sed '/EUI/s/^/;/g' < example.com > example.com.nsd
}
+bindfix ()
+{
+ sed -e 's/"A very .*"/"shorter"/' < test.com > test.com.bind
+ sed -e '/EUI/s/^/;/g' -e '/host\.\*\.sub/s/^/;/g' < example.com > example.com.bind
+}
+
tonsd ()
{
cat > nsd.conf << __EOF__
nsdc -c nsd.conf rebuild
}
+
+
+tobind ()
+{
+ cat > bind.conf << __EOF__
+options {
+ dnssec-enable yes;
+ listen-on port $port { 127.0.0.1; };
+ pid-file "pdns.pid";
+};
+__EOF__
+
+ rm -f K*
+ rm -f *.bind
+
+ bindfix
+
+ for zone in $(grep zone named.conf | cut -f2 -d\")
+ do
+ if [ "$1" != "unsigned" ]
+ then
+ if [ ! "${zone: 0:16}" = "secure-delegated" ]
+ then
+ ksk=$(dnssec-keygen -r/dev/urandom -f KSK -a RSASHA256 -b 2048 -n ZONE $zone)
+ else
+ cp secure-delegated.dnssec-parent.com.private Ksecure-delegated.dnssec-parent.com.+008+54319.private
+ cp secure-delegated.dnssec-parent.com.key Ksecure-delegated.dnssec-parent.com.+008+54319.key
+ ksk="Ksecure-delegated.dnssec-parent.com.+008+54319"
+ fi
+ zsk=$(dnssec-keygen -r/dev/urandom -a RSASHA256 -b 1024 -n ZONE $zone)
+ fi
+
+ if [ ! -f $zone.bind ]
+ then
+ cp $zone $zone.bind
+ fi
+
+ echo "\$include $ksk.key ; KSK" >> $zone.bind
+ echo "\$include $zsk.key ; ZSK" >> $zone.bind
+
+ case $1 in
+ nsec)
+ dnssec-signzone -o $zone -f $zone.signed $zone.bind
+ ;;
+ nsec3)
+ dnssec-signzone -3 abcd -H 1 -o $zone -f $zone.signed $zone.bind
+ ;;
+ nsec3-optout)
+ dnssec-signzone -3 abcd -H 1 -A -o $zone -f $zone.signed $zone.bind
+ if [ "$zone" = "dnssec-parent.com" ]
+ then
+ echo "insecure.dnssec-parent.com. IN NS ns.insecure.dnssec-parent.com." >> ${zone}.signed
+ fi
+ ;;
+ unsigned)
+ cp ${zonefile} ${zone}.signed
+ ;;
+ *)
+ echo 'tonsd called with wrong param'
+ exit 1
+ esac
+ echo "" >> bind.conf
+ echo "zone \"${zone}\" {" >> bind.conf
+ echo " type master;" >> bind.conf
+ echo " file \"${zone}.signed\";" >> bind.conf
+ echo "};" >> bind.conf
+ done
+}
+
+
+
tosql ()
{
make -C ../pdns/backends/bind zone2sql > /dev/null
Usage: ./start-test-stop <port> [<context>] [wait|nowait] [<cachettl>] [<specifictest>]
context is one of:
-ext-nsd ext-nsd-nsec ext-nsd-nsec3
+ext-nsd ext-nsd-nsec ext-nsd-nsec3 ext-bind ext-bind-nsec ext-bind-nsec3
bind bind-dnssec bind-dnssec-nsec3 bind-dnssec-nsec3-optout bind-dnssec-nsec3-narrow
gmysql-nodnssec gmysql gmysql-nsec3 gmysql-nsec3-optout gmysql-nsec3-narrow
gpgsql-nodnssec gpgsql gpgsql-nsec3
#remotebackend-pipe-nsec3 remotebackend-unix-nsec3 remotebackend-http-nsec3
#remotebackend-pipe-nsec3-narrow remotebackend-unix-nsec3-narrow remotebackend-http-nsec3-narrow
-add -presigned to any ext-nsd bind, gmysql or gsqlite3 test (except narrow)
+add -presigned to any ext-nsd, ext-bind, bind, gmysql or gsqlite3 test (except narrow)
to test presigned operation
* Add 'wait' (literally) after the context to not kill
sleep 5
;;
+ ext-bind | ext-bind-nsec | ext-bind-nsec3 | ext-bind-nsec3-optout)
+ case $context in
+ ext-bind)
+ tobind unsigned
+ extracontexts="extbind"
+ skipreasons="bind nodnssec nodyndns"
+ ;;
+ ext-bind-nsec)
+ tobind nsec
+ extracontexts="extbind dnssec"
+ skipreasons="bind nodyndns"
+ ;;
+ ext-bind-nsec3)
+ tobind nsec3
+ extracontexts="extbind dnssec nsec3"
+ skipreasons="bind nsec3 nodyndns"
+ ;;
+ ext-bind-nsec3-optout)
+ tobind nsec3-optout
+ extracontexts="extbind dnssec nsec3 nsec3-optout"
+ skipreasons="bind optout nodyndns"
+ ;;
+ esac
+ named -c bind.conf -f &
+ sleep 5
+ ;;
+
bind)
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=bind --bind-config=./named.conf \
if [ $presigned = yes ]
then
skipreasons="$skipreasons presigned nodyndns"
- if [ ${context:0:6} = gmysql ] | [ ${context:0:7} = ext-nsd ]
+ if [ ${context:0:6} = gmysql ] | [ ${context:0:7} = ext-nsd ] | [ ${context:0:8} = ext-bind ]
then
context=${context}-presigned
[ -z "$GMYSQL2DB" ] && GMYSQL2DB=pdnstest2
projects / pdns / commitdiff