1 files changed, 34 insertions, 0 deletions

diff --git a/bin/tests/system/mkeys/README b/bin/tests/system/mkeys/README
new file mode 100644
index 0000000..25637bf
--- /dev/null
+++ b/bin/tests/system/mkeys/README
@@ -0,0 +1,34 @@
+Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+
+SPDX-License-Identifier: MPL-2.0
+
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0.  If a copy of the MPL was not distributed with this
+file, you can obtain one at https://mozilla.org/MPL/2.0/.
+
+See the COPYRIGHT file distributed with this work for additional
+information regarding copyright ownership.
+
+This is for testing RFC 5011 Automated Updates of DNSSEC Trust Anchors.
+
+ns1 is the root server that offers new KSKs and hosts one record for
+testing. The TTL for the zone's records is 2 seconds.
+
+ns2 is a validator that uses managed keys.  "-T mkeytimers=2/20/40"
+is used so it will attempt do automated updates frequently. "-T tat=1"
+is used so it will send TAT queries once per second.
+
+ns3 is a validator with a broken initializing key in trust-anchors.
+
+ns4 is a validator with a deliberately broken managed-keys.bind and
+managed-keys.jnl, causing RFC 5011 initialization to fail.
+
+ns5 is a validator which is prevented from getting a response from the
+root server, causing key refresh queries to fail.
+
+ns6 is a validator which has unsupported algorithms, one at start up,
+one because of an algorithm rollover.
+
+ns7 is a validator with multiple views configured.  It is used for
+testing per-view rndc commands and checking interactions between options
+related to and potentially affecting RFC 5011 processing.