Cross Reference: /bind-9.11.3/bin/tests/system/mkeys/README

	README revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark AndrewsCopyright (C) 2015, 2016  Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark AndrewsThis Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark AndrewsLicense, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrewsfile, You can obtain one at http://mozilla.org/MPL/2.0/.
29756974c585f616bb6e8233218cc385df9aeddbTinderbox User
591389c7d44e5ca20c357627dd179772cfefaaccEvan HuntThis is for testing managed-keys, in particular with problems
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntwith RFC 5011 Automated Updates of DNSSEC Trust Anchors.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntns1 is the root server that offers new KSKs and hosts one record for
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunttesting. The TTL for the zone's records is 2 seconds.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntns2 is a validator uses managed-keys.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt"named -T rfc5011holddown=4" switch is used so it will attempt to do
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntthe automated updates frequently.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntns3 is a validator with a broken key in managed-keys.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan HuntTests TODO:
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt- initial working KSK
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan HuntTODO: test using delv with new trusted key too
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt- introduce a REVOKE bit
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt- later remove a signature
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt- corrupt a signature
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan HuntTODO: also same things with dlv auto updates of trust anchor
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt