diff options
Diffstat (limited to 'contrib/unbound/testdata/ede.tdir')
-rwxr-xr-x | contrib/unbound/testdata/ede.tdir/bogus/clean.sh | 1 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/bogus/dnskey-failures.test | 10 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/bogus/dnssec-failures.test | 15 | ||||
-rwxr-xr-x | contrib/unbound/testdata/ede.tdir/bogus/make-broken-zone.sh | 67 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/bogus/nsec-failures.test | 10 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/bogus/rrsig-failures.test | 10 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/ede-auth.conf | 27 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/ede.conf | 49 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/ede.dsc | 16 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/ede.post | 10 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/ede.pre | 37 | ||||
-rw-r--r-- | contrib/unbound/testdata/ede.tdir/ede.test | 72 |
12 files changed, 0 insertions, 324 deletions
diff --git a/contrib/unbound/testdata/ede.tdir/bogus/clean.sh b/contrib/unbound/testdata/ede.tdir/bogus/clean.sh deleted file mode 100755 index 54128f807217..000000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/clean.sh +++ /dev/null @@ -1 +0,0 @@ -rm -f K* piece1 base expired notyetincepted trust-anchors dnssec-failures.test.signed dnskey-failures.test.signed nsec-failures.test.signed rrsig-failures.test.signed diff --git a/contrib/unbound/testdata/ede.tdir/bogus/dnskey-failures.test b/contrib/unbound/testdata/ede.tdir/bogus/dnskey-failures.test deleted file mode 100644 index 49d6ad5a384d..000000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/dnskey-failures.test +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN dnskey-failures.test. - -@ SOA ns hostmaster ( - 1 ; serial - 14400 ; refresh (4 hours) - 1800 ; retry (30 minutes) - 2419200 ; expire (4 weeks) - 300 ; minimum (5 minutes) -) - A 192.0.2.1 diff --git a/contrib/unbound/testdata/ede.tdir/bogus/dnssec-failures.test b/contrib/unbound/testdata/ede.tdir/bogus/dnssec-failures.test deleted file mode 100644 index 5af5941c0959..000000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/dnssec-failures.test +++ /dev/null @@ -1,15 +0,0 @@ -$ORIGIN dnssec-failures.test. - -@ SOA ns hostmaster ( - 1 ; serial - 14400 ; refresh (4 hours) - 1800 ; retry (30 minutes) - 2419200 ; expire (4 weeks) - 300 ; minimum (5 minutes) -) - NS ns -ns A 192.0.2.1 -notyetincepted TXT "Not yet incepted" -expired TXT "Expired" -sigsinvalid TXT "Signatures invalid" -missingrrsigs TXT "Signatures missing"
\ No newline at end of file diff --git a/contrib/unbound/testdata/ede.tdir/bogus/make-broken-zone.sh b/contrib/unbound/testdata/ede.tdir/bogus/make-broken-zone.sh deleted file mode 100755 index 67b4fcfb2d84..000000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/make-broken-zone.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env bash - -# create oudated zones -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnssec-failures.test` -echo $CSK - -echo ". IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d" | \ - cat $CSK.ds - > bogus/trust-anchors - -# differentiate for MacOS with "gdate" -DATE=date -which gdate > /dev/null 2>&1 && DATE=gdate - -ONEMONTHAGO=`$DATE -d 'now - 1 month' +%Y%m%d` -YESTERDAY=`$DATE -d 'now - 2 days' +%Y%m%d` -TOMORROW=`$DATE -d 'now + 2 days' +%Y%m%d` - -ldns-signzone -i $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ - grep -v '^missingrrsigs\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' | \ - sed 's/Signatures invalid/Signatures INVALID/g' | \ - grep -v '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' | \ - grep -v '^notyetincepted\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' | \ - grep -v '^expired\.dnssec-failures\.test\..*IN.*TXT' | \ - grep -v '^expired\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' > base -ldns-signzone -i $ONEMONTHAGO -e $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ - grep -v '[ ]NSEC[ ]' | \ - grep '^expired\.dnssec-failures\.test\..*IN.*TXT' > expired -ldns-signzone -i $TOMORROW -f - bogus/dnssec-failures.test $CSK | \ - grep -v '[ ]NSEC[ ]' | \ - grep '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' > notyetincepted - -cat base expired notyetincepted > bogus/dnssec-failures.test.signed - -# cleanup old zone keys -rm -f $CSK.* -# create zone with DNSKEY missing -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnskey-failures.test` -echo $CSK -cat $CSK.ds >> bogus/trust-anchors - -ldns-signzone -f tmp.signed bogus/dnskey-failures.test $CSK -grep -v ' DNSKEY ' tmp.signed > bogus/dnskey-failures.test.signed - - -# cleanup old zone keys -rm -f $CSK.* -# create zone with NSEC missing -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom nsec-failures.test` -echo $CSK -cat $CSK.ds >> bogus/trust-anchors - -ldns-signzone -f tmp.signed bogus/nsec-failures.test $CSK -grep -v ' NSEC ' tmp.signed > bogus/nsec-failures.test.signed - - -# cleanup old zone keys -rm -f $CSK.* -# create zone with RRSIGs missing -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom rrsig-failures.test` -echo $CSK -cat $CSK.ds >> bogus/trust-anchors - -ldns-signzone -f tmp.signed bogus/rrsig-failures.test $CSK -grep -v ' RRSIG ' tmp.signed > bogus/rrsig-failures.test.signed - -# cleanup -rm -f base expired notyetincepted tmp.signed $CSK.* diff --git a/contrib/unbound/testdata/ede.tdir/bogus/nsec-failures.test b/contrib/unbound/testdata/ede.tdir/bogus/nsec-failures.test deleted file mode 100644 index 529298df686b..000000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/nsec-failures.test +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN nsec-failures.test. - -@ SOA ns hostmaster ( - 1 ; serial - 14400 ; refresh (4 hours) - 1800 ; retry (30 minutes) - 2419200 ; expire (4 weeks) - 300 ; minimum (5 minutes) -) - A 192.0.2.1 diff --git a/contrib/unbound/testdata/ede.tdir/bogus/rrsig-failures.test b/contrib/unbound/testdata/ede.tdir/bogus/rrsig-failures.test deleted file mode 100644 index cab0b7f48d04..000000000000 --- a/contrib/unbound/testdata/ede.tdir/bogus/rrsig-failures.test +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN rrsig-failures.test. - -@ SOA ns hostmaster ( - 1 ; serial - 14400 ; refresh (4 hours) - 1800 ; retry (30 minutes) - 2419200 ; expire (4 weeks) - 300 ; minimum (5 minutes) -) - A 192.0.2.1 diff --git a/contrib/unbound/testdata/ede.tdir/ede-auth.conf b/contrib/unbound/testdata/ede.tdir/ede-auth.conf deleted file mode 100644 index d78da0382ad4..000000000000 --- a/contrib/unbound/testdata/ede.tdir/ede-auth.conf +++ /dev/null @@ -1,27 +0,0 @@ -server: - verbosity: 1 - use-syslog: no - chroot: "" - username: "" - directory: "" - pidfile: "unbound2.pid" - local-zone: test nodefault - interface: 127.0.0.1 - port: @PORT2@ - -auth-zone: - name: "dnssec-failures.test" - zonefile: "bogus/dnssec-failures.test.signed" - -auth-zone: - name: "dnskey-failures.test" - zonefile: "bogus/dnskey-failures.test.signed" - -auth-zone: - name: "nsec-failures.test" - zonefile: "bogus/nsec-failures.test.signed" - -auth-zone: - name: "rrsig-failures.test" - zonefile: "bogus/rrsig-failures.test.signed" - diff --git a/contrib/unbound/testdata/ede.tdir/ede.conf b/contrib/unbound/testdata/ede.tdir/ede.conf deleted file mode 100644 index 13730d42f2c5..000000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.conf +++ /dev/null @@ -1,49 +0,0 @@ -server: - verbosity: 2 - interface: 127.0.0.1 - port: @PORT@ - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - directory: "" - val-log-level: 2 - - trust-anchor-file: "bogus/trust-anchors" - - module-config: "respip validator iterator" - - ede: yes - access-control: 127.0.0.2/32 refuse - access-control: 127.0.0.3/32 allow - - local-zone: hopsa.kidee. always_refuse - local-data: "hopsa.kidee. TXT hela hola" - - local-zone: nlnetlabs.nl transparent - local-data: "hopsa.nlnetlabs.nl. TXT hela hola" - - local-zone: uva.nl. always_null - - local-zone: example.com redirect - local-data: "example.com CNAME *.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaa." - - local-zone: test nodefault - do-not-query-localhost: no - -forward-zone: - name: "dnssec-failures.test" - forward-addr: 127.0.0.1@@PORT2@ - -forward-zone: - name: "dnskey-failures.test" - forward-addr: 127.0.0.1@@PORT2@ - -forward-zone: - name: "nsec-failures.test" - forward-addr: 127.0.0.1@@PORT2@ - -forward-zone: - name: "rrsig-failures.test" - forward-addr: 127.0.0.1@@PORT2@ diff --git a/contrib/unbound/testdata/ede.tdir/ede.dsc b/contrib/unbound/testdata/ede.tdir/ede.dsc deleted file mode 100644 index c397ded693f2..000000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: ede -Version: 1.0 -Description: Test Extended DNS Errors (rfc8914) -CreationDate: Fri Aug 20 15:42:11 UTC 2021 -Maintainer: Tom Carpay -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: ede.pre -Post: ede.post -Test: ede.test -AuxFiles: -Passed: -Failure: diff --git a/contrib/unbound/testdata/ede.tdir/ede.post b/contrib/unbound/testdata/ede.tdir/ede.post deleted file mode 100644 index 88b26f3132a1..000000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.post +++ /dev/null @@ -1,10 +0,0 @@ -# #-- ede.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -# teardown -. ../common.sh -kill_pid $UNBOUND_PID -kill_pid $UNBOUND_PID2
\ No newline at end of file diff --git a/contrib/unbound/testdata/ede.tdir/ede.pre b/contrib/unbound/testdata/ede.tdir/ede.pre deleted file mode 100644 index e5a0667b0e02..000000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.pre +++ /dev/null @@ -1,37 +0,0 @@ -# #-- ede.pre --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -. ../common.sh -get_random_port 2 -UNBOUND_PORT=$RND_PORT -UNBOUND_PORT2=$(($RND_PORT + 1)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "UNBOUND_PORT2=$UNBOUND_PORT2" >> .tpkg.var.test - -# rewrite config file with created ports -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < ede.conf > temp.conf -sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < temp.conf > ub.conf -sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < ede-auth.conf > ub2.conf - -# create broken dnssec zone -bogus/make-broken-zone.sh - -# start unbound in the background -PRE="../.." -$PRE/unbound -d -c ub.conf > unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -# start authoritative unbound in the background -$PRE/unbound -d -c ub2.conf > unbound2.log 2>&1 & -UNBOUND_PID2=$! -echo "UNBOUND_PID2=$UNBOUND_PID2" >> .tpkg.var.test - - -cat .tpkg.var.test -wait_unbound_up unbound.log -wait_unbound_up unbound2.log - diff --git a/contrib/unbound/testdata/ede.tdir/ede.test b/contrib/unbound/testdata/ede.tdir/ede.test deleted file mode 100644 index 5d478bd49cb2..000000000000 --- a/contrib/unbound/testdata/ede.tdir/ede.test +++ /dev/null @@ -1,72 +0,0 @@ -# #-- ede.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - - -# DNSSEC failure: Signature Expired or DNSKEY Missing (depending on the servfail configuration) -dig @127.0.0.1 -p $UNBOUND_PORT servfail.nl > servfail.txt - -# DNSSEC failure: key not incepted -dig @127.0.0.1 -p $UNBOUND_PORT notyetincepted.dnssec-failures.test. TXT +dnssec > sig_notyetincepted.txt - -if ! grep -q -e "OPT=15: 00 08" -e "EDE: 8" sig_notyetincepted.txt -then - echo "Signature not yet valid does not return EDE Signature Not Yet Valid" - cat sig_notyetincepted.txt - exit 1 -fi - -# DNSSEC failure: key expired -dig @127.0.0.1 -p $UNBOUND_PORT expired.dnssec-failures.test. TXT +dnssec > sig_expired.txt - -if ! grep -q -e "OPT=15: 00 07" -e "EDE: 7" sig_expired.txt -then - echo "Expired signature does not return EDE Signature expired" - cat sig_expired.txt - exit 1 -fi - -# DNSSEC failure: missing rrsigs -dig @127.0.0.1 -p $UNBOUND_PORT missingrrsigs.dnssec-failures.test. TXT +dnssec > missingrrsigs.txt - -if ! grep -q -e "OPT=15: 00 0a" -e "EDE: 10" missingrrsigs.txt -then - echo "Expired signature does not return EDE RRSIGs missing" - cat missingrrsigs.txt - exit 1 -fi - -# signed zone with DNSKEY missing -dig @127.0.0.1 -p $UNBOUND_PORT dnskey-failures.test > dnskey-failure.txt - -if ! grep -q -e "OPT=15: 00 09" -e "EDE: 9" dnskey-failure.txt -then - echo "Expired signature does not return EDE DNSKEY missing" - cat dnskey-failure.txt - exit 1 -fi - -# signed zone with RRSIGs missing -dig @127.0.0.1 -p $UNBOUND_PORT rrsig-failures.test > rrsig-failure.txt - -if ! grep -q -e "OPT=15: 00 0a" -e "EDE: 10" rrsig-failure.txt -then - echo "Expired signature does not return EDE RRSIGs missing" - cat rrsig-failure.txt - exit 1 -fi - -# signed zone with NSEC missing -dig @127.0.0.1 -p $UNBOUND_PORT abc.nsec-failures.test > nsec-failure.txt - -if ! grep -q -e "OPT=15: 00 0c" -e "EDE: 12" nsec-failure.txt -then - echo "Expired signature does not return EDE NSEC missing" - cat nsec-failure.txt - exit 1 -fi - - -# @TODO DNSSEC indeterminate when implemented |