• Vladimír Čunát's avatar
    val_ta_sentinel_insecure: fix problem with NTA · 31445c99
    Vladimír Čunát authored
    It didn't work properly due to negative trust anchor being outside a
    zone cut, so I move the tested names to an unsigned zone.
    root.db: the only real change was addition of "unsigned." delegation,
    causing root-key-sentinel-not-ta-48409.test. NSEC to get modified.
    The other changes are just reordering and drops of "resign=" lines;
    I'm not sure why dnssec-signzone decided to do such changes.
    (I didn't put the unsigned. zone into any zone file.)
val_ta_sentinel_insecure.rpl 12.9 KB