Commit 26b3ca7a authored by Mark Andrews's avatar Mark Andrews

Check that delv supports deprecated trusted-keys

parent 8422b23c
......@@ -292,6 +292,13 @@ keyfile_to_dskeys() {
echo "};"
}
# keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
# provided to a "trust-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_trusted_keys() {
keyfile_to_keys "trusted-keys" "" $*
}
# keyfile_to_static_keys: convert key data contained in the keyfile(s)
# provided to a *static-key* "trust-anchors" section suitable for including in
# a resolver's configuration file
......
......@@ -46,6 +46,8 @@ cp trusted.conf ../ns6/trusted.conf
cp trusted.conf ../ns7/trusted.conf
cp trusted.conf ../ns9/trusted.conf
keyfile_to_trusted_keys "$ksk" > trusted.keys
# ...or with an initializing key.
keyfile_to_initial_ds "$ksk" > managed.conf
cp managed.conf ../ns4/managed.conf
......
......@@ -205,6 +205,15 @@ if [ -x ${DELV} ] ; then
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
ret=0
echo_i "checking positive validation NSEC using dns_client (trusted-keys) ($n)"
"$DELV" -a ns1/trusted.keys -p "$PORT" @10.53.0.4 a a.example > delv.out$n || ret=1
grep "a.example..*10.0.0.1" delv.out$n > /dev/null || ret=1
grep "a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*" delv.out$n > /dev/null || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
fi
echo_i "checking positive validation NSEC3 ($n)"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment