genzones.sh revision 3ce2018dfa0912a29666e7e477a9daddf23fc224
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
SYSTEMTESTTOP=../..
echo "D:${debug}: dumping ${1}"
}
echo "I:setting up $2 zone: $1"
debug="$1"
zone="$1"
file="$1.$2"
n=`expr ${n:-0} + 1`
}
# A unsigned zone should fail validation.
# A set of nsec zones.
# A set of nsec3 zones.
# A set of zones with only DNSKEY records.
# A set of zones with expired records
s="-s -2678400"
# ksk expired
# broken nsec chain
# bad nsec bitmap
# extra NSEC record out side of zone
echo "out-of-zone. 3600 IN NSEC ${zone}. A" >> ${file}
$SIGNER -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n
# extra NSEC record below bottom of one
$SIGNER -Px -Z nonsecify -O full -o ${zone} -f ${file}.tmp ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n
# dnssec-signzone signs any node with a NSEC record.
# missing NSEC3 record at empty node
$SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file}.tmp $zsk > s.out$n 2>&1 || dumpit s.out$n
# extra NSEC3 record
awk '
BEGIN {
}
$4 == "NSEC3" && NF == 9 {
$1 = "H9P7U7TR2U91D0V0LJS9L1GIDNP90U3H." ZONE;
$9 = "H9P7U7TR2U91D0V0LJS9L1GIDNP90U3I";
print;
$SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n