Commit d9837239 authored by Michael Sawyer's avatar Michael Sawyer

Addition of test suite.

parent 64527927
......@@ -7,7 +7,9 @@ $TTL 300 ; 5 minutes
3600 ; minimum (1 hour)
)
NS ns2
NS ns3
ns2 A 10.53.0.2
ns3 A 10.53.0.3
a A 10.0.0.1
b A 10.0.0.2
......@@ -18,7 +20,12 @@ secure NS ns.secure
ns.secure A 10.53.0.3
; An insecure subdomain
insecure NS ns.secure
insecure NS ns.insecure
ns.insecure A 10.53.0.3
; A secure subdomain we're going to inject bogus data into
bogus NS ns.bogus
ns.bogus A 10.53.0.3
z A 10.0.0.26
......@@ -16,3 +16,5 @@ zone "example" {
allow-update { any; };
};
include "trusted.conf";
......@@ -13,27 +13,28 @@ keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
cp ../ns3/secure.example.keyset .
$KEYSIGNER -v 9 secure.example.keyset $keyname
echo $KEYSIGNER secure.example.keyset $keyname
$KEYSIGNER secure.example.keyset $keyname
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat secure.example.signedkey >>../ns3/secure.example.db.signed
cp ../ns3/bogus.example.keyset .
echo $KEYSIGNER bogus.example.keyset $keyname
$KEYSIGNER bogus.example.keyset $keyname
# This will leave two copies of the child's zone key in the signed db file;
# that shouldn't cause any problems.
cat bogus.example.signedkey >>../ns3/bogus.example.db.signed
echo $KEYSETTOOL $keyname
$KEYSETTOOL $keyname
cat $infile $keyname.key >$zonefile
$SIGNER -v 1 -o $zone $zonefile
# Configure the resolving server with a trusted key.
echo $SIGNER -o $zone $zonefile
$SIGNER -o $zone $zonefile
cat $keyname.key | perl -n -e '
my ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
my $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' >../ns4/trusted.conf
......@@ -10,15 +10,28 @@ zone "." {
file "root.hint";
};
zone "example" {
type slave;
file "example.bk";
}
zone "secure.example" {
type master;
file "secure.example.db.signed";
allow-update { any; };
};
zone "bogus.example" {
type master;
file "bogus.example.db.signed";
allow-update { any; };
};
zone "insecure.example" {
type master;
file "insecure.example.db";
allow-update { any; };
};
include "trusted.conf";
......@@ -6,9 +6,24 @@ zonefile=secure.example.db
keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
echo $KEYSETTOOL $keyname.key
$KEYSETTOOL $keyname.key
cat $infile $keyname.key >$zonefile
$SIGNER -v 1 -o $zone $zonefile
echo $SIGNER -o $zone $zonefile
$SIGNER -o $zone $zonefile
zone=bogus.example.
infile=bogus.example.db.in
zonefile=bogus.example.db
keyname=`$KEYGEN -a RSA -b 768 -n zone $zone`
echo $KEYSETTOOL $keyname.key
$KEYSETTOOL $keyname.key
cat $infile $keyname.key >$zonefile
echo $SIGNER -o $zone $zonefile
$SIGNER -o $zone $zonefile
......@@ -3,7 +3,6 @@ options {
pid-file "named.pid";
listen-on { 10.53.0.4; };
recursion yes;
notify yes;
};
zone "." {
......
#!/bin/sh
cd ns2 && sh sign.sh
cd ns1 && sh sign.sh
if [ $# -gt 0 ]
then
case $1 in
--badsig)
echo "injecting bogus data to force signature checking to fail..." >&2
echo "a.secure.example. A 10.0.0.22" >>../ns3/secure.example.db.signed
;;
*)
echo "unknown option $1" >&2; exit 1
;;
esac
fi
#echo "a.bogus.example. A 10.0.0.22" >>../ns3/secure.example.db.signed
......@@ -3,6 +3,8 @@
# Start name servers for running system tests.
#
. ./conf.sh
cd $1
for d in ns*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment