diff options
Diffstat (limited to 'bin/tests/system/inline/ns3')
| -rw-r--r-- | bin/tests/system/inline/ns3/include.db.in | 12 | ||||
| -rw-r--r-- | bin/tests/system/inline/ns3/named.conf.in | 181 | ||||
| -rw-r--r-- | bin/tests/system/inline/ns3/primary.db.in | 21 | ||||
| -rw-r--r-- | bin/tests/system/inline/ns3/primary2.db.in | 23 | ||||
| -rw-r--r-- | bin/tests/system/inline/ns3/primary3.db.in | 24 | ||||
| -rw-r--r-- | bin/tests/system/inline/ns3/primary4.db.in | 24 | ||||
| -rw-r--r-- | bin/tests/system/inline/ns3/primary5.db.in | 24 | ||||
| -rw-r--r-- | bin/tests/system/inline/ns3/primary6.db.in | 26 | ||||
| -rw-r--r-- | bin/tests/system/inline/ns3/primary7.db.in | 26 | ||||
| -rwxr-xr-x | bin/tests/system/inline/ns3/sign.sh | 159 |
10 files changed, 520 insertions, 0 deletions
diff --git a/bin/tests/system/inline/ns3/include.db.in b/bin/tests/system/inline/ns3/include.db.in new file mode 100644 index 0000000..c46a6a8 --- /dev/null +++ b/bin/tests/system/inline/ns3/include.db.in @@ -0,0 +1,12 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +f A 10.0.0.7 diff --git a/bin/tests/system/inline/ns3/named.conf.in b/bin/tests/system/inline/ns3/named.conf.in new file mode 100644 index 0000000..6b3b3cd --- /dev/null +++ b/bin/tests/system/inline/ns3/named.conf.in @@ -0,0 +1,181 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS3 + +include "../../common/rndc.key"; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + try-tcp-refresh no; + notify-delay 0; + allow-new-zones yes; + dnssec-validation no; +}; + +zone "bits" { + type secondary; + primaries { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + allow-update-forwarding { any; }; + file "bits.bk"; + sig-signing-signatures 1; // force incremental processing +}; + +server 10.53.0.4 { request-ixfr no; }; + +zone "noixfr" { + type secondary; + primaries { 10.53.0.4; }; + inline-signing yes; + auto-dnssec maintain; + allow-update-forwarding { any; }; + file "noixfr.bk"; +}; + +zone "primary" { + type primary; + inline-signing yes; + auto-dnssec maintain; + file "primary.db"; + notify explicit; + also-notify { + 10.53.0.3; + }; +}; + +zone "dynamic" { + type primary; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + file "dynamic.db"; +}; + +zone "updated" { + type primary; + inline-signing yes; + auto-dnssec maintain; + allow-update { none; }; + file "updated.db"; +}; + +zone "expired" { + type primary; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + file "expired.db"; +}; + +zone "retransfer" { + type secondary; + primaries { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "retransfer.bk"; +}; + +zone "nsec3" { + type primary; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + file "nsec3.db"; +}; + +zone "externalkey" { + type primary; + inline-signing yes; + auto-dnssec maintain; + dnssec-dnskey-kskonly no; + allow-update { any; }; + file "externalkey.db"; +}; + +zone "retransfer3" { + type secondary; + primaries { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "retransfer3.bk"; +}; + +zone "inactiveksk" { + type secondary; + primaries { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + dnssec-dnskey-kskonly yes; + file "inactiveksk.bk"; +}; + +zone "inactivezsk" { + type secondary; + primaries { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "inactivezsk.bk"; +}; + +zone "nokeys" { + type secondary; + primaries { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "nokeys.bk"; +}; + +zone "delayedkeys" { + type primary; + inline-signing yes; + auto-dnssec maintain; + file "delayedkeys.db"; +}; + +zone "removedkeys-primary" { + type primary; + inline-signing yes; + auto-dnssec maintain; + allow-update { any; }; + also-notify { 10.53.0.2; }; + file "removedkeys-primary.db"; +}; + +zone "removedkeys-secondary" { + type secondary; + primaries { 10.53.0.2; }; + inline-signing yes; + auto-dnssec maintain; + file "removedkeys-secondary.bk"; +}; + +zone "unsupported" { + type primary; + file "unsupported.db"; + inline-signing yes; + auto-dnssec maintain; +}; diff --git a/bin/tests/system/inline/ns3/primary.db.in b/bin/tests/system/inline/ns3/primary.db.in new file mode 100644 index 0000000..4d30cf6 --- /dev/null +++ b/bin/tests/system/inline/ns3/primary.db.in @@ -0,0 +1,21 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 diff --git a/bin/tests/system/inline/ns3/primary2.db.in b/bin/tests/system/inline/ns3/primary2.db.in new file mode 100644 index 0000000..24a0666 --- /dev/null +++ b/bin/tests/system/inline/ns3/primary2.db.in @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042408 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +e A 10.0.0.5 diff --git a/bin/tests/system/inline/ns3/primary3.db.in b/bin/tests/system/inline/ns3/primary3.db.in new file mode 100644 index 0000000..f3062c3 --- /dev/null +++ b/bin/tests/system/inline/ns3/primary3.db.in @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042409 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +c A 10.0.0.3 +e A 10.0.0.5 diff --git a/bin/tests/system/inline/ns3/primary4.db.in b/bin/tests/system/inline/ns3/primary4.db.in new file mode 100644 index 0000000..737e2e2 --- /dev/null +++ b/bin/tests/system/inline/ns3/primary4.db.in @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 hostmaster. ( + 2000042410 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +c A 10.0.0.3 +e A 10.0.0.5 diff --git a/bin/tests/system/inline/ns3/primary5.db.in b/bin/tests/system/inline/ns3/primary5.db.in new file mode 100644 index 0000000..a1e1300 --- /dev/null +++ b/bin/tests/system/inline/ns3/primary5.db.in @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042411 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +c A 10.0.0.3 +e A 10.0.0.5 diff --git a/bin/tests/system/inline/ns3/primary6.db.in b/bin/tests/system/inline/ns3/primary6.db.in new file mode 100644 index 0000000..de3e651 --- /dev/null +++ b/bin/tests/system/inline/ns3/primary6.db.in @@ -0,0 +1,26 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042412 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +c A 10.0.0.3 +e A 10.0.0.5 + +$INCLUDE missingfile.db diff --git a/bin/tests/system/inline/ns3/primary7.db.in b/bin/tests/system/inline/ns3/primary7.db.in new file mode 100644 index 0000000..a3e33e7 --- /dev/null +++ b/bin/tests/system/inline/ns3/primary7.db.in @@ -0,0 +1,26 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA ns3 . ( + 2000042412 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns3 +ns3 A 10.53.0.3 + +c A 10.0.0.3 +e A 10.0.0.5 + +$INCLUDE include.db diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh new file mode 100755 index 0000000..f17a8ad --- /dev/null +++ b/bin/tests/system/inline/ns3/sign.sh @@ -0,0 +1,159 @@ +#!/bin/sh -e + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +. ../../conf.sh + +# Fake an unsupported key +unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported) +awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key > ${unsupportedkey}.tmp +mv ${unsupportedkey}.tmp ${unsupportedkey}.key + +zone=bits +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=noixfr +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=primary +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=dynamic +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=updated +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db +$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null +cp primary2.db.in updated.db + +# signatures are expired and should be regenerated on startup +zone=expired +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db +$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null + +zone=retransfer +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=nsec3 +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=retransfer3 +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=inactiveksk +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -P now -A now+3600 -f KSK $zone) +keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=inactivezsk +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -P now -A now+3600 $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone -f KSK $zone) +$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db + +zone=delayedkeys +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +# Keys for the "delayedkeys" zone should not be initially accessible. +mv K${zone}.+*+*.* ../ + +zone=removedkeys-primary +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) + +zone=removedkeys-secondary +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) + +for s in a c d h k l m q z +do + zone=test-$s + keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +done + +for s in b f i o p t v +do + zone=test-$s + keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) + keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +done + +zone=externalkey +rm -f K${zone}.+*+*.key +rm -f K${zone}.+*+*.private + +for alg in ${DEFAULT_ALGORITHM} ${ALTERNATIVE_ALGORITHM} +do + k1=$($KEYGEN -q -a $alg -n zone -f KSK $zone) + k2=$($KEYGEN -q -a $alg -n zone $zone) + k3=$($KEYGEN -q -a $alg -n zone $zone) + k4=$($KEYGEN -q -a $alg -n zone -f KSK $zone) + $DSFROMKEY -T 1200 $k4 >> ../ns1/root.db + + # Convert k1 and k2 in to External Keys. + rm -f $k1.private + mv $k1.key a-file + $IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 || + ( echo_i "importkey failed: $alg" ) + rm -f $k2.private + mv $k2.key a-file + $IMPORTKEY -f a-file $zone > /dev/null 2>&1 || + ( echo_i "importkey failed: $alg" ) +done |