Commit a7a2fa29 authored by Evan Hunt's avatar Evan Hunt Committed by Ondřej Surý

update system tests so validation won't fail when using IANA key

- all tests with "recursion yes" now also specify "dnssec-validation yes",
  and all tests with "recursion no" also specify "dnssec-validation no".
  this must be maintained in all new tests, or else validation will fail
  when we use local root zones for testing.
- clean.sh has been modified where necessary to remove managed-keys.bind
  and viewname.mkeys files.
parent bef18eca
......@@ -21,3 +21,4 @@ rm -f */named.run
rm -f ns*/named.lock
rm -f ns*/_default.nzf
rm -f ns*/_default.nzd*
rm -f ns*/managed-keys.bind* ns*/*.mkeys*
......@@ -18,3 +18,4 @@ rm -f */named.memstats
rm -f */named.conf
rm -f */named.run
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -14,6 +14,7 @@ options {
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
recursion no;
dnssec-validation no;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };
......
......@@ -14,6 +14,7 @@ options {
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
recursion no;
dnssec-validation no;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };
......
......@@ -14,6 +14,7 @@ options {
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
recursion no;
dnssec-validation no;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };
......
......@@ -14,6 +14,7 @@ options {
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
recursion no;
dnssec-validation no;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };
......
......@@ -20,6 +20,7 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
};
zone "." {
......
......@@ -37,3 +37,4 @@ rm -f ns1/redirect.db
rm -f ns2/redirect.db
rm -f ns2/redirect.bk
rm -f ns3/redirect.db
rm -f ns*/managed-keys.bind* ns*/*.mkeys*
......@@ -18,3 +18,4 @@ rm -f ns2/named.conf ns2/controls.conf
rm -f */named.memstats
rm -f ns*/named.lock
rm -f ns*/named.run ns*/named.run.prev
rm -f ns*/managed-keys.bind* ns*/*.mkeys*
......@@ -13,3 +13,4 @@ rm -f */named.conf
rm -f dig.out.test*
rm -f ns2/example.com.bk
rm -f ns2/example.net.bk
rm -f ns*/managed-keys.bind*
......@@ -63,3 +63,4 @@ rm -f nsupdate.out
rm -f settime.out.*
rm -f signing.out.*
rm -f sync.key
rm -f ns*/managed-keys.bind*
......@@ -15,3 +15,4 @@ rm -f ns?/named.conf
rm -f rndc.status.ns*
rm -f dig.out.ns*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -21,3 +21,4 @@ rm -f */named.run
rm -f */named.conf
rm -f ns2/named_dump.db.*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
check-integrity no;
minimal-responses no;
......
......@@ -20,6 +20,8 @@ options {
notify yes;
max-cache-size 80%;
disable-empty-zone 127.IN-ADDR.ARPA;
recursion yes;
dnssec-validation yes;
};
key rndc_key {
......
......@@ -19,3 +19,4 @@ rm -f ns1/dynamic.db.jnl
rm -f ns2/dynamic.bk
rm -f ns2/dynamic.bk.jnl
rm -f ns2/example.bk
rm -f ns*/managed-keys.bind*
......@@ -22,3 +22,4 @@ rm -f nsupdate.out.*
rm -f ns[123]/catalog[1234].example.db
rm -rf ns2/zonedir
rm -f ns*/*.nzd ns*/*.nzd-lock
rm -f ns*/managed-keys.bind*
......@@ -13,3 +13,4 @@ rm -f dig.out.* named*.pid
rm -f ns*/named.conf
rm -f */named.memstats */named.recursing */named.lock */named.run */ans.run
rm -f ns2/K* ns2/dsset-* ns2/example.db.signed
rm -f ns*/managed-keys.bind*
......@@ -18,8 +18,8 @@ options {
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
dnssec-validation yes;
notify yes;
dnssec-enable yes;
};
zone "." { type master; file "root.db"; };
......@@ -20,6 +20,7 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -20,6 +20,7 @@ options {
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -20,6 +20,7 @@ options {
listen-on-v6 { fd92:7065:b8e:ffff::7; };
recursion yes;
allow-recursion { any; };
dnssec-validation yes;
};
key rndc_key {
......
......@@ -20,3 +20,4 @@ rm -f ns4/*.update.db.jnl
rm -f */named.memstats
rm -f */named.run
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
check-integrity no;
};
......
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
check-names response warn;
notify yes;
};
......
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
check-names response fail;
notify yes;
};
......
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
check-names master ignore;
notify yes;
};
......
......@@ -13,3 +13,4 @@ rm -f ns1/named_dump.db
rm -f ns*/named.memstats
rm -f ns*/named.run
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -27,6 +27,7 @@ options {
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
deny-answer-addresses { 192.0.2.0/24; 2001:db8:beef::/48; }
except-from { "example.org"; };
deny-answer-aliases { "example.org"; }
......
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
send-cookie yes;
nocookie-udp-size 512;
};
......
......@@ -27,6 +27,7 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
deny-answer-addresses { 192.0.2.0/24; 2001:db8:beef::/48; }
except-from { "example.org"; };
deny-answer-aliases { "example.org"; }
......
......@@ -27,6 +27,7 @@ options {
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
cookie-algorithm sha1;
cookie-secret "569d36a6cc27d6bf55502183302ba352745255a2";
require-server-cookie yes;
......
......@@ -27,6 +27,7 @@ options {
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
cookie-algorithm sha1;
cookie-secret "569d36a6cc27d6bf55502183302ba352745255a2";
cookie-secret "6b300e27a0db46d4b046e4189790fa7db3c1ffb3";
......
......@@ -27,6 +27,7 @@ options {
listen-on { 10.53.0.6; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
cookie-algorithm sha1;
cookie-secret "6b300e27a0db46d4b046e4189790fa7db3c1ffb3";
require-server-cookie yes;
......
......@@ -12,3 +12,4 @@
rm -f ns1/named.conf ns1/named.run ns1/named.memstats
rm -f dig.out.*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -20,3 +20,4 @@ rm -f ns2/inline.db.signed
rm -f ns2/inlineslave.bk*
rm -f ns*/named.lock
rm -f ns2/nzf-*
rm -f ns*/managed-keys.bind*
......@@ -18,6 +18,7 @@ options {
listen-on-v6 { none; };
allow-query { any; };
recursion no;
dnssec-validation no;
};
zone "." {
......
......@@ -16,6 +16,7 @@ options {
listen-on-v6 { none; };
allow-query { any; };
recursion no;
dnssec-validation no;
allow-new-zones yes;
};
......
......@@ -21,6 +21,7 @@ options {
listen-on-v6 { none; };
heartbeat-interval 2;
recursion no;
dnssec-validation no;
};
zone "." {
......
......@@ -21,6 +21,7 @@ options {
listen-on-v6 { none; };
heartbeat-interval 2;
recursion no;
dnssec-validation no;
};
zone "." {
......
......@@ -21,6 +21,7 @@ options {
listen-on-v6 { none; };
heartbeat-interval 2;
recursion no;
dnssec-validation no;
};
zone "." {
......
......@@ -19,3 +19,4 @@ rm -f dig.out.mn.*
rm -f dig.out.nm.*
rm -f dig.out.nn.*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -40,3 +40,4 @@ rm -f ns6/signer.err
rm -f */named.memstats
rm -f dig.out.ns*.test*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -14,3 +14,4 @@ rm -f dig.out.*
rm -f */named.memstats
rm -f */named.run
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -21,3 +21,4 @@ rm -f ns1/ddns.key
rm -f dig.out*
rm -f ns*/named.lock
rm -f ns1/session.key
rm -f ns*/managed-keys.bind*
......@@ -17,3 +17,4 @@ rm -f */named.memstats
rm -f */named.run
rm -f dig.out.*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -97,3 +97,4 @@ rm -f signer/general/signer.out.*
rm -f signer/general/dsset*
rm -f signing.out*
rm -f python.out.*
rm -f ns*/managed-keys.bind* ns*/*.mkeys*
......@@ -22,3 +22,4 @@ rm -f ns*/dnstap.out.save
rm -f ns*/dnstap.out.save.?
rm -f ns*/named.lock
rm -f ydump.out
rm -f ns*/managed-keys.bind*
......@@ -13,3 +13,4 @@ rm -f */named.memstats
rm -f */named.run
rm -f */named.conf
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -19,6 +19,7 @@ options {
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -19,6 +19,7 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -19,6 +19,8 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
notify yes;
recursion yes;
dnssec-validation yes;
};
zone "." {
......
......@@ -19,6 +19,7 @@ options {
listen-on dscp 46 { 10.53.0.4; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -20,6 +20,7 @@ options {
listen-on dscp 46 { 10.53.0.5; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -19,6 +19,8 @@ options {
listen-on dscp 46 { 10.53.0.6; };
listen-on-v6 { none; };
notify yes;
recursion yes;
dnssec-validation yes;
};
zone "." {
......
......@@ -20,6 +20,7 @@ options {
listen-on dscp 46 { 10.53.0.7; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -19,3 +19,4 @@ rm -f */named.conf
rm -f */named.run
rm -f */named.memstats
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -20,3 +20,4 @@ rm -f added.a.out.*
rm -f added.ptr.out.*
rm -f deleted.a.out.*
rm -f deleted.ptr.out.*
rm -f ns*/managed-keys.bind*
......@@ -16,3 +16,4 @@ rm -f dig.out*
rm -f */named.run
rm -f */named.memstats
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -16,3 +16,4 @@ rm -f dig.out*
rm -f */named.run
rm -f */named.memstats
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -14,3 +14,4 @@ rm -f ns*/named.lock
rm -f ns*/named.conf
rm -f ns*/named.run
rm -f ns*/named.memstats
rm -f ns*/managed-keys.bind*
......@@ -12,3 +12,4 @@ rm -f ns*/named.lock
rm -f ns*/named.run
rm -f ns*/named.memstats
rm -f dig.out.test*
rm -f ns*/managed-keys.bind*
......@@ -14,3 +14,4 @@ rm -f dig.out*
rm -f ans4/norespond
rm -f ns3/named.stats ns3/named_dump.db
rm -f burst.input.*
rm -f ns*/managed-keys.bind*
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify yes;
};
......
......@@ -21,6 +21,7 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
notify yes;
fetches-per-server 400;
};
......
......@@ -19,6 +19,7 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
notify yes;
fetches-per-zone 40;
};
......
......@@ -19,6 +19,7 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
notify yes;
recursive-clients 400;
};
......
......@@ -25,3 +25,4 @@ rm -f ns4/dsset-*
rm -f dig.out.*
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.1; };
listen-on-v6 { fd92:7065:b8e:ffff::1; };
recursion no;
dnssec-validation yes;
notify yes;
filter-aaaa-on-v4 yes;
filter-aaaa { 10.53.0.1; };
......
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.1; };
listen-on-v6 { fd92:7065:b8e:ffff::1; };
recursion no;
dnssec-validation yes;
notify yes;
filter-aaaa-on-v6 yes;
filter-aaaa { fd92:7065:b8e:ffff::1; };
......
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion yes;
dnssec-validation yes;
notify yes;
filter-aaaa-on-v4 yes;
filter-aaaa { 10.53.0.2; };
......
......@@ -18,6 +18,7 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion yes;
dnssec-validation yes;
notify yes;
filter-aaaa-on-v6 yes;
filter-aaaa { fd92:7065:b8e:ffff::2; };
......