X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=test%2Fdnszones-src%2Fdb.example.com;h=683772f773189f11ccfe89933d4b7e21ad9292c2;hb=9f6563c0ee45cfb670a38fb97362abd85b60395f;hp=bc209ce5a6039679906e32b6672deff1c43ce82d;hpb=a163908a12546834f355c40c87b6cb859302b1c6;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/test/dnszones-src/db.example.com b/test/dnszones-src/db.example.com
index bc209ce5a..683772f77 100644
--- a/test/dnszones-src/db.example.com
+++ b/test/dnszones-src/db.example.com
@@ -16,10 +16,37 @@
 ; the use of V4NET and V6NET. These networks should be such that no real
 ; host ever uses them.
 
+; really short neg-cache interval, for testing NXDOMAIN caching
+example.com.     SOA     exim.test.ex. hostmaster.exim.test.ex 1430683638 1200 120 604800 2
+
 example.com.     NS      exim.example.com.
 
+; The real example.com has an SPF record; duplicate that here
+
+example.com.	TXT     v=spf1 -all
+
 ; Alias A record for the local host, under the name "server1"
 
 server1     A       HOSTIPV4
 
+; DANE testing
+
+; a broken dane config where the name does not match in the cert, TA-mode, dane-requested
+; NOTE: the server uses the example.net cert hence the mismatch
+;
+; openssl x509 -in aux-fixed/exim-ca/example.net/CA/CA.pem -fingerprint -sha256 -noout \
+;  | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]'
+;
+;
+DNSSEC danebroken7  A       127.0.0.1
+DNSSEC _1225._tcp.danebroken7 TLSA 2 0 1 3110db5e73708d6fc3ffed8dcd1eef2bcd3c35d8da86ed048a332cb9d9538a0f
+
+; the same, EE-mode
+;
+; openssl x509 -in aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem -noout -pubkey \
+; | openssl pkey -pubin -outform DER | openssl dgst -sha256 | awk '{print $2}'
+;
+DNSSEC danebroken8  A       127.0.0.1
+DNSSEC _1225._tcp.danebroken8 TLSA 3 1 1 5384398f502c423736dcc42295808f7a84769eb96d009816fa077e00bebc768e
+
 ; End