Commit 924fdad0 authored by Matthijs Mekking's avatar Matthijs Mekking 🏡

Add inline test related to unsupported algorithms

parent dfcf9bb0
......@@ -168,3 +168,10 @@ zone "removedkeys-secondary" {
auto-dnssec maintain;
file "removedkeys-secondary.bk";
};
zone "unsupported" {
type master;
file "unsupported.db";
inline-signing yes;
auto-dnssec maintain;
};
......@@ -12,6 +12,11 @@
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
# Fake an unsupported key
unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported)
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key > ${unsupportedkey}.tmp
mv ${unsupportedkey}.tmp ${unsupportedkey}.key
zone=bits
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
......
......@@ -27,6 +27,7 @@ cp ns2/bits.db.in ns2/retransfer3.db
cp ns3/master.db.in ns3/master.db
cp ns3/master.db.in ns3/dynamic.db
cp ns3/master.db.in ns3/updated.db
cp ns3/master.db.in ns3/unsupported.db
cp ns3/master.db.in ns3/expired.db
cp ns3/master.db.in ns3/nsec3.db
cp ns3/master.db.in ns3/externalkey.db
......
......@@ -27,6 +27,13 @@ do
sleep 1
done
n=`expr $n + 1`
echo_i "checking that an unsupported algorithm is not used for signing ($n)"
ret=0
grep -q "algorithm is unsupported" ns3/named.run || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking that rrsigs are replaced with ksk only ($n)"
ret=0
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment