diff options
author | Martin Nagy <mnagy@redhat.com> | 2009-02-11 20:37:59 +0100 |
---|---|---|
committer | Martin Nagy <mnagy@redhat.com> | 2009-02-11 20:37:59 +0100 |
commit | f50ae72ec3417cae55dd4e085991c01af9fdc5f1 (patch) | |
tree | 0e36c9a3320f6d068df93d3ff6d84b821d23db40 /bin/tests/system/dnssec/ns3 | |
download | bind_dynamic-start.tar.gz bind_dynamic-start.tar.xz bind_dynamic-start.zip |
Initial commitstart
Diffstat (limited to 'bin/tests/system/dnssec/ns3')
20 files changed, 1040 insertions, 0 deletions
diff --git a/bin/tests/system/dnssec/ns3/bogus.example.db.in b/bin/tests/system/dnssec/ns3/bogus.example.db.in new file mode 100644 index 0000000..e83d07b --- /dev/null +++ b/bin/tests/system/dnssec/ns3/bogus.example.db.in @@ -0,0 +1,32 @@ +; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2000, 2001 Internet Software Consortium. +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: bogus.example.db.in,v 1.9 2007/06/19 23:47:02 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/dynamic.example.db.in b/bin/tests/system/dnssec/ns3/dynamic.example.db.in new file mode 100644 index 0000000..0b5b0b0 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/dynamic.example.db.in @@ -0,0 +1,31 @@ +; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2002 Internet Software Consortium. +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: dynamic.example.db.in,v 1.5 2007/06/19 23:47:02 tbox Exp $ + +; This has the NS and glue at the apex because testing RT #2399 +; requires we have only one name in the zone at a certain point +; during the test. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +@ NS @ +@ A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns3/insecure.example.db b/bin/tests/system/dnssec/ns3/insecure.example.db new file mode 100644 index 0000000..036adc5 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/insecure.example.db @@ -0,0 +1,32 @@ +; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2000, 2001 Internet Software Consortium. +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: insecure.example.db,v 1.9 2007/06/19 23:47:02 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db b/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db new file mode 100644 index 0000000..4518c2d --- /dev/null +++ b/bin/tests/system/dnssec/ns3/insecure.nsec3.example.db @@ -0,0 +1,31 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: insecure.nsec3.example.db,v 1.2 2008/09/24 02:46:21 marka Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/insecure.optout.example.db b/bin/tests/system/dnssec/ns3/insecure.optout.example.db new file mode 100644 index 0000000..0a3a45d --- /dev/null +++ b/bin/tests/system/dnssec/ns3/insecure.optout.example.db @@ -0,0 +1,31 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: insecure.optout.example.db,v 1.2 2008/09/24 02:46:21 marka Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 diff --git a/bin/tests/system/dnssec/ns3/keyless.example.db.in b/bin/tests/system/dnssec/ns3/keyless.example.db.in new file mode 100644 index 0000000..e2d1ffa --- /dev/null +++ b/bin/tests/system/dnssec/ns3/keyless.example.db.in @@ -0,0 +1,29 @@ +; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2001, 2002 Internet Software Consortium. +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: keyless.example.db.in,v 1.5 2007/06/19 23:47:02 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a.b A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/multiple.example.db.in b/bin/tests/system/dnssec/ns3/multiple.example.db.in new file mode 100644 index 0000000..c805a3e --- /dev/null +++ b/bin/tests/system/dnssec/ns3/multiple.example.db.in @@ -0,0 +1,34 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: multiple.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.e A 10.0.0.6 +child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/named.conf b/bin/tests/system/dnssec/ns3/named.conf new file mode 100644 index 0000000..38f4ad0 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/named.conf @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.33 2008/09/25 04:02:38 tbox Exp $ */ + +// NS3 + +controls { /* empty */ }; + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; + dnssec-validation yes; +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "example" { + type slave; + masters { 10.53.0.2; }; + file "example.bk"; +}; + +zone "secure.example" { + type master; + file "secure.example.db.signed"; + allow-update { any; }; +}; + +zone "bogus.example" { + type master; + file "bogus.example.db.signed"; + allow-update { any; }; +}; + +zone "dynamic.example" { + type master; + file "dynamic.example.db.signed"; + allow-update { any; }; +}; + +zone "insecure.example" { + type master; + file "insecure.example.db"; + allow-update { any; }; +}; + +zone "insecure.nsec3.example" { + type master; + file "insecure.nsec3.example.db"; + allow-update { any; }; +}; + +zone "insecure.optout.example" { + type master; + file "insecure.optout.example.db"; + allow-update { any; }; +}; + +zone "keyless.example" { + type master; + file "keyless.example.db.signed"; +}; + +zone "nsec3.example" { + type master; + file "nsec3.example.db.signed"; +}; + +zone "optout.nsec3.example" { + type master; + file "optout.nsec3.example.db.signed"; +}; + +zone "nsec3.nsec3.example" { + type master; + file "nsec3.nsec3.example.db.signed"; +}; + +zone "secure.nsec3.example" { + type master; + file "secure.nsec3.example.db.signed"; +}; + +zone "optout.example" { + type master; + file "optout.example.db.signed"; +}; + +zone "secure.optout.example" { + type master; + file "secure.optout.example.db.signed"; +}; + +zone "nsec3.optout.example" { + type master; + file "nsec3.optout.example.db.signed"; +}; + +zone "optout.optout.example" { + type master; + file "optout.optout.example.db.signed"; +}; + +zone "nsec3-unknown.example" { + type master; + nsec3-test-zone yes; + file "nsec3-unknown.example.db.signed"; +}; + +zone "optout-unknown.example" { + type master; + nsec3-test-zone yes; + file "optout-unknown.example.db.signed"; +}; + +zone "multiple.example" { + type master; + file "multiple.example.db.signed"; + allow-update { any; }; +}; + +zone "mustbesecure.example" { + type master; + file "mustbesecure.example.db"; +}; + +zone "rfc2335.example" { + type slave; + masters { 10.53.0.2; }; + file "rfc2335.example.bk"; +}; + +include "trusted.conf"; diff --git a/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in b/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in new file mode 100644 index 0000000..ffdd3e3 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in @@ -0,0 +1,34 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nsec3-unknown.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.e A 10.0.0.6 +child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.example.db.in new file mode 100644 index 0000000..97ac59c --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nsec3.example.db.in @@ -0,0 +1,43 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.wild A 10.0.0.6 +child NS ns2.example. +insecure NS ns.insecure +ns.insecure A 10.53.0.3 +secure NS ns.secure +ns.secure A 10.53.0.3 +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 +optout NS ns.optout +ns.optout A 10.53.0.3 +02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in new file mode 100644 index 0000000..ca5b6e8 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nsec3.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in b/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in new file mode 100644 index 0000000..fd766e7 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nsec3.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in b/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in new file mode 100644 index 0000000..b001555 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/optout-unknown.example.db.in @@ -0,0 +1,34 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: optout-unknown.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.e A 10.0.0.6 +child NS ns2.example. diff --git a/bin/tests/system/dnssec/ns3/optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.example.db.in new file mode 100644 index 0000000..e41d15b --- /dev/null +++ b/bin/tests/system/dnssec/ns3/optout.example.db.in @@ -0,0 +1,45 @@ +; Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.wild A 10.0.0.6 +insecure NS ns.insecure +ns.insecure A 10.53.0.3 +secure NS ns.secure +ns.secure A 10.53.0.3 +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 +optout NS ns.optout +ns.optout A 10.53.0.3 +child NS ns2.example. +insecure.empty NS ns.insecure.empty +ns.insecure.empty A 10.53.0.3 +foo.*.empty-wild NS ns diff --git a/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in new file mode 100644 index 0000000..150c386 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: optout.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/optout.optout.example.db.in b/bin/tests/system/dnssec/ns3/optout.optout.example.db.in new file mode 100644 index 0000000..91b5b89 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/optout.optout.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: optout.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/secure.example.db.in b/bin/tests/system/dnssec/ns3/secure.example.db.in new file mode 100644 index 0000000..9cd4d6f --- /dev/null +++ b/bin/tests/system/dnssec/ns3/secure.example.db.in @@ -0,0 +1,41 @@ +; Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2000, 2001 Internet Software Consortium. +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: secure.example.db.in,v 1.13 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in b/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in new file mode 100644 index 0000000..92e720b --- /dev/null +++ b/bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: secure.nsec3.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/secure.optout.example.db.in b/bin/tests/system/dnssec/ns3/secure.optout.example.db.in new file mode 100644 index 0000000..d1ac6af --- /dev/null +++ b/bin/tests/system/dnssec/ns3/secure.optout.example.db.in @@ -0,0 +1,40 @@ +; Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: secure.optout.example.db.in,v 1.3 2008/09/25 04:02:38 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a.a.a.a.a.a.a.e A 10.0.0.27 +x CNAME a + +private NS ns.private +ns.private A 10.53.0.2 + +insecure NS ns.insecure +ns.insecure A 10.53.0.2 + diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh new file mode 100644 index 0000000..eb362aa --- /dev/null +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -0,0 +1,224 @@ +#!/bin/sh +# +# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000-2002 Internet Software Consortium. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: sign.sh,v 1.25 2008/09/25 04:02:38 tbox Exp $ + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +RANDFILE=../random.data + +zone=secure.example. +infile=secure.example.db.in +zonefile=secure.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +zone=bogus.example. +infile=bogus.example.db.in +zonefile=bogus.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +zone=dynamic.example. +infile=dynamic.example.db.in +zonefile=dynamic.example.db + +keyname1=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname2=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +zone=keyless.example. +infile=keyless.example.db.in +zonefile=keyless.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# Change the signer field of the a.b.keyless.example SIG A +# to point to a provably nonexistent KEY record. +mv $zonefile.signed $zonefile.tmp +<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/ + if /^a.b.keyless.example/../NXT/;' >$zonefile.signed +rm -f $zonefile.tmp + +# +# NSEC3/NSEC test zone +# +zone=secure.nsec3.example. +infile=secure.nsec3.example.db.in +zonefile=secure.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# NSEC3/NSEC3 test zone +# +zone=nsec3.nsec3.example. +infile=nsec3.nsec3.example.db.in +zonefile=nsec3.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC3 test zone +# +zone=optout.nsec3.example. +infile=optout.nsec3.example.db.in +zonefile=optout.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A nsec3 zone (non-optout). +# +zone=nsec3.example. +infile=nsec3.example.db.in +zonefile=nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC test zone +# +zone=secure.optout.example. +infile=secure.optout.example.db.in +zonefile=secure.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC3 test zone +# +zone=nsec3.optout.example. +infile=nsec3.optout.example.db.in +zonefile=nsec3.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/OPTOUT test zone +# +zone=optout.optout.example. +infile=optout.optout.example.db.in +zonefile=optout.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A optout nsec3 zone. +# +zone=optout.example. +infile=optout.example.db.in +zonefile=optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A nsec3 zone (non-optout) with unknown hash algorithm. +# +zone=nsec3-unknown.example. +infile=nsec3-unknown.example.db.in +zonefile=nsec3-unknown.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A optout nsec3 zone. +# +zone=optout-unknown.example. +infile=optout-unknown.example.db.in +zonefile=optout-unknown.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A multiple parameter nsec3 zone. +# +zone=multiple.example. +infile=multiple.example.db.in +zonefile=multiple.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null |