Always check return from tls_export_cert()
[exim.git] / test / dnszones-src / db.example.com
CommitLineData
a163908a
JH
1; This is a testing zone file for use when testing DNS handling in Exim. This
2; is a fake zone of no real use - hence no SOA record. The zone name is
3; example.com. This file is passed through the substitution mechanism before being
4; used by the fakens auxiliary program. This inserts the actual IP addresses
5; of the local host into the zone.
6
7; NOTE (1): apart from ::1, IPv6 addresses must always have 8 components. Do
8; not abbreviate them by using the :: feature. Leading zeros in components may,
9; however, be omitted.
10
11; NOTE (2): the fakens program is very simple and assumes that the buffer into
12; which is puts the response is always going to be big enough. In other words,
13; the expectation is for just a few RRs for each query.
14
15; NOTE (3): the top-level networks for testing addresses are parameterized by
16; the use of V4NET and V6NET. These networks should be such that no real
17; host ever uses them.
18
19example.com. NS exim.example.com.
20
b8e97684
JH
21; The real example.com has an SPF record; duplicate that here
22
23example.com. TXT v=spf1 -all
24
a163908a
JH
25; Alias A record for the local host, under the name "server1"
26
27server1 A HOSTIPV4
28
28646fa9
JH
29; DANE testing
30
31; a broken dane config where the name does not match in the cert, TA-mode, dane-requested
32; NOTE: the server uses the example.net cert hence the mismatch
33;
34; openssl x509 -in aux-fixed/exim-ca/example.net/CA/CA.pem -fingerprint -sha256 -noout \
35; | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]'
36;
37;
38DNSSEC danebroken7 A 127.0.0.1
a7a1ad14 39DNSSEC _1225._tcp.danebroken7 TLSA 2 0 1 3110db5e73708d6fc3ffed8dcd1eef2bcd3c35d8da86ed048a332cb9d9538a0f
28646fa9
JH
40
41; the same, EE-mode
42;
43; openssl x509 -in aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem -noout -pubkey \
44; | openssl pkey -pubin -outform DER | openssl dgst -sha256 | awk '{print $2}'
45;
46DNSSEC danebroken8 A 127.0.0.1
a7a1ad14 47DNSSEC _1225._tcp.danebroken8 TLSA 3 1 1 5384398f502c423736dcc42295808f7a84769eb96d009816fa077e00bebc768e
28646fa9 48
a163908a 49; End