Commit 3705605e authored by Mark Andrews's avatar Mark Andrews

fix dnssec system tests that fail now that we call dns_zone_cdscheck

parent cd40c9fe
......@@ -220,7 +220,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
"$DSFROMKEY" -C "$key2.key" > "$key2.cds"
cat "$infile" "$key1.key" "$key3.key" "$key2.cds" > "$zonefile"
cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key2.cds" > "$zonefile"
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cds-update.secure
......@@ -244,8 +244,8 @@ infile=cds-auto.secure.db.in
zonefile=cds-auto.secure.db
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
"$DSFROMKEY" -C "$key1.key" > "$key1.cds"
cat "$infile" "$key1.cds" > "$zonefile.signed"
$SETTIME -P sync now "$key1" > /dev/null
cat "$infile" > "$zonefile.signed"
zone=cdnskey.secure
infile=cdnskey.secure.db.in
......@@ -263,7 +263,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
cat "$infile" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile"
cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile"
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1
zone=cdnskey-update.secure
......@@ -287,8 +287,8 @@ infile=cdnskey-auto.secure.db.in
zonefile=cdnskey-auto.secure.db
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
cat "$infile" "$key1.cds" > "$zonefile.signed"
$SETTIME -P sync now "$key1" > /dev/null
cat "$infile" > "$zonefile.signed"
zone=updatecheck-kskonly.secure
infile=template.secure.db.in
......
......@@ -3247,7 +3247,7 @@ echo_i "check that CDS records are not signed using ZSK by dnssec-signzone -x ($
ret=0
dig_with_opts +noall +answer @10.53.0.2 cds cds-x.secure > dig.out.test$n
lines=$(awk '$4 == "RRSIG" && $5 == "CDS" {print}' dig.out.test$n | wc -l)
test "$lines" -eq 1 || ret=1
test "$lines" -eq 2 || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
......@@ -3399,7 +3399,7 @@ echo_i "check that CDNSKEY records are not signed using ZSK by dnssec-signzone -
ret=0
dig_with_opts +noall +answer @10.53.0.2 cdnskey cdnskey-x.secure > dig.out.test$n
lines=$(awk '$4 == "RRSIG" && $5 == "CDNSKEY" {print}' dig.out.test$n | wc -l)
test "$lines" -eq 1 || ret=1
test "$lines" -eq 2 || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
......
......@@ -17,7 +17,7 @@ $TTL 120
;
@ IN A 1.2.3.4
@ IN AAAA c::1.2.3.4
@ IN CDS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
@ IN CDS 12023 7 2 36FB69A752615831B47EA6EF9EA4619D0FB08ABDA69EA3ED200F4C02FF4921D4
@ IN CDNSKEY 256 3 7 AwEAAY9437GPWJHzBeR4FP6eJAie7gh2QSM6LUnbDAHvHOx8MNqgSVRM PZka2rAgivb65/MkT1lXRUegj91iRFP3iggTpCgvdUbcBjsYrdODsrwF YUMIUl1pU0lH9x7KvfFUOfSmG+Rk5UHUWuRZbNyc65Sq69iFXg5c11+8 MAkRoeDF
;
; Delegation only test CDS and CDNSKEY records. These should be rejected
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment