1#!/bin/sh -e 2# 3# Copyright (C) 2004, 2006-2012 Internet Systems Consortium, Inc. ("ISC") 4# Copyright (C) 2000-2002 Internet Software Consortium. 5# 6# Permission to use, copy, modify, and/or distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16# PERFORMANCE OF THIS SOFTWARE. 17 18# $Id$ 19 20SYSTEMTESTTOP=../.. 21. $SYSTEMTESTTOP/conf.sh 22 23RANDFILE=../random.data 24 25zone=secure.example. 26infile=secure.example.db.in 27zonefile=secure.example.db 28 29keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` 30 31cat $infile $keyname.key >$zonefile 32 33$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 34 35zone=bogus.example. 36infile=bogus.example.db.in 37zonefile=bogus.example.db 38 39keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` 40 41cat $infile $keyname.key >$zonefile 42 43$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 44 45zone=dynamic.example. 46infile=dynamic.example.db.in 47zonefile=dynamic.example.db 48 49keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` 50keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone` 51 52cat $infile $keyname1.key $keyname2.key >$zonefile 53 54$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 55 56zone=keyless.example. 57infile=keyless.example.db.in 58zonefile=keyless.example.db 59 60keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` 61 62cat $infile $keyname.key >$zonefile 63 64$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 65 66# Change the signer field of the a.b.keyless.example SIG A 67# to point to a provably nonexistent KEY record. 68mv $zonefile.signed $zonefile.tmp 69<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/ 70 if /^a.b.keyless.example/../NXT/;' >$zonefile.signed 71rm -f $zonefile.tmp 72 73# 74# NSEC3/NSEC test zone 75# 76zone=secure.nsec3.example. 77infile=secure.nsec3.example.db.in 78zonefile=secure.nsec3.example.db 79 80keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` 81 82cat $infile $keyname.key >$zonefile 83 84$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 85 86# 87# NSEC3/NSEC3 test zone 88# 89zone=nsec3.nsec3.example. 90infile=nsec3.nsec3.example.db.in 91zonefile=nsec3.nsec3.example.db 92 93keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 94 95cat $infile $keyname.key >$zonefile 96 97$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 98 99# 100# OPTOUT/NSEC3 test zone 101# 102zone=optout.nsec3.example. 103infile=optout.nsec3.example.db.in 104zonefile=optout.nsec3.example.db 105 106keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 107 108cat $infile $keyname.key >$zonefile 109 110$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 111 112# 113# A nsec3 zone (non-optout). 114# 115zone=nsec3.example. 116infile=nsec3.example.db.in 117zonefile=nsec3.example.db 118 119keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 120 121cat $infile $keyname.key >$zonefile 122 123$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 124 125# 126# OPTOUT/NSEC test zone 127# 128zone=secure.optout.example. 129infile=secure.optout.example.db.in 130zonefile=secure.optout.example.db 131 132keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` 133 134cat $infile $keyname.key >$zonefile 135 136$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 137 138# 139# OPTOUT/NSEC3 test zone 140# 141zone=nsec3.optout.example. 142infile=nsec3.optout.example.db.in 143zonefile=nsec3.optout.example.db 144 145keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 146 147cat $infile $keyname.key >$zonefile 148 149$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 150 151# 152# OPTOUT/OPTOUT test zone 153# 154zone=optout.optout.example. 155infile=optout.optout.example.db.in 156zonefile=optout.optout.example.db 157 158keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 159 160cat $infile $keyname.key >$zonefile 161 162$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 163 164# 165# A optout nsec3 zone. 166# 167zone=optout.example. 168infile=optout.example.db.in 169zonefile=optout.example.db 170 171keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 172 173cat $infile $keyname.key >$zonefile 174 175$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 176 177# 178# A nsec3 zone (non-optout) with unknown hash algorithm. 179# 180zone=nsec3-unknown.example. 181infile=nsec3-unknown.example.db.in 182zonefile=nsec3-unknown.example.db 183 184keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 185 186cat $infile $keyname.key >$zonefile 187 188$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 189 190# 191# A optout nsec3 zone. 192# 193zone=optout-unknown.example. 194infile=optout-unknown.example.db.in 195zonefile=optout-unknown.example.db 196 197keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 198 199cat $infile $keyname.key >$zonefile 200 201$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 202 203# 204# A multiple parameter nsec3 zone. 205# 206zone=multiple.example. 207infile=multiple.example.db.in 208zonefile=multiple.example.db 209 210keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` 211 212cat $infile $keyname.key >$zonefile 213 214$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 215mv $zonefile.signed $zonefile 216$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 217mv $zonefile.signed $zonefile 218$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 219mv $zonefile.signed $zonefile 220$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 221mv $zonefile.signed $zonefile 222$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 223mv $zonefile.signed $zonefile 224$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 225 226# 227# A RSASHA256 zone. 228# 229zone=rsasha256.example. 230infile=rsasha256.example.db.in 231zonefile=rsasha256.example.db 232 233keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone` 234 235cat $infile $keyname.key >$zonefile 236 237$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 238 239# 240# A RSASHA512 zone. 241# 242zone=rsasha512.example. 243infile=rsasha512.example.db.in 244zonefile=rsasha512.example.db 245 246keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone` 247 248cat $infile $keyname.key >$zonefile 249 250$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 251 252# 253# A zone with the DNSKEY set only signed by the KSK 254# 255zone=kskonly.example. 256infile=kskonly.example.db.in 257zonefile=kskonly.example.db 258 259kskname=`$KEYGEN -q -r $RANDFILE -fk $zone` 260zskname=`$KEYGEN -q -r $RANDFILE $zone` 261cat $infile $kskname.key $zskname.key >$zonefile 262$SIGNER -x -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 263 264# 265# A zone with the expired signatures 266# 267zone=expired.example. 268infile=expired.example.db.in 269zonefile=expired.example.db 270 271kskname=`$KEYGEN -q -r $RANDFILE -fk $zone` 272zskname=`$KEYGEN -q -r $RANDFILE $zone` 273cat $infile $kskname.key $zskname.key >$zonefile 274$SIGNER -P -r $RANDFILE -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1 275rm -f $kskname.* $zskname.* 276 277# 278# A NSEC3 signed zone that will have a DNSKEY added to it via UPDATE. 279# 280zone=update-nsec3.example. 281infile=update-nsec3.example.db.in 282zonefile=update-nsec3.example.db 283 284kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone` 285zskname=`$KEYGEN -q -3 -r $RANDFILE $zone` 286cat $infile $kskname.key $zskname.key >$zonefile 287$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 288 289# 290# A NSEC signed zone that will have auto-dnssec enabled and 291# extra keys not in the initial signed zone. 292# 293zone=auto-nsec.example. 294infile=auto-nsec.example.db.in 295zonefile=auto-nsec.example.db 296 297kskname=`$KEYGEN -q -r $RANDFILE -fk $zone` 298zskname=`$KEYGEN -q -r $RANDFILE $zone` 299kskname=`$KEYGEN -q -r $RANDFILE -fk $zone` 300zskname=`$KEYGEN -q -r $RANDFILE $zone` 301cat $infile $kskname.key $zskname.key >$zonefile 302$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 303 304# 305# A NSEC3 signed zone that will have auto-dnssec enabled and 306# extra keys not in the initial signed zone. 307# 308zone=auto-nsec3.example. 309infile=auto-nsec3.example.db.in 310zonefile=auto-nsec3.example.db 311 312kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone` 313zskname=`$KEYGEN -q -3 -r $RANDFILE $zone` 314kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone` 315zskname=`$KEYGEN -q -3 -r $RANDFILE $zone` 316cat $infile $kskname.key $zskname.key >$zonefile 317$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 318 319# 320# Secure below cname test zone. 321# 322zone=secure.below-cname.example. 323infile=secure.below-cname.example.db.in 324zonefile=secure.below-cname.example.db 325keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` 326cat $infile $keyname.key >$zonefile 327$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1 328 329# 330# Patched TTL test zone. 331# 332zone=ttlpatch.example. 333infile=ttlpatch.example.db.in 334zonefile=ttlpatch.example.db 335signedfile=ttlpatch.example.db.signed 336patchedfile=ttlpatch.example.db.patched 337 338keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` 339cat $infile $keyname.key >$zonefile 340 341$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1 342$CHECKZONE -D -s full $zone $signedfile 2> /dev/null | \ 343 awk '{$2 = "3600"; print}' > $patchedfile 344 345zone="expiring.example." 346infile="expiring.example.db.in" 347zonefile="expiring.example.db" 348signedfile="expiring.example.db.signed" 349kskname=`$KEYGEN -q -r $RANDFILE $zone` 350zskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone` 351cp $infile $zonefile 352$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1 353rm -f ${zskname}.private ${kskname}.private 354