Add MD5 acceptance test

internal/provider/acceptance.sh

@@ -31,12 +31,24 @@ docker run -d --tmpfs /tmp --tmpfs /run \
 GO111MODULE=on GOFLAGS=-mod=vendor make testacc TEST=./internal/provider || failed
 cleanup_docker
 
-# Run with TSIG authentication
+# Run with TSIG authentication (MD5)
 
 docker run -d --tmpfs /tmp --tmpfs /run \
 	-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
 	-v /etc/localtime:/etc/localtime:ro \
-	-v $PWD/internal/provider/testdata/named.conf.tsig:/etc/named.conf:ro \
+	-v $PWD/internal/provider/testdata/named.conf.md5:/etc/named.conf:ro \
+	-p 127.0.0.1:53:53 \
+	-p 127.0.0.1:53:53/udp \
+	--rm --name ns --hostname ns.example.com ns || failed
+DNS_UPDATE_KEYNAME="tsig.example.com." DNS_UPDATE_KEYALGORITHM="hmac-md5" DNS_UPDATE_KEYSECRET="mX9XKfw/RXBj5ZnZKMy4Nw==" GO111MODULE=on GOFLAGS=-mod=vendor make testacc TEST=./internal/provider || failed
+cleanup_docker
+
+# Run with TSIG authentication (SHA256)
+
+docker run -d --tmpfs /tmp --tmpfs /run \
+	-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
+	-v /etc/localtime:/etc/localtime:ro \
+	-v $PWD/internal/provider/testdata/named.conf.sha256:/etc/named.conf:ro \
 	-p 127.0.0.1:53:53 \
 	-p 127.0.0.1:53:53/udp \
 	--rm --name ns --hostname ns.example.com ns || failed

internal/provider/testdata/named.conf.md5

@@ -0,0 +1,84 @@
+//
+// named.conf
+//
+// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
+// server as a caching only nameserver (as a localhost DNS resolver only).
+//
+// See /usr/share/doc/bind*/sample/ for example named configuration files.
+//
+// See the BIND Administrator's Reference Manual (ARM) for details about the
+// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
+
+options {
+	// listen-on port 53 { 127.0.0.1; };
+	// listen-on-v6 port 53 { ::1; };
+	directory 	"/var/named";
+	dump-file 	"/var/named/data/cache_dump.db";
+	statistics-file "/var/named/data/named_stats.txt";
+	memstatistics-file "/var/named/data/named_mem_stats.txt";
+	recursing-file  "/var/named/data/named.recursing";
+	secroots-file   "/var/named/data/named.secroots";
+	// allow-query     { localhost; };
+
+	/* 
+	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
+	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
+	   recursion. 
+	 - If your recursive DNS server has a public IP address, you MUST enable access 
+	   control to limit queries to your legitimate users. Failing to do so will
+	   cause your server to become part of large scale DNS amplification 
+	   attacks. Implementing BCP38 within your network would greatly
+	   reduce such attack surface 
+	*/
+	recursion yes;
+
+	dnssec-enable yes;
+	dnssec-validation yes;
+
+	/* Path to ISC DLV key */
+	bindkeys-file "/etc/named.root.key";
+
+	managed-keys-directory "/var/named/dynamic";
+
+	pid-file "/run/named/named.pid";
+	session-keyfile "/run/named/session.key";
+};
+
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+
+zone "." IN {
+	type hint;
+	file "named.ca";
+};
+
+key "tsig.example.com." {
+	algorithm hmac-md5;
+	secret "mX9XKfw/RXBj5ZnZKMy4Nw==";
+};
+
+zone "example.com." IN {
+	type master;
+	file "dynamic/db.example.com";
+	notify no;
+	update-policy {
+		grant tsig.example.com. zonesub ANY;
+	};
+};
+
+zone "1.168.192.in-addr.arpa." IN {
+	type master;
+	file "dynamic/db.1.168.192.in-addr.arpa";
+	notify no;
+	update-policy {
+		grant tsig.example.com. zonesub PTR;
+	};
+};
+
+include "/etc/named.rfc1912.zones";
+include "/etc/named.root.key";
+