Commit 84cfd95e authored by Matthijs Mekking's avatar Matthijs Mekking 🏡
Browse files

Add more test cases for #2778

Add three more test cases that detect a configuration error if the
key-directory is inherited but has the same value for a zone in a
different view with a deviating DNSSEC policy.
parent 4db35fce
Pipeline #75449 passed with stages
in 44 minutes and 22 seconds
......@@ -9,6 +9,12 @@
* information regarding copyright ownership.
*/
/*
* The same zone in different views is using different DNSSEC policies, so it
* may not have the same key-directory.
*/
key "keyforview1" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
......
......@@ -9,6 +9,12 @@
* information regarding copyright ownership.
*/
/*
* No key-directory is set, so the default is used.
* Should fail because the same zone in different views is using different
* DNSSEC policies.
*/
key "keyforview1" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
......
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* The zone in view "example1" inherits the key directory value from "options",
* but in view "example2" sets the key directory to the same value. This should
* be detected as an error because the zone is using different DNSSEC policies
* and should thus use different key directories.
*/
key "keyforview1" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
options {
key-directory "keys";
};
view "example1" {
match-clients { key "keyforview1"; };
zone "example.net" {
type primary;
/* key-directory inherited from options. */
dnssec-policy "default";
file "example1.db";
};
};
view "example2" {
match-clients { key "keyforview2"; };
zone "example.net" {
type primary;
dnssec-policy "insecure";
key-directory "keys";
file "example2.db";
};
};
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* The zone inherits the key-directory from the "view" level. Both views use the
* same key-directory, but the zone uses a different DNSSEC policy per view.
* This is a configuration error.
*/
key "keyforview1" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
view "example1" {
match-clients { key "keyforview1"; };
key-directory "keys";
zone "example.net" {
type primary;
dnssec-policy "default";
file "example1.db";
};
};
view "example2" {
match-clients { key "keyforview2"; };
key-directory "keys";
zone "example.net" {
type primary;
dnssec-policy "insecure";
file "example2.db";
};
};
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* In one view, the zone inherits the key-directory from the "view" level, while
* in the other it is set explicitly at the "zone" level. In both cases, the
* same key-directory is used, but the zone uses a different DNSSEC policy per
* view. This is a configuration error.
*/
key "keyforview1" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
view "example1" {
match-clients { key "keyforview1"; };
key-directory "keys";
zone "example.net" {
type primary;
dnssec-policy "default";
file "example1.db";
};
};
view "example2" {
match-clients { key "keyforview2"; };
zone "example.net" {
type primary;
dnssec-policy "insecure";
key-directory "keys";
file "example2.db";
};
};
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment