xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/mkeys/README (revision 6db267571823ee3b0a1d61478df085a087f2e990)
1Copyright (C) Internet Systems Consortium, Inc. ("ISC")
2
3SPDX-License-Identifier: MPL-2.0
4
5This Source Code Form is subject to the terms of the Mozilla Public
6License, v. 2.0.  If a copy of the MPL was not distributed with this
7file, you can obtain one at https://mozilla.org/MPL/2.0/.
8
9See the COPYRIGHT file distributed with this work for additional
10information regarding copyright ownership.
11
12This is for testing RFC 5011 Automated Updates of DNSSEC Trust Anchors.
13
14ns1 is the root server that offers new KSKs and hosts one record for
15testing. The TTL for the zone's records is 2 seconds.
16
17ns2 is a validator that uses managed keys.  "-T mkeytimers=2/20/40"
18is used so it will attempt do automated updates frequently. "-T tat=1"
19is used so it will send TAT queries once per second.
20
21ns3 is a validator with a broken initializing key in trust-anchors.
22
23ns4 is a validator with a deliberately broken managed-keys.bind and
24managed-keys.jnl, causing RFC 5011 initialization to fail.
25
26ns5 is a validator which is prevented from getting a response from the
27root server, causing key refresh queries to fail.
28
29ns6 is a validator which has unsupported algorithms, one at start up,
30one because of an algorithm rollover.
31
32ns7 is a validator with multiple views configured.  It is used for
33testing per-view rndc commands and checking interactions between options
34related to and potentially affecting RFC 5011 processing.
35