec-dnskey-kskonly no;
+ allow-update { any; };
+ file "externalkey.db";
+};
+
+zone "retransfer3" {
+ type secondary;
+ primaries { 10.53.0.2; };
+ inline-signing yes;
+ auto-dnssec maintain;
+ file "retransfer3.bk";
+};
+
+zone "inactiveksk" {
+ type secondary;
+ primaries { 10.53.0.2; };
+ inline-signing yes;
+ auto-dnssec maintain;
+ dnssec-dnskey-kskonly yes;
+ file "inactiveksk.bk";
+};
+
+zone "inactivezsk" {
+ type secondary;
+ primaries { 10.53.0.2; };
+ inline-signing yes;
+ auto-dnssec maintain;
+ file "inactivezsk.bk";
+};
+
+zone "nokeys" {
+ type secondary;
+ primaries { 10.53.0.2; };
+ inline-signing yes;
+ auto-dnssec maintain;
+ file "nokeys.bk";
+};
+
+zone "delayedkeys" {
+ type primary;
+ inline-signing yes;
+ auto-dnssec maintain;
+ file "delayedkeys.db";
+};
+
+zone "removedkeys-primary" {
+ type primary;
+ inline-signing yes;
+ auto-dnssec maintain;
+ allow-update { any; };
+ also-notify { 10.53.0.2; };
+ file "removedkeys-primary.db";
+};
+
+zone "removedkeys-secondary" {
+ type secondary;
+ primaries { 10.53.0.2; };
+ inline-signing yes;
+ auto-dnssec maintain;
+ file "removedkeys-secondary.bk";
+};
+
+zone "unsupported" {
+ type primary;
+ file "unsupported.db";
+ inline-signing yes;
+ auto-dnssec maintain;
+};
diff --git a/bin/tests/system/inline/ns3/primary.db.in b/bin/tests/system/inline/ns3/primary.db.in
new file mode 100644
index 0000000..4d30cf6
--- /dev/null
+++ b/bin/tests/system/inline/ns3/primary.db.in
@@ -0,0 +1,21 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns3 . (
+ 2000042407 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns3
+ns3 A 10.53.0.3
diff --git a/bin/tests/system/inline/ns3/primary2.db.in b/bin/tests/system/inline/ns3/primary2.db.in
new file mode 100644
index 0000000..24a0666
--- /dev/null
+++ b/bin/tests/system/inline/ns3/primary2.db.in
@@ -0,0 +1,23 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns3 . (
+ 2000042408 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns3
+ns3 A 10.53.0.3
+
+e A 10.0.0.5
diff --git a/bin/tests/system/inline/ns3/primary3.db.in b/bin/tests/system/inline/ns3/primary3.db.in
new file mode 100644
index 0000000..f3062c3
--- /dev/null
+++ b/bin/tests/system/inline/ns3/primary3.db.in
@@ -0,0 +1,24 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns3 . (
+ 2000042409 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns3
+ns3 A 10.53.0.3
+
+c A 10.0.0.3
+e A 10.0.0.5
diff --git a/bin/tests/system/inline/ns3/primary4.db.in b/bin/tests/system/inline/ns3/primary4.db.in
new file mode 100644
index 0000000..737e2e2
--- /dev/null
+++ b/bin/tests/system/inline/ns3/primary4.db.in
@@ -0,0 +1,24 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns3 hostmaster. (
+ 2000042410 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns3
+ns3 A 10.53.0.3
+
+c A 10.0.0.3
+e A 10.0.0.5
diff --git a/bin/tests/system/inline/ns3/primary5.db.in b/bin/tests/system/inline/ns3/primary5.db.in
new file mode 100644
index 0000000..a1e1300
--- /dev/null
+++ b/bin/tests/system/inline/ns3/primary5.db.in
@@ -0,0 +1,24 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns3 . (
+ 2000042411 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns3
+ns3 A 10.53.0.3
+
+c A 10.0.0.3
+e A 10.0.0.5
diff --git a/bin/tests/system/inline/ns3/primary6.db.in b/bin/tests/system/inline/ns3/primary6.db.in
new file mode 100644
index 0000000..de3e651
--- /dev/null
+++ b/bin/tests/system/inline/ns3/primary6.db.in
@@ -0,0 +1,26 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns3 . (
+ 2000042412 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns3
+ns3 A 10.53.0.3
+
+c A 10.0.0.3
+e A 10.0.0.5
+
+$INCLUDE missingfile.db
diff --git a/bin/tests/system/inline/ns3/primary7.db.in b/bin/tests/system/inline/ns3/primary7.db.in
new file mode 100644
index 0000000..a3e33e7
--- /dev/null
+++ b/bin/tests/system/inline/ns3/primary7.db.in
@@ -0,0 +1,26 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA ns3 . (
+ 2000042412 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns3
+ns3 A 10.53.0.3
+
+c A 10.0.0.3
+e A 10.0.0.5
+
+$INCLUDE include.db
diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh
new file mode 100755
index 0000000..f17a8ad
--- /dev/null
+++ b/bin/tests/system/inline/ns3/sign.sh
@@ -0,0 +1,159 @@
+#!/bin/sh -e
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+. ../../conf.sh
+
+# Fake an unsupported key
+unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported)
+awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key > ${unsupportedkey}.tmp
+mv ${unsupportedkey}.tmp ${unsupportedkey}.key
+
+zone=bits
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=noixfr
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=primary
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=dynamic
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=updated
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null
+cp primary2.db.in updated.db
+
+# signatures are expired and should be regenerated on startup
+zone=expired
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null
+
+zone=retransfer
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=nsec3
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=retransfer3
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=inactiveksk
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -P now -A now+3600 -f KSK $zone)
+keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=inactivezsk
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -P now -A now+3600 $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone -f KSK $zone)
+$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
+
+zone=delayedkeys
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+# Keys for the "delayedkeys" zone should not be initially accessible.
+mv K${zone}.+*+*.* ../
+
+zone=removedkeys-primary
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+
+zone=removedkeys-secondary
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+
+for s in a c d h k l m q z
+do
+ zone=test-$s
+ keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+done
+
+for s in b f i o p t v
+do
+ zone=test-$s
+ keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+ keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+done
+
+zone=externalkey
+rm -f K${zone}.+*+*.key
+rm -f K${zone}.+*+*.private
+
+for alg in ${DEFAULT_ALGORITHM} ${ALTERNATIVE_ALGORITHM}
+do
+ k1=$($KEYGEN -q -a $alg -n zone -f KSK $zone)
+ k2=$($KEYGEN -q -a $alg -n zone $zone)
+ k3=$($KEYGEN -q -a $alg -n zone $zone)
+ k4=$($KEYGEN -q -a $alg -n zone -f KSK $zone)
+ $DSFROMKEY -T 1200 $k4 >> ../ns1/root.db
+
+ # Convert k1 and k2 in to External Keys.
+ rm -f $k1.private
+ mv $k1.key a-file
+ $IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 ||
+ ( echo_i "importkey failed: $alg" )
+ rm -f $k2.private
+ mv $k2.key a-file
+ $IMPORTKEY -f a-file $zone > /dev/null 2>&1 ||
+ ( echo_i "importkey failed: $alg" )
+done