Skip to content
Snippets Groups Projects
Commit 17c77f4c authored by Jan Včelák's avatar Jan Včelák :rocket:
Browse files

tests-extra: DNSSEC Single-Type Signing Schema

parent 844b53a3
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
tests-extra/tests/dnssec/single_type_signing/test.py 0 → 100644
+ 36
0
View file @ 17c77f4c
#!/usr/bin/env python3
"""
DNSSEC Single-Type Signing Scheme, RFC 6781
"""
from dnstest.utils import *
from dnstest.test import Test
t = Test()
knot = t.server("knot")
zones = t.zone_rnd(3, dnssec=False, records=10)
t.link(zones, knot)
t.start()
# one KSK
knot.gen_key(zones[0], ksk=True, alg="RSASHA256", key_len="512")
# one ZSK
knot.gen_key(zones[1], ksk=False, alg="RSASHA512", key_len="1024")
# multiple KSKs
knot.gen_key(zones[2], ksk=True, alg="RSASHA512", key_len="1024")
knot.gen_key(zones[2], ksk=True, alg="RSASHA256", key_len="512")
knot.dnssec_enable = True
knot.gen_confile()
knot.reload()
t.sleep(2)
knot.flush()
t.sleep(2)
knot.stop()
for zone in zones:
knot.zone_verify(zone)
t.end()
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment