Commit 2c87ab1c authored by Evan Hunt's avatar Evan Hunt

remove DLV system tests

parent f9c07c78
......@@ -59,7 +59,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
acl additional addzone allow-query auth autosign \
builtin cacheclean case catz cds chain \
checkconf checknames checkzone \
cookie database digdelv dlv dlz dlzexternal \
cookie database digdelv dlz dlzexternal \
dns64 dscp dsdigest dyndb \
ednscompliance emptyzones \
fetchlimit filter-aaaa formerr forward \
......
......@@ -55,7 +55,7 @@ check_ttl_range() {
# using delv insecure mode as not testing dnssec here
delv_with_opts() {
"$DELV" +noroot +nodlv -p "$PORT" "$@"
"$DELV" +noroot -p "$PORT" "$@"
}
KEYID="$(cat ns2/keyid)"
......
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f ns*/named.run
rm -f ns*/named.conf
rm -f ns1/K*
rm -f ns1/dsset-*
rm -f ns1/*.signed
rm -f ns1/signer.err
rm -f ns1/root.db
rm -f ns1/trusted.conf
rm -f ns2/K*
rm -f ns2/dlvset-*
rm -f ns2/dsset-*
rm -f ns2/*.signed
rm -f ns2/*.pre
rm -f ns2/signer.err
rm -f ns2/druz.db
rm -f ns3/K*
rm -f ns3/*.db
rm -f ns3/*.signed ns3/*.signed.tmp
rm -f ns3/dlvset-*
rm -f ns3/dsset-*
rm -f ns3/keyset-*
rm -f ns3/trusted*.conf
rm -f ns3/signer.err
rm -f ns5/trusted*.conf
rm -f ns6/K*
rm -f ns6/*.db
rm -f ns6/*.signed
rm -f ns6/dsset-*
rm -f ns6/signer.err
rm -f ns7/trusted*.conf ns8/trusted*.conf
rm -f */named.memstats
rm -f dig.out.ns*.test*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;
};
zone "." { type master; file "root.signed"; };
zone "rootservers.utld" { type master; file "rootservers.utld.db"; };
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 120
@ SOA ns.rootservers.utld hostmaster.ns.rootservers.utld (
1 3600 1200 604800 60 )
@ NS ns.rootservers.utld
ns A 10.53.0.1
;
; A zone that is unsigned (utld=unsigned tld) that will include a second level
; zone that acts as a DLV.
;
utld NS ns.utld
ns.utld A 10.53.0.2
;
; A zone that has a bad DNSKEY RRset but has good DLV records for its child
; zones.
;
druz NS ns.druz
ns.druz A 10.53.0.2
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 120
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
@ NS ns
ns A 10.53.0.1
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
SYSTESTDIR=dlv
(cd ../ns2 && $SHELL -e ./sign.sh || exit 1)
echo_i "dlv/ns1/sign.sh"
zone=.
infile=root.db.in
zonefile=root.db
outfile=root.signed
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
keyfile_to_static_keys $keyname2 > trusted.conf
cp trusted.conf ../ns5
cp trusted.conf ../ns7
cp trusted.conf ../ns8
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 120
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
@ NS ns
ns A 10.53.0.2
;
rootservers NS ns.rootservers
ns.rootservers A 10.53.0.1
;
;
child1 NS ns.child1
ns.child1 A 10.53.0.3
;
child2 NS ns.child2
ns.child2 A 10.53.0.4
;
child3 NS ns.child3
ns.child3 A 10.53.0.3
;
child4 NS ns.child4
ns.child4 A 10.53.0.3
;
child5 NS ns.child5
ns.child5 A 10.53.0.3
;
child6 NS ns.child6
ns.child6 A 10.53.0.4
;
child7 NS ns.child7
ns.child7 A 10.53.0.3
;
child8 NS ns.child8
ns.child8 A 10.53.0.3
;
child9 NS ns.child9
ns.child9 A 10.53.0.3
;
child10 NS ns.child10
ns.child10 A 10.53.0.3
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
. 0 NS ns.rootservers.utld.
ns.rootservers.utld. 0 A 10.53.0.1
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
notify yes;
};
/* Root hints. */
zone "." { type hint; file "hints"; };
/*
* A zone that is unsigned (utld=unsigned tld) that will include a second level
* zone that acts as a DLV.
*/
zone "utld" { type master; file "utld.db"; };
/*
* A zone that has a bad DNSKEY RRset but has good DLV records for its child
* zones.
*/
zone "druz" { type master; file "druz.signed"; };
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
SYSTESTDIR=dlv
(cd ../ns3 && $SHELL -e ./sign.sh || exit 1)
echo_i "dlv/ns2/sign.sh"
zone=druz.
infile=druz.db.in
zonefile=druz.db
outfile=druz.pre
dlvzone=utld.
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
$CHECKZONE -q -D -i none druz druz.pre |
sed '/IN DNSKEY/s/\([a-z0-9A-Z+/]\{10\}\)[a-z0-9A-Z+/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
echo_i "signed $zone"
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 120
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
@ NS ns
ns A 10.53.0.2
;
rootservers NS ns.rootservers
ns.rootservers A 10.53.0.1
;
dlv NS ns.dlv
ns.dlv A 10.53.0.3
;
disabled-algorithm-dlv NS ns.disabled-algorithm-dlv
ns.disabled-algorithm-dlv A 10.53.0.3
;
unsupported-algorithm-dlv NS ns.unsupported-algorithm-dlv
ns.unsupported-algorithm-dlv A 10.53.0.3
;
child1 NS ns.child1
ns.child1 A 10.53.0.3
;
child2 NS ns.child2
ns.child2 A 10.53.0.4
;
child3 NS ns.child3
ns.child3 A 10.53.0.3
;
child4 NS ns.child4
ns.child4 A 10.53.0.3
;
child5 NS ns.child5
ns.child5 A 10.53.0.3
;
child6 NS ns.child6
ns.child6 A 10.53.0.4
;
child7 NS ns.child7
ns.child7 A 10.53.0.3
;
child8 NS ns.child8
ns.child8 A 10.53.0.3
;
child9 NS ns.child9
ns.child9 A 10.53.0.3
;
child10 NS ns.child10
ns.child10 A 10.53.0.3
;
disabled-algorithm NS ns.disabled-algorithm
ns.disabled-algorithm A 10.53.0.3
;
unsupported-algorithm NS ns.unsupported-algorithm
ns.unsupported-algorithm A 10.53.0.3
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 120
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
@ NS ns
ns A 10.53.0.3
foo TXT foo
bar TXT bar
grand NS ns.grand
ns.grand A 10.53.0.6
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 120
@ SOA ns hostmaster.ns 1 3600 1200 604800 60
@ NS ns
ns A 10.53.0.3
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
. 0 NS ns.rootservers.utld.
ns.rootservers.utld. 0 A 10.53.0.1
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion no;
notify yes;
};
/* Root hints. */
zone "." { type hint; file "hints"; };
/* DLV zone below unsigned TLD. */
zone "dlv.utld" { type master; file "dlv.utld.signed"; };
/* DLV zone signed with a disabled algorithm below unsigned TLD. */
zone "disabled-algorithm-dlv.utld." {
type master;
file "disabled-algorithm-dlv.utld.signed";
};
/* DLV zone signed with an unsupported algorithm below unsigned TLD. */
zone "unsupported-algorithm-dlv.utld." {
type master;
file "unsupported-algorithm-dlv.utld.signed";
};
/* Signed zone below unsigned TLD with DLV entry. */
zone "child1.utld" { type master; file "child1.signed"; };
/*
* Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
* with a disabled algorithm.
*/
zone "child3.utld" { type master; file "child3.signed"; };
/*
* Signed zone below unsigned TLD with DLV entry. This one is slightly
* different because its children (the grandchildren) don't have a DS record in
* this zone. The grandchild zones are served by ns6.
*
*/
zone "child4.utld" { type master; file "child4.signed"; };
/*
* Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
* with an unsupported algorithm.
*/
zone "child5.utld" { type master; file "child5.signed"; };
/* Signed zone below unsigned TLD without DLV entry. */
zone "child7.utld" { type master; file "child7.signed"; };
/*
* Signed zone below unsigned TLD without DLV entry and no DS records for the
* grandchildren.
*/
zone "child8.utld" { type master; file "child8.signed"; };
/* Signed zone below unsigned TLD with DLV entry. */
zone "child9.utld" { type master; file "child9.signed"; };
/* Unsigned zone below an unsigned TLD with DLV entry. */
zone "child10.utld" { type master; file "child.db.in"; };
/*
* Zone signed with a disabled algorithm (an algorithm that is disabled in
* one of the test resolvers) with DLV entry.
*/
zone "disabled-algorithm.utld" {
type master;
file "disabled-algorithm.utld.signed";
};
/* Zone signed with an unsupported algorithm with DLV entry. */
zone "unsupported-algorithm.utld" {
type master;
file "unsupported-algorithm.utld.signed";
};
/*
* Signed zone below signed TLD with good DLV entry but no chain of
* trust.
*/
zone "child1.druz" { type master; file "child1.druz.signed"; };
/*
* Signed zone below signed TLD with good DLV entry but no chain of
* trust. The DLV zone is signed with a disabled algorithm.
*/
zone "child3.druz" { type master; file "child3.druz.signed"; };
/*
* Signed zone below signed TLD with good DLV entry but no chain of
* trust. Also there are no DS records for the grandchildren.
*/
zone "child4.druz" { type master; file "child4.druz.signed"; };
/*
* Signed zone below signed TLD with good DLV entry but no chain of
* trust. The DLV zone is signed with an unsupported algorithm.
*/
zone "child5.druz" { type master; file "child5.druz.signed"; };
/*
* Signed zone below signed TLD without DLV entry, and no chain of
* trust.
*/
zone "child7.druz" { type master; file "child7.druz.signed"; };
/*
* Signed zone below signed TLD without DLV entry and no DS set. Also DS
* records for the grandchildren are not included in the zone.
*/
zone "child8.druz" { type master; file "child8.druz.signed"; };
/*
* Signed zone below signed TLD with good DLV entry but no DS set. Also DS
* records for the grandchildren are not included in the zone.
*/
zone "child9.druz" { type master; file "child9.druz.signed"; };
/*
* Unsigned zone below signed TLD with good DLV entry but no chain of
* trust.
*/
zone "child10.druz" { type master; file "child.db.in"; };
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
(cd ../ns6 && $SHELL -e ./sign.sh)
echo_i "dlv/ns3/sign.sh"
dlvzone="dlv.utld"
dlvsets=
dssets=
disableddlvzone="disabled-algorithm-dlv.utld"
disableddlvsets=
disableddssets=
unsupporteddlvzone="unsupported-algorithm-dlv.utld"
unsupporteddlvsets=
unsupporteddssets=
# Signed zone below unsigned TLD with DLV entry.
zone=child1.utld
infile=child.db.in
zonefile=child1.utld.db
outfile=child1.signed
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
# with a disabled algorithm.
zone=child3.utld
infile=child.db.in
zonefile=child3.utld.db
outfile=child3.signed
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry. This one is slightly
# different because its children (the grandchildren) don't have a DS record in
# this zone. The grandchild zones are served by ns6.
zone=child4.utld
infile=child.db.in
zonefile=child4.utld.db
outfile=child4.signed
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
# with an unsupported algorithm.
zone=child5.utld
infile=child.db.in
zonefile=child5.utld.db