Commit 885a3d20 authored by Evan Hunt's avatar Evan Hunt

remove "dnssec-enable" from all system tests

parent b3ff3bf2
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-loadkeys-interval 30;
};
......
......@@ -24,7 +24,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-loadkeys-interval 10;
allow-new-zones yes;
......
......@@ -20,7 +20,6 @@ options {
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-must-be-secure mustbesecure.example yes;
};
......
......@@ -20,7 +20,6 @@ options {
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -11,5 +11,4 @@
options {
dnssec-enable no;
dnssec-validation yes;
};
......@@ -9,10 +9,6 @@
* information regarding copyright ownership.
*/
options {
dnssec-enable no;
};
view view1 {
match-clients { any; };
dnssec-validation yes;
......
......@@ -9,18 +9,12 @@
* information regarding copyright ownership.
*/
options {
dnssec-validation no;
};
view view1 {
match-clients { any; };
dnssec-enable no;
};
view view2 {
match-clients { none; };
dnssec-enable yes;
};
view view3 {
......
......@@ -111,11 +111,11 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking named-checkconf dnssec warnings ($n)"
ret=0
$CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
# dnssec.1: dnssec-enable is obsolete
$CHECKCONF dnssec.1 2>&1 | grep "'dnssec-enable' is obsolete and should be removed" > /dev/null || ret=1
# dnssec.2: auto-dnssec warning
$CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1
$CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1
$CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
# this one should have no warnings
# dnssec.3: should have no warnings
$CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......
......@@ -30,7 +30,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -30,7 +30,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { fd92:7065:b8e:ffff::1; };
recursion no;
notify yes;
dnssec-enable no;
dnssec-validation no;
};
......
......@@ -18,7 +18,6 @@ options {
listen-on { 10.53.0.2; };
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
dnssec-enable no;
dnssec-validation no;
};
......
......@@ -16,7 +16,6 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { fd92:7065:b8e:ffff::3; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
server-id "ns3";
};
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
};
zone "." { type master; file "root.signed"; };
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
};
zone "." { type hint; file "hints"; };
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
};
zone "." { type hint; file "hints"; };
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable no;
};
zone "." { type hint; file "hints"; };
......
......@@ -22,7 +22,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside "." trust-anchor "dlv.utld";
};
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
};
zone "." { type hint; file "hints"; };
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
allow-recursion { 10.53.0.1; };
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dns64 2001:bbbb::/96 {
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
dns64 2001:aaaa::/96 {
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
/* test that we can turn off trust-anchor-telemetry */
trust-anchor-telemetry no;
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
notify-delay 1;
minimal-responses no;
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
session-keyfile "session.key";
minimal-responses no;
......
......@@ -20,7 +20,6 @@ options {
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-must-be-secure mustbesecure.example yes;
minimal-responses no;
......
......@@ -21,7 +21,6 @@ options {
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
minimal-responses no;
......
......@@ -20,7 +20,6 @@ options {
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
dnssec-accept-expired yes;
......
......@@ -20,7 +20,6 @@ options {
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
bindkeys-file "managed.conf";
dnssec-enable no;
};
key rndc_key {
......
......@@ -20,7 +20,6 @@ options {
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -22,7 +22,6 @@ options {
recursion yes;
notify yes;
disable-algorithms . { @ALTERNATIVE_ALGORITHM@; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
minimal-responses yes;
};
......
......@@ -3648,20 +3648,5 @@ n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
# Note: after this check, ns4 will not be validating any more; do not add any
# further validation tests employing ns4 below this check.
echo_i "check that validation defaults to off when dnssec-enable is off ($n)"
ret=0
# Sanity check - validation should be enabled.
rndccmd 10.53.0.4 validation status | grep "enabled" > /dev/null || ret=1
# Set "dnssec-enable" to "no" and reconfigure.
copy_setports ns4/named5.conf.in ns4/named.conf
rndccmd 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i
# Check validation status again.
rndccmd 10.53.0.4 validation status | grep "disabled" > /dev/null || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -22,7 +22,6 @@ options {
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-must-be-secure . yes;
/* only SHA-256 is enabled */
......
......@@ -22,7 +22,6 @@ options {
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* only SHA-256 is enabled */
disable-ds-digests . { SHA-1; SHA-384; 5; 6; 7; 8; 9; };
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { fd92:7065:b8e:ffff::1; };
recursion no;
notify yes;
dnssec-enable no;
dnssec-validation no;
};
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -18,7 +18,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify no;
dnssec-enable yes;
session-keyfile "session.key";
servfail-ttl 0;
};
......
......@@ -18,7 +18,6 @@ options {
port @PORT@;
recursion no;
notify no;
dnssec-enable yes;
servfail-ttl 0;
};
......
......@@ -18,7 +18,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify no;
dnssec-enable yes;
};
key rndc_key {
......
......@@ -26,7 +26,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify no;
dnssec-enable yes;
dnssec-validation yes;
allow-query { allowed; };
};
......
......@@ -26,7 +26,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify no;
dnssec-enable yes;
dnssec-validation yes;
allow-query { allowed; };
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify no;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
servfail-ttl 0;
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "managed.conf";
trust-anchor-telemetry no;
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
managed-keys-directory "nope";
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
servfail-ttl 0;
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-enable yes;
dnssec-validation yes;
trust-anchor-telemetry no;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-enable yes;
dnssec-validation auto;
bindkeys-file "managed.conf";
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify no;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -23,7 +23,6 @@ options {
listen-on-v6 { none; };
allow-recursion { 10.53.0.1; };
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -25,7 +25,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
allow-recursion { 10.53.0.3; };
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -25,7 +25,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
nxdomain-redirect "redirect";
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
root-key-sentinel yes;
};
......
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
root-key-sentinel no;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
};
zone "." {
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
max-rsa-exponent-size 35;
};
......
......@@ -19,6 +19,5 @@ options {
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
notify yes;
dnssec-enable no;
dnssec-validation no;
};
......@@ -19,6 +19,5 @@ options {
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
notify yes;
dnssec-enable no;
dnssec-validation no;
};
......@@ -20,6 +20,5 @@ options {
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
notify yes;
dnssec-enable no;
dnssec-validation no;
};
......@@ -19,7 +19,6 @@ options {
listen-on-v6 { fd92:7065:b8e:ffff::2; };
recursion no;
notify yes;
dnssec-enable no;
dnssec-validation no;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -20,7 +20,6 @@ options {
listen-on { 10.53.0.5; };
listen-on-v6 { none; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
servfail-ttl 30;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
......
......@@ -21,7 +21,6 @@ options {
listen-on-v6 { none; };
recursion yes;
notify no;
dnssec-enable yes;
dnssec-validation yes;
};
......