Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
b1c6de54
Commit
b1c6de54
authored
Oct 25, 2011
by
Mark Andrews
Browse files
3177. [func] 'rndc keydone', remove the indicator record that
named has finished signing the zone with the corresponding key. [RT #26206]
parent
4aa19ee1
Changes
21
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
b1c6de54
3177. [func] 'rndc keydone', remove the indicator record that
named has finished signing the zone with the
corresponding key. [RT #26206]
3176. [doc] Corrected example code and added a README to the
sample external DLZ module in contrib/dlz/example.
[RT #26215]
...
...
bin/dnssec/dnssec-dsfromkey.c
View file @
b1c6de54
...
...
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-dsfromkey.c,v 1.2
3
2011/
09/03
0
5
:5
1:29 each
Exp $ */
/* $Id: dnssec-dsfromkey.c,v 1.2
4
2011/
10/25
0
1
:5
4:18 marka
Exp $ */
/*! \file */
...
...
@@ -62,6 +62,7 @@ static dns_rdataclass_t rdclass;
static
dns_fixedname_t
fixed
;
static
dns_name_t
*
name
=
NULL
;
static
isc_mem_t
*
mctx
=
NULL
;
static
isc_uint32_t
ttl
;
static
isc_result_t
initname
(
char
*
setname
)
{
...
...
@@ -294,6 +295,9 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
isc_buffer_usedregion
(
&
nameb
,
&
r
);
printf
(
"%.*s "
,
(
int
)
r
.
length
,
r
.
base
);
if
(
ttl
!=
0U
)
printf
(
"%u "
,
ttl
);
isc_buffer_usedregion
(
&
classb
,
&
r
);
printf
(
"%.*s"
,
(
int
)
r
.
length
,
r
.
base
);
...
...
@@ -329,6 +333,7 @@ usage(void) {
fprintf
(
stderr
,
" -l: add lookaside zone and print DLV records
\n
"
);
fprintf
(
stderr
,
" -s: read keyset from keyset-<dnsname> file
\n
"
);
fprintf
(
stderr
,
" -c class: rdata class for DS set (default: IN)
\n
"
);
fprintf
(
stderr
,
" -T TTL
\n
"
);
fprintf
(
stderr
,
" -f file: read keyset from zone file
\n
"
);
fprintf
(
stderr
,
" -A: when used with -f, "
"include all keys in DS set, not just KSKs
\n
"
);
...
...
@@ -368,7 +373,7 @@ main(int argc, char **argv) {
isc_commandline_errprint
=
ISC_FALSE
;
while
((
ch
=
isc_commandline_parse
(
argc
,
argv
,
"12Aa:c:d:Ff:K:l:sv:h"
))
!=
-
1
)
{
"12Aa:c:d:Ff:K:l:s
T:
v:h"
))
!=
-
1
)
{
switch
(
ch
)
{
case
'1'
:
dtype
=
DNS_DSDIGEST_SHA1
;
...
...
@@ -408,6 +413,9 @@ main(int argc, char **argv) {
case
's'
:
usekeyset
=
ISC_TRUE
;
break
;
case
'T'
:
ttl
=
atol
(
isc_commandline_argument
);
break
;
case
'v'
:
verbose
=
strtol
(
isc_commandline_argument
,
&
endp
,
0
);
if
(
*
endp
!=
'\0'
)
...
...
bin/dnssec/dnssec-dsfromkey.docbook
View file @
b1c6de54
...
...
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.1
6
2011/0
3
/2
7
0
6:39:59
marka Exp $ -->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.1
7
2011/
1
0/2
5
0
1:54:18
marka Exp $ -->
<refentry
id=
"man.dnssec-dsfromkey"
>
<refentryinfo>
<date>
August 26, 2009
</date>
...
...
@@ -52,6 +52,7 @@
<arg><option>
-2
</option></arg>
<arg><option>
-a
<replaceable
class=
"parameter"
>
alg
</replaceable></option></arg>
<arg><option>
-l
<replaceable
class=
"parameter"
>
domain
</replaceable></option></arg>
<arg><option>
-T
<replaceable
class=
"parameter"
>
TTL
</replaceable></option></arg>
<arg
choice=
"req"
>
keyfile
</arg>
</cmdsynopsis>
<cmdsynopsis>
...
...
@@ -64,6 +65,7 @@
<arg><option>
-l
<replaceable
class=
"parameter"
>
domain
</replaceable></option></arg>
<arg><option>
-s
</option></arg>
<arg><option>
-c
<replaceable
class=
"parameter"
>
class
</replaceable></option></arg>
<arg><option>
-T
<replaceable
class=
"parameter"
>
TTL
</replaceable></option></arg>
<arg><option>
-f
<replaceable
class=
"parameter"
>
file
</replaceable></option></arg>
<arg><option>
-A
</option></arg>
<arg><option>
-v
<replaceable
class=
"parameter"
>
level
</replaceable></option></arg>
...
...
@@ -113,6 +115,15 @@
</listitem>
</varlistentry>
<varlistentry>
<term>
-T
<replaceable
class=
"parameter"
>
TTL
</replaceable></term>
<listitem>
<para>
Specifies the TTL of the DS records.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
-K
<replaceable
class=
"parameter"
>
directory
</replaceable></term>
<listitem>
...
...
bin/named/control.c
View file @
b1c6de54
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.c,v 1.4
4
2011/
08/02 20:36:11 each
Exp $ */
/* $Id: control.c,v 1.4
5
2011/
10/25 01:54:18 marka
Exp $ */
/*! \file */
...
...
@@ -205,6 +205,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
result
=
ns_server_add_zone
(
ns_g_server
,
command
);
}
else
if
(
command_compare
(
command
,
NS_COMMAND_DELZONE
))
{
result
=
ns_server_del_zone
(
ns_g_server
,
command
);
}
else
if
(
command_compare
(
command
,
NS_COMMAND_KEYDONE
))
{
result
=
ns_server_keydone
(
ns_g_server
,
command
);
}
else
{
isc_log_write
(
ns_g_lctx
,
NS_LOGCATEGORY_GENERAL
,
NS_LOGMODULE_CONTROL
,
ISC_LOG_WARNING
,
...
...
bin/named/include/named/control.h
View file @
b1c6de54
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.h,v 1.3
4
2011/
08/02 20:36:12 each
Exp $ */
/* $Id: control.h,v 1.3
5
2011/
10/25 01:54:19 marka
Exp $ */
#ifndef NAMED_CONTROL_H
#define NAMED_CONTROL_H 1
...
...
@@ -64,6 +64,7 @@
#define NS_COMMAND_ADDZONE "addzone"
#define NS_COMMAND_DELZONE "delzone"
#define NS_COMMAND_SYNC "sync"
#define NS_COMMAND_KEYDONE "keydone"
isc_result_t
ns_controls_create
(
ns_server_t
*
server
,
ns_controls_t
**
ctrlsp
);
...
...
bin/named/include/named/server.h
View file @
b1c6de54
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.h,v 1.11
3
2011/
08/02 20:36:12 each
Exp $ */
/* $Id: server.h,v 1.11
4
2011/
10/25 01:54:19 marka
Exp $ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
...
...
@@ -342,4 +342,10 @@ ns_server_add_zone(ns_server_t *server, char *args);
isc_result_t
ns_server_del_zone
(
ns_server_t
*
server
,
char
*
args
);
/*%
* Deletes the matching key done private record from the zone.
*/
isc_result_t
ns_server_keydone
(
ns_server_t
*
server
,
char
*
args
);
#endif
/* NAMED_SERVER_H */
bin/named/server.c
View file @
b1c6de54
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.62
2
2011/10/
14 05:38:4
9 marka Exp $ */
/* $Id: server.c,v 1.62
3
2011/10/
25 01:54:1
9 marka Exp $ */
/*! \file */
...
...
@@ -5912,7 +5912,7 @@ next_token(char **stringp, const char *delim) {
*/
static
isc_result_t
zone_from_args
(
ns_server_t
*
server
,
char
*
args
,
dns_zone_t
**
zonep
,
const
char
**
zonename
)
const
char
**
zonename
,
isc_boolean_t
skip
)
{
char
*
input
,
*
ptr
;
const
char
*
zonetxt
;
...
...
@@ -5928,10 +5928,12 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
input
=
args
;
/* Skip the command name. */
ptr
=
next_token
(
&
input
,
"
\t
"
);
if
(
ptr
==
NULL
)
return
(
ISC_R_UNEXPECTEDEND
);
if
(
skip
)
{
/* Skip the command name. */
ptr
=
next_token
(
&
input
,
"
\t
"
);
if
(
ptr
==
NULL
)
return
(
ISC_R_UNEXPECTEDEND
);
}
/* Look for the zone name. */
zonetxt
=
next_token
(
&
input
,
"
\t
"
);
...
...
@@ -5999,7 +6001,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
dns_zone_t
*
zone
=
NULL
;
dns_zonetype_t
type
;
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
);
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
,
ISC_TRUE
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
zone
==
NULL
)
...
...
@@ -6023,7 +6025,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_zonetype_t
type
;
const
char
*
msg
=
NULL
;
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
);
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
,
ISC_TRUE
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
zone
==
NULL
)
{
...
...
@@ -6083,7 +6085,7 @@ ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_zone_t
*
zone
=
NULL
;
const
unsigned
char
msg
[]
=
"zone notify queued"
;
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
);
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
,
ISC_TRUE
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
zone
==
NULL
)
...
...
@@ -6108,7 +6110,7 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
const
unsigned
char
msg2
[]
=
"not a slave or stub zone"
;
dns_zonetype_t
type
;
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
);
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
,
ISC_TRUE
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
zone
==
NULL
)
...
...
@@ -7216,7 +7218,7 @@ ns_server_rekey(ns_server_t *server, char *args) {
if
(
strncasecmp
(
args
,
NS_COMMAND_SIGN
,
strlen
(
NS_COMMAND_SIGN
))
==
0
)
fullsign
=
ISC_TRUE
;
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
);
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
,
ISC_TRUE
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
zone
==
NULL
)
...
...
@@ -7283,7 +7285,7 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
(
void
)
next_token
(
&
args
,
"
\t
"
);
}
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
);
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
,
ISC_TRUE
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
...
...
@@ -7359,7 +7361,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
isc_boolean_t
frozen
;
const
char
*
msg
=
NULL
;
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
);
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
,
ISC_TRUE
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
zone
==
NULL
)
{
...
...
@@ -7687,7 +7689,7 @@ ns_server_del_zone(ns_server_t *server, char *args) {
FILE
*
ifp
=
NULL
,
*
ofp
=
NULL
;
/* Parse parameters */
CHECK
(
zone_from_args
(
server
,
args
,
&
zone
,
&
zonename
));
CHECK
(
zone_from_args
(
server
,
args
,
&
zone
,
&
zonename
,
ISC_TRUE
));
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
zone
==
NULL
)
{
...
...
@@ -7855,3 +7857,47 @@ newzone_cfgctx_destroy(void **cfgp) {
isc_mem_putanddetach
(
&
cfg
->
mctx
,
cfg
,
sizeof
(
*
cfg
));
*
cfgp
=
NULL
;
}
/*
* Act on a "keydone" command from the command channel.
*/
isc_result_t
ns_server_keydone
(
ns_server_t
*
server
,
char
*
args
)
{
isc_result_t
result
;
dns_zone_t
*
zone
=
NULL
;
const
char
*
ptr
=
NULL
;
ptr
=
next_token
(
&
args
,
"
\t
"
);
if
(
ptr
==
NULL
)
return
(
ISC_R_UNEXPECTEDEND
);
ptr
=
next_token
(
&
args
,
"
\t
"
);
if
(
ptr
==
NULL
)
return
(
ISC_R_UNEXPECTEDEND
);
/*
* Is the rdata sane?
*/
if
(
strspn
(
ptr
,
"0123456789ABCDEFabcdef"
)
!=
10U
||
strncmp
(
ptr
,
"00"
,
2
)
==
0
||
strcmp
(
ptr
+
6
,
"0001"
)
!=
0
)
return
(
DNS_R_SYNTAX
);
/*
* Find the zone.
*/
result
=
zone_from_args
(
server
,
args
,
&
zone
,
NULL
,
ISC_FALSE
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
zone
==
NULL
)
return
(
ISC_R_NOTFOUND
);
if
(
dns_zone_gettype
(
zone
)
!=
dns_zone_master
)
{
result
=
DNS_R_NOTMASTER
;
goto
cleanup
;
}
result
=
dns_zone_keydone
(
zone
,
ptr
);
cleanup:
dns_zone_detach
(
&
zone
);
return
(
result
);
}
bin/rndc/rndc.c
View file @
b1c6de54
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.c,v 1.13
4
2011/
03/21 15:39:05 each
Exp $ */
/* $Id: rndc.c,v 1.13
5
2011/
10/25 01:54:19 marka
Exp $ */
/*! \file */
...
...
@@ -154,6 +154,9 @@ command is one of the following:\n\
Add zone to given view. Requires new-zone-file option.
\n
\
delzone [
\"
file
\"
] zone [class [view]]
\n
\
Removes zone from given view. Requires new-zone-file option.
\n
\
keydone rdata zone [class [view]]
\n
\
Remove the private record with the corresponding rdata from
\n
\
the given zone.
\n
\
\n
\
* == not yet implemented
\n
\
Version: %s
\n
"
,
...
...
bin/tests/system/inline/clean.sh
View file @
b1c6de54
...
...
@@ -12,11 +12,15 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.
3
2011/10/
12 00:10
:19 marka Exp $
# $Id: clean.sh,v 1.
4
2011/10/
25 01:54
:19 marka Exp $
rm
-f
*
/named.memstats
rm
-f
*
/named.run
rm
-f
*
/trusted.conf
rm
-f
ns1/K
*
rm
-f
ns1/dsset-
*
rm
-f
ns1/root.db
rm
-f
ns1/root.db.signed
rm
-f
ns2/bits.db
rm
-f
ns2/bits.db.jnl
rm
-f
ns3/K
*
...
...
bin/tests/system/inline/ns1/named.conf
View file @
b1c6de54
...
...
@@ -14,7 +14,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2011
/
08
/
30
23
:
46
:
52
tbox
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
3
2011
/
10
/
25
01
:
54
:
20
marka
Exp
$ */
//
NS1
...
...
@@ -39,4 +39,4 @@ zone "." {
file
"root.db.signed"
;
};
//
include
"trusted.conf"
;
include
"trusted.conf"
;
bin/tests/system/inline/ns1/root.db.in
0 → 100644
View file @
b1c6de54
; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
; Copyright (C) 2000, 2001 Internet Software Consortium.
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: root.db.in,v 1.2 2011/10/25 01:54:20 marka Exp $
$TTL 300
. IN SOA gson.nominum.com. a.root.servers.nil. (
2000042100 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
bits. NS ns3.bits.
ns3.bits. A 10.53.0.3
bits. NS ns4.bits.
ns4.bits. A 10.53.0.4
noixfr. NS ns3.noixfr.
ns3.noixfr. A 10.53.0.3
bin/tests/system/inline/ns1/sign.sh
0 → 100644
View file @
b1c6de54
#!/bin/sh -e
#
# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.2 2011/10/25 01:54:20 marka Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
RANDFILE
=
../random.data
zone
=
.
rm
-f
K.+
*
+
*
.key
rm
-f
K.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$SIGNER
-S
-x
-T
1200
-o
${
zone
}
root.db
cat
${
keyname
}
.key |
grep
-v
'^; '
|
$PERL
-n
-e
'
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
'
>
trusted.conf
cp
trusted.conf ../ns6/trusted.conf
bin/tests/system/inline/ns3/named.conf
View file @
b1c6de54
...
...
@@ -14,11 +14,13 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2011
/
08
/
30
23
:
46
:
52
tbox
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
3
2011
/
10
/
25
01
:
54
:
20
marka
Exp
$ */
//
NS
2
//
NS
3
controls
{ /*
empty
*/ };
include
"../../common/rndc.key"
;
controls
{
inet
10
.
53
.
0
.
3
port
9953
allow
{
any
; }
keys
{
rndc_key
; }; };
options
{
query
-
source
address
10
.
53
.
0
.
3
;
...
...
bin/tests/system/inline/ns3/sign.sh
View file @
b1c6de54
...
...
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.
2
2011/
08/30 23:46:52 tbox
Exp $
# $Id: sign.sh,v 1.
3
2011/
10/25 01:54:20 marka
Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -26,9 +26,11 @@ rm -f K${zone}.+*+*.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
zone
=
noixfr
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
bin/tests/system/inline/ns6/named.conf
0 → 100644
View file @
b1c6de54
/*
*
Copyright
(
C
)
2011
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2011
/
10
/
25
01
:
54
:
21
marka
Exp
$ */
//
NS6
include
"../../common/rndc.key"
;
controls
{
inet
10
.
53
.
0
.
6
port
9953
allow
{
any
; }
keys
{
rndc_key
; }; };
options
{
query
-
source
address
10
.
53
.
0
.
6
;
notify
-
source
10
.
53
.
0
.
6
;
transfer
-
source
10
.
53
.
0
.
6
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
6
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
yes
;
notify
-
delay
0
;
};
zone
"."
{
type
hint
;
file
"../../common/root.hint"
;
};
include
"trusted.conf"
;
bin/tests/system/inline/setup.sh
View file @
b1c6de54
...
...
@@ -12,10 +12,13 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.
3
2011/10/
12 00:10
:19 marka Exp $
# $Id: setup.sh,v 1.
4
2011/10/
25 01:54
:19 marka Exp $
sh clean.sh
cp
ns1/root.db.in ns1/root.db
rm
-f
ns1/root.db.signed
touch
ns2/trusted.conf
cp
ns2/bits.db.in ns2/bits.db
rm
-f
ns2/bits.db.jnl
...
...
@@ -39,3 +42,4 @@ cp ns5/named.conf.pre ns5/named.conf
../../../tools/genrandom 400 random.data
(
cd
ns3
;
sh
-e
sign.sh
)
(
cd
ns1
;
sh
-e
sign.sh
)
bin/tests/system/inline/tests.sh
View file @
b1c6de54
...
...
@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.
3
2011/10/
12 00:10:19
marka Exp $
# $Id: tests.sh,v 1.
4
2011/10/
25 01:54:20
marka Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -34,7 +34,7 @@ do
$DIG
$DIGOPTS
@10.53.0.3
-p
5300 bits TYPE65534
>
dig.out.ns3.test
$n
grep
"status: NOERROR"
dig.out.ns3.test
$n
>
/dev/null
||
ret
=
1
grep
"ANSWER: 3,"
dig.out.ns3.test
$n
>
/dev/null
||
ret
=
1
records
=
`
grep
"
TYPE65534.*05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001
"
dig.out.ns3.test
$n
|
wc
-l
`
records
=
`
grep
'
TYPE65534.*05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001
$'
dig.out.ns3.test
$n
|
wc
-l
`
[
$records
=
2
]
||
ret
=
1
if
[
$ret
=
0
]
;
then
break
;
fi
sleep
1
...
...
@@ -42,6 +42,75 @@ done
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
n
=
`
expr
$n
+ 1
`
echo
"I:checking removal of private type record via 'rndc keydone' (
$n
)"
ret
=
0
$DIG
$DIGOPTS
@10.53.0.3
-p
5300 bits TYPE65534
>
dig.out.ns3.test
$n
records
=
`
sed
-n
-e
's/.*TYPE65534.*\(05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001\)$/\1/p'
dig.out.ns3.test
$n
`
for
record
in
$records
do
$RNDC
-c
../common/rndc.conf
-s
10.53.0.3
-p
9953 keydone
"
${
record
}
"
bits
||
ret
=
1
break
;
# We only want to remove 1 record for now.
done
2>&1 |sed
's/^/I:ns3 /'
for
i
in
1 2 3 4 5 6 7 8 9 10
do
ans
=
0
$DIG
$DIGOPTS
@10.53.0.3
-p
5300 bits TYPE65534
>
dig.out.ns3.test
$n
grep
"ANSWER: 2,"
dig.out.ns3.test
$n
>
/dev/null
||
ans
=
1
[
$ans
=
1
]
||
break
sleep
1
done
[
$ans
=
0
]
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
n
=
`
expr
$n
+ 1
`
echo
"I:checking private type was properly signed (
$n
)"
ret
=
0
$DIG
$DIGOPTS
@10.53.0.6
-p
5300 bits TYPE65534
>
dig.out.ns6.test
$n
grep
"ANSWER: 2,"
dig.out.ns6.test
$n
>
/dev/null
||
ret
=
1
grep
"flags:.* ad[ ;]"
dig.out.ns6.test
$n
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
n
=
`
expr
$n
+ 1
`
echo
"I:checking removal of remaining private type record via 'rndc keydone' (
$n
)"
ret
=
0
$DIG
$DIGOPTS
@10.53.0.3
-p
5300 bits TYPE65534
>
dig.out.ns3.test
$n
records
=
`
sed
-n
-e
's/.*TYPE65534.*\(05[0-9A-F][0-9A-F][0-9A-F][0-9A-F]0001\)$/\1/p'
dig.out.ns3.test
$n
`
for
record
in
$records
do
$RNDC
-c
../common/rndc.conf
-s
10.53.0.3
-p
9953 keydone
"
${
record
}
"
bits
||
ret
=
1
done
2>&1 |sed
's/^/I:ns3 /'
for
i
in
1 2 3 4 5 6 7 8 9 10
do
ans
=
0
$DIG
$DIGOPTS
@10.53.0.3
-p
5300 bits TYPE65534
>
dig.out.ns3.test
$n
grep
"ANSWER: 0,"
dig.out.ns3.test
$n
>
/dev/null
||
ans
=
1
grep
"status: NOERROR"
dig.out.ns3.test
$n
>
/dev/null
||
ans
=
1
[
$ans
=
1
]
||
break
sleep
1
done
[
$ans
=
0
]
||
ret
=
1
if
[
$ret
!=
0
]
;