diff options
| author | Internet Software Consortium, Inc <@isc.org> | 2011-11-01 14:44:10 -0600 |
|---|---|---|
| committer | Internet Software Consortium, Inc <@isc.org> | 2011-11-01 14:44:10 -0600 |
| commit | 0985d8a79623e77e4d2c801a661d1b1180f41285 (patch) | |
| tree | d72acdc49feea21a0f2bccbe043f325b566fdbd5 /bin | |
| parent | 00d5712510aa66b262594f8846d3666c0de2a204 (diff) | |
| download | bind9-0985d8a79623e77e4d2c801a661d1b1180f41285.tar.gz | |
9.9.0a1
Diffstat (limited to 'bin')
260 files changed, 3950 insertions, 676 deletions
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 11a429c6..1daad822 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkconf.c,v 1.54.62.2 2011-03-12 04:59:13 tbox Exp $ */ +/* $Id: named-checkconf.c,v 1.56 2011-03-12 04:59:46 tbox Exp $ */ /*! \file */ diff --git a/bin/confgen/ddns-confgen.c b/bin/confgen/ddns-confgen.c index 3fdf4d47..fe628972 100644 --- a/bin/confgen/ddns-confgen.c +++ b/bin/confgen/ddns-confgen.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ddns-confgen.c,v 1.9.308.2 2011-03-12 04:59:13 tbox Exp $ */ +/* $Id: ddns-confgen.c,v 1.11 2011-03-12 04:59:46 tbox Exp $ */ /*! \file */ diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c index 0eac35fe..76a7a304 100644 --- a/bin/confgen/rndc-confgen.c +++ b/bin/confgen/rndc-confgen.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc-confgen.c,v 1.5.308.2 2011-03-12 04:59:13 tbox Exp $ */ +/* $Id: rndc-confgen.c,v 1.7 2011-03-12 04:59:46 tbox Exp $ */ /*! \file */ diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index 87d50457..c0953d47 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.54 2010-03-05 01:14:15 tbox Exp $ +.\" $Id: dig.1,v 1.55 2011-03-06 01:14:19 tbox Exp $ .\" .hy 0 .ad l @@ -358,6 +358,24 @@ option is enabled. If short form answers are requested, the default is not to sh Toggle the display of comment lines in the output. The default is to print comments. .RE .PP +\fB+[no]rrcomments\fR +.RS 4 +Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active. +.RE +.PP +\fB+split=W\fR +.RS 4 +Split long hex\- or base64\-formatted fields in resource records into chunks of +\fIW\fR +characters (where +\fIW\fR +is rounded up to the nearest multiple of 4). +\fI+nosplit\fR +or +\fI+split=0\fR +causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active. +.RE +.PP \fB+[no]stats\fR .RS 4 This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics. @@ -567,7 +585,7 @@ RFC1035. .PP There are probably too many query options. .SH "COPYRIGHT" -Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2011 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 72883872..4e7a21f2 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.237.124.3 2011-03-11 06:46:58 marka Exp $ */ +/* $Id: dig.c,v 1.242 2011-03-11 06:11:20 marka Exp $ */ /*! \file */ @@ -67,7 +67,8 @@ static char domainopt[DNS_NAME_MAXTEXT]; static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE, ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE, multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE, - onesoa = ISC_FALSE; + onesoa = ISC_FALSE, rrcomments = ISC_FALSE; +static isc_uint32_t splitwidth = 0xffffffff; /*% opcode text */ static const char * const opcodetext[] = { @@ -201,6 +202,8 @@ help(void) { " +[no]cl (Control display of class in records)\n" " +[no]cmd (Control display of command line)\n" " +[no]comments (Control display of comment lines)\n" +" +[no]rrcomments (Control display of per-record " + "comments)\n" " +[no]question (Control display of question)\n" " +[no]answer (Control display of answer)\n" " +[no]authority (Control display of authority)\n" @@ -223,6 +226,7 @@ help(void) { " +[no]topdown (Do DNSSEC validation top down mode)\n" #endif #endif +" +[no]split=## (Split hex/base64 fields into chunks)\n" " +[no]multiline (Print records in an expanded format)\n" " +[no]onesoa (AXFR prints only one soa record)\n" " global d-opts and servers (before host name) affect all queries.\n" @@ -391,6 +395,8 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, styleflags |= DNS_STYLEFLAG_NO_TTL; if (noclass) styleflags |= DNS_STYLEFLAG_NO_CLASS; + if (rrcomments) + styleflags |= DNS_STYLEFLAG_RRCOMMENT; if (multiline) { styleflags |= DNS_STYLEFLAG_OMIT_OWNER; styleflags |= DNS_STYLEFLAG_OMIT_CLASS; @@ -399,16 +405,21 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, styleflags |= DNS_STYLEFLAG_TTL; styleflags |= DNS_STYLEFLAG_MULTILINE; styleflags |= DNS_STYLEFLAG_COMMENT; + styleflags |= DNS_STYLEFLAG_RRCOMMENT; } + if (multiline || (nottl && noclass)) - result = dns_master_stylecreate(&style, styleflags, - 24, 24, 24, 32, 80, 8, mctx); + result = dns_master_stylecreate2(&style, styleflags, + 24, 24, 24, 32, 80, 8, + splitwidth, mctx); else if (nottl || noclass) - result = dns_master_stylecreate(&style, styleflags, - 24, 24, 32, 40, 80, 8, mctx); + result = dns_master_stylecreate2(&style, styleflags, + 24, 24, 32, 40, 80, 8, + splitwidth, mctx); else - result = dns_master_stylecreate(&style, styleflags, - 24, 32, 40, 48, 80, 8, mctx); + result = dns_master_stylecreate2(&style, styleflags, + 24, 32, 40, 48, 80, 8, + splitwidth, mctx); check_result(result, "dns_master_stylecreate"); result = dns_master_rdatasettotext(owner_name, rdataset, style, target); @@ -433,6 +444,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { unsigned int styleflags = 0; styleflags |= DNS_STYLEFLAG_REL_OWNER; + if (query->lookup->comments) + styleflags |= DNS_STYLEFLAG_COMMENT; + if (rrcomments) + styleflags |= DNS_STYLEFLAG_RRCOMMENT; if (nottl) styleflags |= DNS_STYLEFLAG_NO_TTL; if (noclass) @@ -444,17 +459,20 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { styleflags |= DNS_STYLEFLAG_OMIT_TTL; styleflags |= DNS_STYLEFLAG_TTL; styleflags |= DNS_STYLEFLAG_MULTILINE; - styleflags |= DNS_STYLEFLAG_COMMENT; + styleflags |= DNS_STYLEFLAG_RRCOMMENT; } if (multiline || (nottl && noclass)) - result = dns_master_stylecreate(&style, styleflags, - 24, 24, 24, 32, 80, 8, mctx); + result = dns_master_stylecreate2(&style, styleflags, + 24, 24, 24, 32, 80, 8, + splitwidth, mctx); else if (nottl || noclass) - result = dns_master_stylecreate(&style, styleflags, - 24, 24, 32, 40, 80, 8, mctx); + result = dns_master_stylecreate2(&style, styleflags, + 24, 24, 32, 40, 80, 8, + splitwidth, mctx); else - result = dns_master_stylecreate(&style, styleflags, - 24, 32, 40, 48, 80, 8, mctx); + result = dns_master_stylecreate2(&style, styleflags, + 24, 32, 40, 48, 80, 8, + splitwidth, mctx); check_result(result, "dns_master_stylecreate"); if (query->lookup->cmdline[0] != 0) { @@ -754,6 +772,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->section_answer = state; lookup->section_additional = state; lookup->comments = state; + rrcomments = state; lookup->stats = state; printcmd = state; break; @@ -912,6 +931,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->identify = ISC_TRUE; lookup->stats = ISC_FALSE; lookup->comments = ISC_FALSE; + rrcomments = ISC_FALSE; lookup->section_additional = ISC_FALSE; lookup->section_authority = ISC_FALSE; lookup->section_question = ISC_FALSE; @@ -972,6 +992,10 @@ plus_option(char *option, isc_boolean_t is_batchfile, goto invalid_option; } break; + case 'r': /* rrcomments */ + FULLCHECK("rrcomments"); + rrcomments = state; + break; default: goto invalid_option; } @@ -998,6 +1022,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->section_authority = ISC_FALSE; lookup->section_question = ISC_FALSE; lookup->comments = ISC_FALSE; + rrcomments = ISC_FALSE; lookup->stats = ISC_FALSE; } break; @@ -1020,6 +1045,36 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->dnssec = ISC_TRUE; break; #endif + case 'p': /* split */ + FULLCHECK("split"); + if (value != NULL && !state) + goto invalid_option; + if (!state) { + splitwidth = 0; + break; + } else if (value == NULL) + break; + + result = parse_uint(&splitwidth, value, + 1023, "split"); + if (splitwidth % 4 != 0) { + splitwidth = ((splitwidth + 3) / 4) * 4; + fprintf(stderr, ";; Warning, split must be " + "a multiple of 4; adjusting " + "to %d\n", splitwidth); + } + /* + * There is an adjustment done in the + * totext_<rrtype>() functions which causes + * splitwidth to shrink. This is okay when we're + * using the default width but incorrect in this + * case, so we correct for it + */ + if (splitwidth) + splitwidth += 3; + if (result != ISC_R_SUCCESS) + fatal("Couldn't parse retries"); + break; case 't': /* stats */ FULLCHECK("stats"); lookup->stats = state; @@ -1064,6 +1119,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->recurse = ISC_FALSE; lookup->identify = ISC_TRUE; lookup->comments = ISC_FALSE; + rrcomments = ISC_FALSE; lookup->stats = ISC_FALSE; lookup->section_additional = ISC_FALSE; lookup->section_authority = ISC_TRUE; diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 19e2ca2a..659a0f42 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.docbook,v 1.47 2010-03-04 23:50:34 tbox Exp $ --> +<!-- $Id: dig.docbook,v 1.49 2011-03-05 23:52:29 tbox Exp $ --> <refentry id="man.dig"> <refentryinfo> @@ -45,6 +45,7 @@ <year>2008</year> <year>2009</year> <year>2010</year> + <year>2011</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -587,8 +588,35 @@ <listitem> <para> Toggle the display of comment lines in the output. The default - is to - print comments. + is to print comments. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]rrcomments</option></term> + <listitem> + <para> + Toggle the display of per-record comments in the output (for + example, human-readable key information about DNSKEY records). + The default is not to print record comments unless multiline + mode is active. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+split=W</option></term> + <listitem> + <para> + Split long hex- or base64-formatted fields in resource + records into chunks of <parameter>W</parameter> characters + (where <parameter>W</parameter> is rounded up to the nearest + multiple of 4). + <parameter>+nosplit</parameter> or + <parameter>+split=0</parameter> causes fields not to be + split at all. The default is 56 characters, or 44 characters + when multiline mode is active. </para> </listitem> </varlistentry> diff --git a/bin/dig/dig.html b/bin/dig/dig.html index c9ce8f0e..327aedae 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.html,v 1.49 2010-03-05 01:14:15 tbox Exp $ --> +<!-- $Id: dig.html,v 1.50 2011-03-06 01:14:19 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -34,7 +34,7 @@ <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543522"></a><h2>DESCRIPTION</h2> +<a name="id2543525"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -80,7 +80,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543595"></a><h2>SIMPLE USAGE</h2> +<a name="id2543598"></a><h2>SIMPLE USAGE</h2> <p> A typical invocation of <span><strong class="command">dig</strong></span> looks like: </p> @@ -126,7 +126,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543686"></a><h2>OPTIONS</h2> +<a name="id2543689"></a><h2>OPTIONS</h2> <p> The <code class="option">-b</code> option sets the source IP address of the query to <em class="parameter"><code>address</code></em>. This must be a valid @@ -230,7 +230,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544035"></a><h2>QUERY OPTIONS</h2> +<a name="id2544038"></a><h2>QUERY OPTIONS</h2> <p><span><strong class="command">dig</strong></span> provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -392,8 +392,25 @@ <dt><span class="term"><code class="option">+[no]comments</code></span></dt> <dd><p> Toggle the display of comment lines in the output. The default - is to - print comments. + is to print comments. + </p></dd> +<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt> +<dd><p> + Toggle the display of per-record comments in the output (for + example, human-readable key information about DNSKEY records). + The default is not to print record comments unless multiline + mode is active. + </p></dd> +<dt><span class="term"><code class="option">+split=W</code></span></dt> +<dd><p> + Split long hex- or base64-formatted fields in resource + records into chunks of <em class="parameter"><code>W</code></em> characters + (where <em class="parameter"><code>W</code></em> is rounded up to the nearest + multiple of 4). + <em class="parameter"><code>+nosplit</code></em> or + <em class="parameter"><code>+split=0</code></em> causes fields not to be + split at all. The default is 56 characters, or 44 characters + when multiline mode is active. </p></dd> <dt><span class="term"><code class="option">+[no]stats</code></span></dt> <dd><p> @@ -561,7 +578,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2545184"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2545228"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports @@ -607,7 +624,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545245"></a><h2>IDN SUPPORT</h2> +<a name="id2545358"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -621,14 +638,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545336"></a><h2>FILES</h2> +<a name="id2545381"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> <p><code class="filename">${HOME}/.digrc</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545353"></a><h2>SEE ALSO</h2> +<a name="id2545398"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, @@ -636,7 +653,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545390"></a><h2>BUGS</h2> +<a name="id2545435"></a><h2>BUGS</h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 319ba3e7..21c5b1f5 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.336.22.4 2011-03-11 06:46:58 marka Exp $ */ +/* $Id: dighost.c,v 1.340 2011-03-11 06:11:20 marka Exp $ */ /*! \file * \note diff --git a/bin/dig/host.c b/bin/dig/host.c index c7a8e0eb..87effe21 100644 --- a/bin/dig/host.c +++ b/bin/dig/host.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.124.40.3 2011-03-11 06:46:59 marka Exp $ */ +/* $Id: host.c,v 1.127 2011-03-11 06:11:20 marka Exp $ */ /*! \file */ diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h index 2db5de55..87a1969e 100644 --- a/bin/dig/include/dig/dig.h +++ b/bin/dig/include/dig/dig.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.h,v 1.111.306.2 2011-02-28 01:19:58 tbox Exp $ */ +/* $Id: dig.h,v 1.113 2011-03-01 23:48:05 tbox Exp $ */ #ifndef DIG_H #define DIG_H diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c index e327c0f7..2427313c 100644 --- a/bin/dig/nslookup.c +++ b/bin/dig/nslookup.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nslookup.c,v 1.127.38.2 2011-02-28 01:19:58 tbox Exp $ */ +/* $Id: nslookup.c,v 1.129 2011-02-21 23:47:44 tbox Exp $ */ #include <config.h> diff --git a/bin/dnssec/dnssec-dsfromkey.8 b/bin/dnssec/dnssec-dsfromkey.8 index 25aa2bf8..8243d685 100644 --- a/bin/dnssec/dnssec-dsfromkey.8 +++ b/bin/dnssec/dnssec-dsfromkey.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-dsfromkey.8,v 1.13 2010-12-24 01:14:20 tbox Exp $ +.\" $Id: dnssec-dsfromkey.8,v 1.14 2011-03-28 01:14:34 tbox Exp $ .\" .hy 0 .ad l @@ -71,6 +71,15 @@ files) in Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from \fBfile\fR. If the zone name is the same as \fBfile\fR, then it may be omitted. +.sp +If +\fBfile\fR +is set to +"\-", then the zone data is read from the standard input. This makes it possible to use the output of the +\fBdig\fR +command as input, as in: +.sp +\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fR .RE .PP \-A @@ -139,5 +148,5 @@ RFC 4509. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2008\-2011 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c index b7f84a04..78ac939c 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-dsfromkey.c,v 1.19 2010-12-23 04:07:59 marka Exp $ */ +/* $Id: dnssec-dsfromkey.c,v 1.22 2011-08-18 04:52:35 marka Exp $ */ /*! \file */ @@ -31,12 +31,13 @@ #include <isc/string.h> #include <isc/util.h> +#include <dns/callbacks.h> #include <dns/db.h> #include <dns/dbiterator.h> #include <dns/ds.h> #include <dns/fixedname.h> -#include <dns/log.h> #include <dns/keyvalues.h> +#include <dns/log.h> #include <dns/master.h> #include <dns/name.h> #include <dns/rdata.h> @@ -76,8 +77,28 @@ initname(char *setname) { return (result); } +static void +db_load_from_stream(dns_db_t *db, FILE *fp) { + isc_result_t result; + dns_rdatacallbacks_t callbacks; + + dns_rdatacallbacks_init(&callbacks); + result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private); + if (result != ISC_R_SUCCESS) + fatal("dns_db_beginload failed: %s", isc_result_totext(result)); + + result = dns_master_loadstream(fp, name, name, rdclass, 0, + &callbacks, mctx); + if (result != ISC_R_SUCCESS) + fatal("can't load from input: %s", isc_result_totext(result)); + + result = dns_db_endload(db, &callbacks.add_private); + if (result != ISC_R_SUCCESS) + fatal("dns_db_endload failed: %s", isc_result_totext(result)); +} + static isc_result_t -loadsetfromfile(char *filename, dns_rdataset_t *rdataset) { +loadset(const char *filename, dns_rdataset_t *rdataset) { isc_result_t result; dns_db_t *db = NULL; dns_dbnode_t *node = NULL; @@ -90,9 +111,15 @@ loadsetfromfile(char *filename, dns_rdataset_t *rdataset) { if (result != ISC_R_SUCCESS) fatal("can't create database"); - result = dns_db_load(db, filename); - if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) - fatal("can't load %s: %s", filename, isc_result_totext(result)); + if (strcmp(filename, "-") == 0) { + db_load_from_stream(db, stdin); + filename = "input"; + } else { + result = dns_db_load(db, filename); + if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) + fatal("can't load %s: %s", filename, + isc_result_totext(result)); + } result = dns_db_findnode(db, name, ISC_FALSE, &node); if (result != ISC_R_SUCCESS) @@ -141,7 +168,7 @@ loadkeyset(char *dirname, dns_rdataset_t *rdataset) { return (ISC_R_NOSPACE); isc_buffer_putuint8(&buf, 0); - return (loadsetfromfile(filename, rdataset)); + return (loadset(filename, rdataset)); } static void @@ -265,12 +292,10 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside, fatal("can't print class"); isc_buffer_usedregion(&nameb, &r); - isc_util_fwrite(r.base, 1, r.length, stdout); - - putchar(' '); + printf("%.*s ", (int)r.length, r.base); isc_buffer_usedregion(&classb, &r); - isc_util_fwrite(r.base, 1, r.length, stdout); + printf("%.*s", (int)r.length, r.base); if (lookaside == NULL) printf(" DS "); @@ -278,8 +303,7 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside, printf(" DLV "); isc_buffer_usedregion(&textb, &r); - isc_util_fwrite(r.base, 1, r.length, stdout); - putchar('\n'); + printf("%.*s\n", (int)r.length, r.base); } ISC_PLATFORM_NORETURN_PRE static void @@ -466,7 +490,7 @@ main(int argc, char **argv) { if (usekeyset) result = loadkeyset(dir, &rdataset); else - result = loadsetfromfile(filename, &rdataset); + result = loadset(filename, &rdataset); if (result != ISC_R_SUCCESS) fatal("could not load DNSKEY set: %s\n", diff --git a/bin/dnssec/dnssec-dsfromkey.docbook b/bin/dnssec/dnssec-dsfromkey.docbook index 36410d5f..ba2a059c 100644 --- a/bin/dnssec/dnssec-dsfromkey.docbook +++ b/bin/dnssec/dnssec-dsfromkey.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-dsfromkey.docbook,v 1.12 2010-12-23 23:47:08 tbox Exp $ --> +<!-- $Id: dnssec-dsfromkey.docbook,v 1.16 2011-03-27 06:39:59 marka Exp $ --> <refentry id="man.dnssec-dsfromkey"> <refentryinfo> <date>August 26, 2009</date> @@ -39,6 +39,7 @@ <year>2008</year> <year>2009</year> <year>2010</year> + <year>2011</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -132,6 +133,15 @@ from <option>file</option>. If the zone name is the same as <option>file</option>, then it may be omitted. </para> + <para> + If <option>file</option> is set to <literal>"-"</literal>, then + the zone data is read from the standard input. This makes it + possible to use the output of the <command>dig</command> + command as input, as in: + </para> + <para> + <userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput> + </para> </listitem> </varlistentry> diff --git a/bin/dnssec/dnssec-dsfromkey.html b/bin/dnssec/dnssec-dsfromkey.html index 54cc1ab6..2a4313af 100644 --- a/bin/dnssec/dnssec-dsfromkey.html +++ b/bin/dnssec/dnssec-dsfromkey.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-dsfromkey.html,v 1.13 2010-12-24 01:14:19 tbox Exp $ --> +<!-- $Id: dnssec-dsfromkey.html,v 1.14 2011-03-28 01:14:34 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,14 +32,14 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543464"></a><h2>DESCRIPTION</h2> +<a name="id2543467"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-dsfromkey</strong></span> outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s). </p> </div> <div class="refsect1" lang="en"> -<a name="id2543476"></a><h2>OPTIONS</h2> +<a name="id2543479"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-1</span></dt> <dd><p> @@ -63,12 +63,23 @@ <code class="option">directory</code>. </p></dd> <dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt> -<dd><p> +<dd> +<p> Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from <code class="option">file</code>. If the zone name is the same as <code class="option">file</code>, then it may be omitted. - </p></dd> + </p> +<p> + If <code class="option">file</code> is set to <code class="literal">"-"</code>, then + the zone data is read from the standard input. This makes it + possible to use the output of the <span><strong class="command">dig</strong></span> + command as input, as in: + </p> +<p> + <strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong> + </p> +</dd> <dt><span class="term">-A</span></dt> <dd><p> Include ZSK's when generating DS records. Without this option, @@ -100,7 +111,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543662"></a><h2>EXAMPLE</h2> +<a name="id2543687"></a><h2>EXAMPLE</h2> <p> To build the SHA-256 DS RR from the <strong class="userinput"><code>Kexample.com.+003+26160</code></strong> @@ -115,7 +126,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543692"></a><h2>FILES</h2> +<a name="id2543717"></a><h2>FILES</h2> <p> The keyfile can be designed by the key identification <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name @@ -129,13 +140,13 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543728"></a><h2>CAVEAT</h2> +<a name="id2543752"></a><h2>CAVEAT</h2> <p> A keyfile error can give a "file not found" even if the file exists. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543737"></a><h2>SEE ALSO</h2> +<a name="id2543762"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -145,7 +156,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543777"></a><h2>AUTHOR</h2> +<a name="id2543801"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8 index a0fd6935..f51c987b 100644 --- a/bin/dnssec/dnssec-keyfromlabel.8 +++ b/bin/dnssec/dnssec-keyfromlabel.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keyfromlabel.8,v 1.18.14.2 2011-02-28 02:37:42 tbox Exp $ +.\" $Id: dnssec-keyfromlabel.8,v 1.20 2011-03-18 01:14:33 tbox Exp $ .\" .hy 0 .ad l @@ -32,7 +32,7 @@ dnssec\-keyfromlabel \- DNSSEC key generation tool .SH "SYNOPSIS" .HP 20 -\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name} +\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name} .SH "DESCRIPTION" .PP \fBdnssec\-keyfromlabel\fR @@ -122,6 +122,15 @@ Sets the directory in which the key files are to be written. Generate KEY records rather than DNSKEY records. .RE .PP +\-L \fIttl\fR +.RS 4 +Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to +0 +or +none +removes it. +.RE +.PP \-p \fIprotocol\fR .RS 4 Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors. diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c index 1323ed71..e411804c 100644 --- a/bin/dnssec/dnssec-keyfromlabel.c +++ b/bin/dnssec/dnssec-keyfromlabel.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keyfromlabel.c,v 1.32.14.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: dnssec-keyfromlabel.c,v 1.36 2011-03-18 02:16:43 marka Exp $ */ /*! \file */ @@ -84,6 +84,7 @@ usage(void) { fprintf(stderr, " -K directory: directory in which to place " "key files\n"); fprintf(stderr, " -k: generate a TYPE=KEY key\n"); + fprintf(stderr, " -L ttl: default key TTL\n"); fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n"); fprintf(stderr, " (DNSKEY generation defaults to ZONE\n"); fprintf(stderr, " -p protocol: default: 3 [dnssec]\n"); @@ -137,12 +138,13 @@ main(int argc, char **argv) { dns_rdataclass_t rdclass; int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC; char *label = NULL; + dns_ttl_t ttl = 0; isc_stdtime_t publish = 0, activate = 0, revoke = 0; isc_stdtime_t inactive = 0, delete = 0; isc_stdtime_t now; isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE; isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE; - isc_boolean_t setdel = ISC_FALSE; + isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE; isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE; isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE; isc_boolean_t unsetdel = ISC_FALSE; @@ -164,7 +166,7 @@ main(int argc, char **argv) { isc_stdtime_get(&now); while ((ch = isc_commandline_parse(argc, argv, - "3a:Cc:E:f:K:kl:n:p:t:v:yFhGP:A:R:I:D:")) != -1) + "3a:Cc:E:f:K:kl:L:n:p:t:v:yFhGP:A:R:I:D:")) != -1) { switch (ch) { case '3': @@ -202,6 +204,13 @@ main(int argc, char **argv) { case 'k': options |= DST_TYPE_KEY; break; + case 'L': + if (strcmp(isc_commandline_argument, "none") == 0) + ttl = 0; + else + ttl = strtottl(isc_commandline_argument); + setttl = ISC_TRUE; + break; case 'l': label = isc_mem_strdup(mctx, isc_commandline_argument); break; @@ -509,6 +518,10 @@ main(int argc, char **argv) { dst_key_setprivateformat(key, 1, 2); } + /* Set default key TTL */ + if (setttl) + dst_key_setttl(key, ttl); + /* * Do not overwrite an existing key. Warn LOUDLY if there * is a risk of ID collision due to this key or another key diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook index c731e6ea..7ddd89a6 100644 --- a/bin/dnssec/dnssec-keyfromlabel.docbook +++ b/bin/dnssec/dnssec-keyfromlabel.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.2 2011-02-28 01:19:58 tbox Exp $ --> +<!-- $Id: dnssec-keyfromlabel.docbook,v 1.21 2011-03-17 01:40:34 each Exp $ --> <refentry id="man.dnssec-keyfromlabel"> <refentryinfo> <date>February 8, 2008</date> @@ -59,6 +59,7 @@ <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-k</option></arg> <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg> <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg> <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg> @@ -235,6 +236,20 @@ </varlistentry> <varlistentry> + <term>-L <replaceable class="parameter">ttl</replaceable></term> + <listitem> + <para> + Sets the default TTL to use for this key when it is converted + into a DNSKEY RR. If the key is imported into a zone, + this is the TTL that will be used for it, unless there was + already a DNSKEY RRset in place, in which case the existing TTL + would take precedence. Setting the default TTL to + <literal>0</literal> or <literal>none</literal> removes it. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-p <replaceable class="parameter">protocol</replaceable></term> <listitem> <para> diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html index c939ed68..e0fc2691 100644 --- a/bin/dnssec/dnssec-keyfromlabel.html +++ b/bin/dnssec/dnssec-keyfromlabel.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keyfromlabel.html,v 1.17.14.2 2011-02-28 02:37:42 tbox Exp $ --> +<!-- $Id: dnssec-keyfromlabel.html,v 1.19 2011-03-18 01:14:33 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -28,10 +28,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543494"></a><h2>DESCRIPTION</h2> +<a name="id2543502"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-keyfromlabel</strong></span> gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 @@ -44,7 +44,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543512"></a><h2>OPTIONS</h2> +<a name="id2543521"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -134,6 +134,15 @@ <dd><p> Generate KEY records rather than DNSKEY records. </p></dd> +<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt> +<dd><p> + Sets the default TTL to use for this key when it is converted + into a DNSKEY RR. If the key is imported into a zone, + this is the TTL that will be used for it, unless there was + already a DNSKEY RRset in place, in which case the existing TTL + would take precedence. Setting the default TTL to + <code class="literal">0</code> or <code class="literal">none</code> removes it. + </p></dd> <dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt> <dd><p> Sets the protocol value for the key. The protocol @@ -163,7 +172,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543876"></a><h2>TIMING OPTIONS</h2> +<a name="id2543976"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -210,7 +219,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544042"></a><h2>GENERATED KEY FILES</h2> +<a name="id2544074"></a><h2>GENERATED KEY FILES</h2> <p> When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes successfully, @@ -249,7 +258,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544115"></a><h2>SEE ALSO</h2> +<a name="id2544147"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -257,7 +266,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544148"></a><h2>AUTHOR</h2> +<a name="id2544180"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index ea4690eb..a183be42 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.55 2010-12-24 01:14:19 tbox Exp $ +.\" $Id: dnssec-keygen.8,v 1.56 2011-03-18 01:14:33 tbox Exp $ .\" .hy 0 .ad l @@ -33,7 +33,7 @@ dnssec\-keygen \- DNSSEC key generation tool .SH "SYNOPSIS" .HP 14 -\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name} +\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name} .SH "DESCRIPTION" .PP \fBdnssec\-keygen\fR @@ -139,6 +139,15 @@ Sets the directory in which the key files are to be written. Deprecated in favor of \-T KEY. .RE .PP +\-L \fIttl\fR +.RS 4 +Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to +0 +or +none +removes it. +.RE +.PP \-p \fIprotocol\fR .RS 4 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors. @@ -298,7 +307,7 @@ RFC 4034. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007\-2010 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007\-2011 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 9a93ee3c..4cd9bebf 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.115.14.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: dnssec-keygen.c,v 1.118 2011-03-17 01:40:34 each Exp $ */ /*! \file */ @@ -125,7 +125,9 @@ usage(void) { fprintf(stderr, " -f <keyflag>: KSK | REVOKE\n"); fprintf(stderr, " -g <generator>: use specified generator " "(DH only)\n"); + fprintf(stderr, " -L <ttl>: default key TTL\n"); fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n"); + fprintf(stderr, " -r <randomdev>: a file containing random data\n"); fprintf(stderr, " -s <strength>: strength value this key signs DNS " "records with (default: 0)\n"); fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; " @@ -134,8 +136,6 @@ usage(void) { fprintf(stderr, " -t <type>: " "AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF " "(default: AUTHCONF)\n"); - fprintf(stderr, " -r <randomdev>: a file containing random data\n"); - fprintf(stderr, " -h: print usage and exit\n"); fprintf(stderr, " -m <memory debugging mode>:\n"); fprintf(stderr, " usage | trace | record | size | mctx\n"); @@ -227,6 +227,7 @@ main(int argc, char **argv) { dns_rdataclass_t rdclass; int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC; int dbits = 0; + dns_ttl_t ttl = 0; isc_boolean_t use_default = ISC_FALSE, use_nsec3 = ISC_FALSE; isc_stdtime_t publish = 0, activate = 0, revoke = 0; isc_stdtime_t inactive = 0, delete = 0; @@ -234,7 +235,7 @@ main(int argc, char **argv) { int prepub = -1; isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE; isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE; - isc_boolean_t setdel = ISC_FALSE; + isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE; isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE; isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE; isc_boolean_t unsetdel = ISC_FALSE; @@ -253,7 +254,7 @@ main(int argc, char **argv) { /* * Process memory debugging argument first. */ -#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:km:n:P:p:qR:r:S:s:T:t:v:" +#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:kL:m:n:P:p:qR:r:S:s:T:t:v:" while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case 'm': @@ -336,6 +337,13 @@ main(int argc, char **argv) { "To generate a key-signing key, use -f KSK.\n" "To generate a key with TYPE=KEY, use -T KEY.\n"); break; + case 'L': + if (strcmp(isc_commandline_argument, "none") == 0) + ttl = 0; + else + ttl = strtottl(isc_commandline_argument); + setttl = ISC_TRUE; + break; case 'n': nametype = isc_commandline_argument; break; @@ -960,6 +968,10 @@ main(int argc, char **argv) { dst_key_setprivateformat(key, 1, 2); } + /* Set the default key TTL */ + if (setttl) + dst_key_setttl(key, ttl); + /* * Do not overwrite an existing key, or create a key * if there is a risk of ID collision due to this key diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index dc140ebf..faffc896 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.docbook,v 1.36 2010-12-23 04:07:59 marka Exp $ --> +<!-- $Id: dnssec-keygen.docbook,v 1.38 2011-03-17 23:47:29 tbox Exp $ --> <refentry id="man.dnssec-keygen"> <refentryinfo> <date>June 30, 2000</date> @@ -43,6 +43,7 @@ <year>2008</year> <year>2009</year> <year>2010</year> + <year>2011</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -74,6 +75,7 @@ <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg> <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg> <arg><option>-k</option></arg> <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg> @@ -297,6 +299,20 @@ </varlistentry> <varlistentry> + <term>-L <replaceable class="parameter">ttl</replaceable></term> + <listitem> + <para> + Sets the default TTL to use for this key when it is converted + into a DNSKEY RR. If the key is imported into a zone, + this is the TTL that will be used for it, unless there was + already a DNSKEY RRset in place, in which case the existing TTL + would take precedence. Setting the default TTL to + <literal>0</literal> or <literal>none</literal> removes it. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-p <replaceable class="parameter">protocol</replaceable></term> <listitem> <para> diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 2f3a69b9..73a244d2 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.html,v 1.47 2010-12-24 01:14:20 tbox Exp $ --> +<!-- $Id: dnssec-keygen.html,v 1.48 2011-03-18 01:14:33 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543578"></a><h2>DESCRIPTION</h2> +<a name="id2543590"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -46,7 +46,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543596"></a><h2>OPTIONS</h2> +<a name="id2543608"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -170,6 +170,15 @@ <dd><p> Deprecated in favor of -T KEY. </p></dd> +<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt> +<dd><p> + Sets the default TTL to use for this key when it is converted + into a DNSKEY RR. If the key is imported into a zone, + this is the TTL that will be used for it, unless there was + already a DNSKEY RRset in place, in which case the existing TTL + would take precedence. Setting the default TTL to + <code class="literal">0</code> or <code class="literal">none</code> removes it. + </p></dd> <dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt> <dd><p> Sets the protocol value for the generated key. The protocol @@ -248,7 +257,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544301"></a><h2>TIMING OPTIONS</h2> +<a name="id2544200"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -319,7 +328,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544491"></a><h2>GENERATED KEYS</h2> +<a name="id2544390"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, @@ -365,7 +374,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544642"></a><h2>EXAMPLE</h2> +<a name="id2544540"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -386,7 +395,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544685"></a><h2>SEE ALSO</h2> +<a name="id2544584"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 2539</em>, @@ -395,7 +404,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544716"></a><h2>AUTHOR</h2> +<a name="id2544615"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8 index cbe4092e..bbac8bf0 100644 --- a/bin/dnssec/dnssec-settime.8 +++ b/bin/dnssec/dnssec-settime.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-settime.8,v 1.14.70.1 2011-03-22 02:37:44 tbox Exp $ +.\" $Id: dnssec-settime.8,v 1.16 2011-03-22 01:14:25 tbox Exp $ .\" .hy 0 .ad l @@ -32,7 +32,7 @@ dnssec\-settime \- Set the key timing metadata for a DNSSEC key .SH "SYNOPSIS" .HP 15 -\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile} +\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile} .SH "DESCRIPTION" .PP \fBdnssec\-settime\fR @@ -67,6 +67,15 @@ will fail when attempting to update a legacy key. With this option, the key will Sets the directory in which the key files are to reside. .RE .PP +\-L \fIttl\fR +.RS 4 +Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to +0 +or +none +removes it. +.RE +.PP \-h .RS 4 Emit usage message and exit. diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c index a1258ef3..9e51eb99 100644 --- a/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-settime.c,v 1.28.16.3 2011-06-02 20:24:11 each Exp $ */ +/* $Id: dnssec-settime.c,v 1.32 2011-06-02 20:24:45 each Exp $ */ /*! \file */ @@ -66,6 +66,7 @@ usage(void) { fprintf(stderr, " -f: force update of old-style " "keys\n"); fprintf(stderr, " -K directory: set key file location\n"); + fprintf(stderr, " -L ttl: set default key TTL\n"); fprintf(stderr, " -v level: set level of verbosity\n"); fprintf(stderr, " -h: help\n"); fprintf(stderr, "Timing options:\n"); @@ -137,11 +138,12 @@ main(int argc, char **argv) { unsigned int size = 0; isc_uint16_t flags = 0; int prepub = -1; + dns_ttl_t ttl = 0; isc_stdtime_t now; isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0; isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE; isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE; - isc_boolean_t setdel = ISC_FALSE; + isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE; isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE; isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE; isc_boolean_t unsetdel = ISC_FALSE; @@ -165,7 +167,7 @@ main(int argc, char **argv) { isc_stdtime_get(&now); -#define CMDLINE_FLAGS "A:D:E:fhI:i:K:P:p:R:S:uv:" +#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:" while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case 'E': @@ -229,6 +231,13 @@ main(int argc, char **argv) { "directory"); } break; + case 'L': + if (strcmp(isc_commandline_argument, "none") == 0) + ttl = 0; + else + ttl = strtottl(isc_commandline_argument); + setttl = ISC_TRUE; + break; case 'v': verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') @@ -512,6 +521,9 @@ main(int argc, char **argv) { else if (unsetdel) dst_key_unsettime(key, DST_TIME_DELETE); + if (setttl) + dst_key_setttl(key, ttl); + /* * No metadata changes were made but we're forcing an upgrade * to the new format anyway: use "-P now -A now" as the default @@ -522,6 +534,9 @@ main(int argc, char **argv) { changed = ISC_TRUE; } + if (!changed && setttl) + changed = ISC_TRUE; + /* * Print out time values, if -p was used. */ diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook index daf720ba..9fb5f25f 100644 --- a/bin/dnssec/dnssec-settime.docbook +++ b/bin/dnssec/dnssec-settime.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-settime.docbook,v 1.11.70.2 2011-03-21 23:46:58 tbox Exp $ --> +<!-- $Id: dnssec-settime.docbook,v 1.14 2011-03-21 15:56:35 each Exp $ --> <refentry id="man.dnssec-settime"> <refentryinfo> <date>July 15, 2009</date> @@ -48,6 +48,7 @@ <command>dnssec-settime</command> <arg><option>-f</option></arg> <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg> <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg> @@ -116,6 +117,20 @@ </varlistentry> <varlistentry> + <term>-L <replaceable class="parameter">ttl</replaceable></term> + <listitem> + <para> + Sets the default TTL to use for this key when it is converted + into a DNSKEY RR. If the key is imported into a zone, + this is the TTL that will be used for it, unless there was + already a DNSKEY RRset in place, in which case the existing TTL + would take precedence. Setting the default TTL to + <literal>0</literal> or <literal>none</literal> removes it. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-h</term> <listitem> <para> diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html index baca8f56..304ce587 100644 --- a/bin/dnssec/dnssec-settime.html +++ b/bin/dnssec/dnssec-settime.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-settime.html,v 1.14.70.1 2011-03-22 02:37:44 tbox Exp $ --> +<!-- $Id: dnssec-settime.html,v 1.16 2011-03-22 01:14:25 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -28,10 +28,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543422"></a><h2>DESCRIPTION</h2> +<a name="id2543431"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-settime</strong></span> reads a DNSSEC private key file and sets the key timing metadata as specified by the <code class="option">-P</code>, <code class="option">-A</code>, @@ -56,7 +56,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543470"></a><h2>OPTIONS</h2> +<a name="id2543479"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-f</span></dt> <dd><p> @@ -73,6 +73,15 @@ <dd><p> Sets the directory in which the key files are to reside. </p></dd> +<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt> +<dd><p> + Sets the default TTL to use for this key when it is converted + into a DNSKEY RR. If the key is imported into a zone, + this is the TTL that will be used for it, unless there was + already a DNSKEY RRset in place, in which case the existing TTL + would take precedence. Setting the default TTL to + <code class="literal">0</code> or <code class="literal">none</code> removes it. + </p></dd> <dt><span class="term">-h</span></dt> <dd><p> Emit usage message and exit. @@ -89,7 +98,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543562"></a><h2>TIMING OPTIONS</h2> +<a name="id2543594"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -168,7 +177,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543701"></a><h2>PRINTING OPTIONS</h2> +<a name="id2543733"></a><h2>PRINTING OPTIONS</h2> <p> <span><strong class="command">dnssec-settime</strong></span> can also be used to print the timing metadata associated with a key. @@ -194,7 +203,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543915"></a><h2>SEE ALSO</h2> +<a name="id2543879"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -202,7 +211,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543948"></a><h2>AUTHOR</h2> +<a name="id2542137"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index 98228837..4b30c30e 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.59 2009-12-04 01:13:44 tbox Exp $ +.\" $Id: dnssec-signzone.8,v 1.63 2011-03-22 01:14:25 tbox Exp $ .\" .hy 0 .ad l @@ -33,7 +33,7 @@ dnssec\-signzone \- DNSSEC zone signing tool .SH "SYNOPSIS" .HP 16 -\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...] +\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...] .SH "DESCRIPTION" .PP \fBdnssec\-signzone\fR @@ -72,6 +72,15 @@ files in \fBdirectory\fR. .RE .PP +\-D +.RS 4 +Output only those record types automatically managed by +\fBdnssec\-signzone\fR, i.e. RRSIG, NSEC, NSEC3 and NSEC3PARAM records. If smart signing (\fB\-S\fR) is used, DNSKEY records are also included. The resulting file can be included in the original zone file with +\fB$INCLUDE\fR. This option cannot be combined with +\fB\-O raw\fR +or serial number updating. +.RE +.PP \-E \fIengine\fR .RS 4 Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine. @@ -119,6 +128,21 @@ must be later than \fBstart\-time\fR. .RE .PP +\-X \fIextended end\-time\fR +.RS 4 +Specify the date and time when the generated RRSIG records for the DNSKEY RRset will expire. This is to be used in cases when the DNSKEY signatures need to persist longer than signatures on other records; e.g., when the private component of the KSK is kept offline and the KSK signature is to be refreshed manually. +.sp +As with +\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no +\fBextended end\-time\fR +is specified, the value of +\fBend\-time\fR +is used as the default. (\fBend\-time\fR, in turn, defaults to 30 days from the start time.) +\fBextended end\-time\fR +must be later than +\fBstart\-time\fR. +.RE +.PP \-f \fIoutput\-file\fR .RS 4 The name of the output file containing the signed zone. The default is to append @@ -221,6 +245,17 @@ Disable post sign verification tests. The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests. .RE .PP +\-R +.RS 4 +Remove signatures from keys that no longer exist. +.sp +Normally, when a previously\-signed zone is passed as input to the signer, and a DNSKEY record has been removed and replaced with a new one, signatures from the old key that are still within their validity period are retained. This allows the zone to continue to validate with cached copies of the old DNSKEY RRset. The +\fB\-R\fR +forces +\fBdnssec\-signzone\fR +to remove all orphaned signatures. +.RE +.PP \-r \fIrandomdev\fR .RS 4 Specifies the source of randomness. If the operating system does not provide a @@ -265,8 +300,8 @@ If either of the key's unpublication or deletion dates are set and in the past, .PP \-T \fIttl\fR .RS 4 -Specifies the TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the minimum TTL value from the zone's SOA record. This option is ignored when signing without -\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them. +Specifies a TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the TTL value from the zone's SOA record. This option is ignored when signing without +\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them, or if any of the imported DNSKEY records had a default TTL value. In the event of a a conflict between TTL values in imported keys, the shortest one is used. .RE .PP \-t @@ -378,7 +413,7 @@ RFC 4033. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009, 2011 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index fe02d2e6..b8a14d09 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.262.110.9 2011-07-19 23:47:12 tbox Exp $ */ +/* $Id: dnssec-signzone.c,v 1.279 2011-07-19 23:47:48 tbox Exp $ */ /*! \file */ @@ -124,7 +124,7 @@ struct signer_event { static dns_dnsseckeylist_t keylist; static unsigned int keycount = 0; isc_rwlock_t keylist_lock; -static isc_stdtime_t starttime = 0, endtime = 0, now; +static isc_stdtime_t starttime = 0, endtime = 0, dnskey_endtime = 0, now; static int cycle = -1; static int jitter = 0; static isc_boolean_t tryverify = ISC_FALSE; @@ -171,6 +171,9 @@ static isc_boolean_t disable_zone_check = ISC_FALSE; static isc_boolean_t update_chain = ISC_FALSE; static isc_boolean_t set_keyttl = ISC_FALSE; static dns_ttl_t keyttl; +static isc_boolean_t smartsign = ISC_FALSE; +static isc_boolean_t remove_orphans = ISC_FALSE; +static isc_boolean_t output_dnssec_only = ISC_FALSE; #define INCSTAT(counter) \ if (printstats) { \ @@ -188,13 +191,69 @@ sign(isc_task_t *task, isc_event_t *event); static void dumpnode(dns_name_t *name, dns_dbnode_t *node) { + dns_rdataset_t rds; + dns_rdatasetiter_t *iter = NULL; + isc_buffer_t *buffer = NULL; + isc_region_t r; isc_result_t result; + unsigned bufsize = 4096; if (outputformat != dns_masterformat_text) return; - result = dns_master_dumpnodetostream(mctx, gdb, gversion, node, name, - masterstyle, fp); - check_result(result, "dns_master_dumpnodetostream"); + + if (!output_dnssec_only) { + result = dns_master_dumpnodetostream(mctx, gdb, gversion, node, + name, masterstyle, fp); + check_result(result, "dns_master_dumpnodetostream"); + return; + } + + result = dns_db_allrdatasets(gdb, node, gversion, 0, &iter); + check_result(result, "dns_db_allrdatasets"); + + dns_rdataset_init(&rds); + + result = isc_buffer_allocate(mctx, &buffer, bufsize); + check_result(result, "isc_buffer_allocate"); + + for (result = dns_rdatasetiter_first(iter); + result == ISC_R_SUCCESS; + result = dns_rdatasetiter_next(iter)) { + + dns_rdatasetiter_current(iter, &rds); + + if (rds.type != dns_rdatatype_rrsig && + rds.type != dns_rdatatype_nsec && + rds.type != dns_rdatatype_nsec3 && + rds.type != dns_rdatatype_nsec3param && + (!smartsign || rds.type != dns_rdatatype_dnskey)) { + dns_rdataset_disassociate(&rds); + continue; + } + + for (;;) { + result = dns_master_rdatasettotext(name, &rds, + masterstyle, buffer); + if (result != ISC_R_NOSPACE) + break; + + bufsize <<= 1; + isc_buffer_free(&buffer); + result = isc_buffer_allocate(mctx, &buffer, bufsize); + check_result(result, "isc_buffer_allocate"); + } + check_result(result, "dns_master_rdatasettotext"); + + isc_buffer_usedregion(buffer, &r); + result = isc_stdio_write(r.base, 1, r.length, fp, NULL); + check_result(result, "isc_stdio_write"); + isc_buffer_clear(buffer); + + dns_rdataset_disassociate(&rds); + } + + isc_buffer_free(&buffer); + dns_rdatasetiter_destroy(&iter); } /*% @@ -206,7 +265,7 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dst_key_t *key, dns_ttl_t ttl, dns_diff_t *add, const char *logmsg) { isc_result_t result; - isc_stdtime_t jendtime; + isc_stdtime_t jendtime, expiry; char keystr[DST_KEY_FORMATSIZE]; dns_rdata_t trdata = DNS_RDATA_INIT; unsigned char array[BUFSIZE]; @@ -216,7 +275,12 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dst_key_t *key, dst_key_format(key, keystr, sizeof(keystr)); vbprintf(1, "\t%s %s\n", logmsg, keystr); - jendtime = (jitter != 0) ? isc_random_jitter(endtime, jitter) : endtime; + if (rdataset->type == dns_rdatatype_dnskey) + expiry = dnskey_endtime; + else + expiry = endtime; + + jendtime = (jitter != 0) ? isc_random_jitter(expiry, jitter) : expiry; isc_buffer_init(&b, array, sizeof(array)); result = dns_dnssec_sign(name, rdataset, key, &starttime, &jendtime, mctx, &b, &trdata); @@ -254,6 +318,12 @@ issigningkey(dns_dnsseckey_t *key) { } static inline isc_boolean_t +ispublishedkey(dns_dnsseckey_t *key) { + return ((key->force_publish || key->hint_publish) && + !key->hint_remove); +} + +static inline isc_boolean_t iszonekey(dns_dnsseckey_t *key) { return (ISC_TF(dns_name_equal(dst_key_name(key->key), gorigin) && dst_key_iszonekey(key->key))); @@ -334,13 +404,15 @@ keythatsigned(dns_rdata_rrsig_t *rrsig) { directory, mctx, &privkey); if (result == ISC_R_SUCCESS) { dst_key_free(&pubkey); - dns_dnsseckey_create(mctx, &privkey, &key); - } else { - dns_dnsseckey_create(mctx, &pubkey, &key); + result = dns_dnsseckey_create(mctx, &privkey, &key); + } else + result = dns_dnsseckey_create(mctx, &pubkey, &key); + + if (result == ISC_R_SUCCESS) { + key->force_publish = ISC_FALSE; + key->force_sign = ISC_FALSE; + ISC_LIST_APPEND(keylist, key, link); } - key->force_publish = ISC_FALSE; - key->force_sign = ISC_FALSE; - ISC_LIST_APPEND(keylist, key, link); isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write); return (key); @@ -481,10 +553,9 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name, "private dnskey not found\n", sigstr); } else if (key == NULL || future) { + keep = (!expired && !remove_orphans); vbprintf(2, "\trrsig by %s %s - dnskey not found\n", - expired ? "retained" : "dropped", sigstr); - if (!expired) - keep = ISC_TRUE; + keep ? "retained" : "dropped", sigstr); } else if (issigningkey(key)) { if (!expired && rrsig.originalttl == set->ttl && setverifies(name, set, key->key, &sigrdata)) { @@ -500,6 +571,9 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name, wassignedby[key->index] = ISC_TRUE; resign = ISC_TRUE; } + } else if (!ispublishedkey(key) && remove_orphans) { + vbprintf(2, "\trrsig by %s dropped - dnskey removed\n", + sigstr); } else if (iszonekey(key)) { if (!expired && rrsig.originalttl == set->ttl && setverifies(name, set, key->key, &sigrdata)) { @@ -576,7 +650,7 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name, key != NULL; key = ISC_LIST_NEXT(key, link)) { - if (nowsignedby[key->index]) + if (nowsignedby[key->index] && !ispublishedkey(key)) continue; if (!issigningkey(key)) @@ -1483,10 +1557,6 @@ verifyzone(void) { unsigned char ksk_algorithms[256]; unsigned char zsk_algorithms[256]; unsigned char bad_algorithms[256]; -#ifdef ALLOW_KSKLESS_ZONES - isc_boolean_t allzsksigned = ISC_TRUE; - unsigned char self_algorithms[256]; -#endif if (disable_zone_check) return; @@ -1505,20 +1575,20 @@ verifyzone(void) { dns_rdatatype_dnskey, 0, 0, &keyset, &keysigs); if (result != ISC_R_SUCCESS) - fatal("cannot find DNSKEY rrset\n"); + fatal("Zone contains no DNSSEC keys\n"); result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_soa, 0, 0, &soaset, &soasigs); dns_db_detachnode(gdb, &node); if (result != ISC_R_SUCCESS) - fatal("cannot find SOA rrset\n"); + fatal("Zone contains no SOA record\n"); if (!dns_rdataset_isassociated(&keysigs)) - fatal("cannot find DNSKEY RRSIGs\n"); + fatal("DNSKEY is not signed (keys offline or inactive?)\n"); if (!dns_rdataset_isassociated(&soasigs)) - fatal("cannot find SOA RRSIGs\n"); + fatal("SOA is not signed (keys offline or inactive?)\n"); memset(revoked_ksk, 0, sizeof(revoked_ksk)); memset(revoked_zsk, 0, sizeof(revoked_zsk)); @@ -1527,9 +1597,6 @@ verifyzone(void) { memset(ksk_algorithms, 0, sizeof(ksk_algorithms)); memset(zsk_algorithms, 0, sizeof(zsk_algorithms)); memset(bad_algorithms, 0, sizeof(bad_algorithms)); -#ifdef ALLOW_KSKLESS_ZONES - memset(self_algorithms, 0, sizeof(self_algorithms)); -#endif /* * Check that the DNSKEY RR has at least one self signing KSK @@ -1582,10 +1649,6 @@ verifyzone(void) { } else if (dns_dnssec_selfsigns(&rdata, gorigin, &keyset, &keysigs, ISC_FALSE, mctx)) { -#ifdef ALLOW_KSKLESS_ZONES - if (self_algorithms[dnskey.algorithm] != 255) - self_algorithms[dnskey.algorithm]++; -#endif if (zsk_algorithms[dnskey.algorithm] != 255) zsk_algorithms[dnskey.algorithm]++; } else if (dns_dnssec_signs(&rdata, gorigin, &soaset, @@ -1595,9 +1658,6 @@ verifyzone(void) { } else { if (standby_zsk[dnskey.algorithm] != 255) standby_zsk[dnskey.algorithm]++; -#ifdef ALLOW_KSKLESS_ZONES - allzsksigned = ISC_FALSE; -#endif } dns_rdata_freestruct(&dnskey); dns_rdata_reset(&rdata); @@ -1606,31 +1666,13 @@ verifyzone(void) { dns_rdataset_disassociate(&soaset); dns_rdataset_disassociate(&soasigs); -#ifdef ALLOW_KSKLESS_ZONES - if (!goodksk) { - if (!ignore_kskflag) - fprintf(stderr, "No self signing KSK found. Using " - "self signed ZSK's for active " - "algorithm list.\n"); - memcpy(ksk_algorithms, self_algorithms, sizeof(ksk_algorithms)); - if (!allzsksigned) - fprintf(stderr, "warning: not all ZSK's are self " - "signed.\n"); - } -#else - if (!goodksk) { - fatal("No self signed KSK's found"); - } -#endif + if (!goodksk) + fatal("No self-signed KSK DNSKEY found. Supply an active\n" + "key with the KSK flag set, or use '-P'."); fprintf(stderr, "Verifying the zone using the following algorithms:"); for (i = 0; i < 256; i++) { -#ifdef ALLOW_KSKLESS_ZONES - if (ksk_algorithms[i] != 0 || zsk_algorithms[i] != 0) -#else - if (ksk_algorithms[i] != 0) -#endif - { + if (ksk_algorithms[i] != 0) { dns_secalg_format(i, algbuf, sizeof(algbuf)); fprintf(stderr, " %s", algbuf); } @@ -3277,10 +3319,16 @@ usage(void) { fprintf(stderr, "update DS records based on child zones' " "dsset-* files\n"); fprintf(stderr, "\t-s [YYYYMMDDHHMMSS|+offset]:\n"); - fprintf(stderr, "\t\tRRSIG start time - absolute|offset (now - 1 hour)\n"); + fprintf(stderr, "\t\tRRSIG start time " + "- absolute|offset (now - 1 hour)\n"); fprintf(stderr, "\t-e [YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n"); - fprintf(stderr, "\t\tRRSIG end time - absolute|from start|from now " + fprintf(stderr, "\t\tRRSIG end time " + "- absolute|from start|from now " "(now + 30 days)\n"); + fprintf(stderr, "\t-X [YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n"); + fprintf(stderr, "\t\tDNSKEY RRSIG end " + "- absolute|from start|from now " + "(matches -e)\n"); fprintf(stderr, "\t-i interval:\n"); fprintf(stderr, "\t\tcycle interval - resign " "if < interval from end ( (end-start)/4 )\n"); @@ -3298,6 +3346,8 @@ usage(void) { fprintf(stderr, "\t\tfile format of signed zone file (text)\n"); fprintf(stderr, "\t-N format:\n"); fprintf(stderr, "\t\tsoa serial format of signed zone file (keep)\n"); + fprintf(stderr, "\t-D:\n"); + fprintf(stderr, "\t\toutput only DNSSEC-related records\n"); fprintf(stderr, "\t-r randomdev:\n"); fprintf(stderr, "\t\ta file containing random data\n"); fprintf(stderr, "\t-a:\t"); @@ -3381,6 +3431,7 @@ int main(int argc, char *argv[]) { int i, ch; char *startstr = NULL, *endstr = NULL, *classname = NULL; + char *dnskey_endstr = NULL; char *origin = NULL, *file = NULL, *output = NULL; char *inputformatstr = NULL, *outputformatstr = NULL; char *serialformatstr = NULL; @@ -3406,14 +3457,13 @@ main(int argc, char *argv[]) { isc_buffer_t b; int len; hashlist_t hashlist; - isc_boolean_t smartsign = ISC_FALSE; isc_boolean_t make_keyset = ISC_FALSE; isc_boolean_t set_salt = ISC_FALSE; isc_boolean_t set_optout = ISC_FALSE; isc_boolean_t set_iter = ISC_FALSE; #define CMDLINE_FLAGS \ - "3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:l:m:n:N:o:O:pPr:s:ST:tuUv:xz" + "3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:l:m:n:N:o:O:PpRr:s:ST:tuUv:X:xz" /* * Process memory debugging argument first. @@ -3499,6 +3549,10 @@ main(int argc, char *argv[]) { dsdir, isc_result_totext(result)); break; + case 'D': + output_dnssec_only = ISC_TRUE; + break; + case 'E': engine = isc_commandline_argument; break; @@ -3599,6 +3653,10 @@ main(int argc, char *argv[]) { pseudorandom = ISC_TRUE; break; + case 'R': + remove_orphans = ISC_TRUE; + break; + case 'r': setup_entropy(mctx, isc_commandline_argument, &ectx); break; @@ -3636,6 +3694,10 @@ main(int argc, char *argv[]) { fatal("verbose level must be numeric"); break; + case 'X': + dnskey_endstr = isc_commandline_argument; + break; + case 'x': keyset_kskonly = ISC_TRUE; break; @@ -3683,11 +3745,19 @@ main(int argc, char *argv[]) { } else starttime = now - 3600; /* Allow for some clock skew. */ - if (endstr != NULL) { + if (endstr != NULL) endtime = strtotime(endstr, now, starttime); - } else + else endtime = starttime + (30 * 24 * 60 * 60); + if (dnskey_endstr != NULL) { + dnskey_endtime = strtotime(dnskey_endstr, now, starttime); + if (endstr != NULL && dnskey_endtime == endtime) + fprintf(stderr, "WARNING: -e and -X were both set, " + "but have identical values.\n"); + } else + dnskey_endtime = endtime; + if (cycle == -1) cycle = (endtime - starttime) / 4; @@ -3756,6 +3826,12 @@ main(int argc, char *argv[]) { serialformatstr); } + if (output_dnssec_only && outputformat != dns_masterformat_text) + fatal("option -D can only be used with \"-O text\"\n"); + + if (output_dnssec_only && serialformat != SOA_SERIAL_KEEP) + fatal("option -D can only be used with \"-N keep\"\n"); + result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL, 0, 24, 0, 0, 0, 8, mctx); check_result(result, "dns_master_stylecreate"); @@ -3785,10 +3861,15 @@ main(int argc, char *argv[]) { hashlist_init(&hashlist, dns_db_nodecount(gdb) * 2, hash_length); result = dns_nsec_nseconly(gdb, gversion, &answer); - check_result(result, "dns_nsec_nseconly"); - if (answer) + if (result == ISC_R_NOTFOUND) + fprintf(stderr, "%s: warning: NSEC3 generation " + "requested with no DNSKEY; ignoring\n", + program); + else if (result != ISC_R_SUCCESS) + check_result(result, "dns_nsec_nseconly"); + else if (answer) fatal("NSEC3 generation requested with " - "NSEC only DNSKEY"); + "NSEC-only DNSKEY"); } /* diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index 51a14968..eeadca67 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.44 2009-12-03 23:18:16 each Exp $ --> +<!-- $Id: dnssec-signzone.docbook,v 1.49 2011-03-21 07:26:47 each Exp $ --> <refentry id="man.dnssec-signzone"> <refentryinfo> <date>June 05, 2009</date> @@ -43,6 +43,7 @@ <year>2007</year> <year>2008</year> <year>2009</year> + <year>2011</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -60,6 +61,7 @@ <arg><option>-a</option></arg> <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg> <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg> + <arg><option>-D</option></arg> <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg> <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg> <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg> @@ -74,8 +76,9 @@ <arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg> <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg> <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg> - <arg><option>-p</option></arg> <arg><option>-P</option></arg> + <arg><option>-p</option></arg> + <arg><option>-R</option></arg> <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg> <arg><option>-S</option></arg> <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg> @@ -83,6 +86,7 @@ <arg><option>-t</option></arg> <arg><option>-u</option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> + <arg><option>-X <replaceable class="parameter">extended end-time</replaceable></option></arg> <arg><option>-x</option></arg> <arg><option>-z</option></arg> <arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg> @@ -152,6 +156,22 @@ </varlistentry> <varlistentry> + <term>-D</term> + <listitem> + <para> + Output only those record types automatically managed by + <command>dnssec-signzone</command>, i.e. RRSIG, NSEC, + NSEC3 and NSEC3PARAM records. If smart signing + (<option>-S</option>) is used, DNSKEY records are also + included. The resulting file can be included in the original + zone file with <command>$INCLUDE</command>. This option + cannot be combined with <option>-O raw</option> or serial + number updating. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-E <replaceable class="parameter">engine</replaceable></term> <listitem> <para> @@ -238,6 +258,31 @@ </varlistentry> <varlistentry> + <term>-X <replaceable class="parameter">extended end-time</replaceable></term> + <listitem> + <para> + Specify the date and time when the generated RRSIG records + for the DNSKEY RRset will expire. This is to be used in cases + when the DNSKEY signatures need to persist longer than + signatures on other records; e.g., when the private component + of the KSK is kept offline and the KSK signature is to be + refreshed manually. + </para> + <para> + As with <option>start-time</option>, an absolute + time is indicated in YYYYMMDDHHMMSS notation. A time relative + to the start time is indicated with +N, which is N seconds from + the start time. A time relative to the current time is + indicated with now+N. If no <option>extended end-time</option> is + specified, the value of <option>end-time</option> is used as + the default. (<option>end-time</option>, in turn, defaults to + 30 days from the start time.) <option>extended end-time</option> + must be later than <option>start-time</option>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-f <replaceable class="parameter">output-file</replaceable></term> <listitem> <para> @@ -422,6 +467,24 @@ </varlistentry> <varlistentry> + <term>-R</term> + <listitem> + <para> + Remove signatures from keys that no longer exist. + </para> + <para> + Normally, when a previously-signed zone is passed as input + to the signer, and a DNSKEY record has been removed and + replaced with a new one, signatures from the old key + that are still within their validity period are retained. + This allows the zone to continue to validate with cached + copies of the old DNSKEY RRset. The <option>-R</option> forces + <command>dnssec-signzone</command> to remove all orphaned + signatures. + </para> + </listitem> + </varlistentry> + <varlistentry> <term>-r <replaceable class="parameter">randomdev</replaceable></term> <listitem> <para> @@ -508,15 +571,17 @@ <term>-T <replaceable class="parameter">ttl</replaceable></term> <listitem> <para> - Specifies the TTL to be used for new DNSKEY records imported - into the zone from the key repository. If not specified, - the default is the minimum TTL value from the zone's SOA + Specifies a TTL to be used for new DNSKEY records imported + into the zone from the key repository. If not + specified, the default is the TTL value from the zone's SOA record. This option is ignored when signing without <option>-S</option>, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match - them. + them, or if any of the imported DNSKEY records had a default + TTL value. In the event of a a conflict between TTL values in + imported keys, the shortest one is used. </para> </listitem> </varlistentry> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index 28e7158e..e0d9c962 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.html,v 1.45 2009-12-04 01:13:44 tbox Exp $ --> +<!-- $Id: dnssec-signzone.html,v 1.49 2011-03-22 01:14:25 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543596"></a><h2>DESCRIPTION</h2> +<a name="id2543617"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543611"></a><h2>OPTIONS</h2> +<a name="id2543632"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -67,6 +67,17 @@ Look for <code class="filename">dsset-</code> or <code class="filename">keyset-</code> files in <code class="option">directory</code>. </p></dd> +<dt><span class="term">-D</span></dt> +<dd><p> + Output only those record types automatically managed by + <span><strong class="command">dnssec-signzone</strong></span>, i.e. RRSIG, NSEC, + NSEC3 and NSEC3PARAM records. If smart signing + (<code class="option">-S</code>) is used, DNSKEY records are also + included. The resulting file can be included in the original + zone file with <span><strong class="command">$INCLUDE</strong></span>. This option + cannot be combined with <code class="option">-O raw</code> or serial + number updating. + </p></dd> <dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt> <dd><p> Uses a crypto hardware (OpenSSL engine) for the crypto operations @@ -118,6 +129,28 @@ <code class="option">end-time</code> must be later than <code class="option">start-time</code>. </p></dd> +<dt><span class="term">-X <em class="replaceable"><code>extended end-time</code></em></span></dt> +<dd> +<p> + Specify the date and time when the generated RRSIG records + for the DNSKEY RRset will expire. This is to be used in cases + when the DNSKEY signatures need to persist longer than + signatures on other records; e.g., when the private component + of the KSK is kept offline and the KSK signature is to be + refreshed manually. + </p> +<p> + As with <code class="option">start-time</code>, an absolute + time is indicated in YYYYMMDDHHMMSS notation. A time relative + to the start time is indicated with +N, which is N seconds from + the start time. A time relative to the current time is + indicated with now+N. If no <code class="option">extended end-time</code> is + specified, the value of <code class="option">end-time</code> is used as + the default. (<code class="option">end-time</code>, in turn, defaults to + 30 days from the start time.) <code class="option">extended end-time</code> + must be later than <code class="option">start-time</code>. + </p> +</dd> <dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt> <dd><p> The name of the output file containing the signed zone. The @@ -239,6 +272,22 @@ This option skips these tests. </p> </dd> +<dt><span class="term">-R</span></dt> +<dd> +<p> + Remove signatures from keys that no longer exist. + </p> +<p> + Normally, when a previously-signed zone is passed as input + to the signer, and a DNSKEY record has been removed and + replaced with a new one, signatures from the old key + that are still within their validity period are retained. + This allows the zone to continue to validate with cached + copies of the old DNSKEY RRset. The <code class="option">-R</code> forces + <span><strong class="command">dnssec-signzone</strong></span> to remove all orphaned + signatures. + </p> +</dd> <dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt> <dd><p> Specifies the source of randomness. If the operating @@ -297,15 +346,17 @@ </dd> <dt><span class="term">-T <em class="replaceable"><code>ttl</code></em></span></dt> <dd><p> - Specifies the TTL to be used for new DNSKEY records imported - into the zone from the key repository. If not specified, - the default is the minimum TTL value from the zone's SOA + Specifies a TTL to be used for new DNSKEY records imported + into the zone from the key repository. If not + specified, the default is the TTL value from the zone's SOA record. This option is ignored when signing without <code class="option">-S</code>, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match - them. + them, or if any of the imported DNSKEY records had a default + TTL value. In the event of a a conflict between TTL values in + imported keys, the shortest one is used. </p></dd> <dt><span class="term">-t</span></dt> <dd><p> @@ -379,7 +430,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544896"></a><h2>EXAMPLE</h2> +<a name="id2545078"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span> @@ -409,14 +460,14 @@ db.example.com.signed %</pre> </div> <div class="refsect1" lang="en"> -<a name="id2545019"></a><h2>SEE ALSO</h2> +<a name="id2545133"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 4033</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2545044"></a><h2>AUTHOR</h2> +<a name="id2545158"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in index 86400c47..9b95c473 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.114.14.2 2011-03-10 23:47:25 tbox Exp $ +# $Id: Makefile.in,v 1.116 2011-03-10 23:47:49 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/named/builtin.c b/bin/named/builtin.c index d7730e7a..d0d92a0d 100644 --- a/bin/named/builtin.c +++ b/bin/named/builtin.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: builtin.c,v 1.20 2011-01-07 23:47:07 tbox Exp $ */ +/* $Id: builtin.c,v 1.21 2011-03-07 15:29:32 fdupont Exp $ */ /*! \file * \brief @@ -302,6 +302,7 @@ do_authors_lookup(dns_sdblookup_t *lookup) { "Mark Andrews", "James Brister", "Ben Cottrell", + "Francis Dupont", "Michael Graff", "Andreas Gustafsson", "Bob Halley", diff --git a/bin/named/client.c b/bin/named/client.c index 2115ac10..892f5c34 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.271.10.2 2011-07-28 04:30:54 marka Exp $ */ +/* $Id: client.c,v 1.276 2011-07-28 23:47:58 tbox Exp $ */ #include <config.h> @@ -2536,8 +2536,10 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, ns_interface_t *ifp, isc_boolean_t tcp) { isc_result_t result = ISC_R_SUCCESS; + isc_boolean_t success = ISC_FALSE; unsigned int i; ns_client_t *client; + unsigned int disp; REQUIRE(VALID_MANAGER(manager)); REQUIRE(n > 0); @@ -2552,61 +2554,68 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, LOCK(&manager->lock); - for (i = 0; i < n; i++) { - isc_event_t *ev; - /* - * Allocate a client. First try to get a recycled one; - * if that fails, make a new one. - */ - client = NULL; - if (!ns_g_clienttest) - client = ISC_LIST_HEAD(manager->inactive); - if (client != NULL) { - MTRACE("recycle"); - ISC_LIST_UNLINK(manager->inactive, client, link); - client->list = NULL; - } else { - MTRACE("create new"); - result = client_create(manager, &client); - if (result != ISC_R_SUCCESS) - break; - } + for (disp = 0; disp < n; disp++) { + for (i = 0; i < n; i++) { + isc_event_t *ev; - ns_interface_attach(ifp, &client->interface); - client->state = NS_CLIENTSTATE_READY; - INSIST(client->recursionquota == NULL); + /* + * Allocate a client. First try to get a recycled one; + * if that fails, make a new one. + */ + client = NULL; + if (!ns_g_clienttest) + client = ISC_LIST_HEAD(manager->inactive); + if (client != NULL) { + MTRACE("recycle"); + ISC_LIST_UNLINK(manager->inactive, client, + link); + client->list = NULL; + } else { + MTRACE("create new"); + result = client_create(manager, &client); + if (result != ISC_R_SUCCESS) + break; + } - if (tcp) { - client->attributes |= NS_CLIENTATTR_TCP; - isc_socket_attach(ifp->tcpsocket, - &client->tcplistener); - } else { - isc_socket_t *sock; + ns_interface_attach(ifp, &client->interface); + client->state = NS_CLIENTSTATE_READY; + INSIST(client->recursionquota == NULL); - dns_dispatch_attach(ifp->udpdispatch, - &client->dispatch); - sock = dns_dispatch_getsocket(client->dispatch); - isc_socket_attach(sock, &client->udpsocket); - } - client->manager = manager; - ISC_LIST_APPEND(manager->active, client, link); - client->list = &manager->active; + if (tcp) { + client->attributes |= NS_CLIENTATTR_TCP; + isc_socket_attach(ifp->tcpsocket, + &client->tcplistener); + } else { + isc_socket_t *sock; - INSIST(client->nctls == 0); - client->nctls++; - ev = &client->ctlevent; - isc_task_send(client->task, &ev); - } - if (i != 0) { - /* - * We managed to create at least one client, so we - * declare victory. - */ - result = ISC_R_SUCCESS; + dns_dispatch_attach(ifp->udpdispatch[disp], + &client->dispatch); + sock = dns_dispatch_getsocket(client->dispatch); + isc_socket_attach(sock, &client->udpsocket); + } + + client->manager = manager; + ISC_LIST_APPEND(manager->active, client, link); + client->list = &manager->active; + + INSIST(client->nctls == 0); + client->nctls++; + ev = &client->ctlevent; + isc_task_send(client->task, &ev); + + success = ISC_TRUE; + } } UNLOCK(&manager->lock); + /* + * If managed to create at least one client for + * one dispatch, we declare victory. + */ + if (success) + return (ISC_R_SUCCESS); + return (result); } @@ -2690,19 +2699,30 @@ ns_client_logv(ns_client_t *client, isc_logcategory_t *category, { char msgbuf[2048]; char peerbuf[ISC_SOCKADDR_FORMATSIZE]; - const char *name = ""; - const char *sep = ""; + char signerbuf[DNS_NAME_FORMATSIZE]; + const char *viewname = ""; + const char *sep1 = "", *sep2 = ""; + const char *signer = ""; vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap); + ns_client_name(client, peerbuf, sizeof(peerbuf)); + + if (client->signer != NULL) { + dns_name_format(client->signer, signerbuf, sizeof(signerbuf)); + sep1 = "/key "; + signer = signerbuf; + } + if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 && strcmp(client->view->name, "_default") != 0) { - name = client->view->name; - sep = ": view "; + sep2 = ": view "; + viewname = client->view->name; } isc_log_write(ns_g_lctx, category, module, level, - "client %s%s%s: %s", peerbuf, sep, name, msgbuf); + "client %s%s%s%s%s: %s", + peerbuf, sep1, signer, sep2, viewname, msgbuf); } void diff --git a/bin/named/config.c b/bin/named/config.c index e34e5c4e..f04c7023 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.113.16.2 2011-02-28 01:19:58 tbox Exp $ */ +/* $Id: config.c,v 1.119 2011-07-01 02:25:47 marka Exp $ */ /*! \file */ @@ -209,7 +209,10 @@ options {\n\ check-srv-cname warn;\n\ zero-no-soa-ttl yes;\n\ update-check-ksk yes;\n\ + serial-update-method increment;\n\ + dnssec-update-mode maintain;\n\ dnssec-dnskey-kskonly no;\n\ + dnssec-loadkeys-interval 60;\n\ try-tcp-refresh yes; /* BIND 8 compat */\n\ };\n\ " @@ -377,6 +380,8 @@ ns_config_getzonetype(const cfg_obj_t *zonetypeobj) { ztype = dns_zone_stub; else if (strcasecmp(str, "static-stub") == 0) ztype = dns_zone_staticstub; + else if (strcasecmp(str, "redirect") == 0) + ztype = dns_zone_redirect; else INSIST(0); return (ztype); diff --git a/bin/named/control.c b/bin/named/control.c index 3fc7bd39..2370fe1c 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.c,v 1.41 2010-12-03 22:05:19 each Exp $ */ +/* $Id: control.c,v 1.44 2011-08-02 20:36:11 each Exp $ */ /*! \file */ @@ -169,7 +169,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { } else if (command_compare(command, NS_COMMAND_FLUSH)) { result = ns_server_flushcache(ns_g_server, command); } else if (command_compare(command, NS_COMMAND_FLUSHNAME)) { - result = ns_server_flushname(ns_g_server, command); + result = ns_server_flushnode(ns_g_server, command, ISC_FALSE); + } else if (command_compare(command, NS_COMMAND_FLUSHTREE)) { + result = ns_server_flushnode(ns_g_server, command, ISC_TRUE); } else if (command_compare(command, NS_COMMAND_STATUS)) { result = ns_server_status(ns_g_server, text); } else if (command_compare(command, NS_COMMAND_TSIGLIST)) { @@ -183,6 +185,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { command_compare(command, NS_COMMAND_THAW)) { result = ns_server_freeze(ns_g_server, ISC_FALSE, command, text); + } else if (command_compare(command, NS_COMMAND_SYNC)) { + result = ns_server_sync(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_RECURSING)) { result = ns_server_dumprecursing(ns_g_server); } else if (command_compare(command, NS_COMMAND_TIMERPOKE)) { diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index bd269e51..3ce49acb 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.60.544.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: controlconf.c,v 1.62 2011-03-12 04:59:46 tbox Exp $ */ /*! \file */ diff --git a/bin/named/include/dlz/dlz_dlopen_driver.h b/bin/named/include/dlz/dlz_dlopen_driver.h index fc51c49d..d0d2205c 100644 --- a/bin/named/include/dlz/dlz_dlopen_driver.h +++ b/bin/named/include/dlz/dlz_dlopen_driver.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */ +/* $Id: dlz_dlopen_driver.h,v 1.4 2011-03-17 09:25:53 fdupont Exp $ */ #ifndef DLZ_DLOPEN_DRIVER_H #define DLZ_DLOPEN_DRIVER_H diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h index e699892c..3dcc1391 100644 --- a/bin/named/include/named/control.h +++ b/bin/named/include/named/control.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.h,v 1.31 2010-08-16 22:21:06 marka Exp $ */ +/* $Id: control.h,v 1.34 2011-08-02 20:36:12 each Exp $ */ #ifndef NAMED_CONTROL_H #define NAMED_CONTROL_H 1 @@ -47,6 +47,7 @@ #define NS_COMMAND_NOTRACE "notrace" #define NS_COMMAND_FLUSH "flush" #define NS_COMMAND_FLUSHNAME "flushname" +#define NS_COMMAND_FLUSHTREE "flushtree" #define NS_COMMAND_STATUS "status" #define NS_COMMAND_TSIGLIST "tsig-list" #define NS_COMMAND_TSIGDELETE "tsig-delete" @@ -62,6 +63,7 @@ #define NS_COMMAND_LOADKEYS "loadkeys" #define NS_COMMAND_ADDZONE "addzone" #define NS_COMMAND_DELZONE "delzone" +#define NS_COMMAND_SYNC "sync" isc_result_t ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp); diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index 7bea32d5..82a770f3 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.89.54.2 2011-06-17 23:47:10 tbox Exp $ */ +/* $Id: globals.h,v 1.91 2011-06-17 23:47:49 tbox Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h index 1b1e4638..94b0f2c0 100644 --- a/bin/named/include/named/interfacemgr.h +++ b/bin/named/include/named/interfacemgr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.h,v 1.33 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: interfacemgr.h,v 1.35 2011-07-28 23:47:58 tbox Exp $ */ #ifndef NAMED_INTERFACEMGR_H #define NAMED_INTERFACEMGR_H 1 @@ -65,7 +65,8 @@ #define NS_INTERFACE_VALID(t) ISC_MAGIC_VALID(t, IFACE_MAGIC) #define NS_INTERFACEFLAG_ANYADDR 0x01U /*%< bound to "any" address */ - +#define MAX_UDP_DISPATCH 128 /*%< Maximum number of UDP dispatchers + to start per interface */ /*% The nameserver interface structure */ struct ns_interface { unsigned int magic; /*%< Magic number. */ @@ -76,11 +77,13 @@ struct ns_interface { isc_sockaddr_t addr; /*%< Address and port. */ unsigned int flags; /*%< Interface characteristics */ char name[32]; /*%< Null terminated. */ - dns_dispatch_t * udpdispatch; /*%< UDP dispatcher. */ + dns_dispatch_t * udpdispatch[MAX_UDP_DISPATCH]; + /*%< UDP dispatchers. */ isc_socket_t * tcpsocket; /*%< TCP socket. */ int ntcptarget; /*%< Desired number of concurrent TCP accepts */ int ntcpcurrent; /*%< Current ditto, locked */ + int nudpdispatch; /*%< Number of UDP dispatches */ ns_clientmgr_t * clientmgr; /*%< Client manager. */ ISC_LINK(ns_interface_t) link; }; diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h index 3c6426ee..a52de722 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.h,v 1.110 2010-08-16 23:46:52 tbox Exp $ */ +/* $Id: server.h,v 1.113 2011-08-02 20:36:12 each Exp $ */ #ifndef NAMED_SERVER_H #define NAMED_SERVER_H 1 @@ -264,10 +264,12 @@ isc_result_t ns_server_flushcache(ns_server_t *server, char *args); /*% - * Flush a particular name from the server's cache(s) + * Flush a particular name from the server's cache. If 'tree' is false, + * also flush the name from the ADB and badcache. If 'tree' is true, also + * flush all the names under the specified name. */ isc_result_t -ns_server_flushname(ns_server_t *server, char *args); +ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree); /*% * Report the server's status. @@ -295,6 +297,12 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, isc_buffer_t *text); /*% + * Dump zone updates to disk, optionally removing the journal file + */ +isc_result_t +ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text); + +/*% * Update a zone's DNSKEY set from the key repository. If * the command that triggered the call to this function was "sign", * then force a full signing of the zone. If it was "loadkeys", diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 513fb249..f688ebc1 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -15,13 +15,14 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.95.426.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: interfacemgr.c,v 1.99 2011-07-28 11:16:04 marka Exp $ */ /*! \file */ #include <config.h> #include <isc/interfaceiter.h> +#include <isc/os.h> #include <isc/string.h> #include <isc/task.h> #include <isc/util.h> @@ -183,11 +184,14 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, { ns_interface_t *ifp; isc_result_t result; + int disp; REQUIRE(NS_INTERFACEMGR_VALID(mgr)); + ifp = isc_mem_get(mgr->mctx, sizeof(*ifp)); if (ifp == NULL) return (ISC_R_NOMEMORY); + ifp->mgr = NULL; ifp->generation = mgr->generation; ifp->addr = *addr; @@ -210,9 +214,11 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, goto clientmgr_create_failure; } - ifp->udpdispatch = NULL; + for (disp = 0; disp < MAX_UDP_DISPATCH; disp++) + ifp->udpdispatch[disp] = NULL; ifp->tcpsocket = NULL; + /* * Create a single TCP client object. It will replace itself * with a new one as soon as it gets a connection, so the actual @@ -221,6 +227,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, */ ifp->ntcptarget = 1; ifp->ntcpcurrent = 0; + ifp->nudpdispatch = 0; ISC_LINK_INIT(ifp, link); @@ -235,6 +242,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, clientmgr_create_failure: DESTROYLOCK(&ifp->lock); + lock_create_failure: ifp->magic = 0; isc_mem_put(mgr->mctx, ifp, sizeof(*ifp)); @@ -247,6 +255,7 @@ ns_interface_listenudp(ns_interface_t *ifp) { isc_result_t result; unsigned int attrs; unsigned int attrmask; + int disp, i; attrs = 0; attrs |= DNS_DISPATCHATTR_UDP; @@ -258,15 +267,25 @@ ns_interface_listenudp(ns_interface_t *ifp) { attrmask = 0; attrmask |= DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP; attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6; - result = dns_dispatch_getudp(ifp->mgr->dispatchmgr, ns_g_socketmgr, - ns_g_taskmgr, &ifp->addr, - 4096, 1000, 32768, 8219, 8237, - attrs, attrmask, &ifp->udpdispatch); - if (result != ISC_R_SUCCESS) { - isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR, - "could not listen on UDP socket: %s", - isc_result_totext(result)); - goto udp_dispatch_failure; + + ifp->nudpdispatch = ISC_MIN(isc_os_ncpus(), MAX_UDP_DISPATCH); + for (disp = 0; disp < ifp->nudpdispatch; disp++) { + result = dns_dispatch_getudp_dup(ifp->mgr->dispatchmgr, + ns_g_socketmgr, + ns_g_taskmgr, &ifp->addr, + 4096, 1000, 32768, 8219, 8237, + attrs, attrmask, + &ifp->udpdispatch[disp], + disp == 0 + ? NULL + : ifp->udpdispatch[0]); + if (result != ISC_R_SUCCESS) { + isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR, + "could not listen on UDP socket: %s", + isc_result_totext(result)); + goto udp_dispatch_failure; + } + } result = ns_clientmgr_createclients(ifp->clientmgr, ns_g_cpus, @@ -277,12 +296,17 @@ ns_interface_listenudp(ns_interface_t *ifp) { isc_result_totext(result)); goto addtodispatch_failure; } + return (ISC_R_SUCCESS); addtodispatch_failure: - dns_dispatch_changeattributes(ifp->udpdispatch, 0, - DNS_DISPATCHATTR_NOLISTEN); - dns_dispatch_detach(&ifp->udpdispatch); + for (i = disp - 1; i <= 0; i--) { + dns_dispatch_changeattributes(ifp->udpdispatch[i], 0, + DNS_DISPATCHATTR_NOLISTEN); + dns_dispatch_detach(&(ifp->udpdispatch[i])); + } + ifp->nudpdispatch = 0; + udp_dispatch_failure: return (result); } @@ -396,15 +420,19 @@ ns_interface_shutdown(ns_interface_t *ifp) { static void ns_interface_destroy(ns_interface_t *ifp) { isc_mem_t *mctx = ifp->mgr->mctx; + int disp; + REQUIRE(NS_INTERFACE_VALID(ifp)); ns_interface_shutdown(ifp); - if (ifp->udpdispatch != NULL) { - dns_dispatch_changeattributes(ifp->udpdispatch, 0, - DNS_DISPATCHATTR_NOLISTEN); - dns_dispatch_detach(&ifp->udpdispatch); - } + for (disp = ifp->nudpdispatch; disp >= 0; disp--) + if (ifp->udpdispatch[disp] != NULL) { + dns_dispatch_changeattributes(ifp->udpdispatch[disp], 0, + DNS_DISPATCHATTR_NOLISTEN); + dns_dispatch_detach(&(ifp->udpdispatch[disp])); + } + if (ifp->tcpsocket != NULL) isc_socket_detach(&ifp->tcpsocket); diff --git a/bin/named/logconf.c b/bin/named/logconf.c index 4fcb4e8d..a6cb63de 100644 --- a/bin/named/logconf.c +++ b/bin/named/logconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.c,v 1.42.816.3 2011-03-05 23:52:06 tbox Exp $ */ +/* $Id: logconf.c,v 1.45 2011-03-05 23:52:29 tbox Exp $ */ /*! \file */ diff --git a/bin/named/main.c b/bin/named/main.c index d2261136..88904e21 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.180.14.3 2011-03-11 06:47:00 marka Exp $ */ +/* $Id: main.c,v 1.183 2011-03-11 06:11:21 marka Exp $ */ /*! \file */ diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 9dc7002b..f1776fe0 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.44.12.1 2011-02-03 12:29:12 tbox Exp $ +.\" $Id: named.conf.5,v 1.47 2011-05-09 01:14:45 tbox Exp $ .\" .hy 0 .ad l @@ -290,7 +290,8 @@ options { notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; ... }; + [ port \fIinteger\fR ]; ... + [ key \fIkeyname\fR ] ... }; allow\-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { @@ -459,7 +460,8 @@ view \fIstring\fR \fIoptional_class\fR { notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; ... }; + [ port \fIinteger\fR ]; ... + [ key \fIkeyname\fR ] ... }; allow\-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { @@ -503,7 +505,7 @@ view \fIstring\fR \fIoptional_class\fR { .RS 4 .nf zone \fIstring\fR \fIoptional_class\fR { - type ( master | slave | stub | hint | + type ( master | slave | stub | hint | redirect | forward | delegation\-only ); file \fIquoted_string\fR; masters [ port \fIinteger\fR ] { @@ -545,7 +547,8 @@ zone \fIstring\fR \fIoptional_class\fR { notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; ... }; + [ port \fIinteger\fR ]; ... + [ key \fIkeyname\fR ] ... }; allow\-notify { \fIaddress_match_element\fR; ... }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 962eaaa0..72a47cdb 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.49.14.1 2011-02-03 05:50:05 marka Exp $ --> +<!-- $Id: named.conf.docbook,v 1.52 2011-05-06 21:23:50 each Exp $ --> <refentry> <refentryinfo> <date>Aug 13, 2004</date> @@ -326,7 +326,8 @@ options { notify-delay <replaceable>seconds</replaceable>; notify-to-soa <replaceable>boolean</replaceable>; also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) - <optional> port <replaceable>integer</replaceable> </optional>; ... }; + <optional> port <replaceable>integer</replaceable> </optional>; ... + <optional> key <replaceable>keyname</replaceable> </optional> ... }; allow-notify { <replaceable>address_match_element</replaceable>; ... }; forward ( first | only ); @@ -513,7 +514,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> notify-delay <replaceable>seconds</replaceable>; notify-to-soa <replaceable>boolean</replaceable>; also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) - <optional> port <replaceable>integer</replaceable> </optional>; ... }; + <optional> port <replaceable>integer</replaceable> </optional>; ... + <optional> key <replaceable>keyname</replaceable> </optional> ... }; allow-notify { <replaceable>address_match_element</replaceable>; ... }; forward ( first | only ); @@ -563,7 +565,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> <title>ZONE</title> <literallayout> zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { - type ( master | slave | stub | hint | + type ( master | slave | stub | hint | redirect | forward | delegation-only ); file <replaceable>quoted_string</replaceable>; @@ -609,7 +611,8 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> notify-delay <replaceable>seconds</replaceable>; notify-to-soa <replaceable>boolean</replaceable>; also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) - <optional> port <replaceable>integer</replaceable> </optional>; ... }; + <optional> port <replaceable>integer</replaceable> </optional>; ... + <optional> key <replaceable>keyname</replaceable> </optional> ... }; allow-notify { <replaceable>address_match_element</replaceable>; ... }; forward ( first | only ); diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index f20e411f..82265c56 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.html,v 1.53.12.1 2011-02-03 12:29:12 tbox Exp $ --> +<!-- $Id: named.conf.html,v 1.56 2011-05-09 01:14:45 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -292,7 +292,8 @@ options {<br> notify-delay <em class="replaceable"><code>seconds</code></em>;<br> notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br> also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br> - [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br> + [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br> + [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br> allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> forward ( first | only );<br> @@ -361,7 +362,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544577"></a><h2>VIEW</h2> +<a name="id2544583"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -478,7 +479,8 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c notify-delay <em class="replaceable"><code>seconds</code></em>;<br> notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br> also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br> - [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br> + [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br> + [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br> allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> forward ( first | only );<br> @@ -524,10 +526,10 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545280"></a><h2>ZONE</h2> +<a name="id2545292"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> - type ( master | slave | stub | hint |<br> + type ( master | slave | stub | hint | redirect |<br> forward | delegation-only );<br> file <em class="replaceable"><code>quoted_string</code></em>;<br> <br> @@ -573,7 +575,8 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c notify-delay <em class="replaceable"><code>seconds</code></em>;<br> notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br> also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br> - [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br> + [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br> + [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br> allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> forward ( first | only );<br> @@ -619,12 +622,12 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545659"></a><h2>FILES</h2> +<a name="id2545678"></a><h2>FILES</h2> <p><code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545671"></a><h2>SEE ALSO</h2> +<a name="id2545690"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/query.c b/bin/named/query.c index 9be178be..5a0c30fb 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */ +/* $Id: query.c,v 1.367 2011-06-09 03:10:17 marka Exp $ */ /*! \file */ @@ -4938,6 +4938,106 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset, } /* + * Look for the name and type in the redirection zone. If found update + * the arguments as appropriate. Return ISC_TRUE if a update was + * performed. + * + * Only perform the update if the client is in the allow query acl and + * returning the update would not cause a DNSSEC validation failure. + */ +static isc_boolean_t +redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, + dns_dbnode_t **nodep, dns_db_t **dbp, dns_rdatatype_t qtype) +{ + dns_db_t *db = NULL; + dns_dbnode_t *node = NULL; + dns_fixedname_t fixed; + dns_name_t *found; + dns_rdataset_t trdataset; + isc_result_t result; + dns_rdatatype_t type; + + CTRACE("redirect"); + + if (client->view->redirect == NULL) + return (ISC_FALSE); + + dns_fixedname_init(&fixed); + found = dns_fixedname_name(&fixed); + dns_rdataset_init(&trdataset); + + if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp)) + return (ISC_FALSE); + + if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) { + if (rdataset->trust == dns_trust_secure) + return (ISC_FALSE); + if (rdataset->trust == dns_trust_ultimate && + (rdataset->type == dns_rdatatype_nsec || + rdataset->type == dns_rdatatype_nsec3)) + return (ISC_FALSE); + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { + for (result = dns_rdataset_first(rdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(rdataset)) { + dns_ncache_current(rdataset, found, &trdataset); + type = trdataset.type; + dns_rdataset_disassociate(&trdataset); + if (type == dns_rdatatype_nsec || + type == dns_rdatatype_nsec3 || + type == dns_rdatatype_rrsig) + return (ISC_FALSE); + } + } + } + + result = ns_client_checkaclsilent(client, NULL, + dns_zone_getqueryacl(client->view->redirect), + ISC_TRUE); + if (result != ISC_R_SUCCESS) + return (ISC_FALSE); + + result = dns_zone_getdb(client->view->redirect, &db); + if (result != ISC_R_SUCCESS) + return (ISC_FALSE); + + /* + * Lookup the requested data in the redirect zone. + */ + result = dns_db_find(db, client->query.qname, NULL, qtype, 0, + client->now, &node, found, &trdataset, NULL); + if (result != ISC_R_SUCCESS) { + if (dns_rdataset_isassociated(&trdataset)) + dns_rdataset_disassociate(&trdataset); + if (node != NULL) + dns_db_detachnode(db, &node); + dns_db_detach(&db); + return (ISC_FALSE); + } + CTRACE("redirect: found data: done"); + + dns_name_copy(found, name, NULL); + if (dns_rdataset_isassociated(rdataset)) + dns_rdataset_disassociate(rdataset); + if (dns_rdataset_isassociated(&trdataset)) { + dns_rdataset_clone(&trdataset, rdataset); + dns_rdataset_disassociate(&trdataset); + } + if (*nodep != NULL) + dns_db_detachnode(*dbp, nodep); + dns_db_detach(dbp); + dns_db_attachnode(db, node, nodep); + dns_db_attach(db, dbp); + dns_db_detachnode(db, &node); + dns_db_detach(&db); + + client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | + NS_QUERYATTR_NOADDITIONAL); + + return (ISC_TRUE); +} + +/* * Do the bulk of query processing for the current query of 'client'. * If 'event' is non-NULL, we are returning from recursion and 'qtype' * is ignored. Otherwise, 'qtype' is the query type. @@ -5848,6 +5948,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) case DNS_R_NXDOMAIN: INSIST(is_zone); + if (!empty_wild && + redirect(client, fname, rdataset, &node, &db, type)) + break; if (dns_rdataset_isassociated(rdataset)) { /* * If we've got a NSEC record, we need to save the @@ -5906,6 +6009,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) goto cleanup; case DNS_R_NCACHENXDOMAIN: + if (redirect(client, fname, rdataset, &node, &db, type)) + break; case DNS_R_NCACHENXRRSET: ncache_nxrrset: INSIST(!is_zone); diff --git a/bin/named/server.c b/bin/named/server.c index f19a0bbb..66794466 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.599.8.12 2011-08-02 04:58:45 each Exp $ */ +/* $Id: server.c,v 1.616 2011-08-02 20:36:11 each Exp $ */ /*! \file */ @@ -3353,6 +3353,37 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, } /* + * Redirect zones only require minimal configuration. + */ + if (strcasecmp(ztypestr, "redirect") == 0) { + if (view->redirect != NULL) { + cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR, + "redirect zone already exists"); + result = ISC_R_EXISTS; + goto cleanup; + } + result = dns_viewlist_find(&ns_g_server->viewlist, view->name, + view->rdclass, &pview); + if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS) + goto cleanup; + if (pview != NULL && pview->redirect != NULL) { + dns_zone_attach(pview->redirect, &zone); + dns_zone_setview(zone, view); + } else { + CHECK(dns_zone_create(&zone, mctx)); + CHECK(dns_zone_setorigin(zone, origin)); + dns_zone_setview(zone, view); + CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, + zone)); + dns_zone_setstats(zone, ns_g_server->zonestats); + } + CHECK(ns_zone_configure(config, vconfig, zconfig, aclconf, + zone)); + dns_zone_attach(zone, &view->redirect); + goto cleanup; + } + + /* * Check for duplicates in the new zone table. */ result = dns_view_findzone(view, origin, &dupzone); @@ -3377,9 +3408,8 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, * options (e.g., an existing master zone cannot * be reused if the options specify a slave zone) */ - result = dns_viewlist_find(&ns_g_server->viewlist, - view->name, view->rdclass, - &pview); + result = dns_viewlist_find(&ns_g_server->viewlist, view->name, + view->rdclass, &pview); if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS) goto cleanup; if (pview != NULL) @@ -3935,6 +3965,9 @@ removed(dns_zone_t *zone, void *uap) { case dns_zone_stub: type = "stub"; break; + case dns_zone_redirect: + type = "redirect"; + break; default: type = "other"; break; @@ -5176,6 +5209,8 @@ load_zones(ns_server_t *server, isc_boolean_t stop) { CHECK(dns_view_load(view, stop)); if (view->managed_keys != NULL) CHECK(dns_zone_load(view->managed_keys)); + if (view->redirect != NULL) + CHECK(dns_zone_load(view->redirect)); } /* @@ -5209,6 +5244,8 @@ load_new_zones(ns_server_t *server, isc_boolean_t stop) { /* Load managed-keys data */ if (view->managed_keys != NULL) CHECK(dns_zone_loadnew(view->managed_keys)); + if (view->redirect != NULL) + CHECK(dns_zone_loadnew(view->redirect)); } /* @@ -6714,7 +6751,7 @@ ns_server_flushcache(ns_server_t *server, char *args) { } isc_result_t -ns_server_flushname(ns_server_t *server, char *args) { +ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) { char *ptr, *target, *viewname; dns_view_t *view; isc_boolean_t flushed; @@ -6761,13 +6798,15 @@ ns_server_flushname(ns_server_t *server, char *args) { * if some of the views share a single cache. But since the * operation is lightweight we prefer simplicity here. */ - result = dns_view_flushname(view, name); + result = dns_view_flushnode(view, name, tree); if (result != ISC_R_SUCCESS) { flushed = ISC_FALSE; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, - "flushing name '%s' in cache view '%s' " - "failed: %s", target, view->name, + "flushing %s '%s' in cache view '%s' " + "failed: %s", + tree ? "tree" : "name", + target, view->name, isc_result_totext(result)); } } @@ -6775,21 +6814,26 @@ ns_server_flushname(ns_server_t *server, char *args) { if (viewname != NULL) isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, - "flushing name '%s' in cache view '%s' " - "succeeded", target, viewname); + "flushing %s '%s' in cache view '%s' " + "succeeded", + tree ? "tree" : "name", + target, viewname); else isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, - "flushing name '%s' in all cache views " - "succeeded", target); + "flushing %s '%s' in all cache views " + "succeeded", + tree ? "tree" : "name", + target); result = ISC_R_SUCCESS; } else { if (!found) isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, - "flushing name '%s' in cache view '%s' " - "failed: view not found", target, - viewname); + "flushing %s '%s' in cache view '%s' " + "failed: view not found", + tree ? "tree" : "name", + target, viewname); result = ISC_R_FAILURE; } isc_task_endexclusive(server->task); @@ -7115,6 +7159,106 @@ ns_server_rekey(ns_server_t *server, char *args) { } /* + * Act on a "sync" command from the command channel. +*/ +static isc_result_t +synczone(dns_zone_t *zone, void *uap) { + isc_boolean_t cleanup = *(isc_boolean_t *)uap; + isc_result_t result; + char *journal; + + result = dns_zone_flush(zone); + if (result != ISC_R_SUCCESS) + cleanup = ISC_FALSE; + if (cleanup) { + journal = dns_zone_getjournal(zone); + if (journal != NULL) + (void)isc_file_remove(journal); + } + return (result); +} + +isc_result_t +ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) { + isc_result_t result, tresult; + dns_view_t *view; + dns_zone_t *zone = NULL; + char classstr[DNS_RDATACLASS_FORMATSIZE]; + char zonename[DNS_NAME_FORMATSIZE]; + const char *vname, *sep, *msg = NULL; + isc_boolean_t cleanup = ISC_FALSE; + char arg[8]; + int n; + + /* Did the user specify -clean? */ + n = sscanf(args, "%*s %7s", arg); + if (n > 0 && strcmp(arg, "-clean") == 0) { + cleanup = ISC_TRUE; + + /* shift so that zone_from_args() won't be confused */ + (void) next_token(&args, " \t"); + } + + result = zone_from_args(server, args, &zone, NULL); + if (result != ISC_R_SUCCESS) + return (result); + + if (zone == NULL) { + result = isc_task_beginexclusive(server->task); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + tresult = ISC_R_SUCCESS; + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + result = dns_zt_apply(view->zonetable, ISC_FALSE, + synczone, &cleanup); + if (result != ISC_R_SUCCESS && + tresult == ISC_R_SUCCESS) + tresult = result; + } + isc_task_endexclusive(server->task); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "dumping all zones%s: %s", + cleanup ? ", removing journal files" : "", + isc_result_totext(result)); + return (tresult); + } + + result = isc_task_beginexclusive(server->task); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + result = synczone(zone, &cleanup); + isc_task_endexclusive(server->task); + + if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text)) + isc_buffer_putmem(text, (const unsigned char *)msg, + strlen(msg) + 1); + + view = dns_zone_getview(zone); + if (strcmp(view->name, "_default") == 0 || + strcmp(view->name, "_bind") == 0) + { + vname = ""; + sep = ""; + } else { + vname = view->name; + sep = " "; + } + dns_rdataclass_format(dns_zone_getclass(zone), classstr, + sizeof(classstr)); + dns_name_format(dns_zone_getorigin(zone), + zonename, sizeof(zonename)); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "sync: dumping zone '%s/%s'%s%s%s: %s", + zonename, classstr, sep, vname, + cleanup ? ", removing journal file" : "", + isc_result_totext(result)); + dns_zone_detach(&zone); + return (result); +} + +/* * Act on a "freeze" or "thaw" command from the command channel. */ isc_result_t @@ -7127,7 +7271,6 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, char classstr[DNS_RDATACLASS_FORMATSIZE]; char zonename[DNS_NAME_FORMATSIZE]; dns_view_t *view; - char *journal; const char *vname, *sep; isc_boolean_t frozen; const char *msg = NULL; @@ -7161,6 +7304,11 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, return (DNS_R_NOTMASTER); } + if (freeze && !dns_zone_isdynamic(zone, ISC_TRUE)) { + dns_zone_detach(&zone); + return (DNS_R_NOTDYNAMIC); + } + result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); frozen = dns_zone_getupdatedisabled(zone); @@ -7177,11 +7325,6 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, msg = "Flushing the zone updates to " "disk failed."; } - if (result == ISC_R_SUCCESS) { - journal = dns_zone_getjournal(zone); - if (journal != NULL) - (void)isc_file_remove(journal); - } if (result == ISC_R_SUCCESS) dns_zone_setupdatedisabled(zone, freeze); } else { diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c index 1f726941..ffe4c80e 100644 --- a/bin/named/statschannel.c +++ b/bin/named/statschannel.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: statschannel.c,v 1.26.150.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: statschannel.c,v 1.28 2011-03-12 04:59:46 tbox Exp $ */ /*! \file */ diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in index a7155a0e..989ae565 100644 --- a/bin/named/unix/Makefile.in +++ b/bin/named/unix/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.13.244.2 2011-03-10 23:47:26 tbox Exp $ +# $Id: Makefile.in,v 1.15 2011-03-10 23:47:49 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c index 35dbcab6..f707db9a 100644 --- a/bin/named/unix/dlz_dlopen_driver.c +++ b/bin/named/unix/dlz_dlopen_driver.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz_dlopen_driver.c,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */ +/* $Id: dlz_dlopen_driver.c,v 1.4 2011-03-17 09:25:53 fdupont Exp $ */ #include <config.h> diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index 5fd65473..e1d57c40 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.104.38.3 2011-03-02 00:04:01 marka Exp $ */ +/* $Id: os.c,v 1.107 2011-03-02 00:02:54 marka Exp $ */ /*! \file */ diff --git a/bin/named/update.c b/bin/named/update.c index c99db5f8..69562ad7 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.186.16.5 2011-03-25 23:53:52 each Exp $ */ +/* $Id: update.c,v 1.195 2011-07-01 02:25:47 marka Exp $ */ #include <config.h> @@ -47,6 +47,7 @@ #include <dns/soa.h> #include <dns/ssu.h> #include <dns/tsig.h> +#include <dns/update.h> #include <dns/view.h> #include <dns/zone.h> #include <dns/zt.h> @@ -1425,8 +1426,8 @@ get_current_rr(dns_message_t *msg, dns_section_t section, */ static isc_result_t -increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver, - dns_diff_t *diff, isc_mem_t *mctx) +update_soa_serial(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, + isc_mem_t *mctx, dns_updatemethod_t method) { dns_difftuple_t *deltuple = NULL; dns_difftuple_t *addtuple = NULL; @@ -1438,12 +1439,7 @@ increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver, addtuple->op = DNS_DIFFOP_ADD; serial = dns_soa_getserial(&addtuple->rdata); - - /* RFC1982 */ - serial = (serial + 1) & 0xFFFFFFFF; - if (serial == 0) - serial = 1; - + serial = dns_update_soaserial(serial, method); dns_soa_setserial(serial, &addtuple->rdata); CHECK(do_one_tuple(&deltuple, db, ver, diff)); CHECK(do_one_tuple(&addtuple, db, ver, diff)); @@ -3068,8 +3064,19 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, } /* Check existing DB for NSEC-only DNSKEY */ - if (!nseconly) - CHECK(dns_nsec_nseconly(db, ver, &nseconly)); + if (!nseconly) { + result = dns_nsec_nseconly(db, ver, &nseconly); + + /* + * An NSEC3PARAM update can proceed without a DNSKEY (it + * will trigger a delayed change), so we can ignore + * ISC_R_NOTFOUND here. + */ + if (result == ISC_R_NOTFOUND) + result = ISC_R_SUCCESS; + + CHECK(result); + } /* Check existing DB for NSEC3 */ if (!nsec3) @@ -3240,9 +3247,11 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, ttl_good = ISC_TRUE; } if (tuple->op == DNS_DIFFOP_ADD) { + isc_boolean_t nseconly = ISC_FALSE; + /* * Look for any deletes which match this ADD ignoring - * OPTOUT. We don't need to explictly remove them as + * flags. We don't need to explictly remove them as * they will be removed a side effect of processing * the add. */ @@ -3264,12 +3273,28 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, ISC_LIST_APPEND(diff->tuples, next, link); next = ISC_LIST_HEAD(temp_diff.tuples); } + /* - * See if we already have a CREATE request in progress. + * Create a private-type record to signal that + * we want a delayed NSEC3 chain add/delete */ dns_nsec3param_toprivate(&tuple->rdata, &rdata, privatetype, buf, sizeof(buf)); buf[2] |= DNS_NSEC3FLAG_CREATE; + + /* + * If the zone is not currently capable of + * supporting an NSEC3 chain, then we set the + * INITIAL flag to indicate that these parameters + * are to be used later. + */ + result = dns_nsec_nseconly(db, ver, &nseconly); + if (result == ISC_R_NOTFOUND || nseconly) + buf[2] |= DNS_NSEC3FLAG_INITIAL; + + /* + * See if this CREATE request already exists. + */ CHECK(rr_exists(db, ver, name, &rdata, &flag)); if (!flag) { @@ -3381,7 +3406,7 @@ rollback_private(dns_db_t *db, dns_rdatatype_t privatetype, /* * Allow records which indicate that a zone has been - * signed with a DNSKEY to be be removed. + * signed with a DNSKEY to be removed. */ if (tuple->op == DNS_DIFFOP_DEL && tuple->rdata.length == 5 && @@ -4158,7 +4183,8 @@ update_action(isc_task_t *task, isc_event_t *event) { * changed as a result of an update operation. */ if (! soa_serial_changed) { - CHECK(increment_soa_serial(db, ver, &diff, mctx)); + CHECK(update_soa_serial(db, ver, &diff, mctx, + dns_zone_getserialupdatemethod(zone))); } CHECK(check_mx(client, zone, db, ver, &diff)); @@ -4192,7 +4218,7 @@ update_action(isc_task_t *task, isc_event_t *event) { CHECK(add_nsec3param_records(client, zone, db, ver, &diff)); - if (!has_dnskey) { + if (had_dnskey && !has_dnskey) { /* * We are transitioning from secure to insecure. * Cause all NSEC3 chains to be deleted. When the diff --git a/bin/named/win32/dlz_dlopen_driver.c b/bin/named/win32/dlz_dlopen_driver.c index 3e7f2827..223c5ba2 100644 --- a/bin/named/win32/dlz_dlopen_driver.c +++ b/bin/named/win32/dlz_dlopen_driver.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz_dlopen_driver.c,v 1.4.2.3 2011-03-17 09:41:07 fdupont Exp $ */ +/* $Id: dlz_dlopen_driver.c,v 1.4 2011-03-17 09:25:53 fdupont Exp $ */ #include <config.h> diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c index 83c64f27..9be99241 100644 --- a/bin/named/xfrout.c +++ b/bin/named/xfrout.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrout.c,v 1.139.16.3 2011-07-28 04:30:54 marka Exp $ */ +/* $Id: xfrout.c,v 1.142 2011-07-28 04:27:26 marka Exp $ */ #include <config.h> diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index a3e713b4..e440fbcc 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.170.14.4 2011-05-23 20:56:10 each Exp $ */ +/* $Id: zoneconf.c,v 1.178 2011-07-01 02:25:47 marka Exp $ */ /*% */ @@ -975,7 +975,8 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, * to primary masters (type "master") and slaves * acting as masters (type "slave"), but not to stubs. */ - if (ztype != dns_zone_stub && ztype != dns_zone_staticstub) { + if (ztype != dns_zone_stub && ztype != dns_zone_staticstub && + ztype != dns_zone_redirect) { obj = NULL; result = ns_config_get(maps, "notify", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); @@ -998,17 +999,18 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "also-notify", &obj); if (result == ISC_R_SUCCESS) { - isc_sockaddr_t *addrs = NULL; isc_uint32_t addrcount; - result = ns_config_getiplist(config, obj, 0, mctx, - &addrs, &addrcount); - if (result != ISC_R_SUCCESS) - return (result); - result = dns_zone_setalsonotify(zone, addrs, - addrcount); - ns_config_putiplist(mctx, &addrs, addrcount); - if (result != ISC_R_SUCCESS) - return (result); + addrs = NULL; + keynames = NULL; + RETERR(ns_config_getipandkeylist(config, obj, mctx, + &addrs, &keynames, + &addrcount)); + result = dns_zone_setalsonotifywithkeys(zone, addrs, + keynames, + addrcount); + ns_config_putipandkeylist(mctx, &addrs, &keynames, + addrcount); + RETERR(result); } else RETERR(dns_zone_setalsonotify(zone, NULL, 0)); @@ -1048,7 +1050,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60); obj = NULL; - result = ns_config_get(maps, "max-journal-size", &obj); + result = ns_config_get(maps, "max-journal-size", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setjournalsize(zone, -1); if (cfg_obj_isstring(obj)) { @@ -1121,6 +1123,32 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE, cfg_obj_asboolean(obj)); + } else if (ztype == dns_zone_redirect) { + dns_zone_setnotifytype(zone, dns_notifytype_no); + + obj = NULL; + result = ns_config_get(maps, "max-journal-size", &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); + dns_zone_setjournalsize(zone, -1); + if (cfg_obj_isstring(obj)) { + const char *str = cfg_obj_asstring(obj); + INSIST(strcasecmp(str, "unlimited") == 0); + journal_size = ISC_UINT32_MAX / 2; + } else { + isc_resourcevalue_t value; + value = cfg_obj_asuint64(obj); + if (value > ISC_UINT32_MAX / 2) { + cfg_obj_log(obj, ns_g_lctx, + ISC_LOG_ERROR, + "'max-journal-size " + "%" ISC_PRINT_QUADFORMAT "d' " + "is too large", + value); + RETERR(ISC_R_RANGE); + } + journal_size = (isc_uint32_t)value; + } + dns_zone_setjournalsize(zone, journal_size); } /* @@ -1202,6 +1230,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_DNSKEYKSKONLY, cfg_obj_asboolean(obj)); + + obj = NULL; + result = ns_config_get(maps, "dnssec-loadkeys-interval", &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); + RETERR(dns_zone_setrefreshkeyinterval(zone, + cfg_obj_asuint32(obj))); } else if (ztype == dns_zone_slave) { RETERR(configure_zone_acl(zconfig, vconfig, config, allow_update_forwarding, ac, zone, @@ -1310,6 +1344,29 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow); dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint); } + + obj = NULL; + result = cfg_map_get(zoptions, "dnssec-update-mode", &obj); + if (result == ISC_R_SUCCESS) { + const char *arg = cfg_obj_asstring(obj); + if (strcasecmp(arg, "no-resign") == 0) + dns_zone_setkeyopt(zone, DNS_ZONEKEY_NORESIGN, + ISC_TRUE); + else if (strcasecmp(arg, "maintain") == 0) + ; + else + INSIST(0); + } + + obj = NULL; + result = ns_config_get(maps, "serial-update-method", &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); + if (strcasecmp(cfg_obj_asstring(obj), "unixtime") == 0) + dns_zone_setserialupdatemethod(zone, + dns_updatemethod_unixtime); + else + dns_zone_setserialupdatemethod(zone, + dns_updatemethod_increment); } /* @@ -1318,6 +1375,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, switch (ztype) { case dns_zone_slave: case dns_zone_stub: + case dns_zone_redirect: count = 0; obj = NULL; (void)cfg_map_get(zoptions, "masters", &obj); diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 058088c8..43e975a3 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.193.12.3 2011-05-23 22:12:14 each Exp $ */ +/* $Id: nsupdate.c,v 1.196 2011-05-23 22:25:32 each Exp $ */ /*! \file */ diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index 1e9c3b06..df371c9a 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.131.20.2 2011-02-28 01:19:59 tbox Exp $ */ +/* $Id: rndc.c,v 1.134 2011-03-21 15:39:05 each Exp $ */ /*! \file */ @@ -114,6 +114,11 @@ command is one of the following:\n\ thaw Enable updates to all dynamic zones and reload them.\n\ thaw zone [class [view]]\n\ Enable updates to a frozen dynamic zone and reload it.\n\ + sync [-clear] Dump changes to all dynamic zones to disk, and optionally\n\ + remove their journal files.\n\ + sync [-clear] zone [class [view]]\n\ + Dump a single zone's changes to disk, and optionally\n\ + remove its journal file.\n\ notify zone [class [view]]\n\ Resend NOTIFY messages for the zone.\n\ reconfig Reload configuration file and new zones only.\n\ diff --git a/bin/tests/Makefile.in b/bin/tests/Makefile.in index e39e6ad3..bae081a7 100644 --- a/bin/tests/Makefile.in +++ b/bin/tests/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.144.10.1 2011-02-03 05:50:05 marka Exp $ +# $Id: Makefile.in,v 1.145 2011-02-03 05:41:53 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/tests/db/t_db.c b/bin/tests/db/t_db.c index 61bd2b7c..52573e03 100644 --- a/bin/tests/db/t_db.c +++ b/bin/tests/db/t_db.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_db.c,v 1.39.346.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: t_db.c,v 1.41 2011-03-12 04:59:46 tbox Exp $ */ #include <config.h> diff --git a/bin/tests/dst/gsstest.c b/bin/tests/dst/gsstest.c index 79368abe..505d471b 100755 --- a/bin/tests/dst/gsstest.c +++ b/bin/tests/dst/gsstest.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gsstest.c,v 1.14.12.2 2011-03-28 05:14:18 marka Exp $ */ +/* $Id: gsstest.c,v 1.16 2011-03-28 05:14:51 marka Exp $ */ #include <config.h> diff --git a/bin/tests/dst/t_dst.c b/bin/tests/dst/t_dst.c index 711e7f91..5d1871c0 100644 --- a/bin/tests/dst/t_dst.c +++ b/bin/tests/dst/t_dst.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_dst.c,v 1.58 2009-09-01 00:22:25 jinmei Exp $ */ +/* $Id: t_dst.c,v 1.60 2011-03-17 23:47:29 tbox Exp $ */ #include <config.h> @@ -264,8 +264,8 @@ dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx, } static void -io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx, - isc_result_t exp_result, int *nfails, int *nprobs) +io(dns_name_t *name, isc_uint16_t id, isc_uint16_t alg, int type, + isc_mem_t *mctx, isc_result_t exp_result, int *nfails, int *nprobs) { dst_key_t *key = NULL; isc_result_t ret; @@ -277,7 +277,7 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx, if (p == NULL) { t_info("getcwd failed %d\n", errno); ++*nprobs; - return; + goto failure; } ret = dst_key_fromfile(name, id, alg, type, current, mctx, &key); @@ -285,7 +285,25 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx, t_info("dst_key_fromfile(%d) returned: %s\n", alg, dst_result_totext(ret)); ++*nfails; - return; + goto failure; + } + + if (dst_key_id(key) != id) { + t_info("key ID incorrect\n"); + ++*nfails; + goto failure; + } + + if (dst_key_alg(key) != alg) { + t_info("key algorithm incorrect\n"); + ++*nfails; + goto failure; + } + + if (dst_key_getttl(key) != 0) { + t_info("initial key TTL incorrect\n"); + ++*nfails; + goto failure; } ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp)); @@ -293,14 +311,14 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx, t_info("isc_file_mktemplate failed %s\n", isc_result_totext(ret)); ++*nprobs; - return; + goto failure; } ret = isc_dir_createunique(tmp); if (ret != ISC_R_SUCCESS) { t_info("mkdir failed %d\n", errno); ++*nprobs; - return; + goto failure; } ret = dst_key_tofile(key, type, tmp); @@ -308,14 +326,48 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx, t_info("dst_key_tofile(%d) returned: %s\n", alg, dst_result_totext(ret)); ++*nfails; - return; + goto failure; } if (dst_key_alg(key) != DST_ALG_DH) use(key, mctx, exp_result, nfails); + /* + * Skip the rest of this test if we weren't expecting + * the read to be successful. + */ + if (exp_result != ISC_R_SUCCESS) + goto cleanup; + + dst_key_setttl(key, 3600); + ret = dst_key_tofile(key, type, tmp); + if (ret != 0) { + t_info("dst_key_tofile(%d) returned: %s\n", + alg, dst_result_totext(ret)); + ++*nfails; + goto failure; + } + + /* Reread key to confirm TTL was changed */ + dst_key_free(&key); + ret = dst_key_fromfile(name, id, alg, type, tmp, mctx, &key); + if (ret != ISC_R_SUCCESS) { + t_info("dst_key_fromfile(%d) returned: %s\n", + alg, dst_result_totext(ret)); + ++*nfails; + goto failure; + } + + if (dst_key_getttl(key) != 3600) { + t_info("modified key TTL incorrect\n"); + ++*nfails; + goto failure; + } + + cleanup: cleandir(tmp); + failure: dst_key_free(&key); } diff --git a/bin/tests/master/t_master.c b/bin/tests/master/t_master.c index c1e5254a..96cbd2fc 100644 --- a/bin/tests/master/t_master.c +++ b/bin/tests/master/t_master.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_master.c,v 1.39.346.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: t_master.c,v 1.41 2011-03-12 04:59:46 tbox Exp $ */ #include <config.h> diff --git a/bin/tests/named.conf b/bin/tests/named.conf index daa3f897..274a334c 100644 --- a/bin/tests/named.conf +++ b/bin/tests/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.58 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: named.conf,v 1.60 2011-03-03 23:47:31 tbox Exp $ */ /* * This is a worthless, nonrunnable example of a named.conf file that has @@ -394,7 +394,7 @@ zone "non-default-acl.demo.zone" { grant root.domain. name host.domain. a ns md mf cname soa mb mg mr "null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx - cert a6 dname opt unspec tkey tsig ; + cert a6 dname opt unspec uri tkey tsig ; grant foo.bar.com. self foo.bar.com. a; }; }; diff --git a/bin/tests/names/t_names.c b/bin/tests/names/t_names.c index 0157d049..e495f3e0 100644 --- a/bin/tests/names/t_names.c +++ b/bin/tests/names/t_names.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_names.c,v 1.50.346.2 2011-03-12 04:59:15 tbox Exp $ */ +/* $Id: t_names.c,v 1.52 2011-03-12 04:59:46 tbox Exp $ */ #include <config.h> diff --git a/bin/tests/rbt/t_rbt.c b/bin/tests/rbt/t_rbt.c index ff10c0f9..c24c3109 100644 --- a/bin/tests/rbt/t_rbt.c +++ b/bin/tests/rbt/t_rbt.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_rbt.c,v 1.33.346.2 2011-03-12 04:59:15 tbox Exp $ */ +/* $Id: t_rbt.c,v 1.35 2011-03-12 04:59:46 tbox Exp $ */ #include <config.h> diff --git a/bin/tests/rdata_test.c b/bin/tests/rdata_test.c index 6ac2810f..bb28484d 100644 --- a/bin/tests/rdata_test.c +++ b/bin/tests/rdata_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata_test.c,v 1.48 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: rdata_test.c,v 1.51 2011-08-16 03:00:02 marka Exp $ */ #include <config.h> @@ -185,8 +185,8 @@ viastruct(dns_rdata_t *rdata, isc_mem_t *mctx, break; } case dns_rdatatype_naptr: { - dns_rdata_in_naptr_t in_naptr; - result = dns_rdata_tostruct(rdata, sp = &in_naptr, NULL); + dns_rdata_naptr_t naptr; + result = dns_rdata_tostruct(rdata, sp = &naptr, NULL); break; } case dns_rdatatype_ns: { @@ -279,6 +279,11 @@ viastruct(dns_rdata_t *rdata, isc_mem_t *mctx, result = dns_rdata_tostruct(rdata, sp = &unspec, NULL); break; } + case dns_rdatatype_uri: { + dns_rdata_uri_t uri; + result = dns_rdata_tostruct(rdata, sp = &uri, NULL); + break; + } case dns_rdatatype_wks: { dns_rdata_in_wks_t in_wks; result = dns_rdata_tostruct(rdata, sp = &in_wks, NULL); @@ -447,8 +452,8 @@ viastruct(dns_rdata_t *rdata, isc_mem_t *mctx, break; } case dns_rdatatype_naptr: { - dns_rdata_in_naptr_t in_naptr; - result = dns_rdata_tostruct(rdata, sp = &in_naptr, mctx); + dns_rdata_naptr_t naptr; + result = dns_rdata_tostruct(rdata, sp = &naptr, mctx); break; } case dns_rdatatype_ns: { @@ -541,6 +546,11 @@ viastruct(dns_rdata_t *rdata, isc_mem_t *mctx, result = dns_rdata_tostruct(rdata, sp = &unspec, mctx); break; } + case dns_rdatatype_uri: { + dns_rdata_uri_t uri; + result = dns_rdata_tostruct(rdata, sp = &uri, mctx); + break; + } case dns_rdatatype_wks: { dns_rdata_in_wks_t in_wks; result = dns_rdata_tostruct(rdata, sp = &in_wks, mctx); @@ -738,8 +748,8 @@ viastruct(dns_rdata_t *rdata, isc_mem_t *mctx, break; } case dns_rdatatype_naptr: { - dns_rdata_in_naptr_t in_naptr; - result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_naptr, b); + dns_rdata_naptr_t naptr; + result = dns_rdata_fromstruct(rdata2, rdc, rdt, &naptr, b); break; } case dns_rdatatype_ns: { @@ -833,6 +843,11 @@ viastruct(dns_rdata_t *rdata, isc_mem_t *mctx, result = dns_rdata_fromstruct(rdata2, rdc, rdt, &unspec, b); break; } + case dns_rdatatype_uri: { + dns_rdata_uri_t uri; + result = dns_rdata_fromstruct(rdata2, rdc, rdt, &uri, b); + break; + } case dns_rdatatype_wks: { dns_rdata_in_wks_t in_wks; result = dns_rdata_fromstruct(rdata2, rdc, rdt, &in_wks, b); diff --git a/bin/tests/resolver/Makefile.in b/bin/tests/resolver/Makefile.in index 26a83568..98464c29 100644 --- a/bin/tests/resolver/Makefile.in +++ b/bin/tests/resolver/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.2.2.3 2011-02-28 01:19:59 tbox Exp $ +# $Id: Makefile.in,v 1.3 2011-02-03 12:18:10 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/tests/resolver/t_resolver.c b/bin/tests/resolver/t_resolver.c index 0a02795b..295ccd57 100644 --- a/bin/tests/resolver/t_resolver.c +++ b/bin/tests/resolver/t_resolver.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_resolver.c,v 1.2.2.3 2011-02-28 01:19:59 tbox Exp $ */ +/* $Id: t_resolver.c,v 1.3 2011-02-03 12:18:11 tbox Exp $ */ #include <config.h> diff --git a/bin/tests/startperf/makenames.pl b/bin/tests/startperf/makenames.pl index 3c7c57aa..abc1124f 100644 --- a/bin/tests/startperf/makenames.pl +++ b/bin/tests/startperf/makenames.pl @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: makenames.pl,v 1.2.8.2 2011-07-09 01:57:04 each Exp $ +# $Id: makenames.pl,v 1.2 2011-07-06 05:05:51 each Exp $ use strict; die "Usage: makenames.pl <num>" if (@ARGV == 0); diff --git a/bin/tests/startperf/setup.sh b/bin/tests/startperf/setup.sh index e495fca8..c5fade97 100644 --- a/bin/tests/startperf/setup.sh +++ b/bin/tests/startperf/setup.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.3.2.3 2011-07-10 23:47:11 tbox Exp $ +# $Id: setup.sh,v 1.3 2011-07-07 23:47:49 tbox Exp $ if [ "$#" -ne 1 ]; then echo "Usage: $0 <number of zones>" diff --git a/bin/tests/startperf/smallzone.db b/bin/tests/startperf/smallzone.db index 1a5c86b7..37a03d5a 100644 --- a/bin/tests/startperf/smallzone.db +++ b/bin/tests/startperf/smallzone.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: smallzone.db,v 1.3.2.3 2011-07-10 23:47:12 tbox Exp $ +; $Id: smallzone.db,v 1.3 2011-07-07 23:47:49 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in index 0b61833e..ed312151 100644 --- a/bin/tests/system/Makefile.in +++ b/bin/tests/system/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.35.8.2 2011-04-19 21:23:35 smann Exp $ +# $Id: Makefile.in,v 1.37 2011-03-30 15:48:41 smann Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/tests/system/addzone/ns2/named2.conf b/bin/tests/system/addzone/ns2/named2.conf index df4a1850..75ea811f 100644 --- a/bin/tests/system/addzone/ns2/named2.conf +++ b/bin/tests/system/addzone/ns2/named2.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named2.conf,v 1.3.54.2 2011-06-17 23:47:11 tbox Exp $ */ +/* $Id: named2.conf,v 1.5 2011-06-17 23:47:49 tbox Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh index 776c2316..4d343dee 100644 --- a/bin/tests/system/addzone/tests.sh +++ b/bin/tests/system/addzone/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.4.54.2 2011-06-17 23:47:11 tbox Exp $ +# $Id: tests.sh,v 1.6 2011-06-17 23:47:49 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/ans.pl b/bin/tests/system/ans.pl index d255b0e1..796857b6 100644 --- a/bin/tests/system/ans.pl +++ b/bin/tests/system/ans.pl @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: ans.pl,v 1.2.2.4 2011-03-18 04:40:30 each Exp $ +# $Id: ans.pl,v 1.4 2011-03-18 04:41:15 each Exp $ # # This is the name server from hell. It provides canned diff --git a/bin/tests/system/autosign/clean.sh b/bin/tests/system/autosign/clean.sh index f95753c4..f33a5524 100644 --- a/bin/tests/system/autosign/clean.sh +++ b/bin/tests/system/autosign/clean.sh @@ -14,12 +14,13 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.7.16.3 2011-07-08 01:45:58 each Exp $ +# $Id: clean.sh,v 1.12 2011-07-08 01:43:26 each Exp $ rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk rm -f active.key inact.key del.key unpub.key standby.key rev.key rm -f nopriv.key vanishing.key del1.key del2.key -rm -f delayksk.key delayzsk.key missingzsk.key inactivezsk.key +rm -f delayksk.key delayzsk.key autoksk.key autozsk.key +rm -f missingzsk.key inactivezsk.key rm -f nsupdate.out rm -f */core rm -f */example.bk @@ -43,7 +44,8 @@ rm -f ns3/secure.example.db rm -f ns3/secure.nsec3.example.db rm -f ns3/secure.optout.example.db rm -f ns3/secure-to-insecure.example.db -rm -f ns3/nozsk.example.db ns3/inaczsk.example.db rm -f ns3/prepub.example.db rm -f ns3/prepub.example.db.in rm -f ns3/secure-to-insecure2.example.db +rm -f ns3/nozsk.example.db ns3/inaczsk.example.db +rm -f ns3/ttl*.db diff --git a/bin/tests/system/autosign/ns2/keygen.sh b/bin/tests/system/autosign/ns2/keygen.sh index dc39ecfd..379ed7fd 100644 --- a/bin/tests/system/autosign/ns2/keygen.sh +++ b/bin/tests/system/autosign/ns2/keygen.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: keygen.sh,v 1.7.112.2 2011-05-26 23:47:04 tbox Exp $ +# $Id: keygen.sh,v 1.10 2011-06-10 01:51:09 each Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -24,7 +24,7 @@ RANDFILE=../random.data # Have the child generate subdomain keys and pass DS sets to us. ( cd ../ns3 && sh keygen.sh ) -for subdomain in secure nsec3 optout rsasha256 rsasha512 nsec3-to-nsec oldsigs +for subdomain in secure nsec3 autonsec3 optout rsasha256 rsasha512 nsec3-to-nsec oldsigs do cp ../ns3/dsset-$subdomain.example. . done diff --git a/bin/tests/system/autosign/ns2/named.conf b/bin/tests/system/autosign/ns2/named.conf index edf340d1..4856926c 100644 --- a/bin/tests/system/autosign/ns2/named.conf +++ b/bin/tests/system/autosign/ns2/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.5 2010-01-18 23:48:40 tbox Exp $ */ +/* $Id: named.conf,v 1.7 2011-04-29 23:47:17 tbox Exp $ */ // NS2 @@ -32,6 +32,7 @@ options { notify yes; dnssec-enable yes; dnssec-validation yes; + dnssec-loadkeys-interval 30; }; key rndc_key { diff --git a/bin/tests/system/autosign/ns3/autonsec3.example.db.in b/bin/tests/system/autosign/ns3/autonsec3.example.db.in new file mode 100644 index 00000000..ae3f730d --- /dev/null +++ b/bin/tests/system/autosign/ns3/autonsec3.example.db.in @@ -0,0 +1,42 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: autonsec3.example.db.in,v 1.3 2011-06-10 23:47:31 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +child NS ns2.example. +insecure NS ns.insecure +ns.insecure A 10.53.0.3 +secure NS ns.secure +ns.secure A 10.53.0.3 +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 +optout NS ns.optout +ns.optout A 10.53.0.3 +02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/autosign/ns3/delay.example.db b/bin/tests/system/autosign/ns3/delay.example.db index 49cfa12f..db8588da 100644 --- a/bin/tests/system/autosign/ns3/delay.example.db +++ b/bin/tests/system/autosign/ns3/delay.example.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: delay.example.db,v 1.1.4.2 2011-03-26 01:08:26 each Exp $ +; $Id: delay.example.db,v 1.2 2011-03-26 01:19:03 each Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/autosign/ns3/inaczsk.example.db.in b/bin/tests/system/autosign/ns3/inaczsk.example.db.in index aa019a82..25ecc472 100644 --- a/bin/tests/system/autosign/ns3/inaczsk.example.db.in +++ b/bin/tests/system/autosign/ns3/inaczsk.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: inaczsk.example.db.in,v 1.2.2.2 2011-07-08 01:45:58 each Exp $ +; $Id: inaczsk.example.db.in,v 1.2 2011-07-08 01:43:26 each Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/autosign/ns3/keygen.sh b/bin/tests/system/autosign/ns3/keygen.sh index 5b4a4d85..da05c6a2 100644 --- a/bin/tests/system/autosign/ns3/keygen.sh +++ b/bin/tests/system/autosign/ns3/keygen.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: keygen.sh,v 1.8.18.3 2011-07-08 01:45:58 each Exp $ +# $Id: keygen.sh,v 1.13 2011-07-08 01:43:26 each Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -74,6 +74,19 @@ $KEYGEN -q -3 -r $RANDFILE $zone > /dev/null $DSFROMKEY $ksk.key > dsset-${zone}. # +# An NSEC3 zone, with NSEC3 parameters set prior to signing +# +zone=autonsec3.example +zonefile="${zone}.db" +infile="${zonefile}.in" +cat $infile > $zonefile +ksk=`$KEYGEN -G -q -3 -r $RANDFILE -fk $zone` +echo $ksk > ../autoksk.key +zsk=`$KEYGEN -G -q -3 -r $RANDFILE $zone` +echo $zsk > ../autozsk.key +$DSFROMKEY $ksk.key > dsset-${zone}. + +# # OPTOUT/NSEC test zone # zone=secure.optout.example @@ -168,7 +181,7 @@ $SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > /dev/null 2>&1 zone=nsec3-to-nsec.example zonefile="${zone}.db" infile="${zonefile}.in" -cp $infile $zonefile +#cp $infile $zonefile ksk=`$KEYGEN -q -a RSASHA512 -b 2048 -r $RANDFILE -fk $zone` $KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > /dev/null $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1 @@ -207,6 +220,39 @@ $KEYGEN -3 -q -r $RANDFILE $zone > /dev/null $SIGNER -S -3 beef -o $zone -f $zonefile $infile > /dev/null 2>&1 # +# Key TTL tests. +# + +# no default key TTL; DNSKEY should get SOA TTL +zone=ttl1.example +zonefile="${zone}.db" +infile="${zonefile}.in" +$KEYGEN -3 -q -r $RANDFILE -fk $zone > /dev/null +$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null +cp $infile $zonefile + +# default key TTL should be used +zone=ttl2.example +zonefile="${zone}.db" +$KEYGEN -3 -q -r $RANDFILE -fk -L 60 $zone > /dev/null +$KEYGEN -3 -q -r $RANDFILE -L 60 $zone > /dev/null +cp $infile $zonefile + +# mismatched key TTLs, should use shortest +zone=ttl3.example +zonefile="${zone}.db" +$KEYGEN -3 -q -r $RANDFILE -fk -L 30 $zone > /dev/null +$KEYGEN -3 -q -r $RANDFILE -L 60 $zone > /dev/null +cp $infile $zonefile + +# existing DNSKEY RRset, should retain TTL +zone=ttl4.example +zonefile="${zone}.db" +$KEYGEN -3 -q -r $RANDFILE -L 30 -fk $zone > /dev/null +cat ${infile} K${zone}.+*.key > $zonefile +$KEYGEN -3 -q -r $RANDFILE -L 180 $zone > /dev/null + +# # A zone with a DNSKEY RRset that is published before it's activated # zone=delay.example diff --git a/bin/tests/system/autosign/ns3/named.conf b/bin/tests/system/autosign/ns3/named.conf index 4d26c83d..1fe1630a 100644 --- a/bin/tests/system/autosign/ns3/named.conf +++ b/bin/tests/system/autosign/ns3/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.7.18.3 2011-07-08 01:45:58 each Exp $ */ +/* $Id: named.conf,v 1.13 2011-07-08 01:43:26 each Exp $ */ // NS3 @@ -32,6 +32,7 @@ options { notify yes; dnssec-enable yes; dnssec-validation yes; + dnssec-loadkeys-interval 10; }; key rndc_key { @@ -79,6 +80,13 @@ zone "nsec3.example" { auto-dnssec maintain; }; +zone "autonsec3.example" { + type master; + file "autonsec3.example.db"; + allow-update { any; }; + auto-dnssec maintain; +}; + zone "optout.nsec3.example" { type master; file "optout.nsec3.example.db"; @@ -185,6 +193,34 @@ zone "prepub.example" { auto-dnssec maintain; }; +zone "ttl1.example" { + type master; + file "ttl1.example.db"; + allow-update { any; }; + auto-dnssec maintain; +}; + +zone "ttl2.example" { + type master; + file "ttl2.example.db"; + allow-update { any; }; + auto-dnssec maintain; +}; + +zone "ttl3.example" { + type master; + file "ttl3.example.db"; + allow-update { any; }; + auto-dnssec maintain; +}; + +zone "ttl4.example" { + type master; + file "ttl4.example.db"; + allow-update { any; }; + auto-dnssec maintain; +}; + zone "delay.example" { type master; file "delay.example.db"; diff --git a/bin/tests/system/autosign/ns3/nozsk.example.db.in b/bin/tests/system/autosign/ns3/nozsk.example.db.in index 5424ec03..8fc58c10 100644 --- a/bin/tests/system/autosign/ns3/nozsk.example.db.in +++ b/bin/tests/system/autosign/ns3/nozsk.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: nozsk.example.db.in,v 1.2.2.2 2011-07-08 01:45:58 each Exp $ +; $Id: nozsk.example.db.in,v 1.2 2011-07-08 01:43:26 each Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/autosign/ns3/ttl1.example.db.in b/bin/tests/system/autosign/ns3/ttl1.example.db.in new file mode 100644 index 00000000..307be48c --- /dev/null +++ b/bin/tests/system/autosign/ns3/ttl1.example.db.in @@ -0,0 +1,31 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: ttl1.example.db.in,v 1.3 2011-03-17 23:47:30 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2009102722 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +x CNAME a diff --git a/bin/tests/system/autosign/ns3/ttl2.example.db.in b/bin/tests/system/autosign/ns3/ttl2.example.db.in new file mode 100644 index 00000000..59d49252 --- /dev/null +++ b/bin/tests/system/autosign/ns3/ttl2.example.db.in @@ -0,0 +1,31 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: ttl2.example.db.in,v 1.3 2011-03-17 23:47:30 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2009102722 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +x CNAME a diff --git a/bin/tests/system/autosign/ns3/ttl3.example.db.in b/bin/tests/system/autosign/ns3/ttl3.example.db.in new file mode 100644 index 00000000..f9ba7e19 --- /dev/null +++ b/bin/tests/system/autosign/ns3/ttl3.example.db.in @@ -0,0 +1,31 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: ttl3.example.db.in,v 1.3 2011-03-17 23:47:30 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2009102722 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +x CNAME a diff --git a/bin/tests/system/autosign/ns3/ttl4.example.db.in b/bin/tests/system/autosign/ns3/ttl4.example.db.in new file mode 100644 index 00000000..328ecc0f --- /dev/null +++ b/bin/tests/system/autosign/ns3/ttl4.example.db.in @@ -0,0 +1,31 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: ttl4.example.db.in,v 1.3 2011-03-17 23:47:30 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2009102722 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +x CNAME a diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh index 089d7995..735d33ff 100644 --- a/bin/tests/system/autosign/tests.sh +++ b/bin/tests/system/autosign/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.12.18.16 2011-07-26 04:41:48 marka Exp $ +# $Id: tests.sh,v 1.34 2011-07-26 04:42:20 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -96,9 +96,11 @@ status=`expr $status + $ret` echo "I:checking NSEC->NSEC3 conversion prerequisites ($n)" ret=0 -# this command should result in an empty file: -$DIG $DIGOPTS +noall +answer nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.test$n || ret=1 -grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null && ret=1 +# these commands should result in an empty file: +$DIG $DIGOPTS +noall +answer nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.1.test$n || ret=1 +grep "NSEC3PARAM" dig.out.ns3.1.test$n > /dev/null && ret=1 +$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.2.test$n || ret=1 +grep "NSEC3PARAM" dig.out.ns3.2.test$n > /dev/null && ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -123,6 +125,9 @@ send zone nsec3.example. update add nsec3.example. 3600 NSEC3PARAM 1 0 10 BEEF send +zone autonsec3.example. +update add autonsec3.example. 3600 NSEC3PARAM 1 1 10 BEEF +send zone nsec3.optout.example. update add nsec3.optout.example. 3600 NSEC3PARAM 1 0 10 BEEF send @@ -142,6 +147,21 @@ update add nsec.example. 3600 NSEC3PARAM 1 0 10 BEEF send END +echo "I:checking for nsec3param in unsigned zone ($n)" +ret=0 +$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.test$n || ret=1 +grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:signing preset nsec3 zone" +zsk=`cat autozsk.key` +ksk=`cat autoksk.key` +$SETTIME -K ns3 -P now -A now $zsk > /dev/null 2>&1 +$SETTIME -K ns3 -P now -A now $ksk > /dev/null 2>&1 +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 loadkeys autonsec3.example. 2>&1 | sed 's/^/I:ns3 /' + echo "I:waiting for changes to take effect" sleep 3 @@ -181,8 +201,6 @@ loglines=`grep "Key inaczsk.example/NSEC3RSASHA1/$missing .* retaining signature if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -# This test is above the rndc freeze/thaw calls because the apex node -# will be resigned on thaw, increasing the serial number again. echo "I:checking serial is not incremented when signatures are unchanged ($n)" ret=0 newserial=`$DIG $DIGOPTS +short soa nozsk.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'` @@ -192,15 +210,12 @@ newserial=`$DIG $DIGOPTS +short soa inaczsk.example @10.53.0.3 | awk '$0 !~ /SOA if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -# Send rndc freeze command to ns1, ns2 and ns3, to force the dynamically +# Send rndc sync command to ns1, ns2 and ns3, to force the dynamically # signed zones to be dumped to their zone files echo "I:dumping zone files" -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 freeze 2>&1 | sed 's/^/I:ns1 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 thaw 2>&1 | sed 's/^/I:ns1 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 freeze 2>&1 | sed 's/^/I:ns2 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 thaw 2>&1 | sed 's/^/I:ns2 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 freeze 2>&1 | sed 's/^/I:ns3 /' -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 thaw 2>&1 | sed 's/^/I:ns3 /' +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 sync 2>&1 | sed 's/^/I:ns1 /' +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 sync 2>&1 | sed 's/^/I:ns2 /' +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sync 2>&1 | sed 's/^/I:ns3 /' echo "I:checking expired signatures were updated ($n)" ret=0 @@ -225,6 +240,20 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking direct NSEC3 autosigning succeeded ($n)" +ret=0 +$DIG $DIGOPTS +noall +answer autonsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1 +[ -s dig.out.ns3.ok.test$n ] || ret=1 +grep "NSEC3PARAM" dig.out.ns3.ok.test$n > /dev/null || ret=1 +$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 +$DIG $DIGOPTS +noauth q.autonsec3.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 +$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 +grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:checking NSEC->NSEC3 conversion failed with NSEC-only key ($n)" ret=0 grep "failed: REFUSED" nsupdate.out > /dev/null || ret=1 @@ -246,6 +275,42 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking TTLs of imported DNSKEYs (no default) ($n)" +ret=0 +$DIG $DIGOPTS +tcp +noall +answer dnskey ttl1.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 +[ -s dig.out.ns3.test$n ] || ret=1 +awk 'BEGIN {r=0} $2 != 300 {r=1; print "I:found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking TTLs of imported DNSKEYs (with default) ($n)" +ret=0 +$DIG $DIGOPTS +tcp +noall +answer dnskey ttl2.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 +[ -s dig.out.ns3.test$n ] || ret=1 +awk 'BEGIN {r=0} $2 != 60 {r=1; print "I:found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking TTLs of imported DNSKEYs (mismatched) ($n)" +ret=0 +$DIG $DIGOPTS +tcp +noall +answer dnskey ttl3.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 +[ -s dig.out.ns3.test$n ] || ret=1 +awk 'BEGIN {r=0} $2 != 30 {r=1; print "I:found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking TTLs of imported DNSKEYs (existing RRset) ($n)" +ret=0 +$DIG $DIGOPTS +tcp +noall +answer dnskey ttl4.example. @10.53.0.3 > dig.out.ns3.test$n || ret=1 +[ -s dig.out.ns3.test$n ] || ret=1 +awk 'BEGIN {r=0} $2 != 30 {r=1; print "I:found TTL " $2} END {exit r}' dig.out.ns3.test$n || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:checking positive validation NSEC ($n)" ret=0 $DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1 @@ -716,13 +781,13 @@ send END sleep 2 $DIG $DIGOPTS axfr secure-to-insecure.example @10.53.0.3 > dig.out.ns3.test$n || ret=1 -egrep 'RRSIG' dig.out.ns3.test$n > /dev/null && ret=1 -egrep '(DNSKEY|NSEC)' dig.out.ns3.test$n > /dev/null && ret=1 +egrep '(RRSIG|DNSKEY|NSEC)' dig.out.ns3.test$n > /dev/null && ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` echo "I:checking secure-to-insecure transition, scheduled ($n)" +ret=0 file="ns3/`cat del1.key`.key" $SETTIME -I now -D now $file > /dev/null file="ns3/`cat del2.key`.key" @@ -730,8 +795,7 @@ $SETTIME -I now -D now $file > /dev/null $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sign secure-to-insecure2.example. 2>&1 | sed 's/^/I:ns3 /' sleep 2 $DIG $DIGOPTS axfr secure-to-insecure2.example @10.53.0.3 > dig.out.ns3.test$n || ret=1 -egrep 'RRSIG' dig.out.ns3.test$n > /dev/null && ret=1 -egrep '(DNSKEY|NSEC3)' dig.out.ns3.test$n > /dev/null && ret=1 +egrep '(RRSIG|DNSKEY|NSEC3)' dig.out.ns3.test$n > /dev/null && ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -961,8 +1025,8 @@ if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` # this confirms that key events are never scheduled more than -# a given number of seconds into the future, and that the last -# event scheduled is precisely that far in the future. +# 'dnssec-loadkeys-interval' minutes in the future, and that the +# last event scheduled is precisely that far in the future. check_interval () { awk '/next key event/ {print $2 ":" $9}' $1/named.run | sed 's/\.//g' | @@ -990,12 +1054,21 @@ check_interval () { echo "I:checking automatic key reloading interval ($n)" ret=0 check_interval ns1 3600 || ret=1 -check_interval ns2 3600 || ret=1 -check_interval ns3 3600 || ret=1 +check_interval ns2 1800 || ret=1 +check_interval ns3 600 || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` -echo "I:exit status: $status" +echo "I:checking for key reloading loops ($n)" +ret=0 +# every key event should schedule a successor, so these should be equal +rekey_calls=`grep "reconfiguring zone keys" ns*/named.run | wc -l` +rekey_events=`grep "next key event" ns*/named.run | wc -l` +[ "$rekey_calls" = "$rekey_events" ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` +echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/builtin/ns1/named.conf b/bin/tests/system/builtin/ns1/named.conf index a7f826c7..99d459bc 100644 --- a/bin/tests/system/builtin/ns1/named.conf +++ b/bin/tests/system/builtin/ns1/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.2.3 2011-08-09 04:11:44 tbox Exp $ */ +/* $Id: named.conf,v 1.3 2011-08-09 04:12:25 tbox Exp $ */ include "../../common/rndc.key"; diff --git a/bin/tests/system/builtin/tests.sh b/bin/tests/system/builtin/tests.sh index f3170259..649a24f9 100644 --- a/bin/tests/system/builtin/tests.sh +++ b/bin/tests/system/builtin/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2.2.3 2011-08-09 04:11:44 tbox Exp $ +# $Id: tests.sh,v 1.3 2011-08-09 04:12:25 tbox Exp $ status=0 n=0 diff --git a/bin/tests/system/cacheclean/clean.sh b/bin/tests/system/cacheclean/clean.sh index 567824bb..d69a8e0c 100644 --- a/bin/tests/system/cacheclean/clean.sh +++ b/bin/tests/system/cacheclean/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.6 2007-09-26 03:22:43 marka Exp $ +# $Id: clean.sh,v 1.8 2011-08-03 23:47:48 tbox Exp $ # # Clean up after cache cleaner tests. @@ -23,3 +23,4 @@ rm -f dig.out.ns2 rm -f */named.memstats +rm -f ns2/named_dump.db diff --git a/bin/tests/system/cacheclean/ns1/flushtest.db b/bin/tests/system/cacheclean/ns1/flushtest.db new file mode 100644 index 00000000..5ee4eb67 --- /dev/null +++ b/bin/tests/system/cacheclean/ns1/flushtest.db @@ -0,0 +1,49 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: flushtest.db,v 1.3 2011-08-03 23:47:48 tbox Exp $ + +$TTL 3600 +$ORIGIN flushtest.example. +@ IN SOA flushtest.example. ns.flushtest.example. ( + 2011072900 + 600 + 600 + 1200 + 3600 + ) + NS ns +ns IN A 10.53.0.1 + +top1 IN TXT "text" +second1.top1 IN TXT "text" +third1.second1.top1 IN TXT "text" +third2.second1.top1 IN TXT "text" +second2.top1 IN TXT "text" +second3.top1 IN TXT "text" + +; top2 node is omitted for testing with an empty nonterminal +second1.top2 IN TXT "text" +second2.top2 IN TXT "text" +second3.top2 IN TXT "text" + +top3 IN TXT "text" +second1.top3 IN TXT "text" +third1.second1.top3 IN TXT "text" +third2.second1.top3 IN TXT "text" +; second2.top3 is omitted for testing with an empty nontermianl +third1.second2.top3 IN TXT "text" +third2.second2.top3 IN TXT "text" +second3.top3 IN TXT "text" + diff --git a/bin/tests/system/cacheclean/ns1/named.conf b/bin/tests/system/cacheclean/ns1/named.conf index ab554d70..bbb49f83 100644 --- a/bin/tests/system/cacheclean/ns1/named.conf +++ b/bin/tests/system/cacheclean/ns1/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.9 2007-06-19 23:47:01 tbox Exp $ */ +/* $Id: named.conf,v 1.11 2011-08-02 23:47:52 tbox Exp $ */ controls { /* empty */ }; @@ -36,3 +36,8 @@ zone "." { type master; file "example.db"; }; + +zone "flushtest.example" { + type master; + file "flushtest.db"; +}; diff --git a/bin/tests/system/cacheclean/ns2/named.conf b/bin/tests/system/cacheclean/ns2/named.conf index d4e8dfbb..6bfcccfa 100644 --- a/bin/tests/system/cacheclean/ns2/named.conf +++ b/bin/tests/system/cacheclean/ns2/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.8 2007-06-19 23:47:01 tbox Exp $ */ +/* $Id: named.conf,v 1.10 2011-08-02 23:47:52 tbox Exp $ */ controls { /* empty */ }; @@ -32,7 +32,21 @@ options { disable-empty-zone 127.IN-ADDR.ARPA; }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; +}; + zone "." { type hint; file "../../common/root.hint"; }; + +zone "flushtest.example" { + type forward; + forwarders { 10.53.0.1; }; +}; diff --git a/bin/tests/system/cacheclean/tests.sh b/bin/tests/system/cacheclean/tests.sh index 0873a82a..d5802a02 100644 --- a/bin/tests/system/cacheclean/tests.sh +++ b/bin/tests/system/cacheclean/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,18 +15,165 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.5 2007-06-19 23:47:00 tbox Exp $ +# $Id: tests.sh,v 1.8 2011-08-23 00:59:23 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 -$DIG +nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm +nostat \ - -f dig.batch -p 5300 @10.53.0.2 > dig.out.ns2 || status=1 +RNDCOPTS="-c ../common/rndc.conf -s 10.53.0.2 -p 9953" +DIGOPTS="+nosea +nocomm +nocmd +noquest +noadd +noauth +nocomm \ + +nostat @10.53.0.2 -p 5300" + +# fill the cache with nodes from flushtest.example zone +load_cache () { + # empty all existing cache data + $RNDC $RNDCOPTS flush + + # load the positive cache entries + $DIG $DIGOPTS txt top1.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt second1.top1.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt third1.second1.top1.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt third2.second1.top1.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt second2.top1.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt second3.top1.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt second1.top2.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt second2.top2.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt second3.top2.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt top3.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt second1.top3.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt third1.second1.top3.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt third2.second1.top3.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt third1.second2.top3.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt third2.second2.top3.flushtest.example > /dev/null 2>1 + $DIG $DIGOPTS txt second3.top3.flushtest.example > /dev/null 2>1 + + # load the negative cache entries + # nxrrset: + $DIG $DIGOPTS a third1.second1.top1.flushtest.example > /dev/null + # nxdomain: + $DIG $DIGOPTS txt top4.flushtest.example > /dev/null + # empty nonterminal: + $DIG $DIGOPTS txt second2.top3.flushtest.example > /dev/null + + # sleep one second ensure the TTLs will be lower on cached data + sleep 1 +} + +dump_cache () { + rm -f ns2/named_dump.db + $RNDC $RNDCOPTS dumpdb -cache + sleep 1 +} + +clear_cache () { + $RNDC $RNDCOPTS flush +} + +in_cache () { + ttl=`$DIG $DIGOPTS "$@" | awk '{print $2}'` + [ -z "$ttl" ] && { + ttl=`$DIG $DIGOPTS +noanswer +auth "$@" | awk '{print $2}'` + [ "$ttl" -eq 3600 ] && return 1 + return 0 + } + [ "$ttl" -eq 3600 ] && return 1 + return 0 +} + +echo "I:check correctness of routine cache cleaning" +$DIG $DIGOPTS -f dig.batch > dig.out.ns2 || status=1 grep ";" dig.out.ns2 $PERL ../digcomp.pl dig.out.ns2 knowngood.dig.out || status=1 +echo "I:reset and check that records are correctly cached initially" +ret=0 +load_cache +dump_cache +nrecords=`grep flushtest.example ns2/named_dump.db | grep -v '^;' | wc -l` +[ $nrecords -eq 20 ] || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:check flushing of the full cache" +ret=0 +clear_cache +dump_cache +nrecords=`grep flushtest.example ns2/named_dump.db | grep -v '^;' | wc -l` +[ $nrecords -eq 0 ] || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:check flushing of individual nodes" +ret=0 +clear_cache +load_cache +# interior node +in_cache txt top1.flushtest.example || ret=1 +$RNDC $RNDCOPTS flushname top1.flushtest.example +in_cache txt top1.flushtest.example && ret=1 + +# leaf node, under the interior node (should still exist) +in_cache txt third2.second1.top1.flushtest.example || ret=1 +$RNDC $RNDCOPTS flushname third2.second1.top1.flushtest.example +in_cache txt third2.second1.top1.flushtest.example && ret=1 + +# another leaf node, with both positive and negative cache entries +in_cache a third1.second1.top1.flushtest.example || ret=1 +in_cache txt third1.second1.top1.flushtest.example || ret=1 +$RNDC $RNDCOPTS flushname third1.second1.top1.flushtest.example +in_cache a third1.second1.top1.flushtest.example && ret=1 +in_cache txt third1.second1.top1.flushtest.example && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:check flushing a nonexistent name" +ret=0 +$RNDC $RNDCOPTS flushname fake.flushtest.example || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:check flushing of namespaces" +ret=0 +clear_cache +load_cache +# flushing leaf node should leave the interior node: +in_cache txt third1.second1.top1.flushtest.example || ret=1 +in_cache txt top1.flushtest.example || ret=1 +$RNDC $RNDCOPTS flushtree third1.second1.top1.flushtest.example +in_cache txt third1.second1.top1.flushtest.example && ret=1 +in_cache txt top1.flushtest.example || ret=1 +in_cache txt second1.top1.flushtest.example || ret=1 +in_cache txt third2.second1.top1.flushtest.example || ret=1 +$RNDC $RNDCOPTS flushtree second1.top1.flushtest.example +in_cache txt top1.flushtest.example || ret=1 +in_cache txt second1.top1.flushtest.example && ret=1 +in_cache txt third2.second1.top1.flushtest.example && ret=1 + +# flushing from an empty node should still remove all its children +in_cache txt second1.top2.flushtest.example || ret=1 +$RNDC $RNDCOPTS flushtree top2.flushtest.example +in_cache txt second1.top2.flushtest.example && ret=1 +in_cache txt second2.top2.flushtest.example && ret=1 +in_cache txt second3.top2.flushtest.example && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:check flushing a nonexistent namespace" +ret=0 +$RNDC $RNDCOPTS flushtree fake.flushtest.example || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:check the number of cached records remaining" +ret=0 +dump_cache +nrecords=`grep flushtest.example ns2/named_dump.db | grep -v '^;' | wc -l` +[ $nrecords -eq 19 ] || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/checkconf/clean.sh b/bin/tests/system/checkconf/clean.sh index e101a04c..35f972c5 100644 --- a/bin/tests/system/checkconf/clean.sh +++ b/bin/tests/system/checkconf/clean.sh @@ -14,6 +14,6 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.1.6.2 2011-05-07 05:53:23 each Exp $ +# $Id: clean.sh,v 1.2 2011-05-07 05:55:17 each Exp $ rm -f good.conf.in good.conf.out diff --git a/bin/tests/system/checkconf/dnssec.1 b/bin/tests/system/checkconf/dnssec.1 index 86186cec..45e62c05 100644 --- a/bin/tests/system/checkconf/dnssec.1 +++ b/bin/tests/system/checkconf/dnssec.1 @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec.1,v 1.1.6.4 2011-05-08 07:09:28 marka Exp $ */ +/* $Id: dnssec.1,v 1.4 2011-05-08 07:12:47 marka Exp $ */ options { dnssec-enable no; diff --git a/bin/tests/system/checkconf/dnssec.2 b/bin/tests/system/checkconf/dnssec.2 index 8089baa7..59b51de7 100644 --- a/bin/tests/system/checkconf/dnssec.2 +++ b/bin/tests/system/checkconf/dnssec.2 @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec.2,v 1.1.6.4 2011-05-08 07:09:28 marka Exp $ */ +/* $Id: dnssec.2,v 1.4 2011-05-08 07:12:47 marka Exp $ */ options { dnssec-enable no; diff --git a/bin/tests/system/checkconf/dnssec.3 b/bin/tests/system/checkconf/dnssec.3 index 26b2a7cd..eebaced2 100644 --- a/bin/tests/system/checkconf/dnssec.3 +++ b/bin/tests/system/checkconf/dnssec.3 @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec.3,v 1.1.6.4 2011-05-08 07:09:28 marka Exp $ */ +/* $Id: dnssec.3,v 1.4 2011-05-08 07:12:48 marka Exp $ */ options { dnssec-validation no; diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf index 78312cc9..ec195bba 100644 --- a/bin/tests/system/checkconf/good.conf +++ b/bin/tests/system/checkconf/good.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: good.conf,v 1.6.114.3 2011-05-07 05:53:24 each Exp $ */ +/* $Id: good.conf,v 1.9 2011-05-07 05:55:17 each Exp $ */ /* * This is just a random selection of configuration options. diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 29fd41c5..3b626d97 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.5.114.2 2011-05-07 23:47:05 tbox Exp $ +# $Id: tests.sh,v 1.7 2011-05-07 23:47:28 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/checkzone/clean.sh b/bin/tests/system/checkzone/clean.sh index d4cc4b63..53208104 100644 --- a/bin/tests/system/checkzone/clean.sh +++ b/bin/tests/system/checkzone/clean.sh @@ -12,6 +12,6 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2.2.2 2011-03-02 04:27:58 marka Exp $ +# $Id: clean.sh,v 1.2 2011-03-02 04:20:33 marka Exp $ rm -f test.out.* diff --git a/bin/tests/system/checkzone/tests.sh b/bin/tests/system/checkzone/tests.sh index d035b122..1afeee8d 100644 --- a/bin/tests/system/checkzone/tests.sh +++ b/bin/tests/system/checkzone/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2.2.2 2011-03-02 04:27:59 marka Exp $ +# $Id: tests.sh,v 1.2 2011-03-02 04:20:33 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/checkzone/zones/good1.db b/bin/tests/system/checkzone/zones/good1.db index b63131d3..c98b1e22 100644 --- a/bin/tests/system/checkzone/zones/good1.db +++ b/bin/tests/system/checkzone/zones/good1.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: good1.db,v 1.2.2.2 2011-03-02 04:27:59 marka Exp $ +; $Id: good1.db,v 1.2 2011-03-02 04:20:34 marka Exp $ $TTL 600 diff --git a/bin/tests/system/common/rndc.key b/bin/tests/system/common/rndc.key index 92c5dec8..c2c34573 100644 --- a/bin/tests/system/common/rndc.key +++ b/bin/tests/system/common/rndc.key @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.key,v 1.2.2.3 2011-03-12 04:59:15 tbox Exp $ */ +/* $Id: rndc.key,v 1.3 2011-03-12 04:59:47 tbox Exp $ */ key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 7eb3390b..f2bb61b4 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: conf.sh.in,v 1.59.8.7 2011-08-09 02:34:24 marka Exp $ +# $Id: conf.sh.in,v 1.68 2011-08-09 02:24:28 marka Exp $ # # Common configuration data for system tests, to be sourced into @@ -56,9 +56,9 @@ SUBDIRS="acl allow_query addzone autosign builtin cacheclean checkconf checknames checkzone database dlv dlvauto dlz dlzexternal dname dns64 dnssec forward glue gost ixfr limits logfileconfig lwresd masterfile masterformat metadata notify - nsupdate pending pkcs11 resolver rpz rrsetorder sortlist - smartsign staticstub stub tkey tsig tsiggss unknown upforwd - views xfer xferquota zonechecks" + nsupdate pending pkcs11 redirect resolver rndc rpz rrsetorder + sortlist smartsign staticstub stub tkey tsig tsiggss unknown + upforwd views xfer xferquota zonechecks" # PERL will be an empty string if no perl interpreter was found. PERL=@PERL@ diff --git a/bin/tests/system/database/clean.sh b/bin/tests/system/database/clean.sh index 53895f4c..737aa669 100644 --- a/bin/tests/system/database/clean.sh +++ b/bin/tests/system/database/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2.2.3 2011-02-28 01:19:59 tbox Exp $ +# $Id: clean.sh,v 1.3 2011-03-01 23:48:05 tbox Exp $ rm -f ns1/named.conf ns1/named.run ns1/named.memstats rm -f dig.out.* diff --git a/bin/tests/system/database/ns1/named.conf1 b/bin/tests/system/database/ns1/named.conf1 index bb2406b4..6234e3b0 100644 --- a/bin/tests/system/database/ns1/named.conf1 +++ b/bin/tests/system/database/ns1/named.conf1 @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf1,v 1.2.2.3 2011-02-28 01:20:00 tbox Exp $ */ +/* $Id: named.conf1,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ // NS1 diff --git a/bin/tests/system/database/ns1/named.conf2 b/bin/tests/system/database/ns1/named.conf2 index 238ba16f..6530d877 100644 --- a/bin/tests/system/database/ns1/named.conf2 +++ b/bin/tests/system/database/ns1/named.conf2 @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf2,v 1.2.2.3 2011-02-28 01:20:00 tbox Exp $ */ +/* $Id: named.conf2,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ // NS1 diff --git a/bin/tests/system/database/setup.sh b/bin/tests/system/database/setup.sh index 98d40743..49515d5e 100644 --- a/bin/tests/system/database/setup.sh +++ b/bin/tests/system/database/setup.sh @@ -14,6 +14,6 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.2.2.3 2011-02-28 01:19:59 tbox Exp $ +# $Id: setup.sh,v 1.3 2011-03-01 23:48:05 tbox Exp $ cp ns1/named.conf1 ns1/named.conf diff --git a/bin/tests/system/database/tests.sh b/bin/tests/system/database/tests.sh index 37eccf3a..d5f5ba0e 100644 --- a/bin/tests/system/database/tests.sh +++ b/bin/tests/system/database/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2.2.3 2011-02-28 01:19:59 tbox Exp $ +# $Id: tests.sh,v 1.3 2011-03-01 23:48:05 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dlv/clean.sh b/bin/tests/system/dlv/clean.sh index 2457e4cb..aac6a5d9 100644 --- a/bin/tests/system/dlv/clean.sh +++ b/bin/tests/system/dlv/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.7.120.2 2011-05-26 23:47:05 tbox Exp $ +# $Id: clean.sh,v 1.9 2011-05-26 23:47:28 tbox Exp $ rm -f random.data rm -f ns*/named.run diff --git a/bin/tests/system/dlv/ns1/named.conf b/bin/tests/system/dlv/ns1/named.conf index d452cd6d..a04c0e22 100644 --- a/bin/tests/system/dlv/ns1/named.conf +++ b/bin/tests/system/dlv/ns1/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.4.814.2 2011-05-26 23:47:05 tbox Exp $ */ +/* $Id: named.conf,v 1.6 2011-05-26 23:47:28 tbox Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/dlv/ns1/root.db.in b/bin/tests/system/dlv/ns1/root.db.in index 4ad4fbf7..f9bbd38b 100644 --- a/bin/tests/system/dlv/ns1/root.db.in +++ b/bin/tests/system/dlv/ns1/root.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: root.db.in,v 1.2.2.3 2011-05-26 23:47:05 tbox Exp $ +; $Id: root.db.in,v 1.3 2011-05-26 23:47:28 tbox Exp $ $TTL 120 @ SOA ns.rootservers.utld hostmaster.ns.rootservers.utld ( diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh index c7ce3078..4d57a860 100755 --- a/bin/tests/system/dlv/ns1/sign.sh +++ b/bin/tests/system/dlv/ns1/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.2.2.3 2011-05-26 23:47:05 tbox Exp $ +# $Id: sign.sh,v 1.3 2011-05-26 23:47:28 tbox Exp $ (cd ../ns2 && sh -e ./sign.sh || exit 1) diff --git a/bin/tests/system/dlv/ns2/druz.db.in b/bin/tests/system/dlv/ns2/druz.db.in index dd402204..611de2b1 100644 --- a/bin/tests/system/dlv/ns2/druz.db.in +++ b/bin/tests/system/dlv/ns2/druz.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: druz.db.in,v 1.3.2.3 2011-05-26 23:47:05 tbox Exp $ +; $Id: druz.db.in,v 1.4 2011-05-26 23:47:28 tbox Exp $ $TTL 120 @ SOA ns hostmaster.ns 1 3600 1200 604800 60 diff --git a/bin/tests/system/dlv/ns2/named.conf b/bin/tests/system/dlv/ns2/named.conf index 1c793a12..fb64cac0 100644 --- a/bin/tests/system/dlv/ns2/named.conf +++ b/bin/tests/system/dlv/ns2/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.4.814.2 2011-05-26 23:47:05 tbox Exp $ */ +/* $Id: named.conf,v 1.6 2011-05-26 23:47:28 tbox Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh index 3c362f68..2073cea2 100755 --- a/bin/tests/system/dlv/ns2/sign.sh +++ b/bin/tests/system/dlv/ns2/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.2.2.3 2011-05-26 23:47:05 tbox Exp $ +# $Id: sign.sh,v 1.3 2011-05-26 23:47:28 tbox Exp $ (cd ../ns3 && sh -e ./sign.sh || exit 1) diff --git a/bin/tests/system/dlv/ns3/named.conf b/bin/tests/system/dlv/ns3/named.conf index 181ed832..6ccab5ae 100644 --- a/bin/tests/system/dlv/ns3/named.conf +++ b/bin/tests/system/dlv/ns3/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.4.814.2 2011-05-26 23:47:05 tbox Exp $ */ +/* $Id: named.conf,v 1.6 2011-05-26 23:47:28 tbox Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh index 4a1b5457..675db767 100755 --- a/bin/tests/system/dlv/ns3/sign.sh +++ b/bin/tests/system/dlv/ns3/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.9.120.2 2011-05-26 23:47:05 tbox Exp $ +# $Id: sign.sh,v 1.11 2011-05-26 23:47:28 tbox Exp $ (cd ../ns6 && sh -e ./sign.sh) diff --git a/bin/tests/system/dlv/ns5/named.conf b/bin/tests/system/dlv/ns5/named.conf index eef6f452..0e3ae455 100644 --- a/bin/tests/system/dlv/ns5/named.conf +++ b/bin/tests/system/dlv/ns5/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.8.814.2 2011-05-26 23:47:06 tbox Exp $ */ +/* $Id: named.conf,v 1.10 2011-05-26 23:47:28 tbox Exp $ */ /* * Choose a keyname that is unlikely to clash with any real key names. diff --git a/bin/tests/system/dlv/ns6/named.conf b/bin/tests/system/dlv/ns6/named.conf index 5e753f6a..6ce4ebbf 100644 --- a/bin/tests/system/dlv/ns6/named.conf +++ b/bin/tests/system/dlv/ns6/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.4.86.2 2011-05-26 23:47:06 tbox Exp $ */ +/* $Id: named.conf,v 1.6 2011-05-26 23:47:28 tbox Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh index 14a31a67..87e0f4e6 100755 --- a/bin/tests/system/dlv/ns6/sign.sh +++ b/bin/tests/system/dlv/ns6/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.3.126.2 2011-05-26 23:47:06 tbox Exp $ +# $Id: sign.sh,v 1.5 2011-05-26 23:47:28 tbox Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dlv/setup.sh b/bin/tests/system/dlv/setup.sh index e2436275..8b4df498 100644 --- a/bin/tests/system/dlv/setup.sh +++ b/bin/tests/system/dlv/setup.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.6.394.2 2011-05-26 23:47:05 tbox Exp $ +# $Id: setup.sh,v 1.8 2011-05-26 23:47:28 tbox Exp $ ../../../tools/genrandom 400 random.data diff --git a/bin/tests/system/dlv/tests.sh b/bin/tests/system/dlv/tests.sh index 4ab937b3..3c3a9e5c 100644 --- a/bin/tests/system/dlv/tests.sh +++ b/bin/tests/system/dlv/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.6.120.2 2011-05-26 23:47:05 tbox Exp $ +# $Id: tests.sh,v 1.8 2011-05-26 23:47:28 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dlvauto/clean.sh b/bin/tests/system/dlvauto/clean.sh index ced971d3..a356ef38 100644 --- a/bin/tests/system/dlvauto/clean.sh +++ b/bin/tests/system/dlvauto/clean.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2.2.3 2011-03-03 16:18:12 each Exp $ +# $Id: clean.sh,v 1.3 2011-03-03 16:16:43 each Exp $ rm -f random.data rm -f ns1/K* diff --git a/bin/tests/system/dlvauto/ns1/dlv.isc.org.db.in b/bin/tests/system/dlvauto/ns1/dlv.isc.org.db.in index 8c518442..152b1f6a 100644 --- a/bin/tests/system/dlvauto/ns1/dlv.isc.org.db.in +++ b/bin/tests/system/dlvauto/ns1/dlv.isc.org.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: dlv.isc.org.db.in,v 1.2.2.2 2011-03-01 23:15:19 marka Exp $ +; $Id: dlv.isc.org.db.in,v 1.2 2011-03-01 22:44:04 marka Exp $ $TTL 300 @ IN SOA a.root-servers.nil. hostmaster.isc.org. ( diff --git a/bin/tests/system/dlvauto/ns1/named.conf b/bin/tests/system/dlvauto/ns1/named.conf index 0eefcc3c..8e85b0bf 100644 --- a/bin/tests/system/dlvauto/ns1/named.conf +++ b/bin/tests/system/dlvauto/ns1/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.2.2 2011-03-01 23:15:20 marka Exp $ */ +/* $Id: named.conf,v 1.2 2011-03-01 22:44:04 marka Exp $ */ // NS1 diff --git a/bin/tests/system/dlvauto/ns1/root.db.in b/bin/tests/system/dlvauto/ns1/root.db.in index e04d6776..d76b8f01 100644 --- a/bin/tests/system/dlvauto/ns1/root.db.in +++ b/bin/tests/system/dlvauto/ns1/root.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: root.db.in,v 1.2.2.2 2011-03-01 23:15:20 marka Exp $ +; $Id: root.db.in,v 1.2 2011-03-01 22:44:04 marka Exp $ $TTL 300 . IN SOA gson.nominum.com. a.root.servers.nil. ( diff --git a/bin/tests/system/dlvauto/ns1/sign.sh b/bin/tests/system/dlvauto/ns1/sign.sh index f6e69df0..99ea1bbb 100644 --- a/bin/tests/system/dlvauto/ns1/sign.sh +++ b/bin/tests/system/dlvauto/ns1/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.2.2.3 2011-03-03 16:18:12 each Exp $ +# $Id: sign.sh,v 1.3 2011-03-03 16:16:46 each Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dlvauto/ns2/named.conf b/bin/tests/system/dlvauto/ns2/named.conf index a202a88c..3d906a54 100644 --- a/bin/tests/system/dlvauto/ns2/named.conf +++ b/bin/tests/system/dlvauto/ns2/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.2.3 2011-03-03 16:18:12 each Exp $ */ +/* $Id: named.conf,v 1.3 2011-03-03 16:16:47 each Exp $ */ // NS2 diff --git a/bin/tests/system/dlvauto/setup.sh b/bin/tests/system/dlvauto/setup.sh index 7e3096eb..e023a0f8 100644 --- a/bin/tests/system/dlvauto/setup.sh +++ b/bin/tests/system/dlvauto/setup.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.2.2.2 2011-03-01 23:15:19 marka Exp $ +# $Id: setup.sh,v 1.2 2011-03-01 22:44:04 marka Exp $ sh clean.sh diff --git a/bin/tests/system/dlvauto/tests.sh b/bin/tests/system/dlvauto/tests.sh index d63c5f25..591bec3a 100644 --- a/bin/tests/system/dlvauto/tests.sh +++ b/bin/tests/system/dlvauto/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2.2.3 2011-03-03 16:18:12 each Exp $ +# $Id: tests.sh,v 1.3 2011-03-03 16:16:46 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dlz/prereq.sh.in b/bin/tests/system/dlz/prereq.sh.in index 82fcbccc..cb7aa10f 100644 --- a/bin/tests/system/dlz/prereq.sh.in +++ b/bin/tests/system/dlz/prereq.sh.in @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: prereq.sh.in,v 1.2.2.2 2011-04-19 22:31:43 each Exp $ +# $Id: prereq.sh.in,v 1.2 2011-04-19 22:30:52 each Exp $ TOP=${SYSTEMTESTTOP:=.}/../../../.. diff --git a/bin/tests/system/dlz/tests.sh b/bin/tests/system/dlz/tests.sh index cf25b3f0..3d9f7fe5 100644 --- a/bin/tests/system/dlz/tests.sh +++ b/bin/tests/system/dlz/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2.76.2 2011-04-19 23:47:31 tbox Exp $ +# $Id: tests.sh,v 1.4 2011-04-19 23:47:52 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dlzexternal/Makefile.in b/bin/tests/system/dlzexternal/Makefile.in index 3da0fe31..5565736a 100644 --- a/bin/tests/system/dlzexternal/Makefile.in +++ b/bin/tests/system/dlzexternal/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.1.4.3 2011-03-11 07:10:10 each Exp $ +# $Id: Makefile.in,v 1.3 2011-03-11 07:11:07 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/tests/system/dlzexternal/dlopen.c b/bin/tests/system/dlzexternal/dlopen.c index 7c26db0a..73aa57fc 100644 --- a/bin/tests/system/dlzexternal/dlopen.c +++ b/bin/tests/system/dlzexternal/dlopen.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlopen.c,v 1.1.4.2 2011-03-10 04:29:16 each Exp $ */ +/* $Id: dlopen.c,v 1.2 2011-03-10 04:36:15 each Exp $ */ #include <config.h> diff --git a/bin/tests/system/dlzexternal/driver.c b/bin/tests/system/dlzexternal/driver.c index 8a997922..13d76295 100644 --- a/bin/tests/system/dlzexternal/driver.c +++ b/bin/tests/system/dlzexternal/driver.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: driver.c,v 1.1.4.5 2011-03-21 00:31:52 marka Exp $ */ +/* $Id: driver.c,v 1.5 2011-03-21 00:30:18 marka Exp $ */ /* * This provides a very simple example of an external loadable DLZ diff --git a/bin/tests/system/dlzexternal/driver.h b/bin/tests/system/dlzexternal/driver.h index e8ac5dd5..0c7cb7c5 100644 --- a/bin/tests/system/dlzexternal/driver.h +++ b/bin/tests/system/dlzexternal/driver.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: driver.h,v 1.1.4.4 2011-03-17 09:41:07 fdupont Exp $ */ +/* $Id: driver.h,v 1.4 2011-03-17 09:25:54 fdupont Exp $ */ /* * This header includes the declarations of entry points. diff --git a/bin/tests/system/dlzexternal/ns1/named.conf.in b/bin/tests/system/dlzexternal/ns1/named.conf.in index 297ffe93..4062f1f4 100644 --- a/bin/tests/system/dlzexternal/ns1/named.conf.in +++ b/bin/tests/system/dlzexternal/ns1/named.conf.in @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf.in,v 1.1.4.3 2011-03-10 23:47:29 tbox Exp $ */ +/* $Id: named.conf.in,v 1.3 2011-03-10 23:47:50 tbox Exp $ */ controls { }; diff --git a/bin/tests/system/dlzexternal/prereq.sh b/bin/tests/system/dlzexternal/prereq.sh index b2997935..2594ab35 100644 --- a/bin/tests/system/dlzexternal/prereq.sh +++ b/bin/tests/system/dlzexternal/prereq.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: prereq.sh,v 1.4.14.3 2011-03-20 09:03:19 marka Exp $ +# $Id: prereq.sh,v 1.7 2011-03-20 09:03:47 marka Exp $ TOP=${SYSTEMTESTTOP:=.}/../../../.. diff --git a/bin/tests/system/dname/clean.sh b/bin/tests/system/dname/clean.sh index e969bf92..7489e21a 100644 --- a/bin/tests/system/dname/clean.sh +++ b/bin/tests/system/dname/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2.2.2 2011-03-18 21:27:51 fdupont Exp $ +# $Id: clean.sh,v 1.2 2011-03-18 21:14:19 fdupont Exp $ # # Clean up after resolver tests. diff --git a/bin/tests/system/dname/ns1/named.conf b/bin/tests/system/dname/ns1/named.conf index 4030762f..60faa226 100644 --- a/bin/tests/system/dname/ns1/named.conf +++ b/bin/tests/system/dname/ns1/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.2.2 2011-03-18 21:27:51 fdupont Exp $ */ +/* $Id: named.conf,v 1.2 2011-03-18 21:14:19 fdupont Exp $ */ // NS1 diff --git a/bin/tests/system/dname/ns1/root.db b/bin/tests/system/dname/ns1/root.db index ba36f3d4..f5c496ca 100644 --- a/bin/tests/system/dname/ns1/root.db +++ b/bin/tests/system/dname/ns1/root.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: root.db,v 1.2.2.2 2011-03-18 21:27:52 fdupont Exp $ +; $Id: root.db,v 1.2 2011-03-18 21:14:19 fdupont Exp $ $TTL 300 . IN SOA gson.nominum.com. a.root.servers.nil. ( diff --git a/bin/tests/system/dname/ns2/example.db b/bin/tests/system/dname/ns2/example.db index e11f67f2..24f49519 100644 --- a/bin/tests/system/dname/ns2/example.db +++ b/bin/tests/system/dname/ns2/example.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: example.db,v 1.2.2.2 2011-03-18 21:27:52 fdupont Exp $ +; $Id: example.db,v 1.2 2011-03-18 21:14:19 fdupont Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dname/ns2/named.conf b/bin/tests/system/dname/ns2/named.conf index 15e0116a..2c6e6334 100644 --- a/bin/tests/system/dname/ns2/named.conf +++ b/bin/tests/system/dname/ns2/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.2.2 2011-03-18 21:27:52 fdupont Exp $ */ +/* $Id: named.conf,v 1.2 2011-03-18 21:14:20 fdupont Exp $ */ // NS2 diff --git a/bin/tests/system/dname/ns4/named.conf b/bin/tests/system/dname/ns4/named.conf index 9de0292b..2543a635 100644 --- a/bin/tests/system/dname/ns4/named.conf +++ b/bin/tests/system/dname/ns4/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.2.2 2011-03-18 21:27:52 fdupont Exp $ */ +/* $Id: named.conf,v 1.2 2011-03-18 21:14:20 fdupont Exp $ */ // NS4 diff --git a/bin/tests/system/dname/tests.sh b/bin/tests/system/dname/tests.sh index 110f80a2..9f598cc9 100644 --- a/bin/tests/system/dname/tests.sh +++ b/bin/tests/system/dname/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2.2.2 2011-03-18 21:27:51 fdupont Exp $ +# $Id: tests.sh,v 1.2 2011-03-18 21:14:19 fdupont Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dns64/ns1/example.db b/bin/tests/system/dns64/ns1/example.db index 96820d20..1c33acc6 100644 --- a/bin/tests/system/dns64/ns1/example.db +++ b/bin/tests/system/dns64/ns1/example.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: example.db,v 1.3.22.2 2011-02-28 01:20:00 tbox Exp $ +; $Id: example.db,v 1.5 2011-02-03 12:18:11 tbox Exp $ $TTL 3600 @ SOA ns1 marka.isc.org. 0 0 0 0 1200 diff --git a/bin/tests/system/dns64/tests.sh b/bin/tests/system/dns64/tests.sh index 41e5f917..70c8d582 100644 --- a/bin/tests/system/dns64/tests.sh +++ b/bin/tests/system/dns64/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.4.14.1 2011-02-03 07:39:02 marka Exp $ +# $Id: tests.sh,v 1.5 2011-02-03 07:35:55 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index a1c5752a..12a0428b 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.33.14.4 2011-02-28 14:25:16 fdupont Exp $ +# $Id: clean.sh,v 1.42 2011-05-23 20:10:02 each Exp $ rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed rm -f */trusted.conf */managed.conf */tmp* */*.jnl */*.bk @@ -23,6 +23,8 @@ rm -f ns1/root.db ns2/example.db ns3/secure.example.db rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl rm -f ns3/rsasha256.example.db ns3/rsasha512.example.db +rm -f ns3/split-dnssec.example.db +rm -f ns3/expiring.example.db ns3/nosign.example.db rm -f ns2/private.secure.example.db rm -f ns2/badparam.db ns2/badparam.db.bad rm -f ns2/single-nsec3.db @@ -51,5 +53,8 @@ rm -f ns3/auto-nsec.example.db ns3/auto-nsec3.example.db rm -f ns3/secure.below-cname.example.db rm -f signer/example.db.after signer/example.db.before rm -f signer/example.db.changed +rm -f signer/nsec3param.out rm -f ns3/ttlpatch.example.db ns3/ttlpatch.example.db.signed rm -f ns3/ttlpatch.example.db.patched +rm -f ns3/split-smart.example.db +rm -f nosign.before diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index 5476cd6a..cc744986 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.36.14.1 2011-05-03 16:09:23 marka Exp $ +# $Id: sign.sh,v 1.37 2011-05-03 16:07:44 marka Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/dnssec/ns2/example.db.in b/bin/tests/system/dnssec/ns2/example.db.in index 6c79a6a8..679e426f 100644 --- a/bin/tests/system/dnssec/ns2/example.db.in +++ b/bin/tests/system/dnssec/ns2/example.db.in @@ -13,7 +13,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: example.db.in,v 1.24.162.5 2011-02-28 14:25:16 fdupont Exp $ +; $Id: example.db.in,v 1.30 2011-03-05 06:35:41 marka Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( @@ -128,3 +128,9 @@ ns.secure.below-cname A 10.53.0.3 ttlpatch NS ns.ttlpatch ns.ttlpatch A 10.53.0.3 + +split-dnssec NS ns.split-dnssec +ns.split-dnssec A 10.53.0.3 + +split-smart NS ns.split-smart +ns.split-smart A 10.53.0.3 diff --git a/bin/tests/system/dnssec/ns2/named.conf b/bin/tests/system/dnssec/ns2/named.conf index bad212ea..8dffb8a1 100644 --- a/bin/tests/system/dnssec/ns2/named.conf +++ b/bin/tests/system/dnssec/ns2/named.conf @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.34.40.2 2011-03-21 23:46:58 tbox Exp $ */ +/* $Id: named.conf,v 1.36 2011-03-21 23:47:21 tbox Exp $ */ // NS2 diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index c30942d3..e03de223 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.41.40.7 2011-03-21 20:32:15 marka Exp $ +# $Id: sign.sh,v 1.49 2011-03-21 20:31:22 marka Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -32,7 +32,8 @@ zonefile=example.db for subdomain in secure bogus dynamic keyless nsec3 optout nsec3-unknown \ optout-unknown multiple rsasha256 rsasha512 kskonly update-nsec3 \ - auto-nsec auto-nsec3 secure.below-cname ttlpatch + auto-nsec auto-nsec3 secure.below-cname ttlpatch split-dnssec \ + split-smart do cp ../ns3/dsset-$subdomain.example. . done diff --git a/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in b/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in index 1561ff10..eea79c6b 100644 --- a/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in +++ b/bin/tests/system/dnssec/ns3/auto-nsec.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: auto-nsec.example.db.in,v 1.2.2.2 2011-02-15 22:06:27 marka Exp $ +; $Id: auto-nsec.example.db.in,v 1.2 2011-02-15 22:02:36 marka Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in b/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in index da08592e..af5ec047 100644 --- a/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in +++ b/bin/tests/system/dnssec/ns3/auto-nsec3.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: auto-nsec3.example.db.in,v 1.2.2.2 2011-02-15 22:06:27 marka Exp $ +; $Id: auto-nsec3.example.db.in,v 1.2 2011-02-15 22:02:36 marka Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dnssec/ns3/expired.example.db.in b/bin/tests/system/dnssec/ns3/expired.example.db.in index a04ddb35..bbc41216 100644 --- a/bin/tests/system/dnssec/ns3/expired.example.db.in +++ b/bin/tests/system/dnssec/ns3/expired.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: expired.example.db.in,v 1.1.2.3 2011-02-28 01:20:00 tbox Exp $ +; $Id: expired.example.db.in,v 1.2 2011-02-08 23:10:07 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dnssec/ns3/expiring.example.db.in b/bin/tests/system/dnssec/ns3/expiring.example.db.in index 8b377004..d7be5e8f 100644 --- a/bin/tests/system/dnssec/ns3/expiring.example.db.in +++ b/bin/tests/system/dnssec/ns3/expiring.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: expiring.example.db.in,v 1.1.6.2 2011-05-19 04:42:51 each Exp $ +; $Id: expiring.example.db.in,v 1.2 2011-05-21 15:07:10 each Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db b/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db index 2cac471e..374293c2 100644 --- a/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db +++ b/bin/tests/system/dnssec/ns3/insecure.below-cname.example.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: insecure.below-cname.example.db,v 1.2.2.3 2011-02-28 01:20:00 tbox Exp $ +; $Id: insecure.below-cname.example.db,v 1.3 2011-03-01 23:48:06 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dnssec/ns3/named.conf b/bin/tests/system/dnssec/ns3/named.conf index 54899379..62a4efc1 100644 --- a/bin/tests/system/dnssec/ns3/named.conf +++ b/bin/tests/system/dnssec/ns3/named.conf @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.38.86.8 2011-05-19 04:42:51 each Exp $ */ +/* $Id: named.conf,v 1.48 2011-05-23 20:10:02 each Exp $ */ // NS3 @@ -207,6 +207,16 @@ zone "ttlpatch.example" { file "ttlpatch.example.db.patched"; }; +zone "split-dnssec.example" { + type master; + file "split-dnssec.example.db"; +}; + +zone "split-smart.example" { + type master; + file "split-smart.example.db"; +}; + zone "nsec3chain-test" { type slave; file "nsec3chain-test.bk"; @@ -219,4 +229,11 @@ zone "expiring.example" { file "expiring.example.db.signed"; }; +zone "nosign.example" { + type master; + allow-update { any; }; + dnssec-update-mode no-resign; + file "nosign.example.db.signed"; +}; + include "trusted.conf"; diff --git a/bin/tests/system/dnssec/ns3/nosign.example.db.in b/bin/tests/system/dnssec/ns3/nosign.example.db.in new file mode 100644 index 00000000..fc2a601e --- /dev/null +++ b/bin/tests/system/dnssec/ns3/nosign.example.db.in @@ -0,0 +1,28 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: nosign.example.db.in,v 1.2 2011-05-23 20:10:02 each Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 diff --git a/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in b/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in index d1454167..381a6c43 100644 --- a/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in +++ b/bin/tests/system/dnssec/ns3/secure.below-cname.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: secure.below-cname.example.db.in,v 1.2.2.3 2011-02-28 01:20:00 tbox Exp $ +; $Id: secure.below-cname.example.db.in,v 1.3 2011-03-01 23:48:06 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index 8f4baa95..962226e5 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.32.162.8 2011-05-19 04:42:51 each Exp $ +# $Id: sign.sh,v 1.42 2011-05-23 20:10:02 each Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -342,6 +342,37 @@ $SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1 $CHECKZONE -D -s full $zone $signedfile 2> /dev/null | \ awk '{$2 = "3600"; print}' > $patchedfile +# +# Seperate DNSSEC records. +# +zone=split-dnssec.example. +infile=split-dnssec.example.db.in +zonefile=split-dnssec.example.db +signedfile=split-dnssec.example.db.signed + +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +cat $infile $keyname.key >$zonefile +echo '$INCLUDE "'"$signedfile"'"' >> $zonefile +: > $signedfile +$SIGNER -P -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1 + +# +# Seperate DNSSEC records smart signing. +# +zone=split-smart.example. +infile=split-smart.example.db.in +zonefile=split-smart.example.db +signedfile=split-smart.example.db.signed + +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +cp $infile $zonefile +echo '$INCLUDE "'"$signedfile"'"' >> $zonefile +: > $signedfile +$SIGNER -P -S -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1 + +# +# Zone with signatures about to expire, but no private key to replace them +# zone="expiring.example." infile="expiring.example.db.in" zonefile="expiring.example.db" @@ -351,3 +382,21 @@ zskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone` cp $infile $zonefile $SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1 rm -f ${zskname}.private ${kskname}.private + +# +# Zone with signatures about to expire, and dynamic, but configured +# not to resign with 'auto-resign no;' +# +zone="nosign.example." +infile="nosign.example.db.in" +zonefile="nosign.example.db" +signedfile="nosign.example.db.signed" +kskname=`$KEYGEN -q -r $RANDFILE $zone` +zskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone` +cp $infile $zonefile +$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1 +# preserve a normalized copy of the NS RRSIG for comparison later +$CHECKZONE -D nosign.example nosign.example.db.signed 2>&- | \ + awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \ + sed 's/[ ][ ]*/ /g'> ../nosign.before + diff --git a/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in b/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in new file mode 100644 index 00000000..f928278b --- /dev/null +++ b/bin/tests/system/dnssec/ns3/split-dnssec.example.db.in @@ -0,0 +1,43 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: split-dnssec.example.db.in,v 1.3 2011-03-05 23:52:29 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.wild A 10.0.0.6 +child NS ns2.example. +insecure NS ns.insecure +ns.insecure A 10.53.0.3 +secure NS ns.secure +ns.secure A 10.53.0.3 +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 +optout NS ns.optout +ns.optout A 10.53.0.3 +02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/split-smart.example.db.in b/bin/tests/system/dnssec/ns3/split-smart.example.db.in new file mode 100644 index 00000000..ee1388f8 --- /dev/null +++ b/bin/tests/system/dnssec/ns3/split-smart.example.db.in @@ -0,0 +1,43 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: split-smart.example.db.in,v 1.3 2011-03-05 23:52:29 tbox Exp $ + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.wild A 10.0.0.6 +child NS ns2.example. +insecure NS ns.insecure +ns.insecure A 10.53.0.3 +secure NS ns.secure +ns.secure A 10.53.0.3 +nsec3 NS ns.nsec3 +ns.nsec3 A 10.53.0.3 +optout NS ns.optout +ns.optout A 10.53.0.3 +02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 diff --git a/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in b/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in index 690611c9..e915eb8c 100644 --- a/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in +++ b/bin/tests/system/dnssec/ns3/ttlpatch.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: ttlpatch.example.db.in,v 1.2.2.3 2011-02-28 23:47:04 tbox Exp $ +; $Id: ttlpatch.example.db.in,v 1.3 2011-02-28 23:47:39 tbox Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in b/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in index b130a77d..1f1b22ae 100644 --- a/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in +++ b/bin/tests/system/dnssec/ns3/update-nsec3.example.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: update-nsec3.example.db.in,v 1.2.2.2 2011-02-14 23:59:33 marka Exp $ +; $Id: update-nsec3.example.db.in,v 1.2 2011-02-14 23:53:44 marka Exp $ $TTL 300 ; 5 minutes @ IN SOA mname1. . ( diff --git a/bin/tests/system/dnssec/setup.sh b/bin/tests/system/dnssec/setup.sh index 83d61524..30088251 100644 --- a/bin/tests/system/dnssec/setup.sh +++ b/bin/tests/system/dnssec/setup.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.19.14.1 2011-02-15 22:06:27 marka Exp $ +# $Id: setup.sh,v 1.20 2011-02-15 22:02:36 marka Exp $ sh clean.sh diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index fef3f1d6..895dac0a 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -15,11 +15,13 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.73.14.12 2011-05-26 04:25:08 each Exp $ +# $Id: tests.sh,v 1.92 2011-07-08 01:43:26 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +RANDFILE=random.data + status=0 n=1 @@ -958,12 +960,11 @@ status=`expr $status + $ret` echo "I:checking that we can sign a zone with out-of-zone records ($n)" ret=0 +zone=example +key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` +key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone` ( cd signer -RANDFILE=../random.data -zone=example -key1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` -key2=`$KEYGEN -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat example.db.in $key1.key $key2.key > example.db $SIGNER -o example -f example.db example.db > /dev/null 2>&1 ) || ret=1 @@ -973,15 +974,22 @@ status=`expr $status + $ret` echo "I:checking that we can sign a zone (NSEC3) with out-of-zone records ($n)" ret=0 +zone=example +key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` +key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone` ( cd signer -RANDFILE=../random.data -zone=example -key1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` -key2=`$KEYGEN -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat example.db.in $key1.key $key2.key > example.db $SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null 2>&1 -grep "IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG.example. 0 IN NSEC3 1 0 10 - IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG A NS SOA RRSIG DNSKEY NSEC3PARAM" example.db > /dev/null +awk '/^IQF9LQTLK/ { + printf("%s ", $0); + getline; + printf ("%s ", $0); + getline; + print; + }' example.db | sed 's/[ ][ ]*/ /g' > nsec3param.out + +grep "IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG.example. 0 IN NSEC3 1 0 10 - ( IQF9LQTLKKNFK0KVIFELRAK4IC4QLTMG A NS SOA RRSIG DNSKEY NSEC3PARAM )" nsec3param.out > /dev/null ) || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi @@ -989,12 +997,11 @@ status=`expr $status + $ret` echo "I:checking that dnsssec-signzone updates originalttl on ttl changes ($n)" ret=0 +zone=example +key1=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` +key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone` ( cd signer -RANDFILE=../random.data -zone=example -key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` -key2=`$KEYGEN -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone` cat example.db.in $key1.key $key2.key > example.db $SIGNER -o example -f example.db.before example.db > /dev/null 2>&1 sed 's/60.IN.SOA./50 IN SOA /' example.db.before > example.db.changed @@ -1005,6 +1012,42 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking dnssec-signzone keeps valid signatures from removed keys ($n)" +ret=0 +zone=example +key1=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone` +key2=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` +keyid2=`echo $key2 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'` +key3=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` +keyid3=`echo $key3 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'` +( +cd signer +cat example.db.in $key1.key $key2.key > example.db +$SIGNER -D -o example example.db > /dev/null 2>&1 + +# now switch out key2 for key3 and resign the zone +cat example.db.in $key1.key $key3.key > example.db +echo '$INCLUDE "example.db.signed"' >> example.db +$SIGNER -D -o example example.db > /dev/null 2>&1 +) || ret=1 +grep " $keyid2 " signer/example.db.signed > /dev/null 2>&1 || ret=1 +grep " $keyid3 " signer/example.db.signed > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking dnssec-signzone -R purges signatures from removed keys ($n)" +ret=0 +( +cd signer +$SIGNER -RD -o example example.db > /dev/null 2>&1 +) || ret=1 +grep " $keyid2 " signer/example.db.signed > /dev/null 2>&1 && ret=1 +grep " $keyid3 " signer/example.db.signed > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:checking validated data are not cached longer than originalttl ($n)" ret=0 $DIG $DIGOPTS +ttl +noauth a.ttlpatch.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 @@ -1263,6 +1306,26 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:check that a split dnssec dnssec-signzone work ($n)" +ret=0 +$DIG $DIGOPTS soa split-dnssec.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 2," dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:check that a smart split dnssec dnssec-signzone work ($n)" +ret=0 +$DIG $DIGOPTS soa split-smart.example. @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep "NOERROR" dig.out.ns4.test$n > /dev/null || ret=1 +grep "ANSWER: 2," dig.out.ns4.test$n > /dev/null || ret=1 +grep "flags:.* ad[ ;]" dig.out.ns4.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:check that NOTIFY is sent at the end of NSEC3 chain generation ($n)" ret=0 ( @@ -1291,11 +1354,63 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:check dnssec-dsfromkey from stdin ($n)" +ret=0 +$DIG $DIGOPTS dnskey algroll. @10.53.0.2 | \ + $DSFROMKEY -f - algroll. > dig.out.ns2.test$n || ret=1 +diff -b dig.out.ns2.test$n ns1/dsset-algroll. > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:testing soon-to-expire RRSIGs without a replacement private key ($n)" ret=0 $DIG +noall +answer +dnssec +nottl -p 5300 expiring.example ns @10.53.0.3 | grep RRSIG > dig.out.ns3.test$n 2>&1 # there must be a signature here [ -s dig.out.ns3.test$n ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:testing new records are signed with 'no-resign' ($n)" +ret=0 +( +echo zone nosign.example +echo server 10.53.0.3 5300 +echo update add new.nosign.example 300 in txt "hi there" +echo send +) | $NSUPDATE +sleep 1 +$DIG +noall +answer +dnssec -p 5300 txt new.nosign.example @10.53.0.3 \ + > dig.out.ns3.test$n 2>&1 +grep RRSIG dig.out.ns3.test$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:testing expiring records aren't resigned with 'no-resign' ($n)" +ret=0 +$DIG +noall +answer +dnssec +nottl -p 5300 nosign.example ns @10.53.0.3 | \ + grep RRSIG | sed 's/[ ][ ]*/ /g' > dig.out.ns3.test$n 2>&1 +# the NS RRSIG should not be changed +cmp -s nosign.before dig.out.ns3.test$n || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:testing updates fail with no private key ($n)" +ret=0 +rm -f ns3/Knosign.example.*.private +( +echo zone nosign.example +echo server 10.53.0.3 5300 +echo update add fail.nosign.example 300 in txt "reject me" +echo send +) | $NSUPDATE > /dev/null 2>&1 && ret=1 +$DIG +noall +answer +dnssec -p 5300 fail.nosign.example txt @10.53.0.3 \ + > dig.out.ns3.test$n 2>&1 +[ -s dig.out.ns3.test$n ] && ret=1 +n=`expr $n + 1` if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/filter-aaaa/Makefile.in b/bin/tests/system/filter-aaaa/Makefile.in index 97fb6ecd..d3846032 100644 --- a/bin/tests/system/filter-aaaa/Makefile.in +++ b/bin/tests/system/filter-aaaa/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.2.108.2 2011-07-28 23:47:16 tbox Exp $ +# $Id: Makefile.in,v 1.4 2011-07-28 23:47:58 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/tests/system/filter-aaaa/filter-aaaa.c b/bin/tests/system/filter-aaaa/filter-aaaa.c index 5c6ba8b5..52e64a6a 100644 --- a/bin/tests/system/filter-aaaa/filter-aaaa.c +++ b/bin/tests/system/filter-aaaa/filter-aaaa.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: filter-aaaa.c,v 1.2.108.2 2011-07-28 23:47:16 tbox Exp $ */ +/* $Id: filter-aaaa.c,v 1.4 2011-07-28 23:47:58 tbox Exp $ */ #include <config.h> #include <isc/util.h> diff --git a/bin/tests/system/genzone.sh b/bin/tests/system/genzone.sh index 983e710c..7a9d88b0 100644 --- a/bin/tests/system/genzone.sh +++ b/bin/tests/system/genzone.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: genzone.sh,v 1.11 2009-02-26 06:09:19 marka Exp $ +# $Id: genzone.sh,v 1.13 2011-03-03 23:47:31 tbox Exp $ # # Set up a test zone @@ -272,4 +272,9 @@ hip2 HIP ( 2 200100107B1A74DF365639CC39F1D578 ; type 255 ; TSIG is a meta-type and should never occur in master files. + +; type 256 +uri01 URI 10 20 "https://www.isc.org/" +uri02 URI 30 40 "https://www.isc.org/HolyCowThisSureIsAVeryLongURIRecordIDontEvenKnowWhatSomeoneWouldEverWantWithSuchAThingButTheSpecificationRequiresThatWesupportItSoHereWeGoTestingItLaLaLaLaLaLaLaSeriouslyThoughWhyWouldYouEvenConsiderUsingAURIThisLongItSeemsLikeASillyIdeaButEnhWhatAreYouGonnaDo/" + EOF diff --git a/bin/tests/system/ixfr/tests.sh b/bin/tests/system/ixfr/tests.sh index f59e783d..e3d6aa7c 100644 --- a/bin/tests/system/ixfr/tests.sh +++ b/bin/tests/system/ixfr/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.5.814.2 2011-03-05 23:52:08 tbox Exp $ +# $Id: tests.sh,v 1.7 2011-03-05 23:52:29 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/logfileconfig/clean.sh b/bin/tests/system/logfileconfig/clean.sh index 6138ce7d..143f815a 100644 --- a/bin/tests/system/logfileconfig/clean.sh +++ b/bin/tests/system/logfileconfig/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2.4.4 2011-03-22 18:24:08 smann Exp $ +# $Id: clean.sh,v 1.4 2011-03-22 16:51:50 smann Exp $ # # Clean up after log file tests diff --git a/bin/tests/system/logfileconfig/ns1/named.dirconf b/bin/tests/system/logfileconfig/ns1/named.dirconf index 2569ccef..3877247b 100644 --- a/bin/tests/system/logfileconfig/ns1/named.dirconf +++ b/bin/tests/system/logfileconfig/ns1/named.dirconf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.dirconf,v 1.2.4.2 2011-03-04 15:06:45 smann Exp $ */ +/* $Id: named.dirconf,v 1.2 2011-03-04 14:43:57 smann Exp $ */ options { query-source address 10.53.0.1; diff --git a/bin/tests/system/logfileconfig/ns1/named.pipeconf b/bin/tests/system/logfileconfig/ns1/named.pipeconf index f6a0e7fa..4e606790 100644 --- a/bin/tests/system/logfileconfig/ns1/named.pipeconf +++ b/bin/tests/system/logfileconfig/ns1/named.pipeconf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.pipeconf,v 1.2.4.2 2011-03-04 15:06:45 smann Exp $ */ +/* $Id: named.pipeconf,v 1.2 2011-03-04 14:43:57 smann Exp $ */ options { query-source address 10.53.0.1; diff --git a/bin/tests/system/logfileconfig/ns1/named.plain b/bin/tests/system/logfileconfig/ns1/named.plain index e085f09e..e1c4c740 100644 --- a/bin/tests/system/logfileconfig/ns1/named.plain +++ b/bin/tests/system/logfileconfig/ns1/named.plain @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.plain,v 1.2.4.2 2011-03-04 15:06:45 smann Exp $ */ +/* $Id: named.plain,v 1.2 2011-03-04 14:43:57 smann Exp $ */ options { query-source address 10.53.0.1; diff --git a/bin/tests/system/logfileconfig/ns1/named.symconf b/bin/tests/system/logfileconfig/ns1/named.symconf index 0ec75340..7dbc320f 100644 --- a/bin/tests/system/logfileconfig/ns1/named.symconf +++ b/bin/tests/system/logfileconfig/ns1/named.symconf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.symconf,v 1.2.4.2 2011-03-04 15:06:46 smann Exp $ */ +/* $Id: named.symconf,v 1.2 2011-03-04 14:43:57 smann Exp $ */ options { query-source address 10.53.0.1; diff --git a/bin/tests/system/logfileconfig/ns1/rndc.conf b/bin/tests/system/logfileconfig/ns1/rndc.conf index 6aba1a65..cdcead61 100644 --- a/bin/tests/system/logfileconfig/ns1/rndc.conf +++ b/bin/tests/system/logfileconfig/ns1/rndc.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.conf,v 1.1.4.3 2011-03-05 23:52:08 tbox Exp $ */ +/* $Id: rndc.conf,v 1.2 2011-03-05 23:52:30 tbox Exp $ */ options { default-server localhost; diff --git a/bin/tests/system/logfileconfig/ns1/root.db b/bin/tests/system/logfileconfig/ns1/root.db index def182dc..56321820 100644 --- a/bin/tests/system/logfileconfig/ns1/root.db +++ b/bin/tests/system/logfileconfig/ns1/root.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: root.db,v 1.2.4.3 2011-03-05 23:52:08 tbox Exp $ +; $Id: root.db,v 1.3 2011-03-05 23:52:30 tbox Exp $ $TTL 300 . IN SOA gson.nominum.com. a.root.servers.nil. ( diff --git a/bin/tests/system/logfileconfig/setup.sh b/bin/tests/system/logfileconfig/setup.sh index a102e83c..9e41b99a 100644 --- a/bin/tests/system/logfileconfig/setup.sh +++ b/bin/tests/system/logfileconfig/setup.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.2.2.3 2011-03-22 23:47:07 tbox Exp $ +# $Id: setup.sh,v 1.3 2011-03-22 23:47:30 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/logfileconfig/tests.sh b/bin/tests/system/logfileconfig/tests.sh index ec2fe4a4..23f40d10 100644 --- a/bin/tests/system/logfileconfig/tests.sh +++ b/bin/tests/system/logfileconfig/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2.4.4 2011-03-22 18:24:08 smann Exp $ +# $Id: tests.sh,v 1.4 2011-03-22 16:51:50 smann Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/metadata/clean.sh b/bin/tests/system/metadata/clean.sh index a897e8ee..588ff2b5 100644 --- a/bin/tests/system/metadata/clean.sh +++ b/bin/tests/system/metadata/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.3.250.2 2011-03-21 23:46:58 tbox Exp $ +# $Id: clean.sh,v 1.5 2011-03-21 23:47:21 tbox Exp $ rm -f K* dsset-* *.signed *.new random.data rm -f zsk.key ksk.key parent.ksk.key parent.zsk.key diff --git a/bin/tests/system/metadata/setup.sh b/bin/tests/system/metadata/setup.sh index fd672d53..c2217389 100644 --- a/bin/tests/system/metadata/setup.sh +++ b/bin/tests/system/metadata/setup.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.3.250.2 2011-03-21 23:46:58 tbox Exp $ +# $Id: setup.sh,v 1.5 2011-03-21 23:47:21 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh index f5c7bf93..a537eeda 100644 --- a/bin/tests/system/metadata/tests.sh +++ b/bin/tests/system/metadata/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.5.250.3 2011-07-08 01:45:58 each Exp $ +# $Id: tests.sh,v 1.9 2011-07-08 01:43:26 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -46,8 +46,8 @@ $SIGNER -Sg -o $pzone $pfile > /dev/null 2>&1 awk '$2 ~ /RRSIG/ { type = $3; getline; - id = $2; - if ($3 ~ /'${czone}'/) { + id = $3; + if ($4 ~ /'${czone}'/) { print type, id } }' < ${cfile}.signed > sigs @@ -56,7 +56,7 @@ awk '$2 ~ /DNSKEY/ { flags = $3; while ($0 !~ /key id =/) getline; - id = $6; + id = $NF; print flags, id; }' < ${cfile}.signed > keys diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh index 57975c9a..9893fa72 100644 --- a/bin/tests/system/nsupdate/clean.sh +++ b/bin/tests/system/nsupdate/clean.sh @@ -15,24 +15,24 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.20.24.3 2011-05-23 22:12:15 each Exp $ +# $Id: clean.sh,v 1.25 2011-07-01 02:25:47 marka Exp $ # # Clean up after zone transfer tests. # -rm -f dig.out.ns1 dig.out.ns2 dig.out.ns1.after ns1/*.jnl ns2/*.jnl \ - ns1/example.db ns1/update.db ns1/other.db ns1/ddns.key +rm -f ns1/*.jnl ns2/*.jnl +rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/ddns.key rm -f nsupdate.out rm -f random.data rm -f ns2/example.bk -rm -f ns2/update.bk +rm -f ns2/update.bk ns2/update.alt.bk rm -f */named.memstats rm -f nsupdate.out rm -f ns3/example.db.jnl ns3/example.db rm -f ns3/nsec3param.test.db.signed.jnl ns3/nsec3param.test.db ns3/nsec3param.test.db.signed ns3/dsset-nsec3param.test. rm -f ns3/dnskey.test.db.signed.jnl ns3/dnskey.test.db ns3/dnskey.test.db.signed ns3/dsset-dnskey.test. rm -f ns3/K* -rm -f dig.out.ns3.* +rm -f dig.out.* rm -f jp.out.ns3.* rm -f Kxxx.* diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf index 0b0730fd..fff8dccf 100644 --- a/bin/tests/system/nsupdate/ns1/named.conf +++ b/bin/tests/system/nsupdate/ns1/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.19 2009-07-29 23:47:43 tbox Exp $ */ +/* $Id: named.conf,v 1.22 2011-07-01 02:25:47 marka Exp $ */ controls { /* empty */ }; @@ -41,6 +41,11 @@ controls { inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; }; +key altkey { + algorithm hmac-md5; + secret "1234abcd8765"; +}; + include "ddns.key"; zone "example.nil" { @@ -62,11 +67,26 @@ zone "other.nil" { allow-transfer { any; }; }; +masters othermasters { + 10.53.0.2 port 5300; + 10.53.0.2 port 5300 key altkey; +}; + zone "update.nil" { type master; file "update.db"; check-integrity no; allow-update { any; }; allow-transfer { any; }; - also-notify { 10.53.0.2; }; + also-notify { othermasters; }; }; + +zone "unixtime.nil" { + type master; + file "unixtime.db"; + check-integrity no; + allow-update { any; }; + allow-transfer { any; }; + serial-update-method unixtime; +}; + diff --git a/bin/tests/system/nsupdate/ns2/named.conf b/bin/tests/system/nsupdate/ns2/named.conf index 10b2b1c6..50060ef0 100644 --- a/bin/tests/system/nsupdate/ns2/named.conf +++ b/bin/tests/system/nsupdate/ns2/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.14 2007-06-18 23:47:30 tbox Exp $ */ +/* $Id: named.conf,v 1.16 2011-05-06 23:47:29 tbox Exp $ */ controls { /* empty */ }; @@ -32,18 +32,36 @@ options { notify yes; }; -zone "example.nil" { - type slave; - masters { 10.53.0.1; }; - file "example.bk"; - allow-transfer { any; }; +key altkey { + algorithm hmac-md5; + secret "1234abcd8765"; }; -zone "update.nil" { - type slave; - masters { 10.53.0.1; }; - file "update.bk"; - allow-transfer { any; }; +view alternate { + match-clients { key altkey; }; + + zone "update.nil" { + type slave; + masters { 10.53.0.1; }; + file "update.alt.bk"; + allow-transfer { any; }; + }; }; +view primary { + match-clients { any; }; + + zone "example.nil" { + type slave; + masters { 10.53.0.1; }; + file "example.bk"; + allow-transfer { any; }; + }; + zone "update.nil" { + type slave; + masters { 10.53.0.1; }; + file "update.bk"; + allow-transfer { any; }; + }; +}; diff --git a/bin/tests/system/nsupdate/ns3/dnskey.test.db.in b/bin/tests/system/nsupdate/ns3/dnskey.test.db.in index ab2f4c37..25cab651 100644 --- a/bin/tests/system/nsupdate/ns3/dnskey.test.db.in +++ b/bin/tests/system/nsupdate/ns3/dnskey.test.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: dnskey.test.db.in,v 1.2.2.2 2011-02-03 06:18:51 marka Exp $ +; $Id: dnskey.test.db.in,v 1.2 2011-02-03 06:03:15 marka Exp $ $TTL 10 dnskey.test. IN SOA dnskey.test. hostmaster.dnskey.test. 1 3600 900 2419200 3600 diff --git a/bin/tests/system/nsupdate/ns3/named.conf b/bin/tests/system/nsupdate/ns3/named.conf index caa2a2a5..32b47378 100644 --- a/bin/tests/system/nsupdate/ns3/named.conf +++ b/bin/tests/system/nsupdate/ns3/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.3.24.2 2011-02-28 01:20:01 tbox Exp $ */ +/* $Id: named.conf,v 1.5 2011-02-03 12:18:11 tbox Exp $ */ // NS1 diff --git a/bin/tests/system/nsupdate/ns3/sign.sh b/bin/tests/system/nsupdate/ns3/sign.sh index 8fc164d2..6a81b656 100644 --- a/bin/tests/system/nsupdate/ns3/sign.sh +++ b/bin/tests/system/nsupdate/ns3/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.2.26.2 2011-02-28 01:20:01 tbox Exp $ +# $Id: sign.sh,v 1.4 2011-02-03 12:18:11 tbox Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh index a43fef6b..2d7fa66d 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2004, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000, 2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.16 2010-12-07 23:47:02 tbox Exp $ +# $Id: setup.sh,v 1.19 2011-07-01 02:25:47 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -25,10 +25,12 @@ SYSTEMTESTTOP=.. # rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk +rm -f ns2/update.bk ns2/update.alt.bk rm -f ns3/example.db.jnl cp -f ns1/example1.db ns1/example.db sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db +sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db cp -f ns3/example.db.in ns3/example.db # update_test.pl has its own zone file because it diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index 98457024..e3c21ae7 100644 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.32.24.7 2011-06-21 22:14:54 each Exp $ +# $Id: tests.sh,v 1.41 2011-07-01 02:25:47 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -217,6 +217,27 @@ then status=1 fi +n=`expr $n + 1` +echo "I:check that unixtime serial number is correctly generated ($n)" +oldserial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1 +$NSUPDATE <<END > /dev/null 2>&1 || ret=1 + server 10.53.0.1 5300 + ttl 600 + update add new.unixtime.nil in a 1.2.3.4 + send +END +now=`$PERL -e 'print time()."\n";'` +sleep 1 +serial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || ret=1 +[ "$oldserial" -ne "$serial" ] || ret=1 +# allow up to 2 seconds difference between the serial +# number and the unix epoch date but no more +$PERL -e 'exit 1 if abs($ARGV[1] - $ARGV[0]) > 2;' $now $serial || ret=1 +if [ $ret -ne 0 ]; then + echo "I:failed" + status=1 +fi + if $PERL -e 'use Net::DNS;' 2>/dev/null then echo "I:running update.pl test" @@ -428,5 +449,17 @@ then echo "I:failed"; status=1 fi +n=`expr $n + 1` +ret=0 +echo "I:check notify with TSIG worked ($n)" +# if the alternate view received a notify--meaning, the notify was +# validly signed by "altkey"--then the zonefile update.alt.bk will +# will have been created. +[ -f ns2/update.alt.bk ] || ret=1 +if [ $ret -ne 0 ]; then + echo "I:failed" + status=1 +fi + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/packet.pl b/bin/tests/system/packet.pl index 88c9eff7..fc1cc5d1 100644 --- a/bin/tests/system/packet.pl +++ b/bin/tests/system/packet.pl @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: packet.pl,v 1.1.2.1 2011-04-15 01:00:08 each Exp $ +# $Id: packet.pl,v 1.2 2011-04-15 01:02:08 each Exp $ # This is a tool for sending an arbitrary packet via UDP or TCP to an # arbitrary address and port. The packet is specified in a file or on diff --git a/bin/tests/system/redirect/clean.sh b/bin/tests/system/redirect/clean.sh new file mode 100644 index 00000000..efb1f818 --- /dev/null +++ b/bin/tests/system/redirect/clean.sh @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: clean.sh,v 1.3 2011-03-01 23:48:06 tbox Exp $ + + +rm -f ns1/K* +rm -f ns1/signed.db* +rm -f ns1/nsec3.db* +rm -f ns1/dsset-signed. +rm -f ns1/dsset-nsec3. +rm -f */named.memstats +rm -f */named.run +rm -f dig.out.* random.data diff --git a/bin/tests/system/redirect/conf/bad1.conf b/bin/tests/system/redirect/conf/bad1.conf new file mode 100644 index 00000000..21cd434c --- /dev/null +++ b/bin/tests/system/redirect/conf/bad1.conf @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: bad1.conf,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ + +zone "." { + type hint; + file "hint.db"; +}; + +zone "." { + type redirect; + file "redirect.db"; + allow-query { 10.0.1.0; }; + forwarders { 1.2.3.4; }; +}; diff --git a/bin/tests/system/redirect/conf/bad2.conf b/bin/tests/system/redirect/conf/bad2.conf new file mode 100644 index 00000000..0edb1f8a --- /dev/null +++ b/bin/tests/system/redirect/conf/bad2.conf @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: bad2.conf,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ + +zone "." { + type hint; + file "hint.db"; +}; + +zone "." { + type redirect; + file "redirect.db"; + allow-query { 10.0.1.0; }; + also-notify { 1.2.3.4; }; +}; diff --git a/bin/tests/system/redirect/conf/bad3.conf b/bin/tests/system/redirect/conf/bad3.conf new file mode 100644 index 00000000..51ecaad7 --- /dev/null +++ b/bin/tests/system/redirect/conf/bad3.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: bad3.conf,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ + +zone "." { + type hint; + file "hint.db"; +}; + +zone "x" { + type redirect; + file "redirect.db"; + allow-query { 10.0.1.0; }; +}; diff --git a/bin/tests/system/redirect/conf/good1.conf b/bin/tests/system/redirect/conf/good1.conf new file mode 100644 index 00000000..06291a7f --- /dev/null +++ b/bin/tests/system/redirect/conf/good1.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: good1.conf,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ + +zone "." { + type hint; + file "hint.db"; +}; + +zone "." { + type redirect; + file "redirect.db"; +}; diff --git a/bin/tests/system/redirect/conf/good2.conf b/bin/tests/system/redirect/conf/good2.conf new file mode 100644 index 00000000..14fbfaef --- /dev/null +++ b/bin/tests/system/redirect/conf/good2.conf @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: good2.conf,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ + +zone "." { + type master; + file "master.db"; +}; + +zone "." { + type redirect; + file "redirect.db"; +}; diff --git a/bin/tests/system/redirect/conf/good3.conf b/bin/tests/system/redirect/conf/good3.conf new file mode 100644 index 00000000..93673cc8 --- /dev/null +++ b/bin/tests/system/redirect/conf/good3.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: good3.conf,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ + +zone "." { + type slave; + file "slave.db"; + masters { 1.2.3.4; }; +}; + +zone "." { + type redirect; + file "redirect.db"; +}; diff --git a/bin/tests/system/redirect/conf/good4.conf b/bin/tests/system/redirect/conf/good4.conf new file mode 100644 index 00000000..81c7c2d5 --- /dev/null +++ b/bin/tests/system/redirect/conf/good4.conf @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: good4.conf,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ + +zone "." { + type hint; + file "hint.db"; +}; + +zone "." { + type redirect; + file "redirect.db"; + allow-query { 10.0.1.0; }; +}; diff --git a/bin/tests/system/redirect/ns1/example.db b/bin/tests/system/redirect/ns1/example.db new file mode 100644 index 00000000..b64335c8 --- /dev/null +++ b/bin/tests/system/redirect/ns1/example.db @@ -0,0 +1,55 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: example.db,v 1.3 2011-03-01 23:48:06 tbox Exp $ + +$TTL 3600 +@ SOA ns1 marka.isc.org. 0 0 0 0 1200 +@ NS ns1 +ns1 A 10.53.0.1 +excluded-good-a AAAA 2001:eeee::1 + A 1.2.3.4 +excluded-bad-a AAAA 2001:eeee::2 + A 10.0.0.1 +excluded-only AAAA 2001:eeee::3 +partially-excluded-good-a AAAA 2001:eeee::1 + AAAA 2001::1 + A 1.2.3.4 +partially-excluded-bad-a AAAA 2001:eeee::2 + AAAA 2001::2 + A 10.0.0.1 +partially-excluded-only AAAA 2001:eeee::3 + AAAA 2001::3 +a-only A 1.2.3.5 +a-and-aaaa AAAA 2001::1 + A 1.2.3.6 +aaaa-only AAAA 2001::2 +a-not-mapped A 10.0.0.2 +mx-only MX 10 ns.example. +cname-excluded-good-a CNAME excluded-good-a +cname-excluded-bad-a CNAME excluded-bad-a +cname-excluded-only CNAME excluded-only +cname-partial-excluded-good-a CNAME partial-excluded-good-a +cname-partial-excluded-bad-a CNAME partial-excluded-bad-a +cname-partial-excluded-only CNAME partial-excluded-only +cname-a-only CNAME a-only +cname-a-and-aaaa CNAME a-and-aaaa +cname-aaaa-only CNAME aaaa-only +cname-a-not-mapped CNAME a-not-mapped +cname-mx-only CNAME mx-only +cname-non-existent CNAME non-existent +ttl-less-than-600 500 A 5.6.7.8 +ttl-more-than-600 700 A 5.6.7.8 +ttl-less-than-minimum 1100 A 5.6.7.8 +ttl-more-than-minimum 1300 A 5.6.7.8 diff --git a/bin/tests/system/redirect/ns1/named.conf b/bin/tests/system/redirect/ns1/named.conf new file mode 100644 index 00000000..a106b0f5 --- /dev/null +++ b/bin/tests/system/redirect/ns1/named.conf @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.3 2011-03-01 23:48:06 tbox Exp $ */ + +// NS1 + +controls { /* empty */ }; + +acl rfc1918 { 10/8; 192.168/16; 172.16/12; }; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + allow-recursion { 10.53.0.1; }; + notify yes; + dnssec-enable yes; + dnssec-validation yes; +}; + +zone "." { + type master; + file "root.db"; +}; + +zone "example" { + type master; + file "example.db"; +}; + +zone "signed" { + type master; + file "signed.db.signed"; +}; + +zone "nsec3" { + type master; + file "nsec3.db.signed"; +}; + +zone "." { + type redirect; + file "redirect.db"; + allow-query { !10.53.0.2; !10.53.0.4; any; }; +}; + +// include "trusted.conf"; diff --git a/bin/tests/system/redirect/ns1/redirect.db b/bin/tests/system/redirect/ns1/redirect.db new file mode 100644 index 00000000..d98ce8cb --- /dev/null +++ b/bin/tests/system/redirect/ns1/redirect.db @@ -0,0 +1,25 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: redirect.db,v 1.3 2011-03-01 23:48:06 tbox Exp $ + +$TTL 300 +@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0 +@ IN NS ns.example.net +; +; NS records do not need address records in this zone as it is not in the +; normal namespace. +; +*. IN A 100.100.100.2 +*. IN AAAA 2001:ffff:ffff::100.100.100.2 diff --git a/bin/tests/system/redirect/ns1/root.db b/bin/tests/system/redirect/ns1/root.db new file mode 100644 index 00000000..c0d0ab11 --- /dev/null +++ b/bin/tests/system/redirect/ns1/root.db @@ -0,0 +1,24 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: root.db,v 1.3 2011-03-01 23:48:06 tbox Exp $ + +$TTL 3600 +@ SOA a.root-servers.nil. marka.isc.org. 0 0 0 0 0 +@ NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 +example NS ns1.example. +ns1.example. A 10.53.0.1 +signed NS ns1.example. +ns1.signed. A 10.53.0.1 diff --git a/bin/tests/system/redirect/ns1/sign.sh b/bin/tests/system/redirect/ns1/sign.sh new file mode 100644 index 00000000..cbe5ac69 --- /dev/null +++ b/bin/tests/system/redirect/ns1/sign.sh @@ -0,0 +1,44 @@ +#!/bin/sh -e +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: sign.sh,v 1.3 2011-03-01 23:48:06 tbox Exp $ + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +RANDFILE=../random.data + +zone=signed +infile=example.db +zonefile=signed.db + +key1=`$KEYGEN -q -r $RANDFILE $zone` +key2=`$KEYGEN -q -r $RANDFILE -fk $zone` + +cat $infile $key1.key $key2.key > $zonefile + +$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null + +zone=nsec3 +infile=example.db +zonefile=nsec3.db + +key1=`$KEYGEN -q -r $RANDFILE -3 $zone` +key2=`$KEYGEN -q -r $RANDFILE -3 -fk $zone` + +cat $infile $key1.key $key2.key > $zonefile + +$SIGNER -P -3 - -g -r $RANDFILE -o $zone $zonefile > /dev/null diff --git a/bin/tests/system/redirect/ns2/named.conf b/bin/tests/system/redirect/ns2/named.conf new file mode 100644 index 00000000..fd4954f2 --- /dev/null +++ b/bin/tests/system/redirect/ns2/named.conf @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.3 2011-03-01 23:48:07 tbox Exp $ */ + +// NS2 + +controls { /* empty */ }; + +acl rfc1918 { 10/8; 192.168/16; 172.16/12; }; + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion yes; + notify yes; + dnssec-enable yes; + dnssec-validation yes; + +}; + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "." { + type redirect; + file "redirect.db"; + allow-query { !10.53.0.4; any; }; +}; diff --git a/bin/tests/system/redirect/ns2/redirect.db b/bin/tests/system/redirect/ns2/redirect.db new file mode 100644 index 00000000..f84da0e4 --- /dev/null +++ b/bin/tests/system/redirect/ns2/redirect.db @@ -0,0 +1,25 @@ +; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: redirect.db,v 1.3 2011-03-01 23:48:07 tbox Exp $ + +$TTL 300 +@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0 +@ IN NS ns.example.net +; +; NS records do not need address records in this zone as it is not in the +; normal namespace. +; +*. IN A 100.100.100.1 +*. IN AAAA 2001:ffff:ffff::100.100.100.1 diff --git a/bin/tests/system/redirect/setup.sh b/bin/tests/system/redirect/setup.sh new file mode 100644 index 00000000..aad2fca1 --- /dev/null +++ b/bin/tests/system/redirect/setup.sh @@ -0,0 +1,23 @@ +#!/bin/sh -e +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: setup.sh,v 1.3 2011-03-01 23:48:06 tbox Exp $ + +sh clean.sh + +../../../tools/genrandom 400 random.data + +cd ns1 && sh sign.sh diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh new file mode 100644 index 00000000..d528450f --- /dev/null +++ b/bin/tests/system/redirect/tests.sh @@ -0,0 +1,336 @@ +#!/bin/sh +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: tests.sh,v 1.3 2011-03-01 23:48:06 tbox Exp $ + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +status=0 +n=1 + +rm -f dig.out.* + +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p 5300" + +for conf in conf/good*.conf +do + echo "I:checking that $conf is accepted ($n)" + ret=0 + $CHECKCONF "$conf" || ret=1 + n=`expr $n + 1` + if [ $ret != 0 ]; then echo "I:failed"; fi + status=`expr $status + $ret` +done + +for conf in conf/bad*.conf +do + echo "I:checking that $conf is rejected ($n)" + ret=0 + $CHECKCONF "$conf" >/dev/null && ret=1 + n=`expr $n + 1` + if [ $ret != 0 ]; then echo "I:failed"; fi + status=`expr $status + $ret` +done + +echo "I:checking A redirect works for nonexist ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect works for nonexist ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect works for nonexist ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect doesn't work for acl miss ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 a > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect doesn't work for acl miss ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 aaaa > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect doesn't work for acl miss ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.2 -b 10.53.0.4 any > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect works for signed nonexist, DO=0 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect works for signed nonexist, DO=0 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect works for signed nonexist, DO=0 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect fails for signed nonexist, DO=1 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect fails for signed nonexist, DO=1 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect fails for signed nonexist, DO=1 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect fails for nsec3 signed nonexist, DO=1 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 a > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect fails for nsec3 signed nonexist, DO=1 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 aaaa > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect fails for nsec3 signed nonexist, DO=1 ($n)" +ret=0 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.2 -b 10.53.0.2 any > dig.out.ns2.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns2.test$n > /dev/null || ret=1 +grep "100.100.100.1" dig.out.ns2.test$n > /dev/null && ret=1 +grep "2001:ffff:ffff::6464:6401" dig.out.ns2.test$n > /dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns2.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect works for nonexist authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect works for nonexist authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect works for nonexist authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect doesn't work for acl miss authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 a > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect doesn't work for acl miss authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 aaaa > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect doesn't work for acl miss authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist. @10.53.0.1 -b 10.53.0.4 any > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect works for signed nonexist, DO=0 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect works for signed nonexist, DO=0 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect works for signed nonexist, DO=0 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 +grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect fails for signed nonexist, DO=1 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect fails for signed nonexist, DO=1 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect fails for signed nonexist, DO=1 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.signed. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking A redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 a > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking AAAA redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 aaaa > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking ANY redirect fails for nsec3 signed nonexist, DO=1 authoritative ($n)" +ret=0 +$DIG $DIGOPTS nonexist.nsec3. +dnssec @10.53.0.1 -b 10.53.0.1 any > dig.out.ns1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1 +grep "100.100.100.2" dig.out.ns1.test$n > /dev/null && ret=1 +grep "2001:ffff:ffff::6464:6402" dig.out.ns1.test$n > /dev/null && ret=1 +grep "IN.NSEC3" dig.out.ns1.test$n > /dev/null || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:exit status: $status" +exit $status diff --git a/bin/tests/system/resolver/clean.sh b/bin/tests/system/resolver/clean.sh index 524e9945..d8310f15 100644 --- a/bin/tests/system/resolver/clean.sh +++ b/bin/tests/system/resolver/clean.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.6.16.2 2011-03-13 23:47:13 tbox Exp $ +# $Id: clean.sh,v 1.8 2011-03-13 23:47:35 tbox Exp $ # # Clean up after resolver tests. diff --git a/bin/tests/system/resolver/ns4/child.server.db b/bin/tests/system/resolver/ns4/child.server.db index fb332178..f57f65f7 100644 --- a/bin/tests/system/resolver/ns4/child.server.db +++ b/bin/tests/system/resolver/ns4/child.server.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: child.server.db,v 1.2.2.3 2011-03-13 23:47:13 tbox Exp $ +; $Id: child.server.db,v 1.3 2011-03-13 23:47:35 tbox Exp $ $TTL 300 @ IN SOA marka.isc.org. ns.server. ( diff --git a/bin/tests/system/resolver/ns4/moves.db b/bin/tests/system/resolver/ns4/moves.db index f879ec13..f4b0b297 100644 --- a/bin/tests/system/resolver/ns4/moves.db +++ b/bin/tests/system/resolver/ns4/moves.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: moves.db,v 1.2.2.3 2011-03-13 23:47:13 tbox Exp $ +; $Id: moves.db,v 1.3 2011-03-13 23:47:35 tbox Exp $ $TTL 300 @ IN SOA marka.isc.org. ns.server. ( diff --git a/bin/tests/system/resolver/ns4/named.conf b/bin/tests/system/resolver/ns4/named.conf index 67628300..fa562c9b 100644 --- a/bin/tests/system/resolver/ns4/named.conf +++ b/bin/tests/system/resolver/ns4/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.60.2 2011-03-13 23:47:13 tbox Exp $ */ +/* $Id: named.conf,v 1.4 2011-03-13 23:47:36 tbox Exp $ */ // NS4 diff --git a/bin/tests/system/resolver/ns5/child.server.db b/bin/tests/system/resolver/ns5/child.server.db index a100eee5..8a055193 100644 --- a/bin/tests/system/resolver/ns5/child.server.db +++ b/bin/tests/system/resolver/ns5/child.server.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: child.server.db,v 1.2.2.3 2011-03-13 23:47:13 tbox Exp $ +; $Id: child.server.db,v 1.3 2011-03-13 23:47:36 tbox Exp $ $TTL 300 @ IN SOA marka.isc.org. ns.server. ( diff --git a/bin/tests/system/resolver/ns5/moves.db b/bin/tests/system/resolver/ns5/moves.db index ad7d5011..2fa0a54d 100644 --- a/bin/tests/system/resolver/ns5/moves.db +++ b/bin/tests/system/resolver/ns5/moves.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: moves.db,v 1.2.2.3 2011-03-13 23:47:13 tbox Exp $ +; $Id: moves.db,v 1.3 2011-03-13 23:47:36 tbox Exp $ $TTL 300 @ IN SOA marka.isc.org. ns.server. ( diff --git a/bin/tests/system/resolver/ns5/named.conf b/bin/tests/system/resolver/ns5/named.conf index 22b9e8d1..28c70bbc 100644 --- a/bin/tests/system/resolver/ns5/named.conf +++ b/bin/tests/system/resolver/ns5/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.60.2 2011-03-13 23:47:14 tbox Exp $ */ +/* $Id: named.conf,v 1.4 2011-03-13 23:47:36 tbox Exp $ */ // NS4 diff --git a/bin/tests/system/resolver/ns6/moves.db b/bin/tests/system/resolver/ns6/moves.db index 38511dfa..373a5c75 100644 --- a/bin/tests/system/resolver/ns6/moves.db +++ b/bin/tests/system/resolver/ns6/moves.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: moves.db,v 1.2.2.3 2011-03-13 23:47:14 tbox Exp $ +; $Id: moves.db,v 1.3 2011-03-13 23:47:36 tbox Exp $ $TTL 300 @ IN SOA marka.isc.org. ns.server. ( diff --git a/bin/tests/system/resolver/ns6/root.db b/bin/tests/system/resolver/ns6/root.db index 6118cb75..f5175093 100644 --- a/bin/tests/system/resolver/ns6/root.db +++ b/bin/tests/system/resolver/ns6/root.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: root.db,v 1.2.50.2 2011-03-13 23:47:14 tbox Exp $ +; $Id: root.db,v 1.4 2011-03-13 23:47:36 tbox Exp $ $TTL 300 . IN SOA marka.isc.org. a.root.servers.nil. ( diff --git a/bin/tests/system/resolver/ns7/named.conf b/bin/tests/system/resolver/ns7/named.conf index 91d6b7b6..d66ebc13 100644 --- a/bin/tests/system/resolver/ns7/named.conf +++ b/bin/tests/system/resolver/ns7/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.50.3 2011-08-02 04:58:46 each Exp $ */ +/* $Id: named.conf,v 1.5 2011-07-28 03:18:17 each Exp $ */ // NS4 diff --git a/bin/tests/system/resolver/ns7/server.db.in b/bin/tests/system/resolver/ns7/server.db.in index c1651d7e..f63cfa21 100644 --- a/bin/tests/system/resolver/ns7/server.db.in +++ b/bin/tests/system/resolver/ns7/server.db.in @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: server.db.in,v 1.2.2.3 2011-03-13 23:47:14 tbox Exp $ +; $Id: server.db.in,v 1.3 2011-03-13 23:47:36 tbox Exp $ $TTL 300 @ IN SOA marka.isc.org. a.root.servers.nil. ( diff --git a/bin/tests/system/resolver/setup.sh b/bin/tests/system/resolver/setup.sh index 54412199..0dc71a2e 100644 --- a/bin/tests/system/resolver/setup.sh +++ b/bin/tests/system/resolver/setup.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.3.38.2 2011-03-13 23:47:13 tbox Exp $ +# $Id: setup.sh,v 1.5 2011-03-13 23:47:35 tbox Exp $ ../../../tools/genrandom 400 random.data diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 8001fa6a..d46ba5a3 100644 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.17.38.3 2011-08-02 04:58:46 each Exp $ +# $Id: tests.sh,v 1.20 2011-07-28 03:18:17 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh new file mode 100644 index 00000000..224ef2e2 --- /dev/null +++ b/bin/tests/system/rndc/clean.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: clean.sh,v 1.2 2011-03-21 18:06:06 each Exp $ + +rm -f ns2/*.db ns2/*.jnl +rm -f ns2/session.key +rm -f ns2/named.memstats diff --git a/bin/tests/system/rndc/ns2/named.conf b/bin/tests/system/rndc/ns2/named.conf new file mode 100644 index 00000000..4c17b1ad --- /dev/null +++ b/bin/tests/system/rndc/ns2/named.conf @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.4 2011-06-10 01:32:37 each Exp $ */ + +controls { /* empty */ }; + +options { + port 5300; + pid-file "named.pid"; + session-keyfile "session.key"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; +}; + + +zone "." { + type hint; + file "../../common/root.hint"; +}; + +zone "nil" { + type master; + update-policy local; + file "nil.db"; + ixfr-from-differences yes; +}; + +zone "other" { + type master; + update-policy local; + file "other.db"; +}; + +zone "static" { + type master; + file "static.db"; +}; diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh new file mode 100644 index 00000000..72870756 --- /dev/null +++ b/bin/tests/system/rndc/setup.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: setup.sh,v 1.2 2011-03-21 18:06:06 each Exp $ + +sh clean.sh + +sh ../genzone.sh 2 >ns2/nil.db +sh ../genzone.sh 2 >ns2/other.db +sh ../genzone.sh 2 >ns2/static.db diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh new file mode 100644 index 00000000..2efc8f3f --- /dev/null +++ b/bin/tests/system/rndc/tests.sh @@ -0,0 +1,229 @@ +#!/bin/sh +# +# Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: tests.sh,v 1.4 2011-06-10 01:32:37 each Exp $ + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" +DIGCMD="$DIG $DIGOPTS @10.53.0.2 -p 5300" +RNDCCMD="$RNDC -s 10.53.0.2 -p 9953 -c ../common/rndc.conf" + +status=0 + +echo "I:preparing" +ret=0 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text1.nil. 600 IN TXT "addition 1" +send +zone other. +update add text1.other. 600 IN TXT "addition 1" +send +END +[ -s ns2/nil.db.jnl ] || ret=1 +[ -s ns2/other.db.jnl ] || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:rndc freeze" +$RNDCCMD freeze | sed 's/^/I:ns2 /' + +echo "I:checking zone was dumped" +ret=0 +grep "addition 1" ns2/nil.db > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking journal file is still present" +ret=0 +[ -s ns2/nil.db.jnl ] || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking zone not writable" +ret=0 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END && ret=1 +server 10.53.0.2 +zone nil. +update add text2.nil. 600 IN TXT "addition 2" +send +END + +$DIGCMD text2.nil. TXT | grep 'addition 2' >/dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:rndc thaw" +$RNDCCMD thaw | sed 's/^/I:ns2 /' + +echo "I:checking zone now writable" +ret=0 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text3.nil. 600 IN TXT "addition 3" +send +END +$DIGCMD text3.nil. TXT | grep 'addition 3' >/dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:rndc sync" +ret=0 +$RNDCCMD sync nil | sed 's/^/I:ns2 /' + +echo "I:checking zone was dumped" +ret=0 +grep "addition 3" ns2/nil.db > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking journal file is still present" +ret=0 +[ -s ns2/nil.db.jnl ] || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking zone is still writable" +ret=0 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text4.nil. 600 IN TXT "addition 4" +send +END + +$DIGCMD text4.nil. TXT | grep 'addition 4' >/dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:rndc sync -clean" +ret=0 +$RNDCCMD sync -clean nil | sed 's/^/I:ns2 /' + +echo "I:checking zone was dumped" +ret=0 +grep "addition 4" ns2/nil.db > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking journal file is deleted" +ret=0 +[ -s ns2/nil.db.jnl ] && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking zone is still writable" +ret=0 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text5.nil. 600 IN TXT "addition 5" +send +END + +$DIGCMD text4.nil. TXT | grep 'addition 4' >/dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking other journal files not removed" +ret=0 +[ -s ns2/other.db.jnl ] || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:cleaning all zones" +$RNDCCMD sync -clean | sed 's/^/I:ns2 /' + +echo "I:checking all journals removed" +ret=0 +[ -s ns2/nil.db.jnl ] && ret=1 +[ -s ns2/other.db.jnl ] && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking that freezing static zones is not allowed" +ret=0 +$RNDCCMD freeze static 2>&1 | grep 'not dynamic' > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking that journal is removed when serial is changed before thaw" +ret=0 +sleep 1 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone other. +update add text6.other. 600 IN TXT "addition 6" +send +END +[ -s ns2/other.db.jnl ] || ret=1 +$RNDCCMD freeze other 2>&1 | sed 's/^/I:ns2 /' +serial=`awk '$3 == "serial" {print $1}' ns2/other.db` +newserial=`expr $serial + 1` +sed s/$serial/$newserial/ ns2/other.db > ns2/other.db.new +echo 'frozen TXT "frozen addition"' >> ns2/other.db.new +mv -f ns2/other.db.new ns2/other.db +$RNDCCMD thaw 2>&1 | sed 's/^/I:ns2 /' +sleep 1 +[ -f ns2/other.db.jnl ] && ret=1 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone other. +update add text7.other. 600 IN TXT "addition 7" +send +END +$DIGCMD text6.other. TXT | grep 'addition 6' >/dev/null || ret=1 +$DIGCMD text7.other. TXT | grep 'addition 7' >/dev/null || ret=1 +$DIGCMD frozen.other. TXT | grep 'frozen addition' >/dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking that journal is kept when ixfr-from-differences is in use" +ret=0 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text6.nil. 600 IN TXT "addition 6" +send +END +[ -s ns2/nil.db.jnl ] || ret=1 +$RNDCCMD freeze nil 2>&1 | sed 's/^/I:ns2 /' +serial=`awk '$3 == "serial" {print $1}' ns2/nil.db` +newserial=`expr $serial + 1` +sed s/$serial/$newserial/ ns2/nil.db > ns2/nil.db.new +echo 'frozen TXT "frozen addition"' >> ns2/nil.db.new +mv -f ns2/nil.db.new ns2/nil.db +$RNDCCMD thaw 2>&1 | sed 's/^/I:ns2 /' +sleep 1 +[ -s ns2/nil.db.jnl ] || ret=1 +$NSUPDATE -p 5300 -k ns2/session.key > /dev/null 2>&1 <<END || ret=1 +server 10.53.0.2 +zone nil. +update add text7.nil. 600 IN TXT "addition 7" +send +END +$DIGCMD text6.nil. TXT | grep 'addition 6' >/dev/null || ret=1 +$DIGCMD text7.nil. TXT | grep 'addition 7' >/dev/null || ret=1 +$DIGCMD frozen.nil. TXT | grep 'frozen addition' >/dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:exit status: $status" +exit $status diff --git a/bin/tests/system/rpz/ns3/base.db b/bin/tests/system/rpz/ns3/base.db index 8fe8b54f..0b3b176e 100644 --- a/bin/tests/system/rpz/ns3/base.db +++ b/bin/tests/system/rpz/ns3/base.db @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: base.db,v 1.3.8.2 2011-06-09 00:53:54 marka Exp $ +; $Id: base.db,v 1.5 2011-06-09 00:42:50 marka Exp $ ; RPZ test diff --git a/bin/tests/system/rpz/test1 b/bin/tests/system/rpz/test1 index c487c98e..f665505a 100644 --- a/bin/tests/system/rpz/test1 +++ b/bin/tests/system/rpz/test1 @@ -12,7 +12,7 @@ ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; PERFORMANCE OF THIS SOFTWARE. -; $Id: test1,v 1.4.8.1 2011-06-09 03:14:04 marka Exp $ +; $Id: test1,v 1.5 2011-06-09 03:10:17 marka Exp $ server 10.53.0.3 5300 diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index b01228a1..7aef0eb5 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.3.8.3 2011-06-09 03:14:04 marka Exp $ +# $Id: tests.sh,v 1.6 2011-06-09 03:10:17 marka Exp $ # test response policy zones (RPZ) diff --git a/bin/tests/system/send.pl b/bin/tests/system/send.pl index 45eb6b50..fabdbf83 100644 --- a/bin/tests/system/send.pl +++ b/bin/tests/system/send.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: send.pl,v 1.5.814.2 2011-03-05 23:52:08 tbox Exp $ +# $Id: send.pl,v 1.7 2011-03-05 23:52:29 tbox Exp $ # # Send a file to a given address and port using TCP. Used for diff --git a/bin/tests/system/smartsign/tests.sh b/bin/tests/system/smartsign/tests.sh index c8d50d1b..92d14a89 100644 --- a/bin/tests/system/smartsign/tests.sh +++ b/bin/tests/system/smartsign/tests.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.6.70.3 2011-07-08 01:45:58 each Exp $ +# $Id: tests.sh,v 1.15 2011-07-08 01:43:26 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -31,7 +31,7 @@ cfile=child.db echo I:generating keys # active zsk -czsk1=`$KEYGEN -q -r $RANDFILE $czone` +czsk1=`$KEYGEN -q -r $RANDFILE -L 30 $czone` # not yet published or active czsk2=`$KEYGEN -q -r $RANDFILE -P none -A none $czone` @@ -50,7 +50,7 @@ czsk5=`$KEYGEN -q -r $RANDFILE -P now+12h -A now+12h -I now+24h $czone` czsk6=`$KEYGEN -q -r $RANDFILE -S $czsk5 -i 6h 2>&-` # active ksk -cksk1=`$KEYGEN -q -r $RANDFILE -fk $czone` +cksk1=`$KEYGEN -q -r $RANDFILE -fk -L 30 $czone` # published but not YET active; will be active in 20 seconds cksk2=`$KEYGEN -q -r $RANDFILE -fk $czone` @@ -60,10 +60,11 @@ echo I:revoking key # revoking key changes its ID cksk3=`$KEYGEN -q -r $RANDFILE -fk $czone` cksk4=`$REVOKE $cksk3` -$SETTIME -A now+20s $cksk2 > /dev/null +# using now+30s to fix RT 24561 +$SETTIME -A now+30s $cksk2 > /dev/null echo I:signing child zone -czoneout=`$SIGNER -Sg -r $RANDFILE -o $czone $cfile 2>&1` +czoneout=`$SIGNER -Sg -e now+1d -X now+2d -r $RANDFILE -o $czone $cfile 2>&1` echo I:generating keys pzsk=`$KEYGEN -q -r $RANDFILE $pzone` @@ -98,12 +99,12 @@ status=`expr $status + $ret` echo "I:rechecking dnssec-signzone output with -x" ret=0 # use an alternate output file so -x doesn't interfere with later checks -pzoneout=`$SIGNER -Sxg -r $RANDFILE -o $pzone -f ${pzone}2.signed $pfile 2>&1` -czoneout=`$SIGNER -Sxg -r $RANDFILE -o $czone -f ${czone}2.signed $cfile 2>&1` +pzoneout=`$SIGNER -Sxg -r $RANDFILE -o $pzone -f {$pfile}2.signed $pfile 2>&1` +czoneout=`$SIGNER -Sxg -e now+1d -X now+2d -r $RANDFILE -o $czone -f ${cfile}2.signed $cfile 2>&1` echo "$pzoneout" | grep 'KSKs: 1 active, 0 stand-by, 0 revoked' > /dev/null || ret=1 -echo "$pzoneout"| grep 'ZSKs: 1 active, 0 present, 0 revoked' > /dev/null || ret=1 -echo "$czoneout"| grep 'KSKs: 1 active, 1 stand-by, 1 revoked' > /dev/null || ret=1 -echo "$czoneout"| grep 'ZSKs: 1 active, 2 present, 0 revoked' > /dev/null || ret=1 +echo "$pzoneout" | grep 'ZSKs: 1 active, 0 present, 0 revoked' > /dev/null || ret=1 +echo "$czoneout" | grep 'KSKs: 1 active, 1 stand-by, 1 revoked' > /dev/null || ret=1 +echo "$czoneout" | grep 'ZSKs: 1 active, 2 present, 0 revoked' > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` @@ -143,36 +144,142 @@ grep "key id = $czsuccessor" $cfile.signed && echo succ is there if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +echo "I:checking key TTLs are correct" +grep "${czone}. 30 IN" ${czsk1}.key > /dev/null 2>&1 || ret=1 +grep "${czone}. 30 IN" ${cksk1}.key > /dev/null 2>&1 || ret=1 +grep "${czone}. IN" ${czsk2}.key > /dev/null 2>&1 || ret=1 +$SETTIME -L 45 ${czsk2} > /dev/null +grep "${czone}. 45 IN" ${czsk2}.key > /dev/null 2>&1 || ret=1 +$SETTIME -L 0 ${czsk2} > /dev/null +grep "${czone}. IN" ${czsk2}.key > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking key TTLs were imported correctly" +awk 'BEGIN {r = 0} $2 == "DNSKEY" && $1 != 30 {r = 1} END {exit r}' \ + ${cfile}.signed || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:re-signing and checking imported TTLs again" +$SETTIME -L 15 ${czsk2} > /dev/null +czoneout=`$SIGNER -Sg -e now+1d -X now+2d -r $RANDFILE -o $czone $cfile 2>&1` +awk 'BEGIN {r = 0} $2 == "DNSKEY" && $1 != 15 {r = 1} END {exit r}' \ + ${cfile}.signed || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +# There is some weirdness in Solaris 10 (Generic_120011-14), which +# is why the next section has all those echo $ret > /dev/null;sync +# commands echo "I:checking child zone signatures" ret=0 # check DNSKEY signatures first -awk '$2 == "RRSIG" && $3 == "DNSKEY" { getline; print $2 }' $cfile.signed > dnskey.sigs -grep "$ckactive" dnskey.sigs > /dev/null || ret=1 -grep "$ckrevoked" dnskey.sigs > /dev/null || ret=1 -grep "$czactive" dnskey.sigs > /dev/null || ret=1 +awk '$2 == "RRSIG" && $3 == "DNSKEY" { getline; print $3 }' $cfile.signed > dnskey.sigs +sub=0 +grep "$ckactive" dnskey.sigs > /dev/null || sub=1 +if [ $sub != 0 ]; then echo "I:missing ckactive $ckactive (dnskey)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$ckrevoked" dnskey.sigs > /dev/null || sub=1 +if [ $sub != 0 ]; then echo "I:missing ckrevoke $ckrevoke (dnskey)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czactive" dnskey.sigs > /dev/null || sub=1 +if [ $sub != 0 ]; then echo "I:missing czactive $czactive (dnskey)"; ret=1; fi # should not be there: -grep "$ckprerevoke" dnskey.sigs > /dev/null && ret=1 -grep "$ckpublished" dnskey.sigs > /dev/null && ret=1 -grep "$czpublished" dnskey.sigs > /dev/null && ret=1 -grep "$czinactive" dnskey.sigs > /dev/null && ret=1 -grep "$czgenerated" dnskey.sigs > /dev/null && ret=1 -# now check other signatures -awk '$2 == "RRSIG" && $3 != "DNSKEY" { getline; print $2 }' $cfile.signed | sort -un > other.sigs +echo $ret > /dev/null +sync +sub=0 +grep "$ckprerevoke" dnskey.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found ckprerevoke $ckprerevoke (dnskey)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$ckpublished" dnskey.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found ckpublished $ckpublished (dnskey)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czpublished" dnskey.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found czpublished $czpublished (dnskey)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czinactive" dnskey.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found czinactive $czinactive (dnskey)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czgenerated" dnskey.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found czgenerated $czgenerated (dnskey)"; ret=1; fi +# now check other signatures first +awk '$2 == "RRSIG" && $3 != "DNSKEY" { getline; print $3 }' $cfile.signed | sort -un > other.sigs # should not be there: -grep "$ckactive" other.sigs > /dev/null && ret=1 -grep "$ckpublished" other.sigs > /dev/null && ret=1 -grep "$ckprerevoke" other.sigs > /dev/null && ret=1 -grep "$ckrevoked" other.sigs > /dev/null && ret=1 -grep "$czpublished" other.sigs > /dev/null && ret=1 -grep "$czinactive" other.sigs > /dev/null && ret=1 -grep "$czgenerated" other.sigs > /dev/null && ret=1 -grep "$czpredecessor" other.sigs > /dev/null && ret=1 -grep "$czsuccessor" other.sigs > /dev/null && ret=1 -if [ $ret != 0 ]; then echo "I:failed"; fi +echo $ret > /dev/null +sync +sub=0 +grep "$ckactive" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found ckactive $ckactive (other)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$ckpublished" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found ckpublished $ckpublished (other)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$ckprerevoke" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found ckprerevoke $ckprerevoke (other)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$ckrevoked" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found ckrevoked $ckrevoked (other)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czpublished" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found czpublished $czpublished (other)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czinactive" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found czinactive $czinactive (other)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czgenerated" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found czgenerated $czgenerated (other)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czpredecessor" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found czpredecessor $czpredecessor (other)"; ret=1; fi +echo $ret > /dev/null +sync +sub=0 +grep "$czsuccessor" other.sigs > /dev/null && sub=1 +if [ $sub != 0 ]; then echo "I:found czsuccessor $czsuccessor (other)"; ret=1; fi +if [ $ret != 0 ]; then + sed 's/^/I:dnskey sigs: /' < dnskey.sigs + sed 's/^/I:other sigs: /' < other.sigs + echo "I:failed"; +fi +status=`expr $status + $ret` + +echo "I:checking RRSIG expiry date correctness" +dnskey_expiry=`$CHECKZONE -o - $czone $cfile.signed 2> /dev/null | + awk '$4 == "RRSIG" && $5 == "DNSKEY" {print $9; exit}'` +soa_expiry=`$CHECKZONE -o - $czone $cfile.signed 2> /dev/null | + awk '$4 == "RRSIG" && $5 == "SOA" {print $9; exit}'` +[ $dnskey_expiry -gt $soa_expiry ] || ret=1 status=`expr $status + $ret` -echo "I:waiting 20 seconds for key activation" -sleep 20 +echo "I:waiting 30 seconds for key activation" +sleep 30 echo "I:re-signing child zone" czoneout2=`$SIGNER -Sg -r $RANDFILE -o $czone -f $cfile.new $cfile.signed 2>&1` mv $cfile.new $cfile.signed @@ -185,7 +292,7 @@ status=`expr $status + $ret` echo "I:checking child zone signatures again" ret=0 -awk '$2 == "RRSIG" && $3 == "DNSKEY" { getline; print $2 }' $cfile.signed > dnskey.sigs +awk '$2 == "RRSIG" && $3 == "DNSKEY" { getline; print $3 }' $cfile.signed > dnskey.sigs grep "$ckpublished" dnskey.sigs > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/start.pl b/bin/tests/system/start.pl index c860545f..f12ecf2d 100644 --- a/bin/tests/system/start.pl +++ b/bin/tests/system/start.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: start.pl,v 1.16.54.6 2011-05-05 22:58:59 smann Exp $ +# $Id: start.pl,v 1.24 2011-05-05 23:15:56 smann Exp $ # Framework for starting test servers. # Based on the type of server specified, check for port availability, remove @@ -201,7 +201,7 @@ sub start_server { # start the server my $child = `$command`; - chomp($child); + $child =~ s/\s+$//g; # wait up to 14 seconds for the server to start and to write the # pid file otherwise kill this server and any others that have diff --git a/bin/tests/system/testsock.pl b/bin/tests/system/testsock.pl index dcaae412..b6b5f70d 100644 --- a/bin/tests/system/testsock.pl +++ b/bin/tests/system/testsock.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: testsock.pl,v 1.18.70.2 2011-03-02 23:47:27 tbox Exp $ +# $Id: testsock.pl,v 1.20 2011-03-01 23:48:05 tbox Exp $ # Test whether the interfaces on 10.53.0.* are up. diff --git a/bin/tests/system/tsiggss/Makefile.in b/bin/tests/system/tsiggss/Makefile.in index 58b4e0c1..186c97b3 100644 --- a/bin/tests/system/tsiggss/Makefile.in +++ b/bin/tests/system/tsiggss/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.2.4.2 2011-04-19 22:12:14 smann Exp $ +# $Id: Makefile.in,v 1.2 2011-03-30 15:48:41 smann Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/tests/system/tsiggss/gssapi_krb.c b/bin/tests/system/tsiggss/gssapi_krb.c index 8c16b397..8b84f79c 100644 --- a/bin/tests/system/tsiggss/gssapi_krb.c +++ b/bin/tests/system/tsiggss/gssapi_krb.c @@ -14,13 +14,19 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gssapi_krb.c,v 1.3.4.2 2011-04-19 22:12:14 smann Exp $ */ +/* $Id: gssapi_krb.c,v 1.3 2011-04-05 19:16:54 smann Exp $ */ #include <config.h> int main() { -#if defined(HAVE_GSSAPI_H) && defined(HAVE_KRB5_H) +#if (defined(HAVE_GSSAPI_H) || \ + defined(HAVE_GSSAPI_GSSAPI_H)) && \ + (defined(HAVE_KRB5_H) || \ + defined(HAVE_KRB5_KRB5_H) || \ + defined(HAVE_GSSAPI_GSSAPI_KRB5_H) || \ + defined(HAVE_GSSAPI_KRB5_H) || \ + defined(HAVE_KERBEROSV5_KRB5_H)) return (0); #else return (1); diff --git a/bin/tests/system/tsiggss/prereq.sh b/bin/tests/system/tsiggss/prereq.sh index f19fa880..c35c8175 100644 --- a/bin/tests/system/tsiggss/prereq.sh +++ b/bin/tests/system/tsiggss/prereq.sh @@ -14,12 +14,12 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: prereq.sh,v 1.3.14.2 2011-04-19 23:47:31 tbox Exp $ +# $Id: prereq.sh,v 1.6 2011-04-05 16:10:39 smann Exp $ TOP=${SYSTEMTESTTOP:=.}/../../../.. # enable the tsiggss test only if gssapi was enabled -./gssapi_krb5 || { +./gssapi_krb || { echo "I:gssapi and krb5 not supported - skipping tsiggss test" exit 255 } diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh index 64ec2d13..c44cc567 100644 --- a/bin/tests/system/tsiggss/setup.sh +++ b/bin/tests/system/tsiggss/setup.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.3.14.2 2011-03-21 23:46:59 tbox Exp $ +# $Id: setup.sh,v 1.5 2011-03-21 23:47:21 tbox Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/xfer/clean.sh b/bin/tests/system/xfer/clean.sh index 21d4397c..254abca4 100644 --- a/bin/tests/system/xfer/clean.sh +++ b/bin/tests/system/xfer/clean.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.14.732.2 2011-03-12 04:59:15 tbox Exp $ +# $Id: clean.sh,v 1.16 2011-03-12 04:59:47 tbox Exp $ # # Clean up after zone transfer tests. diff --git a/bin/tests/system/xfer/dig1.good b/bin/tests/system/xfer/dig1.good index 4f741791..13e9c832 100644 --- a/bin/tests/system/xfer/dig1.good +++ b/bin/tests/system/xfer/dig1.good @@ -75,6 +75,8 @@ txt09.example. 3600 IN TXT "foo\010bar" txt10.example. 3600 IN TXT "foo bar" txt11.example. 3600 IN TXT "\"foo\"" txt12.example. 3600 IN TXT "\"foo\"" +uri01.example. 3600 IN URI 10 20 "https://www.isc.org/" +uri02.example. 3600 IN URI 30 40 "https://www.isc.org/HolyCowThisSureIsAVeryLongURIRecordIDontEvenKnowWhatSomeoneWouldEverWantWithSuchAThingButTheSpecificationRequiresThatWesupportItSoHereWeGoTestingItLaLaLaLaLaLaLaSeriouslyThoughWhyWouldYouEvenConsiderUsingAURIThisLongItSeemsLikeASillyIdeaButEnhWhatAreYouGonnaDo/" wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23 wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53 wks03.example. 3600 IN WKS 10.0.0.2 6 65535 diff --git a/bin/tests/system/xfer/dig2.good b/bin/tests/system/xfer/dig2.good index db3521c4..a2b1e972 100644 --- a/bin/tests/system/xfer/dig2.good +++ b/bin/tests/system/xfer/dig2.good @@ -75,6 +75,8 @@ txt09.example. 3600 IN TXT "foo\010bar" txt10.example. 3600 IN TXT "foo bar" txt11.example. 3600 IN TXT "\"foo\"" txt12.example. 3600 IN TXT "\"foo\"" +uri01.example. 3600 IN URI 10 20 "https://www.isc.org/" +uri02.example. 3600 IN URI 30 40 "https://www.isc.org/HolyCowThisSureIsAVeryLongURIRecordIDontEvenKnowWhatSomeoneWouldEverWantWithSuchAThingButTheSpecificationRequiresThatWesupportItSoHereWeGoTestingItLaLaLaLaLaLaLaSeriouslyThoughWhyWouldYouEvenConsiderUsingAURIThisLongItSeemsLikeASillyIdeaButEnhWhatAreYouGonnaDo/" wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23 wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53 wks03.example. 3600 IN WKS 10.0.0.2 6 65535 diff --git a/bin/tests/system/xfer/ns1/named.conf b/bin/tests/system/xfer/ns1/named.conf index 83f1ccd1..5c950b8e 100644 --- a/bin/tests/system/xfer/ns1/named.conf +++ b/bin/tests/system/xfer/ns1/named.conf @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.18.814.2 2011-03-12 04:59:15 tbox Exp $ */ +/* $Id: named.conf,v 1.20 2011-03-12 04:59:47 tbox Exp $ */ include "../../common/rndc.key"; diff --git a/bin/tests/system/xfer/ns3/named.conf b/bin/tests/system/xfer/ns3/named.conf index 0ce287ce..808775c6 100644 --- a/bin/tests/system/xfer/ns3/named.conf +++ b/bin/tests/system/xfer/ns3/named.conf @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.21.814.2 2011-03-12 04:59:15 tbox Exp $ */ +/* $Id: named.conf,v 1.23 2011-03-12 04:59:47 tbox Exp $ */ controls { /* empty */ }; diff --git a/bin/tests/system/xfer/ns4/named.conf.base b/bin/tests/system/xfer/ns4/named.conf.base index 6642e3f4..52e82711 100644 --- a/bin/tests/system/xfer/ns4/named.conf.base +++ b/bin/tests/system/xfer/ns4/named.conf.base @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf.base,v 1.2.2.2 2011-03-04 22:03:27 each Exp $ */ +/* $Id: named.conf.base,v 1.2 2011-03-04 22:01:01 each Exp $ */ options { query-source address 10.53.0.4; diff --git a/bin/tests/system/xfer/ns6/named.conf b/bin/tests/system/xfer/ns6/named.conf index c4bc06c2..31855511 100644 --- a/bin/tests/system/xfer/ns6/named.conf +++ b/bin/tests/system/xfer/ns6/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.2.3 2011-03-12 04:59:15 tbox Exp $ */ +/* $Id: named.conf,v 1.3 2011-03-12 04:59:47 tbox Exp $ */ include "../../common/rndc.key"; diff --git a/bin/tests/system/xfer/ns7/named.conf b/bin/tests/system/xfer/ns7/named.conf index 0ef95584..2539146d 100644 --- a/bin/tests/system/xfer/ns7/named.conf +++ b/bin/tests/system/xfer/ns7/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2.2.3 2011-03-12 04:59:15 tbox Exp $ */ +/* $Id: named.conf,v 1.3 2011-03-12 04:59:47 tbox Exp $ */ include "../../common/rndc.key"; diff --git a/bin/tests/system/xfer/prereq.sh b/bin/tests/system/xfer/prereq.sh index 3664f54f..64205c41 100644 --- a/bin/tests/system/xfer/prereq.sh +++ b/bin/tests/system/xfer/prereq.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: prereq.sh,v 1.1.2.3 2011-03-12 23:47:22 tbox Exp $ +# $Id: prereq.sh,v 1.2 2011-03-12 23:47:42 tbox Exp $ if $PERL -e 'use Net::DNS;' 2>/dev/null then diff --git a/bin/tests/system/xfer/setup.sh b/bin/tests/system/xfer/setup.sh index c90349ff..d3f05aad 100644 --- a/bin/tests/system/xfer/setup.sh +++ b/bin/tests/system/xfer/setup.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: setup.sh,v 1.5.814.3 2011-03-11 00:47:27 marka Exp $ +# $Id: setup.sh,v 1.8 2011-03-11 00:43:53 marka Exp $ sh clean.sh diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh index 356c4e27..fe2ea16b 100644 --- a/bin/tests/system/xfer/tests.sh +++ b/bin/tests/system/xfer/tests.sh @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.31.814.4 2011-03-11 00:47:27 marka Exp $ +# $Id: tests.sh,v 1.34 2011-03-11 00:43:53 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/tasks/t_tasks.c b/bin/tests/tasks/t_tasks.c index ee99669c..db06349c 100644 --- a/bin/tests/tasks/t_tasks.c +++ b/bin/tests/tasks/t_tasks.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_tasks.c,v 1.42.424.7 2011-07-27 07:45:06 marka Exp $ */ +/* $Id: t_tasks.c,v 1.49 2011-07-27 07:45:55 marka Exp $ */ #include <config.h> diff --git a/bin/tests/timers/t_timers.c b/bin/tests/timers/t_timers.c index ebc90f1f..23dbc2c9 100644 --- a/bin/tests/timers/t_timers.c +++ b/bin/tests/timers/t_timers.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: t_timers.c,v 1.30.424.3 2011-03-14 14:13:58 fdupont Exp $ */ +/* $Id: t_timers.c,v 1.33 2011-03-14 14:13:10 fdupont Exp $ */ #include <config.h> diff --git a/bin/tools/genrandom.8 b/bin/tools/genrandom.8 index 5005658c..fdee2b99 100644 --- a/bin/tools/genrandom.8 +++ b/bin/tools/genrandom.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: genrandom.8,v 1.8.124.1 2011-08-09 01:52:58 tbox Exp $ +.\" $Id: genrandom.8,v 1.9 2011-08-09 01:14:53 tbox Exp $ .\" .hy 0 .ad l diff --git a/bin/tools/genrandom.docbook b/bin/tools/genrandom.docbook index b52ab493..ba13baa6 100644 --- a/bin/tools/genrandom.docbook +++ b/bin/tools/genrandom.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: genrandom.docbook,v 1.6.124.2 2011-08-08 23:45:44 tbox Exp $ --> +<!-- $Id: genrandom.docbook,v 1.8 2011-08-08 23:46:41 tbox Exp $ --> <refentry id="man.genrandom"> <refentryinfo> <date>Feb 19, 2009</date> diff --git a/bin/tools/genrandom.html b/bin/tools/genrandom.html index c3b2993a..94cef55f 100644 --- a/bin/tools/genrandom.html +++ b/bin/tools/genrandom.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: genrandom.html,v 1.8.124.1 2011-08-09 01:52:58 tbox Exp $ --> +<!-- $Id: genrandom.html,v 1.9 2011-08-09 01:14:53 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |