Skip to content

Update kasp test with CDNSKEY checks

Matthijs Mekking requested to merge 1545-dnssec-policy-cdnskey-test into master

Add checks to the kasp system test to verify CDNSKEY publication. This test is not entirely complete, because when there is a CDNSKEY available but there should not be one for KEY N, it is hard to tell whether the existing CDNSKEY actually belongs to KEY N or another key.

The check works if we expect a CDNSKEY although we cannot guarantee that the CDNSKEY is correct: The test verifies existence, not correctness of the record.

Closes #1545 (closed)

Merge request reports