summaryrefslogtreecommitdiff
path: root/test/dnszones-src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2017-05-07 17:40:41 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2017-05-07 18:39:05 +0100
commitce889807c90746896f1310e9f4957215f46f7836 (patch)
tree1ec45758956dcc38985d2bcf8fe31fff71d16044 /test/dnszones-src
parentb7e4352c99fe3dee2af93f06ef0ac74ee355d5ea (diff)
Testsuite: add DANE cases for DNS secure no-TLSA lookups
Diffstat (limited to 'test/dnszones-src')
-rw-r--r--test/dnszones-src/db.test.ex12
1 files changed, 11 insertions, 1 deletions
diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex
index 50bd6b073..f7c9e313b 100644
--- a/test/dnszones-src/db.test.ex
+++ b/test/dnszones-src/db.test.ex
@@ -461,7 +461,8 @@ DNSSEC danelazy2 A 127.0.0.1
DNSSEC _1225._tcp.danelazy CNAME test.again.dns.
DNSSEC _1225._tcp.danelazy2 CNAME test.again.dns.
-; hosts with no TLSA
+; hosts with no TLSA (just missing here, hence the TLSA NXDMAIN is _insecure_; a broken dane config)
+; 1 for dane-required, 2 for merely requested
DNSSEC dane.no.1 A HOSTIPV4
DNSSEC dane.no.2 A 127.0.0.1
@@ -469,6 +470,15 @@ DNSSEC dane.no.2 A 127.0.0.1
DNSSEC danebroken1 A 127.0.0.1
_1225._tcp.danebroken1 CNAME test.fail.dns.
+; a good dns config saying there is no dane support, by securely returning NOXDOMAIN for TLSA lookups
+; 3 for dane-required, 4 for merely requested
+; the TLSA data here is dummy; ignored
+DNSSEC dane.no.3 A HOSTIPV4
+DNSSEC dane.no.4 A 127.0.0.1
+
+DNSSEC NXDOMAIN _1225._tcp.dane.no.3 TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741
+DNSSEC NXDOMAIN _1225._tcp.dane.no.4 TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741
+
; ------- Testing delays ------------
DELAY=500 delay500 A HOSTIPV4
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-14 20:59:22 +0000