automatic import of bind

author: CoprDistGit <infra@openeuler.org> 2023-08-20 03:32:50 +0000
committer: CoprDistGit <infra@openeuler.org> 2023-08-20 03:32:50 +0000
commit: 2847c413880322cd66177f0edbd1d8c2bb8c2733 (patch)
tree: 1450935150f579bab832ca5ef012fed37e173311 /bind-9.11-fips-tests.patch
parent: a0619d67dc05822e0ba3e196a8d7ebc1c4c25bff (diff)
1 files changed, 921 insertions, 0 deletions
diff --git a/bind-9.11-fips-tests.patch b/bind-9.11-fips-tests.patch
new file mode 100644
index 0000000..19f91b1
--- /dev/null
+++ b/bind-9.11-fips-tests.patch
@@ -0,0 +1,921 @@
+From 3f04cf343dbeb8819197702ce1be737e26e0638a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Thu, 2 Aug 2018 23:46:45 +0200
+Subject: [PATCH] FIPS tests changes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Squashed commit of the following:
+
+commit 09e5eb48698d4fef2fc1031870de86c553b6bfaa
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Wed Mar 7 20:35:13 2018 +0100
+
+    Fix nsupdate test. Do not use md5 by default for rndc, skip gracefully md5 if not available.
+
+commit ab303db70082db76ecf36493d0b82ef3e8750cad
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Wed Mar 7 18:11:10 2018 +0100
+
+    Changed root key to be RSASHA256
+
+    Change bad trusted key to be the same algorithm.
+
+commit 88ab07c0e14cc71247e1f9d11a1ea832b64c1ee8
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Wed Mar 7 16:56:17 2018 +0100
+
+    Change used key to not use hmac-md5
+
+    Fix upforwd test, do not use hmac-md5
+
+commit aec891571626f053acfb4d0a247240cbc21a84e9
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Wed Mar 7 15:54:11 2018 +0100
+
+    Increase bitsize of DSA key to pass FIPS 140-2 mode.
+
+commit bca8e164fa0d9aff2f946b8b4eb0f1f7e0bf6696
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Wed Mar 7 15:41:08 2018 +0100
+
+    Fix tsig and rndc tests for disabled md5
+
+    Use hmac-sha256 instead of hmac-md5.
+
+commit 0d314c1ab6151aa13574a21ad22f28d3b7f42a67
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Wed Mar 7 13:21:00 2018 +0100
+
+    Add md5 availability detection to featuretest
+
+commit f389a918803e2853e4b55fed62765dc4a492e34f
+Author: Petr Menšík <pemensik@redhat.com>
+Date:   Wed Mar 7 10:44:23 2018 +0100
+
+    Change tests to not use hmac-md5 algorithms if not required
+
+    Use hmac-sha256 instead of default hmac-md5 for allow-query
+---
+ bin/tests/system/acl/ns2/named1.conf.in       |  4 +-
+ bin/tests/system/acl/ns2/named2.conf.in       |  4 +-
+ bin/tests/system/acl/ns2/named3.conf.in       |  6 +-
+ bin/tests/system/acl/ns2/named4.conf.in       |  4 +-
+ bin/tests/system/acl/ns2/named5.conf.in       |  4 +-
+ bin/tests/system/acl/tests.sh                 | 32 ++++-----
+ .../system/allow-query/ns2/named10.conf.in    |  2 +-
+ .../system/allow-query/ns2/named11.conf.in    |  4 +-
+ .../system/allow-query/ns2/named12.conf.in    |  2 +-
+ .../system/allow-query/ns2/named30.conf.in    |  2 +-
+ .../system/allow-query/ns2/named31.conf.in    |  4 +-
+ .../system/allow-query/ns2/named32.conf.in    |  2 +-
+ .../system/allow-query/ns2/named40.conf.in    |  4 +-
+ bin/tests/system/allow-query/tests.sh         | 18 ++---
+ bin/tests/system/catz/ns1/named.conf.in       |  2 +-
+ bin/tests/system/catz/ns2/named.conf.in       |  2 +-
+ bin/tests/system/checkconf/bad-tsig.conf      |  2 +-
+ bin/tests/system/checkconf/good.conf          |  2 +-
+ bin/tests/system/feature-test.c               | 14 ++++
+ bin/tests/system/notify/ns5/named.conf.in     |  6 +-
+ bin/tests/system/notify/tests.sh              |  6 +-
+ bin/tests/system/nsupdate/ns1/named.conf.in   |  2 +-
+ bin/tests/system/nsupdate/ns2/named.conf.in   |  2 +-
+ bin/tests/system/nsupdate/setup.sh            |  6 +-
+ bin/tests/system/nsupdate/tests.sh            | 15 +++--
+ bin/tests/system/rndc/setup.sh                |  2 +-
+ bin/tests/system/rndc/tests.sh                | 23 ++++---
+ bin/tests/system/tsig/ns1/named.conf.in       | 10 +--
+ bin/tests/system/tsig/ns1/rndc5.conf.in       | 10 +++
+ bin/tests/system/tsig/setup.sh                |  5 ++
+ bin/tests/system/tsig/tests.sh                | 65 ++++++++++++-------
+ bin/tests/system/upforwd/ns1/named.conf.in    |  2 +-
+ bin/tests/system/upforwd/tests.sh             |  2 +-
+ 33 files changed, 162 insertions(+), 108 deletions(-)
+ create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
+diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
+index 745048a..93cb411 100644
+--- a/bin/tests/system/acl/ns2/named1.conf.in
++++ b/bin/tests/system/acl/ns2/named1.conf.in
+@@ -35,12 +35,12 @@ options {
+ };
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key two {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
+index 21aa991..78e71cc 100644
+--- a/bin/tests/system/acl/ns2/named2.conf.in
++++ b/bin/tests/system/acl/ns2/named2.conf.in
+@@ -35,12 +35,12 @@ options {
+ };
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key two {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
+index 3208c92..bed6325 100644
+--- a/bin/tests/system/acl/ns2/named3.conf.in
++++ b/bin/tests/system/acl/ns2/named3.conf.in
+@@ -35,17 +35,17 @@ options {
+ };
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key two {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key three {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
+index 14e82ed..a22cafe 100644
+--- a/bin/tests/system/acl/ns2/named4.conf.in
++++ b/bin/tests/system/acl/ns2/named4.conf.in
+@@ -35,12 +35,12 @@ options {
+ };
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key two {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
+index f43f33c..f4a865a 100644
+--- a/bin/tests/system/acl/ns2/named5.conf.in
++++ b/bin/tests/system/acl/ns2/named5.conf.in
+@@ -37,12 +37,12 @@ options {
+ };
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key two {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
+index e30569e..edd2155 100644
+--- a/bin/tests/system/acl/tests.sh
++++ b/bin/tests/system/acl/tests.sh
+@@ -24,14 +24,14 @@ echo_i "testing basic ACL processing"
+ # key "one" should fail
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ 
+ 
+ # any other key should be fine
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ 
+ copy_setports ns2/named2.conf.in ns2/named.conf
+@@ -41,18 +41,18 @@ sleep 5
+ # prefix 10/8 should fail
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ 
+ # any other address should work, as long as it sends key "one"
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ 
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ 
+ echo_i "testing nested ACL processing"
+@@ -64,31 +64,31 @@ sleep 5
+ # should succeed
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ 
+ # should succeed
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ 
+ # should succeed
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ 
+ # should succeed
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ 
+ # but only one or the other should fail
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ 
+ t=`expr $t + 1`
+@@ -99,7 +99,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
+ # and other values? right out
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:three:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ 
+ # now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
+@@ -110,31 +110,31 @@ sleep 5
+ # should succeed
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ 
+ # should succeed
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
+ 
+ # should fail
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ 
+ # should fail
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ 
+ # should fail
+ t=`expr $t + 1`
+ $DIG $DIGOPTS tsigzone. \
+-	@10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t}
++	@10.53.0.2 -b 10.53.0.3 axfr -y hmac-sha256:one:1234abcd8765 > dig.out.${t}
+ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
+ 
+ echo_i "testing allow-query-on ACL processing"
+diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
+index b91d19a..7d777c2 100644
+--- a/bin/tests/system/allow-query/ns2/named10.conf.in
++++ b/bin/tests/system/allow-query/ns2/named10.conf.in
+@@ -12,7 +12,7 @@
+  */
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
+index 308c4ca..00f6f40 100644
+--- a/bin/tests/system/allow-query/ns2/named11.conf.in
++++ b/bin/tests/system/allow-query/ns2/named11.conf.in
+@@ -12,12 +12,12 @@
+  */
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key two {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234efgh8765";
+ };
+ 
+diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
+index 6b0fe55..491e514 100644
+--- a/bin/tests/system/allow-query/ns2/named12.conf.in
++++ b/bin/tests/system/allow-query/ns2/named12.conf.in
+@@ -12,7 +12,7 @@
+  */
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
+index aefc474..7c06596 100644
+--- a/bin/tests/system/allow-query/ns2/named30.conf.in
++++ b/bin/tests/system/allow-query/ns2/named30.conf.in
+@@ -12,7 +12,7 @@
+  */
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
+index 27eccc2..eecb990 100644
+--- a/bin/tests/system/allow-query/ns2/named31.conf.in
++++ b/bin/tests/system/allow-query/ns2/named31.conf.in
+@@ -12,12 +12,12 @@
+  */
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key two {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234efgh8765";
+ };
+ 
+diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
+index adbb203..744d122 100644
+--- a/bin/tests/system/allow-query/ns2/named32.conf.in
++++ b/bin/tests/system/allow-query/ns2/named32.conf.in
+@@ -12,7 +12,7 @@
+  */
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
+index 364f94b..9518f82 100644
+--- a/bin/tests/system/allow-query/ns2/named40.conf.in
++++ b/bin/tests/system/allow-query/ns2/named40.conf.in
+@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
+ acl badaccept { 10.53.0.1; };
+ 
+ key one {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234abcd8765";
+ };
+ 
+ key two {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "1234efgh8765";
+ };
+ 
+diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
+index 41c7bb7..9d121b3 100644
+--- a/bin/tests/system/allow-query/tests.sh
++++ b/bin/tests/system/allow-query/tests.sh
+@@ -184,7 +184,7 @@ rndc_reload ns2 10.53.0.2
+ 
+ echo_i "test $n: key allowed - query allowed"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
+ grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+@@ -197,7 +197,7 @@ rndc_reload ns2 10.53.0.2
+ 
+ echo_i "test $n: key not allowed - query refused"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
+ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+@@ -210,7 +210,7 @@ rndc_reload ns2 10.53.0.2
+ 
+ echo_i "test $n: key disallowed - query refused"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
+ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+@@ -343,7 +343,7 @@ rndc_reload ns2 10.53.0.2
+ 
+ echo_i "test $n: views key allowed - query allowed"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
+ grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+@@ -356,7 +356,7 @@ rndc_reload ns2 10.53.0.2
+ 
+ echo_i "test $n: views key not allowed - query refused"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
+ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+@@ -369,7 +369,7 @@ rndc_reload ns2 10.53.0.2
+ 
+ echo_i "test $n: views key disallowed - query refused"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
+ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+@@ -502,7 +502,7 @@ status=`expr $status + $ret`
+ n=`expr $n + 1`
+ echo_i "test $n: zone key allowed - query allowed"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
+ grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+@@ -512,7 +512,7 @@ status=`expr $status + $ret`
+ n=`expr $n + 1`
+ echo_i "test $n: zone key not allowed - query refused"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
+ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+@@ -522,7 +522,7 @@ status=`expr $status + $ret`
+ n=`expr $n + 1`
+ echo_i "test $n: zone key disallowed - query refused"
+ ret=0
+-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
++$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
+ grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
+ grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
+index 4af25b0..9f202d5 100644
+--- a/bin/tests/system/checkconf/bad-tsig.conf
++++ b/bin/tests/system/checkconf/bad-tsig.conf
+@@ -13,7 +13,7 @@
+ 
+ /* Bad secret */
+ key "badtsig" {
+-	algorithm hmac-md5;
++	algorithm hmac-sha256;
+ 	secret "jEdD+BPKg==";
+ };
+ 
+diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
+index 0ecdb68..90b8ab3 100644
+--- a/bin/tests/system/checkconf/good.conf
++++ b/bin/tests/system/checkconf/good.conf
+@@ -284,6 +284,6 @@ dyndb "name" "library.so" {
+ 	system;
+ };
+ key "mykey" {
+-	algorithm "hmac-md5";
++	algorithm "hmac-sha256";
+ 	secret "qwertyuiopasdfgh";
+ };
+diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
+index 161a80c..c386200 100644
+--- a/bin/tests/system/feature-test.c
++++ b/bin/tests/system/feature-test.c
+@@ -17,6 +17,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ 
++#include <isc/md.h>
+ #include <isc/net.h>
+ #include <isc/print.h>
+ #include <isc/util.h>
+@@ -195,6 +196,19 @@ main(int argc, char **argv) {
+ #endif /* ifdef DLZ_FILESYSTEM */
+ 	}
+ 
++	if (strcmp(argv[1], "--md5") == 0) {
++		unsigned char digest[ISC_MAX_MD_SIZE];
++		const unsigned char test[] = "test";
++		unsigned int size = sizeof(digest);
++
++		if (isc_md(ISC_MD_MD5, test, sizeof(test),
++		           digest, &size) == ISC_R_SUCCESS) {
++			return (0);
++		} else {
++			return (1);
++		}
++	}
++
+ 	if (strcmp(argv[1], "--with-idn") == 0) {
+ #ifdef HAVE_LIBIDN2
+ 		return (0);
+diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
+index 5cab276..d4a7bf3 100644
+--- a/bin/tests/system/notify/ns5/named.conf.in
++++ b/bin/tests/system/notify/ns5/named.conf.in
+@@ -12,17 +12,17 @@
+  */
+ 
+ key "a" {
+-	algorithm "hmac-md5";
++	algorithm "hmac-sha256";
+ 	secret "aaaaaaaaaaaaaaaaaaaa";
+ };
+ 
+ key "b" {
+-	algorithm "hmac-md5";
++	algorithm "hmac-sha256";
+ 	secret "bbbbbbbbbbbbbbbbbbbb";
+ };
+ 
+ key "c" {
+-	algorithm "hmac-md5";
++	algorithm "hmac-sha256";
+ 	secret "cccccccccccccccccccc";
+ };
+ 
+diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
+index c02654e..0453a87 100644
+--- a/bin/tests/system/notify/tests.sh
++++ b/bin/tests/system/notify/tests.sh
+@@ -214,16 +214,16 @@ ret=0
+ $NSUPDATE << EOF
+ server 10.53.0.5 ${PORT}
+ zone x21
+-key a aaaaaaaaaaaaaaaaaaaa
++key hmac-sha256:a aaaaaaaaaaaaaaaaaaaa
+ update add added.x21 0 in txt "test string"
+ send
+ EOF
+ 
+ for i in 1 2 3 4 5 6 7 8 9
+ do
+-	$DIG $DIGOPTS added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
++	$DIG $DIGOPTS added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
+ 		txt > dig.out.b.ns5.test$n || ret=1
+-	$DIG $DIGOPTS added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
++	$DIG $DIGOPTS added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
+ 		txt > dig.out.c.ns5.test$n || ret=1
+ 	grep "test string" dig.out.b.ns5.test$n > /dev/null &&
+ 	grep "test string" dig.out.c.ns5.test$n > /dev/null &&
+diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
+index a5cc36d..7bb8923 100644
+--- a/bin/tests/system/nsupdate/ns1/named.conf.in
++++ b/bin/tests/system/nsupdate/ns1/named.conf.in
+@@ -40,7 +40,7 @@ controls {
+ };
+ 
+ key altkey {
+-	algorithm hmac-md5;
++	algorithm hmac-sha512;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
+index f1a1735..da2b3d1 100644
+--- a/bin/tests/system/nsupdate/ns2/named.conf.in
++++ b/bin/tests/system/nsupdate/ns2/named.conf.in
+@@ -34,7 +34,7 @@ controls {
+ };
+ 
+ key altkey {
+-	algorithm hmac-md5;
++	algorithm hmac-sha512;
+ 	secret "1234abcd8765";
+ };
+ 
+diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
+index c9a756e..fac39d4 100644
+--- a/bin/tests/system/nsupdate/setup.sh
++++ b/bin/tests/system/nsupdate/setup.sh
+@@ -73,7 +73,11 @@ EOF
+ 
+ $DDNSCONFGEN -q -z example.nil > ns1/ddns.key
+ 
+-$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
++if $FEATURETEST --md5; then
++	$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
++else
++	echo -n > ns1/md5.key
++fi
+ $DDNSCONFGEN -q -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
+ $DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
+ $DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
+diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
+index 67ffc27..c554a3f 100755
+--- a/bin/tests/system/nsupdate/tests.sh
++++ b/bin/tests/system/nsupdate/tests.sh
+@@ -852,7 +852,14 @@ fi
+ n=$((n + 1))
+ ret=0
+ echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
+-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
++if $FEATURETEST --md5
++then
++	ALGS="md5 sha1 sha224 sha256 sha384 sha512"
++else
++	ALGS="sha1 sha224 sha256 sha384 sha512"
++	echo_i "skipping disabled md5 algorithm"
++fi
++for alg in $ALGS; do
+     $NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
+ server 10.53.0.1 ${PORT}
+ update add ${alg}.keytests.nil. 600 A 10.10.10.3
+@@ -860,7 +867,7 @@ send
+ END
+ done
+ sleep 2
+-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
++for alg in $ALGS; do
+     $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
+ done
+ if [ $ret -ne 0 ]; then
+@@ -871,7 +878,7 @@ fi
+ n=$((n + 1))
+ ret=0
+ echo_i "check TSIG key algorithms (nsupdate -y) ($n)"
+-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
++for alg in $ALGS; do
+     secret=$(sed -n 's/.*secret "\(.*\)";.*/\1/p' ns1/${alg}.key)
+     $NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" <<END > /dev/null || ret=1
+ server 10.53.0.1 ${PORT}
+@@ -880,7 +887,7 @@ send
+ END
+ done
+ sleep 2
+-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
++for alg in $ALGS; do
+     $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.50 > /dev/null 2>&1 || ret=1
+ done
+ if [ $ret -ne 0 ]; then
+diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
+index e7df6e4..7292818 100644
+--- a/bin/tests/system/rndc/setup.sh
++++ b/bin/tests/system/rndc/setup.sh
+@@ -40,7 +40,7 @@ make_key () {
+             sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
+ }
+ 
+-make_key 1 ${EXTRAPORT1} hmac-md5
++$FEATURETEST --md5 && make_key 1 ${EXTRAPORT1} hmac-md5
+ make_key 2 ${EXTRAPORT2} hmac-sha1
+ make_key 3 ${EXTRAPORT3} hmac-sha224
+ make_key 4 ${EXTRAPORT4} hmac-sha256
+diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
+index 43e89d3..c2ee158 100644
+--- a/bin/tests/system/rndc/tests.sh
++++ b/bin/tests/system/rndc/tests.sh
+@@ -351,15 +351,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=`expr $status + $ret`
+ 
+ n=`expr $n + 1`
+-echo_i "testing rndc with hmac-md5 ($n)"
+-ret=0
+-$RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
+-for i in 2 3 4 5 6
+-do
+-        $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
+-done
+-if [ $ret != 0 ]; then echo_i "failed"; fi
+-status=`expr $status + $ret`
++if $FEATURETEST --md5
++then
++	echo_i "testing rndc with hmac-md5 ($n)"
++	ret=0
++	$RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
++	for i in 2 3 4 5 6
++	do
++		$RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
++	done
++	if [ $ret != 0 ]; then echo_i "failed"; fi
++	status=`expr $status + $ret`
++else
++	echo_i "skipping rndc with hmac-md5 ($n)"
++fi
+ 
+ n=`expr $n + 1`
+ echo_i "testing rndc with hmac-sha1 ($n)"
+diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
+index 76cf970..22637af 100644
+--- a/bin/tests/system/tsig/ns1/named.conf.in
++++ b/bin/tests/system/tsig/ns1/named.conf.in
+@@ -23,10 +23,7 @@ options {
+ 	notify no;
+ };
+ 
+-key "md5" {
+-	secret "97rnFx24Tfna4mHPfgnerA==";
+-	algorithm hmac-md5;
+-};
++# md5 key appended by setup.sh at the end
+ 
+ key "sha1" {
+ 	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+@@ -53,10 +50,7 @@ key "sha512" {
+ 	algorithm hmac-sha512;
+ };
+ 
+-key "md5-trunc" {
+-	secret "97rnFx24Tfna4mHPfgnerA==";
+-	algorithm hmac-md5-80;
+-};
++# md5-trunc key appended by setup.sh at the end
+ 
+ key "sha1-trunc" {
+ 	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
+index 6020947..c8b69d0 100644
+--- a/bin/tests/system/tsig/setup.sh
++++ b/bin/tests/system/tsig/setup.sh
+@@ -17,3 +17,8 @@ SYSTEMTESTTOP=..
+ $SHELL clean.sh
+ 
+ copy_setports ns1/named.conf.in ns1/named.conf
++
++if $FEATURETEST --md5
++then
++	cat ns1/rndc5.conf.in >> ns1/named.conf
++fi
+diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
+index 02199e6..bbc39ab 100644
+--- a/bin/tests/system/tsig/tests.sh
++++ b/bin/tests/system/tsig/tests.sh
+@@ -28,20 +28,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
+ 
+ status=0
+ 
+-echo_i "fetching using hmac-md5 (old form)"
+-ret=0
+-$DIG $DIGOPTS example.nil. -y "md5:$md5" @10.53.0.1 soa > dig.out.md5.old || ret=1
+-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
+-if [ $ret -eq 1 ] ; then
+-	echo_i "failed"; status=1
+-fi
+-
+-echo_i "fetching using hmac-md5 (new form)"
+-ret=0
+-$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
+-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
+-if [ $ret -eq 1 ] ; then
+-	echo_i "failed"; status=1
++if $FEATURETEST --md5
++then
++	echo_i "fetching using hmac-md5 (old form)"
++	ret=0
++	$DIG $DIGOPTS example.nil. -y "md5:$md5" @10.53.0.1 soa > dig.out.md5.old || ret=1
++	grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
++	if [ $ret -eq 1 ] ; then
++		echo_i "failed"; status=1
++	fi
++
++	echo_i "fetching using hmac-md5 (new form)"
++	ret=0
++	$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
++	grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
++	if [ $ret -eq 1 ] ; then
++		echo_i "failed"; status=1
++	fi
++else
++	echo_i "skipping using hmac-md5"
+ fi
+ 
+ echo_i "fetching using hmac-sha1"
+@@ -89,12 +94,17 @@ fi
+ #	Truncated TSIG
+ #
+ #
+-echo_i "fetching using hmac-md5 (trunc)"
+-ret=0
+-$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa > dig.out.md5.trunc || ret=1
+-grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
+-if [ $ret -eq 1 ] ; then
+-	echo_i "failed"; status=1
++if $FEATURETEST --md5
++then
++	echo_i "fetching using hmac-md5 (trunc)"
++	ret=0
++	$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa > dig.out.md5.trunc || ret=1
++	grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
++	if [ $ret -eq 1 ] ; then
++		echo_i "failed"; status=1
++	fi
++else
++	echo_i "skipping using hmac-md5 (trunc)"
+ fi
+ 
+ echo_i "fetching using hmac-sha1 (trunc)"
+@@ -143,12 +153,17 @@ fi
+ #	Check for bad truncation.
+ #
+ #
+-echo_i "fetching using hmac-md5-80 (BADTRUNC)"
+-ret=0
+-$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa > dig.out.md5-80 || ret=1
+-grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
+-if [ $ret -eq 1 ] ; then
+-	echo_i "failed"; status=1
++if $FEATURETEST --md5
++then
++	echo_i "fetching using hmac-md5-80 (BADTRUNC)" 
++	ret=0
++	$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa > dig.out.md5-80 || ret=1
++	grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
++	if [ $ret -eq 1 ] ; then
++		echo_i "failed"; status=1
++	fi
++else
++	echo_i "skipping using hmac-md5-80 (BADTRUNC)" 
+ fi
+ 
+ echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
+diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
+index c2b57dd..cb13aa1 100644
+--- a/bin/tests/system/upforwd/ns1/named.conf.in
++++ b/bin/tests/system/upforwd/ns1/named.conf.in
+@@ -12,7 +12,7 @@
+  */
+ 
+ key "update.example." {
+-	algorithm "hmac-md5";
++	algorithm "hmac-sha256";
+ 	secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+ };
+ 
+diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
+index 35c5588..c71042c 100644
+--- a/bin/tests/system/upforwd/tests.sh
++++ b/bin/tests/system/upforwd/tests.sh
+@@ -81,7 +81,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
+ 
+ echo_i "updating zone (signed) ($n)"
+ ret=0
+-$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
++$NSUPDATE -y hmac-sha256:update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
+ local 10.53.0.1
+ server 10.53.0.3 ${PORT}
+ update add updated.example. 600 A 10.10.10.1
+-- 
+2.26.2
+
author	CoprDistGit <infra@openeuler.org>	2023-08-20 03:32:50 +0000
committer	CoprDistGit <infra@openeuler.org>	2023-08-20 03:32:50 +0000
commit	2847c413880322cd66177f0edbd1d8c2bb8c2733 (patch)
tree	1450935150f579bab832ca5ef012fed37e173311 /bind-9.11-fips-tests.patch
parent	a0619d67dc05822e0ba3e196a8d7ebc1c4c25bff (diff)