diff options
Diffstat (limited to 'testdata')
127 files changed, 1852 insertions, 324 deletions
diff --git a/testdata/04-checkconf.tdir/04-checkconf.test b/testdata/04-checkconf.tdir/04-checkconf.test index a2396fef7608..339e346d9719 100644 --- a/testdata/04-checkconf.tdir/04-checkconf.test +++ b/testdata/04-checkconf.tdir/04-checkconf.test @@ -28,6 +28,12 @@ if grep "define UB_ON_WINDOWS 1" ../../config.h; then else onwin=0 fi +# detect dnscrypt +if grep "define USE_DNSCRYPT 1" ../../config.h; then + with_dnscrypt=1 +else + with_dnscrypt=0 +fi # test check of config files. for f in bad.*; do @@ -37,6 +43,10 @@ for f in bad.*; do echo "skipped on windows" continue fi + if test $f = "bad.proxy-and-dnscrypt" -a $with_dnscrypt -eq 0; then + echo "skipped; no DNSCRYPT support" + continue + fi $PRE/unbound-checkconf $f if test $? != 1; then diff --git a/testdata/04-checkconf.tdir/bad.proxy-and-dnscrypt b/testdata/04-checkconf.tdir/bad.proxy-and-dnscrypt new file mode 100644 index 000000000000..f62f7868cbf6 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.proxy-and-dnscrypt @@ -0,0 +1,6 @@ +server: + interface: 127.0.0.1 + proxy-protocol-port: 53 +dnscrypt: + dnscrypt-enable: yes + dnscrypt-port: 53 diff --git a/testdata/04-checkconf.tdir/bad.proxy-and-https b/testdata/04-checkconf.tdir/bad.proxy-and-https new file mode 100644 index 000000000000..d27373ce0ba3 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.proxy-and-https @@ -0,0 +1,4 @@ +server: + interface: 127.0.0.1 + proxy-protocol-port: 53 + https-port: 53 diff --git a/testdata/07-confroot.tdir/07-confroot.dsc b/testdata/07-confroot.tdir/07-confroot.dsc index f1cbe6e7da2e..a25301709825 100644 --- a/testdata/07-confroot.tdir/07-confroot.dsc +++ b/testdata/07-confroot.tdir/07-confroot.dsc @@ -8,7 +8,7 @@ Component: CmdDepends: Depends: Help: -Pre: +Pre: 07-confroot.pre Post: Test: 07-confroot.test AuxFiles: diff --git a/testdata/07-confroot.tdir/07-confroot.pre b/testdata/07-confroot.tdir/07-confroot.pre new file mode 100644 index 000000000000..4f966bddd0e5 --- /dev/null +++ b/testdata/07-confroot.tdir/07-confroot.pre @@ -0,0 +1,13 @@ +# #-- 07-confroot.pre --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." + +if uname | grep "MINGW" >/dev/null; then + # no chroot, no need to test. + # (test fails on / and \ comparisons, by the way). + skip_test "no chroot on windows, end test" +fi diff --git a/testdata/07-confroot.tdir/07-confroot.test b/testdata/07-confroot.tdir/07-confroot.test index d940aa873d83..9572330f72b7 100644 --- a/testdata/07-confroot.tdir/07-confroot.test +++ b/testdata/07-confroot.tdir/07-confroot.test @@ -6,13 +6,6 @@ PRE="../.." -if uname | grep "MINGW" >/dev/null; then - # no chroot, no need to test. - # (test fails on / en \ comparisons, by the way). - echo "no chroot on windows, end test" - exit 0 -fi - # create config file cwd=`pwd -P` subdir=$cwd/subdir diff --git a/testdata/08-host-lib.tdir/08-host-lib.pre b/testdata/08-host-lib.tdir/08-host-lib.pre index 84817891ff93..481b0ef2c2eb 100644 --- a/testdata/08-host-lib.tdir/08-host-lib.pre +++ b/testdata/08-host-lib.tdir/08-host-lib.pre @@ -4,7 +4,16 @@ # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." . ../common.sh + +if grep FORK $PRE/config.h | grep "define" >/dev/null 2>&1; then + # nothing + : +else + skip_test "forking is not available; test skipped." +fi + get_random_port 2 FWD_PORT=$(($RND_PORT + 1)) echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test diff --git a/testdata/08-host-lib.tdir/08-host-lib.test b/testdata/08-host-lib.tdir/08-host-lib.test index 8de897776209..18603294e884 100644 --- a/testdata/08-host-lib.tdir/08-host-lib.test +++ b/testdata/08-host-lib.tdir/08-host-lib.test @@ -7,14 +7,6 @@ PRE="../.." . ../common.sh -if grep FORK $PRE/config.h | grep "define" >/dev/null 2>&1; then - # nothing - : -else - echo "forking is not available; test skipped." - exit 0 -fi - # test if fwder is up echo "> dig @127.0.0.1 -p $FWD_PORT www.example.com | tee outfile" dig @127.0.0.1 -p $FWD_PORT www.example.com | tee outfile diff --git a/testdata/acl_interface.tdir/acl_interface.conf b/testdata/acl_interface.tdir/acl_interface.conf new file mode 100644 index 000000000000..157a2d7b76bf --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.conf @@ -0,0 +1,140 @@ +server: + verbosity: 7 + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + use-caps-for-id: no + define-tag: "one two refuse" + +# Interface configuration for IPv4 + interface: @IPV4_ADDR@@@PORT_ALLOW@ + interface: @IPV4_ADDR@@@PORT_DENY@ + interface: @IPV4_ADDR@@@PORT_REFUSE@ + interface: @IPV4_ADDR@@@PORT_TAG_1@ + interface: @IPV4_ADDR@@@PORT_TAG_2@ + interface: @IPV4_ADDR@@@PORT_TAG_3@ + interface: @IPV4_ADDR@@@PORT_VIEW_INT@ + interface: @IPV4_ADDR@@@PORT_VIEW_EXT@ + interface: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ + + interface-action: @IPV4_ADDR@@@PORT_ALLOW@ allow + interface-action: @IPV4_ADDR@@@PORT_DENY@ deny + # interface-action: @IPV4_ADDR@@@PORT_REFUSE@ refuse # This is the default action + interface-action: @IPV4_ADDR@@@PORT_TAG_1@ allow + interface-action: @IPV4_ADDR@@@PORT_TAG_2@ allow + interface-action: @IPV4_ADDR@@@PORT_TAG_3@ allow + interface-action: @IPV4_ADDR@@@PORT_VIEW_INT@ allow + interface-action: @IPV4_ADDR@@@PORT_VIEW_EXT@ allow + interface-action: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ allow + + interface-tag: @IPV4_ADDR@@@PORT_TAG_1@ "one" + interface-tag: @IPV4_ADDR@@@PORT_TAG_2@ "two" + interface-tag: @IPV4_ADDR@@@PORT_TAG_3@ "refuse" + interface-tag-action: @IPV4_ADDR@@@PORT_TAG_1@ one redirect + interface-tag-data: @IPV4_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1" + interface-tag-action: @IPV4_ADDR@@@PORT_TAG_2@ two redirect + interface-tag-data: @IPV4_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2" + interface-tag-action: @IPV4_ADDR@@@PORT_TAG_3@ refuse always_refuse + + interface-view: @IPV4_ADDR@@@PORT_VIEW_INT@ "int" + interface-view: @IPV4_ADDR@@@PORT_VIEW_EXT@ "ext" + interface-view: @IPV4_ADDR@@@PORT_VIEW_INTEXT@ "intext" + +# Mirrored interface configuration for IPv6 + interface: @IPV6_ADDR@@@PORT_ALLOW@ + interface: @IPV6_ADDR@@@PORT_DENY@ + interface: @IPV6_ADDR@@@PORT_REFUSE@ + interface: @IPV6_ADDR@@@PORT_TAG_1@ + interface: @IPV6_ADDR@@@PORT_TAG_2@ + interface: @IPV6_ADDR@@@PORT_TAG_3@ + interface: @IPV6_ADDR@@@PORT_VIEW_INT@ + interface: @IPV6_ADDR@@@PORT_VIEW_EXT@ + interface: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ + + interface-action: @IPV6_ADDR@@@PORT_ALLOW@ allow + interface-action: @IPV6_ADDR@@@PORT_DENY@ deny + # interface-action: @IPV6_ADDR@@@PORT_REFUSE@ refuse # This is the default action + interface-action: @IPV6_ADDR@@@PORT_TAG_1@ allow + interface-action: @IPV6_ADDR@@@PORT_TAG_2@ allow + interface-action: @IPV6_ADDR@@@PORT_TAG_3@ allow + interface-action: @IPV6_ADDR@@@PORT_VIEW_INT@ allow + interface-action: @IPV6_ADDR@@@PORT_VIEW_EXT@ allow + interface-action: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ allow + + interface-tag: @IPV6_ADDR@@@PORT_TAG_1@ "one" + interface-tag: @IPV6_ADDR@@@PORT_TAG_2@ "two" + interface-tag: @IPV6_ADDR@@@PORT_TAG_3@ "refuse" + interface-tag-action: @IPV6_ADDR@@@PORT_TAG_1@ one redirect + interface-tag-data: @IPV6_ADDR@@@PORT_TAG_1@ one "A 1.1.1.1" + interface-tag-action: @IPV6_ADDR@@@PORT_TAG_2@ two redirect + interface-tag-data: @IPV6_ADDR@@@PORT_TAG_2@ two "A 2.2.2.2" + interface-tag-action: @IPV6_ADDR@@@PORT_TAG_3@ refuse always_refuse + + interface-view: @IPV6_ADDR@@@PORT_VIEW_INT@ "int" + interface-view: @IPV6_ADDR@@@PORT_VIEW_EXT@ "ext" + interface-view: @IPV6_ADDR@@@PORT_VIEW_INTEXT@ "intext" + +# Mirrored interface configuration for interface name + interface: @INTERFACE@@@PORT_ALLOW@ + interface: @INTERFACE@@@PORT_DENY@ + interface: @INTERFACE@@@PORT_REFUSE@ + interface: @INTERFACE@@@PORT_TAG_1@ + interface: @INTERFACE@@@PORT_TAG_2@ + interface: @INTERFACE@@@PORT_TAG_3@ + interface: @INTERFACE@@@PORT_VIEW_INT@ + interface: @INTERFACE@@@PORT_VIEW_EXT@ + interface: @INTERFACE@@@PORT_VIEW_INTEXT@ + + interface-action: @INTERFACE@@@PORT_ALLOW@ allow + interface-action: @INTERFACE@@@PORT_DENY@ deny + # interface-action: @INTERFACE@@@PORT_REFUSE@ refuse # This is the default action + interface-action: @INTERFACE@@@PORT_TAG_1@ allow + interface-action: @INTERFACE@@@PORT_TAG_2@ allow + interface-action: @INTERFACE@@@PORT_TAG_3@ allow + interface-action: @INTERFACE@@@PORT_VIEW_INT@ allow + interface-action: @INTERFACE@@@PORT_VIEW_EXT@ allow + interface-action: @INTERFACE@@@PORT_VIEW_INTEXT@ allow + + interface-tag: @INTERFACE@@@PORT_TAG_1@ "one" + interface-tag: @INTERFACE@@@PORT_TAG_2@ "two" + interface-tag: @INTERFACE@@@PORT_TAG_3@ "refuse" + interface-tag-action: @INTERFACE@@@PORT_TAG_1@ one redirect + interface-tag-data: @INTERFACE@@@PORT_TAG_1@ one "A 1.1.1.1" + interface-tag-action: @INTERFACE@@@PORT_TAG_2@ two redirect + interface-tag-data: @INTERFACE@@@PORT_TAG_2@ two "A 2.2.2.2" + interface-tag-action: @INTERFACE@@@PORT_TAG_3@ refuse always_refuse + + interface-view: @INTERFACE@@@PORT_VIEW_INT@ "int" + interface-view: @INTERFACE@@@PORT_VIEW_EXT@ "ext" + interface-view: @INTERFACE@@@PORT_VIEW_INTEXT@ "intext" + +# Local zones configuration + local-zone: local. transparent + local-data: "local. A 0.0.0.0" + local-zone-tag: local. "one two refuse" + +# Views configuration +view: + name: "int" + view-first: yes + local-zone: "." refuse + local-zone: "internal" transparent +view: + name: "ext" + view-first: yes + local-zone: "internal" refuse +view: + name: "intext" + view-first: yes + +# Stubs configuration +forward-zone: + name: "." + forward-addr: @IPV4_ADDR@@@FORWARD_PORT@ + +stub-zone: + name: "internal" + stub-addr: @IPV4_ADDR@@@STUB_PORT@ diff --git a/testdata/acl_interface.tdir/acl_interface.dsc b/testdata/acl_interface.tdir/acl_interface.dsc new file mode 100644 index 000000000000..cfe5c3cf56c8 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.dsc @@ -0,0 +1,16 @@ +BaseName: acl_interface +Version: 1.0 +Description: Check the interface-* settings +CreationDate: Fri 8 Oct 18:14:40 CEST 2021 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: acl_interface.pre +Post: acl_interface.post +Test: acl_interface.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/acl_interface.tdir/acl_interface.post b/testdata/acl_interface.tdir/acl_interface.post new file mode 100644 index 000000000000..982e2b8955a5 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.post @@ -0,0 +1,11 @@ +# #-- acl_interface.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $UNBOUND_PID +kill_pid $FWD_PID +kill_pid $STUB_PID diff --git a/testdata/acl_interface.tdir/acl_interface.pre b/testdata/acl_interface.tdir/acl_interface.pre new file mode 100644 index 000000000000..ce5358c1b2d9 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.pre @@ -0,0 +1,75 @@ +# #-- acl_interface.pre--# +PRE="../.." +. ../common.sh + +# This test uses the unshare utility +if test ! -x "`which unshare 2>&1`"; then + skip_test "no unshare (from util-linux package) available, skip test" +fi + +get_random_port 11 + +PORT_ALLOW=$RND_PORT +PORT_DENY=$(($RND_PORT + 1)) +PORT_REFUSE=$(($RND_PORT + 2)) +PORT_TAG_1=$(($RND_PORT + 3)) +PORT_TAG_2=$(($RND_PORT + 4)) +PORT_TAG_3=$(($RND_PORT + 5)) +PORT_VIEW_INT=$(($RND_PORT + 6)) +PORT_VIEW_EXT=$(($RND_PORT + 7)) +PORT_VIEW_INTEXT=$(($RND_PORT + 8)) +FORWARD_PORT=$(($RND_PORT + 9)) +STUB_PORT=$(($RND_PORT + 10)) + +IPV4_ADDR=192.168.1.1 +IPV6_ADDR=2001:db8::1 + +INTERFACE=eth24 +INTERFACE_ADDR_1=10.0.0.1 +INTERFACE_ADDR_2=10.0.0.2 +INTERFACE_ADDR_3=10.0.0.3 +INTERFACE_ADDR_4=10.0.0.4 + +# make config file +sed \ + -e 's/@PORT_ALLOW\@/'$PORT_ALLOW'/' \ + -e 's/@PORT_DENY\@/'$PORT_DENY'/' \ + -e 's/@PORT_REFUSE\@/'$PORT_REFUSE'/' \ + -e 's/@PORT_TAG_1\@/'$PORT_TAG_1'/' \ + -e 's/@PORT_TAG_2\@/'$PORT_TAG_2'/' \ + -e 's/@PORT_TAG_3\@/'$PORT_TAG_3'/' \ + -e 's/@PORT_VIEW_INT\@/'$PORT_VIEW_INT'/' \ + -e 's/@PORT_VIEW_EXT\@/'$PORT_VIEW_EXT'/' \ + -e 's/@PORT_VIEW_INTEXT\@/'$PORT_VIEW_INTEXT'/' \ + -e 's/@FORWARD_PORT\@/'$FORWARD_PORT'/' \ + -e 's/@STUB_PORT\@/'$STUB_PORT'/' \ + -e 's/@IPV4_ADDR\@/'$IPV4_ADDR'/' \ + -e 's/@IPV6_ADDR\@/'$IPV6_ADDR'/' \ + -e 's/@INTERFACE\@/'$INTERFACE'/' \ + < acl_interface.conf > ub.conf + +if test -x "`which bash`"; then + shell="bash" +else + shell="sh" +fi + +echo "PORT_ALLOW=$PORT_ALLOW" >> .tpkg.var.test +echo "PORT_DENY=$PORT_DENY" >> .tpkg.var.test +echo "PORT_REFUSE=$PORT_REFUSE" >> .tpkg.var.test +echo "PORT_TAG_1=$PORT_TAG_1" >> .tpkg.var.test +echo "PORT_TAG_2=$PORT_TAG_2" >> .tpkg.var.test +echo "PORT_TAG_3=$PORT_TAG_3" >> .tpkg.var.test +echo "PORT_VIEW_INT=$PORT_VIEW_INT" >> .tpkg.var.test +echo "PORT_VIEW_EXT=$PORT_VIEW_EXT" >> .tpkg.var.test +echo "PORT_VIEW_INTEXT=$PORT_VIEW_INTEXT" >> .tpkg.var.test +echo "FORWARD_PORT=$FORWARD_PORT" >> .tpkg.var.test +echo "STUB_PORT=$STUB_PORT" >> .tpkg.var.test +echo "IPV4_ADDR=$IPV4_ADDR" >> .tpkg.var.test +echo "IPV6_ADDR=$IPV6_ADDR" >> .tpkg.var.test +echo "INTERFACE=$INTERFACE" >> .tpkg.var.test +echo "INTERFACE_ADDR_1=$INTERFACE_ADDR_1" >> .tpkg.var.test +echo "INTERFACE_ADDR_2=$INTERFACE_ADDR_2" >> .tpkg.var.test +echo "INTERFACE_ADDR_3=$INTERFACE_ADDR_3" >> .tpkg.var.test +echo "INTERFACE_ADDR_4=$INTERFACE_ADDR_4" >> .tpkg.var.test +echo "shell=$shell" >> .tpkg.var.test diff --git a/testdata/acl_interface.tdir/acl_interface.test b/testdata/acl_interface.tdir/acl_interface.test new file mode 100644 index 000000000000..421081887086 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.test @@ -0,0 +1,11 @@ +# #-- acl_interface.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." +. ../common.sh + +# Run the scenario in an unshared namespace +unshare -rUn $shell acl_interface.test.scenario +exit $? diff --git a/testdata/acl_interface.tdir/acl_interface.test.scenario b/testdata/acl_interface.tdir/acl_interface.test.scenario new file mode 100644 index 000000000000..00b2b059f942 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.test.scenario @@ -0,0 +1,205 @@ +# #-- acl_interface.test.scenario --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." +. ../common.sh + +ip addr add $IPV4_ADDR dev lo +ip addr add $IPV6_ADDR dev lo +ip link set lo up + +ip link add $INTERFACE type dummy +ip addr add $INTERFACE_ADDR_1 dev $INTERFACE +ip addr add $INTERFACE_ADDR_2 dev $INTERFACE +ip addr add $INTERFACE_ADDR_3 dev $INTERFACE +ip addr add $INTERFACE_ADDR_4 dev $INTERFACE +ip link set $INTERFACE up + +# start the forwarder in the background +get_ldns_testns +$LDNS_TESTNS -p $FORWARD_PORT acl_interface.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the stub in the background +$LDNS_TESTNS -p $STUB_PORT acl_interface.testns2 >fwd2.log 2>&1 & +STUB_PID=$! +echo "STUB_PID=$STUB_PID" >> .tpkg.var.test + +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_ldns_testns_up fwd2.log +wait_unbound_up unbound.log + +end () { + echo "> cat logfiles" + cat fwd.log + cat fwd2.log + cat unbound.log + exit $1 +} + +# Query for the given domain to the given port +# $1: address family [4, 6] +# $2: port +# $3: dname +query () { + addr=$IPV4_ADDR + if test "$1" -eq 6; then + addr=$IPV6_ADDR + fi + echo "> dig -p $2 $3" + dig @"$addr" -p $2 $3 | tee outfile +} + +# Query for the given domain to the given port +# $1: address +# $2: port +# $3: dname +query_addr () { + echo "> dig @$1 -p $2 $3" + dig @"$1" -p $2 $3 | tee outfile +} + +expect_refused () { + echo "> check answer for REFUSED" + if grep "REFUSED" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + +expect_external_answer () { + echo "> check external answer" + if grep "1.2.3.4" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + +expect_internal_answer () { + echo "> check internal answer" + if grep "10.20.30.40" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + +expect_tag_one_answer () { + echo "> check tag 'one' answer" + if grep "1.1.1.1" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + +expect_tag_two_answer () { + echo "> check tag 'two' answer" + if grep "2.2.2.2" outfile; then + echo "OK" + else + echo "Not OK" + end 1 + fi +} + +# do the test + +for i in 4 6; do + query $i $PORT_REFUSE "www.external" + expect_refused + + query $i $PORT_REFUSE "www.internal" + expect_refused + + query $i $PORT_ALLOW "www.external" + expect_external_answer + + query $i $PORT_ALLOW "www.internal" + expect_internal_answer + + query $i $PORT_TAG_1 "local" + expect_tag_one_answer + + query $i $PORT_TAG_2 "local" + expect_tag_two_answer + + query $i $PORT_TAG_3 "local" + expect_refused + + query $i $PORT_VIEW_INT "www.internal" + expect_internal_answer + + query $i $PORT_VIEW_INT "www.external" + expect_refused + + query $i $PORT_VIEW_EXT "www.internal" + expect_refused + + query $i $PORT_VIEW_EXT "www.external" + expect_external_answer + + query $i $PORT_VIEW_INTEXT "www.internal" + expect_internal_answer + + query $i $PORT_VIEW_INTEXT "www.external" + expect_external_answer +done + +for addr in $INTERFACE_ADDR_1 $INTERFACE_ADDR_2 $INTERFACE_ADDR_3 $INTERFACE_ADDR_4; do + query_addr $addr $PORT_REFUSE "www.external" + expect_refused + + query_addr $addr $PORT_REFUSE "www.internal" + expect_refused + + query_addr $addr $PORT_ALLOW "www.external" + expect_external_answer + + query_addr $addr $PORT_ALLOW "www.internal" + expect_internal_answer + + query_addr $addr $PORT_TAG_1 "local" + expect_tag_one_answer + + query_addr $addr $PORT_TAG_2 "local" + expect_tag_two_answer + + query_addr $addr $PORT_TAG_3 "local" + expect_refused + + query_addr $addr $PORT_VIEW_INT "www.internal" + expect_internal_answer + + query_addr $addr $PORT_VIEW_INT "www.external" + expect_refused + + query_addr $addr $PORT_VIEW_EXT "www.internal" + expect_refused + + query_addr $addr $PORT_VIEW_EXT "www.external" + expect_external_answer + + query_addr $addr $PORT_VIEW_INTEXT "www.internal" + expect_internal_answer + + query_addr $addr $PORT_VIEW_INTEXT "www.external" + expect_external_answer +done + +end 0 diff --git a/testdata/acl_interface.tdir/acl_interface.testns b/testdata/acl_interface.tdir/acl_interface.testns new file mode 100644 index 000000000000..d8c871b1c602 --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.testns @@ -0,0 +1,26 @@ +; nameserver test file +$ORIGIN external. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 1.2.3.4 +ENTRY_END + +$ORIGIN local. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +@ IN A +SECTION ANSWER +@ IN A 127.0.0.1 +ENTRY_END diff --git a/testdata/acl_interface.tdir/acl_interface.testns2 b/testdata/acl_interface.tdir/acl_interface.testns2 new file mode 100644 index 000000000000..e9edfc8ba56f --- /dev/null +++ b/testdata/acl_interface.tdir/acl_interface.testns2 @@ -0,0 +1,13 @@ +; nameserver test file +$ORIGIN internal. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END diff --git a/testdata/clang-analysis.tdir/clang-analysis.dsc b/testdata/clang-analysis.tdir/clang-analysis.dsc index 20a62a3e314c..b3a0609e3f1f 100644 --- a/testdata/clang-analysis.tdir/clang-analysis.dsc +++ b/testdata/clang-analysis.tdir/clang-analysis.dsc @@ -7,7 +7,7 @@ Category: Component: Depends: Help: -Pre: +Pre: clang-analysis.pre Post: Test: clang-analysis.test AuxFiles: diff --git a/testdata/clang-analysis.tdir/clang-analysis.pre b/testdata/clang-analysis.tdir/clang-analysis.pre new file mode 100644 index 000000000000..e9b9a26faabf --- /dev/null +++ b/testdata/clang-analysis.tdir/clang-analysis.pre @@ -0,0 +1,21 @@ +# #-- clang-analysis.pre --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test +# common functions +. ../common.sh + +PRE="../.." +if test ! -x "`which clang 2>&1`"; then + skip_test "No clang in path" +fi +#echo "have clang" +# test if assertions are enabled +if grep "^#define UNBOUND_DEBUG" $PRE/config.h >/dev/null; then + : +else + skip_test "UNBOUND_DEBUG is not enabled, skip test" + # no unbound debug means no assertions, and clang analyzer uses + # the assertions to make inferences. +fi diff --git a/testdata/clang-analysis.tdir/clang-analysis.test b/testdata/clang-analysis.tdir/clang-analysis.test index 09c935860c47..388556a44848 100644 --- a/testdata/clang-analysis.tdir/clang-analysis.test +++ b/testdata/clang-analysis.tdir/clang-analysis.test @@ -7,20 +7,6 @@ . ../common.sh PRE="../.." -if test ! -x "`which clang 2>&1`"; then - echo "No clang in path" - exit 0 -fi -#echo "have clang" -# test if assertions are enabled -if grep "^#define UNBOUND_DEBUG" $PRE/config.h >/dev/null; then - : -else - echo "UNBOUND_DEBUG is not enabled, skip test" - # no unbound debug means no assertions, and clang analyzer uses - # the assertions to make inferences. - exit 0 -fi # read value from Makefile # $1: result variable name diff --git a/testdata/common.sh b/testdata/common.sh index 280f5dac4cec..a449f1a64eb2 100644 --- a/testdata/common.sh +++ b/testdata/common.sh @@ -27,6 +27,7 @@ # wait_petal_up : wait for petal to come up. # wait_nsd_up : wait for nsd to come up. # wait_server_up_or_fail: wait for server to come up or print a failure string +# skip_test x : print message and skip test (must be called in .pre) # kill_pid : kill a server, make sure and wait for it to go down. @@ -109,6 +110,13 @@ skip_if_in_list () { fi } +# Print a message and skip the test. Must be called in the .pre file. +# $1: message to print. +skip_test () { + echo "$1" + exit 3 +} + # function to get a number of random port numbers. # $1: number of random ports. # RND_PORT is returned as the starting port number diff --git a/testdata/dnscrypt_cert.tdir/dnscrypt_cert.post b/testdata/dnscrypt_cert.tdir/dnscrypt_cert.post index 0346d3f84a61..fcb6c9d0e089 100644 --- a/testdata/dnscrypt_cert.tdir/dnscrypt_cert.post +++ b/testdata/dnscrypt_cert.tdir/dnscrypt_cert.post @@ -8,9 +8,6 @@ PRE="../.." . ../common.sh -# Check if we can run the test. -. ./precheck.sh - kill_pid $FWD_PID kill_pid $UNBOUND_PID diff --git a/testdata/dnscrypt_cert.tdir/dnscrypt_cert.pre b/testdata/dnscrypt_cert.tdir/dnscrypt_cert.pre index bee9e8ac63ca..6cf52299c5ad 100644 --- a/testdata/dnscrypt_cert.tdir/dnscrypt_cert.pre +++ b/testdata/dnscrypt_cert.tdir/dnscrypt_cert.pre @@ -8,7 +8,11 @@ PRE="../.." . ../common.sh # Check if we can run the test. -. ./precheck.sh +if grep "define USE_DNSCRYPT 1" $PRE/config.h; then + echo "have dnscrypt" +else + skip_test "no dnscrypt" +fi get_random_port 3 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test b/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test index f09753792696..fdb88e8f9490 100644 --- a/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test +++ b/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test @@ -7,9 +7,6 @@ PRE="../.." . ../common.sh -# Check if we can run the test. -. ./precheck.sh - # do the test # Query plain request over DNSCrypt channel get closed diff --git a/testdata/dnscrypt_cert.tdir/precheck.sh b/testdata/dnscrypt_cert.tdir/precheck.sh deleted file mode 100644 index 00fa4bc76067..000000000000 --- a/testdata/dnscrypt_cert.tdir/precheck.sh +++ /dev/null @@ -1,16 +0,0 @@ -# dnscrypt precheck.sh - -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - -# if no xchacha20 support in unbound; exit -if grep "define USE_DNSCRYPT_XCHACHA20 1" $PRE/config.h; then - xchacha20=1 -else - xchacha20=0 -fi diff --git a/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.post b/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.post index 54337df67d55..9537d9e821a4 100644 --- a/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.post +++ b/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.post @@ -8,10 +8,5 @@ PRE="../.." . ../common.sh -# Check if we can run the test. -. ./precheck.sh - kill_pid $FWD_PID -if [ $xchacha20 -ne 0 ]; then - kill_pid $UNBOUND_PID -fi +kill_pid $UNBOUND_PID diff --git a/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.pre b/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.pre index c77290a8ab7d..4534fdf47f63 100644 --- a/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.pre +++ b/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.pre @@ -7,8 +7,17 @@ PRE="../.." . ../common.sh -# Check if we can run the test. -. ./precheck.sh +# if no dnscrypt; exit +if grep "define USE_DNSCRYPT 1" $PRE/config.h; then + echo "have dnscrypt" +else + skip_test "no dnscrypt" +fi +if grep "define USE_DNSCRYPT_XCHACHA20 1" $PRE/config.h; then + echo "have XChacha20 support" +else + skip_test "no XChacha20 support" +fi get_random_port 3 UNBOUND_PORT=$RND_PORT @@ -34,10 +43,5 @@ echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test cat .tpkg.var.test wait_ldns_testns_up fwd.log -if [ $xchacha20 -eq 0 ]; then - # no xchacha20 support, we expect unbound to exit with an error message. - wait_server_up unbound.log "Certificate for XChacha20 but libsodium does not support it" -else - wait_unbound_up unbound.log -fi +wait_unbound_up unbound.log diff --git a/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.test b/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.test index 4ef6942be6fb..2db073ad6a40 100644 --- a/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.test +++ b/testdata/dnscrypt_cert_chacha.tdir/dnscrypt_cert_chacha.test @@ -6,17 +6,9 @@ PRE="../.." . ../common.sh -# Check if we can run the test. -. ./precheck.sh # do the test -if [ $xchacha20 -eq 0 ]; then - # Unbound would exit before we can attempt any tests. - echo "OK" - exit 0 -fi - # Query plain request over DNSCrypt channel get closed # We use TCP to avoid hanging on waiting for UDP. # We expect `outfile` to contain no DNS payload @@ -104,7 +96,7 @@ do echo "> check answer" grep -F 'DNSC\000\002\000\000\1716\226\255*\244\002L\177g\025_\127tR\151\246R\203\178\153\248\006\137\"\138\173|G/,\160\152\015\010\172\184\220`\175\217\255,\162\018\178-d\007\246k0\003I[\205w\026)\204B\002\161\010\245\243W\191\189Z\216\210x\025\204\247\173\227t\138\018\162~\152\253\211\031z\\\002m5\008\254\2244\246\243W\191\189Z\216\210Y\160\2158Y\160\2158u\210\219\184' outfile cert_found=$? - if [ \( $cert_found -eq 0 -a $xchacha20 -eq 1 \) -o \( $cert_found -ne 0 -a $xchacha20 -eq 0 \) ]; then + if [ \( $cert_found -eq 0 \) ]; then echo "OK" else echo "Not OK" diff --git a/testdata/dnscrypt_cert_chacha.tdir/precheck.sh b/testdata/dnscrypt_cert_chacha.tdir/precheck.sh deleted file mode 100644 index 00fa4bc76067..000000000000 --- a/testdata/dnscrypt_cert_chacha.tdir/precheck.sh +++ /dev/null @@ -1,16 +0,0 @@ -# dnscrypt precheck.sh - -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - -# if no xchacha20 support in unbound; exit -if grep "define USE_DNSCRYPT_XCHACHA20 1" $PRE/config.h; then - xchacha20=1 -else - xchacha20=0 -fi diff --git a/testdata/dnstap.tdir/dnstap.post b/testdata/dnstap.tdir/dnstap.post index 6744b4b618ce..6d5e9d50d044 100644 --- a/testdata/dnstap.tdir/dnstap.post +++ b/testdata/dnstap.tdir/dnstap.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill $UNBOUND_PID diff --git a/testdata/dnstap.tdir/dnstap.pre b/testdata/dnstap.tdir/dnstap.pre index 6561d77e98a2..0f2e0231df58 100644 --- a/testdata/dnstap.tdir/dnstap.pre +++ b/testdata/dnstap.tdir/dnstap.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 3 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnstap.tdir/dnstap.test b/testdata/dnstap.tdir/dnstap.test index fbf8565ffcac..3a2dcc5e13f0 100644 --- a/testdata/dnstap.tdir/dnstap.test +++ b/testdata/dnstap.tdir/dnstap.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # test if the server is up. echo "> dig www.example.com." diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post index 0056a20d9506..44b8e6b9722b 100644 --- a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill $UNBOUND_PID diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.pre b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.pre index a1aba4f35c5d..df031ac0138b 100644 --- a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.pre +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 3 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.test b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.test index 94679bc66e78..8f28bc1094b6 100644 --- a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.test +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # test if the server is up. echo "> dig www.example.com." diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.post b/testdata/dnstap_tcp.tdir/dnstap_tcp.post index 8aad21e19b6a..f9a52edf6b80 100644 --- a/testdata/dnstap_tcp.tdir/dnstap_tcp.post +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill $UNBOUND_PID diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.pre b/testdata/dnstap_tcp.tdir/dnstap_tcp.pre index 3006603c5648..aea781de95c7 100644 --- a/testdata/dnstap_tcp.tdir/dnstap_tcp.pre +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 4 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnstap_tcp.tdir/dnstap_tcp.test b/testdata/dnstap_tcp.tdir/dnstap_tcp.test index d57eecfdbb94..c9aef3e78e97 100644 --- a/testdata/dnstap_tcp.tdir/dnstap_tcp.test +++ b/testdata/dnstap_tcp.tdir/dnstap_tcp.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # test if the server is up. echo "> dig www.example.com." diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.post b/testdata/dnstap_tls.tdir/dnstap_tls.post index fe1824a063d8..8adfb1a024dd 100644 --- a/testdata/dnstap_tls.tdir/dnstap_tls.post +++ b/testdata/dnstap_tls.tdir/dnstap_tls.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill $UNBOUND_PID diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.pre b/testdata/dnstap_tls.tdir/dnstap_tls.pre index 1df914873541..7a20ec2dd4ba 100644 --- a/testdata/dnstap_tls.tdir/dnstap_tls.pre +++ b/testdata/dnstap_tls.tdir/dnstap_tls.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 4 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnstap_tls.tdir/dnstap_tls.test b/testdata/dnstap_tls.tdir/dnstap_tls.test index f9a2bf00d7fd..3a0bf10f09f7 100644 --- a/testdata/dnstap_tls.tdir/dnstap_tls.test +++ b/testdata/dnstap_tls.tdir/dnstap_tls.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # test if the server is up. echo "> dig www.example.com." diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.post b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.post index d71eb28ae113..aa0dfbfa4994 100644 --- a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.post +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill $UNBOUND_PID diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.pre b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.pre index eff7074d0b1e..f077965e0c9e 100644 --- a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.pre +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 4 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.test b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.test index 0b85f64accbc..b4d944a0f9ad 100644 --- a/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.test +++ b/testdata/dnstap_tls_badcert.tdir/dnstap_tls_badcert.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # test if the server is up. echo "> dig www.example.com." diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.post b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.post index 59f05b81d936..553aa2f873d7 100644 --- a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.post +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill $UNBOUND_PID diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.pre b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.pre index 0ffee6081619..6a4a480b6385 100644 --- a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.pre +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 4 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.test b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.test index 248d8f222531..907392f6d580 100644 --- a/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.test +++ b/testdata/dnstap_tls_badname.tdir/dnstap_tls_badname.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # test if the server is up. echo "> dig www.example.com." diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.post b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.post index 83df2a72ec79..2ef2ac36f99a 100644 --- a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.post +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill $UNBOUND_PID diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.pre b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.pre index a035181cec0f..80a5cd61b6eb 100644 --- a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.pre +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 4 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.test b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.test index 5b9cce0a4c47..842c8190ee94 100644 --- a/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.test +++ b/testdata/dnstap_tls_clientauth.tdir/dnstap_tls_clientauth.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # test if the server is up. echo "> dig www.example.com." diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.post b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.post index 3ca63ada4ee3..733a36ea91d0 100644 --- a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.post +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill $UNBOUND_PID diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.pre b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.pre index 25b838d8bfb0..50f9853d4833 100644 --- a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.pre +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 4 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.test b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.test index 03bcbadfd093..b5a6adfc3226 100644 --- a/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.test +++ b/testdata/dnstap_tls_peername.tdir/dnstap_tls_peername.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # test if the server is up. echo "> dig www.example.com." diff --git a/testdata/doh_downstream.tdir/doh_downstream.post b/testdata/doh_downstream.tdir/doh_downstream.post index 0e3c00b05531..67972a7f0c45 100644 --- a/testdata/doh_downstream.tdir/doh_downstream.post +++ b/testdata/doh_downstream.tdir/doh_downstream.post @@ -6,7 +6,6 @@ # # do your teardown here PRE="../.." -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi . ../common.sh kill_pid $FWD_PID kill_pid $UNBOUND_PID diff --git a/testdata/doh_downstream.tdir/doh_downstream.pre b/testdata/doh_downstream.tdir/doh_downstream.pre index 29bb805a16cc..22072544042b 100644 --- a/testdata/doh_downstream.tdir/doh_downstream.pre +++ b/testdata/doh_downstream.tdir/doh_downstream.pre @@ -6,7 +6,7 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 2 UNBOUND_PORT=$RND_PORT diff --git a/testdata/doh_downstream.tdir/doh_downstream.test b/testdata/doh_downstream.tdir/doh_downstream.test index d66168fbaab5..78e2e84eb3c4 100644 --- a/testdata/doh_downstream.tdir/doh_downstream.test +++ b/testdata/doh_downstream.tdir/doh_downstream.test @@ -6,7 +6,6 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi get_make (cd $PRE; $MAKE dohclient) diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post index 881970a77c0c..f15ebe555a2c 100644 --- a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post @@ -6,7 +6,6 @@ # # do your teardown here PRE="../.." -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi . ../common.sh kill_pid $UNBOUND_PID cat unbound.log diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre index a58780ab315a..ff68a46777f1 100644 --- a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre @@ -6,7 +6,7 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 1 UNBOUND_PORT=$RND_PORT diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test index 78c46081d39b..bbeb9eb2b65f 100644 --- a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test @@ -6,7 +6,6 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi get_make (cd $PRE; $MAKE dohclient) diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post index dcdf8627e076..f15ebe555a2c 100644 --- a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post @@ -7,6 +7,5 @@ # do your teardown here PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $UNBOUND_PID cat unbound.log diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre index cd0d11fd4b3d..dd7acc290da3 100644 --- a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre @@ -6,7 +6,7 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 1 UNBOUND_PORT=$RND_PORT echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test index 2a6954cab645..d788e366700c 100644 --- a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test @@ -6,7 +6,6 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi get_make (cd $PRE; $MAKE dohclient) diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post index 3ceaeade8f8d..9fb51b6d343a 100644 --- a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post @@ -6,7 +6,6 @@ # # do your teardown here PRE="../.." -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi . ../common.sh kill_pid $FWD_PID kill_pid $UNBOUND_PID diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre index e1f30a575a81..9c7233d64906 100644 --- a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre @@ -6,7 +6,7 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 2 UNBOUND_PORT=$RND_PORT diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test index 87ff560d3eae..040285e8fd3a 100644 --- a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test @@ -6,7 +6,6 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi get_make (cd $PRE; $MAKE dohclient) diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.post b/testdata/doh_downstream_post.tdir/doh_downstream_post.post index 98034a32c439..2f8f5a8e0be8 100644 --- a/testdata/doh_downstream_post.tdir/doh_downstream_post.post +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.post @@ -7,7 +7,6 @@ # do your teardown here PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $FWD_PID kill_pid $UNBOUND_PID cat unbound.log diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.pre b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre index 34df83d4b4d2..a8ecd344b2db 100644 --- a/testdata/doh_downstream_post.tdir/doh_downstream_post.pre +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre @@ -6,7 +6,7 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 2 UNBOUND_PORT=$RND_PORT FWD_PORT=$(($RND_PORT + 1)) diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.test b/testdata/doh_downstream_post.tdir/doh_downstream_post.test index 6442d1e12751..d6a512ae324e 100644 --- a/testdata/doh_downstream_post.tdir/doh_downstream_post.test +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.test @@ -6,7 +6,6 @@ PRE="../.." . ../common.sh -if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi get_make (cd $PRE; $MAKE dohclient) diff --git a/testdata/dynlibmod.tdir/dynlibmod.post b/testdata/dynlibmod.tdir/dynlibmod.post index caa0da4f5161..99a4268a7cf4 100644 --- a/testdata/dynlibmod.tdir/dynlibmod.post +++ b/testdata/dynlibmod.tdir/dynlibmod.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $FWD_PID kill $UNBOUND_PID kill $UNBOUND_PID >/dev/null 2>&1 diff --git a/testdata/dynlibmod.tdir/dynlibmod.pre b/testdata/dynlibmod.tdir/dynlibmod.pre index 94adaa72332d..fbf229b8b10c 100644 --- a/testdata/dynlibmod.tdir/dynlibmod.pre +++ b/testdata/dynlibmod.tdir/dynlibmod.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 3 UNBOUND_PORT=$RND_PORT diff --git a/testdata/dynlibmod.tdir/dynlibmod.test b/testdata/dynlibmod.tdir/dynlibmod.test index f99f6fbc4e8b..2954acaff4f8 100644 --- a/testdata/dynlibmod.tdir/dynlibmod.test +++ b/testdata/dynlibmod.tdir/dynlibmod.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # compile the dynamic library module if grep "define USE_WINSOCK 1" $PRE/config.h; then diff --git a/testdata/ede.tdir/bogus/clean.sh b/testdata/ede.tdir/bogus/clean.sh deleted file mode 100755 index 54128f807217..000000000000 --- a/testdata/ede.tdir/bogus/clean.sh +++ /dev/null @@ -1 +0,0 @@ -rm -f K* piece1 base expired notyetincepted trust-anchors dnssec-failures.test.signed dnskey-failures.test.signed nsec-failures.test.signed rrsig-failures.test.signed diff --git a/testdata/ede.tdir/bogus/dnskey-failures.test.signed b/testdata/ede.tdir/bogus/dnskey-failures.test.signed new file mode 100644 index 000000000000..69bfde48b9f6 --- /dev/null +++ b/testdata/ede.tdir/bogus/dnskey-failures.test.signed @@ -0,0 +1,7 @@ +dnskey-failures.test. 3600 IN SOA ns.dnskey-failures.test. hostmaster.dnskey-failures.test. 1 14400 1800 2419200 300 +dnskey-failures.test. 3600 IN RRSIG SOA 13 2 3600 20010201000000 20001230000000 45928 dnskey-failures.test. NKixvGKa0WHSI8oE5THI1hjm5nExVkryUmW15VoNZ3pwqUYexGWLIlfuYsTaDE5GVEtPpSKbA+PlYDk19EsLNQ== +dnskey-failures.test. 3600 IN A 192.0.2.1 +dnskey-failures.test. 3600 IN RRSIG A 13 2 3600 20010201000000 20001230000000 45928 dnskey-failures.test. FCEvbVL3TkzO7jWeOz7E/A3Q64QkpegVazS4OL+ybxN2o8OzXdCJN3QbCGdFP26/Rbj089ThDCZ0+OormAk1dw== +dnskey-failures.test. 3600 IN RRSIG DNSKEY 13 2 3600 20010201000000 20001230000000 45928 dnskey-failures.test. pEjWVsJbFiQBvwNGV3v0nVirMJDOYKXqC4IX9dFuRTnoWSb95anvB08pgaZ1ie+thk6YC1fX2fUTRKRFr3vHnA== +dnskey-failures.test. 300 IN NSEC dnskey-failures.test. A SOA RRSIG NSEC DNSKEY +dnskey-failures.test. 300 IN RRSIG NSEC 13 2 300 20010201000000 20001230000000 45928 dnskey-failures.test. /vAazBDetA5+np+fE7V6f9W+faEQT3ETGueNNhFPjUsPF1dU9Gglu4PZ15fWOxsk0DPWHNmTMF70ZCGQJ2k+fw== diff --git a/testdata/ede.tdir/bogus/dnssec-failures.test.signed b/testdata/ede.tdir/bogus/dnssec-failures.test.signed new file mode 100644 index 000000000000..ed8f5d9d980b --- /dev/null +++ b/testdata/ede.tdir/bogus/dnssec-failures.test.signed @@ -0,0 +1,25 @@ +dnssec-failures.test. 3600 IN SOA ns.dnssec-failures.test. hostmaster.dnssec-failures.test. 1 14400 1800 2419200 300 +dnssec-failures.test. 3600 IN RRSIG SOA 13 2 3600 20010201000000 20001230000000 53876 dnssec-failures.test. K37BIR/jLR4tN1JtTx3MwzgozslvnFtwUquCSfiBykCcKIv6wErSI9Gnw/tjH0tXrLI1eoLa5oWkgtxy0KKybg== +dnssec-failures.test. 3600 IN NS ns.dnssec-failures.test. +dnssec-failures.test. 3600 IN RRSIG NS 13 2 3600 20010201000000 20001230000000 53876 dnssec-failures.test. JP6mYQORwnwwv+2q9UxpeeaVs5/171y3lyc1FKAY3FHmFqjd4Uo0byW8jgk/BrJyVkaDeZbjvuZq+BED0codpw== +dnssec-failures.test. 3600 IN DNSKEY 257 3 13 mx6xe39HZrYCpyC+9YmquHIf1WdWYaDqOfcpXg2Gtv5VJGS/WSO14txlUoKjYCldyRwcg9wT6JAwikpkzWS6UQ== ;{id = 53876 (ksk), size = 256b} +dnssec-failures.test. 3600 IN RRSIG DNSKEY 13 2 3600 20010201000000 20001230000000 53876 dnssec-failures.test. F760TrogHIBkenX7nGr6LEvocTcGAZamfAaiftIkwprBp21/LZ+qotGsFu9YWsxlGqB3KAINXYATjS6AEJfGEQ== +dnssec-failures.test. 300 IN NSEC expired.dnssec-failures.test. NS SOA RRSIG NSEC DNSKEY +dnssec-failures.test. 300 IN RRSIG NSEC 13 2 300 20010201000000 20001230000000 53876 dnssec-failures.test. Zk+RW0mbLSzwvSYuNQJhNdd4XmtQv47CiLtHbqOyS8/xt5Pt87T0v1UxnCkZAlA+VTEWbJkasq06ER1wMuTetA== +expired.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. UAhzOVumQZ2PVspwJS5NyOjZypIaQXfHMiXGEUYaZ161IfQdB3coBx2vF8MHdqbePOl6Z4oa51ltITMlBL+Stw== +missingrrsigs.dnssec-failures.test. 3600 IN TXT "Signatures missing" +missingrrsigs.dnssec-failures.test. 300 IN NSEC notyetincepted.dnssec-failures.test. TXT RRSIG NSEC +missingrrsigs.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. 4phKld6eMt4cxA4w6I1i29uAbdfbwFrkpRGLBWwerUgDbOdDwUm1de6t4QhBys7DtoZb3wIS+DLJYjBNbz7Sig== +notyetincepted.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. ix6Gg9uUZ0A56IQXbDJuBQ3vIm6QipuvzQTKd2wF6kZuEW/53wuy4ROBDIQ4IgnQD17vG8tJNeDOCfj0hh8+dQ== +ns.dnssec-failures.test. 3600 IN A 192.0.2.1 +ns.dnssec-failures.test. 3600 IN RRSIG A 13 3 3600 20010201000000 20001230000000 53876 dnssec-failures.test. PbcykgJEHG218vCkj9pD8W5JVqyCD9VRNOy3SHqCTvWGVAApasdZ7n5wzNVpHdKrqlTpyLwf6z6vv4NMYbEQdw== +ns.dnssec-failures.test. 300 IN NSEC sigsinvalid.dnssec-failures.test. A RRSIG NSEC +ns.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. SEO+C116gcmI0sY4lnIM4DQrUxqyaGIIqlvhxyGrzF9jJopRZB8gflQcYPy5qhIwGZJoEMB+SO4er4LCaS8NwA== +sigsinvalid.dnssec-failures.test. 3600 IN TXT "Signatures INVALID" +sigsinvalid.dnssec-failures.test. 3600 IN RRSIG TXT 13 3 3600 20010201000000 20001230000000 53876 dnssec-failures.test. 3XFjjPt+UyY4ZIj8PAINTtOTh7sk4OIAO5akFDQhqgB/Wv6f7dWdqvl8Y2RIqdh0WQz+nGPRMktS8exA3FKW4Q== +sigsinvalid.dnssec-failures.test. 300 IN NSEC dnssec-failures.test. TXT RRSIG NSEC +sigsinvalid.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. gmft6HYmqZalLwmdnuWBqJod3JD5fRoGqiwYXVFxySm2bHPvz8J9xSe7RdTSONXPUc+7mE8IHYff/gGW7gctqw== +expired.dnssec-failures.test. 3600 IN TXT "Expired" +expired.dnssec-failures.test. 3600 IN RRSIG TXT 13 3 3600 20001230000000 20001201000000 53876 dnssec-failures.test. 8zosYGmmGGcGcBuWaf3oL3TE/hpKDrddtm7ZQGndjmqkZ8CVg6RwFb+8YLqcG5du3Si0rmTuZId+qBOV/pnViA== +notyetincepted.dnssec-failures.test. 3600 IN TXT "Not yet incepted" +notyetincepted.dnssec-failures.test. 3600 IN RRSIG TXT 13 3 3600 20010201000000 20010103000000 53876 dnssec-failures.test. lmk0+oEdnnKa1oujIsMeimuElrKvrUSlBknsfSNqOo07VxJxT2R4qkKc95oiEmeSWHcVTOrXxEhtl4kAAactPg== diff --git a/testdata/ede.tdir/bogus/make-broken-zone.sh b/testdata/ede.tdir/bogus/make-broken-zone.sh index 67b4fcfb2d84..f93df3978a6f 100755 --- a/testdata/ede.tdir/bogus/make-broken-zone.sh +++ b/testdata/ede.tdir/bogus/make-broken-zone.sh @@ -1,21 +1,28 @@ #!/usr/bin/env bash -# create oudated zones -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnssec-failures.test` -echo $CSK +# This script was used to generate the broken signed zones used for testing. -echo ". IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d" | \ - cat $CSK.ds - > bogus/trust-anchors +# Override the current date; it is used in Unbound's configuration also. +NOW=20010101 # differentiate for MacOS with "gdate" DATE=date which gdate > /dev/null 2>&1 && DATE=gdate -ONEMONTHAGO=`$DATE -d 'now - 1 month' +%Y%m%d` -YESTERDAY=`$DATE -d 'now - 2 days' +%Y%m%d` -TOMORROW=`$DATE -d 'now + 2 days' +%Y%m%d` +ONEMONTHAGO=`$DATE -d "$NOW - 1 month" +%Y%m%d` +ONEMONTH=`$DATE -d "$NOW + 1 month" +%Y%m%d` +YESTERDAY=`$DATE -d "$NOW - 2 days" +%Y%m%d` +TOMORROW=`$DATE -d "$NOW + 2 days" +%Y%m%d` + +# Root trust anchor +echo ". IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d" > bogus/trust-anchors + +# create oudated zones +CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnssec-failures.test` +echo $CSK +cat $CSK.ds >> bogus/trust-anchors -ldns-signzone -i $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ +ldns-signzone -i $YESTERDAY -e $ONEMONTH -f - bogus/dnssec-failures.test $CSK | \ grep -v '^missingrrsigs\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' | \ sed 's/Signatures invalid/Signatures INVALID/g' | \ grep -v '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' | \ @@ -25,7 +32,7 @@ ldns-signzone -i $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ ldns-signzone -i $ONEMONTHAGO -e $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ grep -v '[ ]NSEC[ ]' | \ grep '^expired\.dnssec-failures\.test\..*IN.*TXT' > expired -ldns-signzone -i $TOMORROW -f - bogus/dnssec-failures.test $CSK | \ +ldns-signzone -i $TOMORROW -e $ONEMONTH -f - bogus/dnssec-failures.test $CSK | \ grep -v '[ ]NSEC[ ]' | \ grep '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' > notyetincepted @@ -33,34 +40,35 @@ cat base expired notyetincepted > bogus/dnssec-failures.test.signed # cleanup old zone keys rm -f $CSK.* + # create zone with DNSKEY missing CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnskey-failures.test` echo $CSK cat $CSK.ds >> bogus/trust-anchors -ldns-signzone -f tmp.signed bogus/dnskey-failures.test $CSK +ldns-signzone -i $YESTERDAY -e $ONEMONTH -f tmp.signed bogus/dnskey-failures.test $CSK grep -v ' DNSKEY ' tmp.signed > bogus/dnskey-failures.test.signed - # cleanup old zone keys rm -f $CSK.* + # create zone with NSEC missing CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom nsec-failures.test` echo $CSK cat $CSK.ds >> bogus/trust-anchors -ldns-signzone -f tmp.signed bogus/nsec-failures.test $CSK +ldns-signzone -i $YESTERDAY -e $ONEMONTH -f tmp.signed bogus/nsec-failures.test $CSK grep -v ' NSEC ' tmp.signed > bogus/nsec-failures.test.signed - # cleanup old zone keys rm -f $CSK.* + # create zone with RRSIGs missing CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom rrsig-failures.test` echo $CSK cat $CSK.ds >> bogus/trust-anchors -ldns-signzone -f tmp.signed bogus/rrsig-failures.test $CSK +ldns-signzone -i $YESTERDAY -e $ONEMONTH -f tmp.signed bogus/rrsig-failures.test $CSK grep -v ' RRSIG ' tmp.signed > bogus/rrsig-failures.test.signed # cleanup diff --git a/testdata/ede.tdir/bogus/nsec-failures.test.signed b/testdata/ede.tdir/bogus/nsec-failures.test.signed new file mode 100644 index 000000000000..b631386137c3 --- /dev/null +++ b/testdata/ede.tdir/bogus/nsec-failures.test.signed @@ -0,0 +1,7 @@ +nsec-failures.test. 3600 IN SOA ns.nsec-failures.test. hostmaster.nsec-failures.test. 1 14400 1800 2419200 300 +nsec-failures.test. 3600 IN RRSIG SOA 13 2 3600 20010201000000 20001230000000 12342 nsec-failures.test. ZdnRF2uI0IDJsHTXsd4TclX9gUEkxjp19LykHuI3DaCKe3bY8uTETta8i73hlKWJWeRjmgQojIsi9tBlivOwjQ== +nsec-failures.test. 3600 IN A 192.0.2.1 +nsec-failures.test. 3600 IN RRSIG A 13 2 3600 20010201000000 20001230000000 12342 nsec-failures.test. /JccCtWkuQgSF81gv6DPsxaicmlJoGAhVpCpR4JGgVz3tZMhIp+iXUGeI+CkBofw9G/MK66Hk937JRmMh9UTvQ== +nsec-failures.test. 3600 IN DNSKEY 257 3 13 41tJnzHY0o3WKid0ZsIo6S5SJdC1JiW0H/KizsAD2phHdi1AIDiBclL+nG2lKvPjMoX2hcMfd8h9DfU99HR3kg== ;{id = 12342 (ksk), size = 256b} +nsec-failures.test. 3600 IN RRSIG DNSKEY 13 2 3600 20010201000000 20001230000000 12342 nsec-failures.test. Y23xTzxdqQBjFsWLlqCRgPKT7raPcP0lAy2tR8trW5+vUAhBePXdVixp4AjoxEqXsLLalAtnJnc4QgH7+HO6PA== +nsec-failures.test. 300 IN RRSIG NSEC 13 2 300 20010201000000 20001230000000 12342 nsec-failures.test. KfpncqGIzIPNB2ExkH22/z0jAPmq8jTTjDkLte29iKqR9t3bSZlcS0MQ2QB7Z6tgks8fo7Zpc9+BvaDq7Y6ONg== diff --git a/testdata/ede.tdir/bogus/rrsig-failures.test.signed b/testdata/ede.tdir/bogus/rrsig-failures.test.signed new file mode 100644 index 000000000000..222bdc0c6d9a --- /dev/null +++ b/testdata/ede.tdir/bogus/rrsig-failures.test.signed @@ -0,0 +1,4 @@ +rrsig-failures.test. 3600 IN SOA ns.rrsig-failures.test. hostmaster.rrsig-failures.test. 1 14400 1800 2419200 300 +rrsig-failures.test. 3600 IN A 192.0.2.1 +rrsig-failures.test. 3600 IN DNSKEY 257 3 13 rIMJ4/qnOb91GuxKzAYiCdPNdEtUhyt+mi1Jz+NPP0rJQdGOhXr37LpctEiKK4isabCXcwYlVtFdDPopa4RufA== ;{id = 13838 (ksk), size = 256b} +rrsig-failures.test. 300 IN NSEC rrsig-failures.test. A SOA RRSIG NSEC DNSKEY diff --git a/testdata/ede.tdir/bogus/trust-anchors b/testdata/ede.tdir/bogus/trust-anchors new file mode 100644 index 000000000000..bd20c8702e54 --- /dev/null +++ b/testdata/ede.tdir/bogus/trust-anchors @@ -0,0 +1,5 @@ +. IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d +dnssec-failures.test. IN DS 53876 13 2 e0207223d847e0d8f3bd2afcf887f727178777a94563b94e1d0be8ca2f070d9a +dnskey-failures.test. IN DS 45928 13 2 9295d5c0d9296599809ce968f994a974d4da7752266ee124ead4ce980c006c20 +nsec-failures.test. IN DS 12342 13 2 b0a994fe4ff12a706b2a47a794601b254a8d28e040832ad6e39e96dbf7736ca2 +rrsig-failures.test. IN DS 13838 13 2 b083d59d2e7ac370e1103bc5ada2a921e4e65745ea8550350b6fcb57eba9f917 diff --git a/testdata/ede.tdir/ede.conf b/testdata/ede.tdir/ede.conf index 13730d42f2c5..639899d13049 100644 --- a/testdata/ede.tdir/ede.conf +++ b/testdata/ede.tdir/ede.conf @@ -11,6 +11,7 @@ server: val-log-level: 2 trust-anchor-file: "bogus/trust-anchors" + val-override-date: "20010101020202" module-config: "respip validator iterator" diff --git a/testdata/ede.tdir/ede.pre b/testdata/ede.tdir/ede.pre index e5a0667b0e02..57e15cc5a619 100644 --- a/testdata/ede.tdir/ede.pre +++ b/testdata/ede.tdir/ede.pre @@ -4,7 +4,9 @@ # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." . ../common.sh + get_random_port 2 UNBOUND_PORT=$RND_PORT UNBOUND_PORT2=$(($RND_PORT + 1)) @@ -16,11 +18,7 @@ sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < ede.conf > temp.conf sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < temp.conf > ub.conf sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < ede-auth.conf > ub2.conf -# create broken dnssec zone -bogus/make-broken-zone.sh - # start unbound in the background -PRE="../.." $PRE/unbound -d -c ub.conf > unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test @@ -30,8 +28,6 @@ $PRE/unbound -d -c ub2.conf > unbound2.log 2>&1 & UNBOUND_PID2=$! echo "UNBOUND_PID2=$UNBOUND_PID2" >> .tpkg.var.test - cat .tpkg.var.test wait_unbound_up unbound.log wait_unbound_up unbound2.log - diff --git a/testdata/fetch_glue.rpl b/testdata/fetch_glue.rpl index 3e9f64f8d1b0..8860d85b0612 100644 --- a/testdata/fetch_glue.rpl +++ b/testdata/fetch_glue.rpl @@ -176,36 +176,7 @@ SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END -; due to ordering of answer packets, this is still outstanding, remove it -STEP 21 CHECK_OUT_QUERY -ENTRY_BEGIN -ADJUST copy_id -MATCH qname qtype -REPLY QR -SECTION QUESTION -ns.example.com IN AAAA -ENTRY_END - -; some more recursion needed. -; to finish the NS query -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -. IN NS -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION AUTHORITY -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END +; let (possible) outstanding queries finish resolving +STEP 21 TRAFFIC SCENARIO_END diff --git a/testdata/fetch_glue_cname.rpl b/testdata/fetch_glue_cname.rpl index 4a86afa50f65..64f00fb20b5f 100644 --- a/testdata/fetch_glue_cname.rpl +++ b/testdata/fetch_glue_cname.rpl @@ -155,7 +155,7 @@ ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id -REPLY QR NOERROR +REPLY QR AA NOERROR SECTION QUESTION ns.example.com. IN AAAA SECTION AUTHORITY @@ -188,36 +188,7 @@ SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 ENTRY_END -; due to ordering of answer packets, this is still outstanding, remove it -STEP 21 CHECK_OUT_QUERY -ENTRY_BEGIN -ADJUST copy_id -MATCH qname qtype -REPLY QR -SECTION QUESTION -ns.example.com IN AAAA -ENTRY_END - -; some more recursion needed. -; to finish the NS query -STEP 40 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -. IN NS -ENTRY_END - -STEP 41 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION AUTHORITY -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END +; let (possible) outstanding queries finish resolving +STEP 21 TRAFFIC SCENARIO_END diff --git a/testdata/fwd_ancil.tdir/fwd_ancil.post b/testdata/fwd_ancil.tdir/fwd_ancil.post index 6578151af737..c11bd44cd8a0 100644 --- a/testdata/fwd_ancil.tdir/fwd_ancil.post +++ b/testdata/fwd_ancil.tdir/fwd_ancil.post @@ -6,11 +6,6 @@ # # do your teardown here . ../common.sh -if test `hostname`"" = "dicht.nlnetlabs.nl"; then - echo "In jail, no ::1, skip test" - exit 0 -fi - kill_pid $FWD_PID if fgrep "service stopped" unbound.log; then exit 0 diff --git a/testdata/fwd_ancil.tdir/fwd_ancil.pre b/testdata/fwd_ancil.tdir/fwd_ancil.pre index e1ce37a7fcca..6c0fb7a0b234 100644 --- a/testdata/fwd_ancil.tdir/fwd_ancil.pre +++ b/testdata/fwd_ancil.tdir/fwd_ancil.pre @@ -6,8 +6,7 @@ . ../common.sh if test `hostname`"" = "dicht.nlnetlabs.nl"; then - echo "In jail, no ::1, skip test" - exit 0 + skip_test "In jail, no ::1, skip test" fi get_random_port 2 @@ -38,7 +37,6 @@ wait_ldns_testns_up fwd.log # string 'Start of service' in log. wait_server_up_or_fail unbound.log "start of service" "disable interface-automatic" if fgrep "disable interface-automatic" unbound.log; then - echo "skip test" - exit 1 + skip_test "skip test" fi diff --git a/testdata/fwd_ancil.tdir/fwd_ancil.test b/testdata/fwd_ancil.tdir/fwd_ancil.test index b90360fb8b4d..8da4754ce0ac 100644 --- a/testdata/fwd_ancil.tdir/fwd_ancil.test +++ b/testdata/fwd_ancil.tdir/fwd_ancil.test @@ -7,11 +7,6 @@ PRE="../.." . ../common.sh -if test `hostname`"" = "dicht.nlnetlabs.nl"; then - echo "In jail, no ::1, skip test" - exit 0 -fi - if fgrep "disable interface-automatic" unbound.log; then echo "skip test" exit 0 diff --git a/testdata/ipset.tdir/ipset.post b/testdata/ipset.tdir/ipset.post index 7af512a4d374..4c4c17b13029 100644 --- a/testdata/ipset.tdir/ipset.post +++ b/testdata/ipset.tdir/ipset.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_IPSET 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $FWD_PID kill_pid $UNBOUND_PID cat unbound.log diff --git a/testdata/ipset.tdir/ipset.pre b/testdata/ipset.tdir/ipset.pre index ee1aedc70937..42c94fac45e0 100644 --- a/testdata/ipset.tdir/ipset.pre +++ b/testdata/ipset.tdir/ipset.pre @@ -7,7 +7,7 @@ . ../common.sh PRE="../.." -if grep "define USE_IPSET 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_IPSET 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 2 UNBOUND_PORT=$RND_PORT diff --git a/testdata/ipset.tdir/ipset.test b/testdata/ipset.tdir/ipset.test index 9150e5e3f0bf..4dab457bab90 100644 --- a/testdata/ipset.tdir/ipset.test +++ b/testdata/ipset.tdir/ipset.test @@ -6,7 +6,6 @@ . ../common.sh PRE="../.." -if grep "define USE_IPSET 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi # Make all the queries. They need to succeed by the way. echo "> dig www.example.net." diff --git a/testdata/iter_auth_tc.rpl b/testdata/iter_auth_tc.rpl new file mode 100644 index 000000000000..4178077249bd --- /dev/null +++ b/testdata/iter_auth_tc.rpl @@ -0,0 +1,138 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authoritative response with erroneous TC flag + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +; erroneous TC flag here +REPLY QR TC NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_emptydp_for_glue.rpl b/testdata/iter_emptydp_for_glue.rpl index 2e7db65e1402..68fad6f15c6c 100644 --- a/testdata/iter_emptydp_for_glue.rpl +++ b/testdata/iter_emptydp_for_glue.rpl @@ -164,11 +164,11 @@ a.gtld-servers.net. IN A 192.5.6.30 ENTRY_END ENTRY_BEGIN -MATCH opcode qname +MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION -ns.example.org. IN A +example.org. IN A SECTION AUTHORITY example.org. NS ns.example.net. example.org. NS ns.example.org. diff --git a/testdata/iter_recurse.rpl b/testdata/iter_recurse.rpl index 181af11079f5..be50b4af8c26 100644 --- a/testdata/iter_recurse.rpl +++ b/testdata/iter_recurse.rpl @@ -216,14 +216,7 @@ example.com. IN NS ns.example.net. ;ns.example.net IN A 1.2.3.44 ENTRY_END -; due to ordering of answer packets, this is still outstanding, remove it -STEP 21 CHECK_OUT_QUERY -ENTRY_BEGIN -ADJUST copy_id -MATCH qname qtype -REPLY QR -SECTION QUESTION -ns.example.net IN AAAA -ENTRY_END +; let (possible) outstanding queries finish resolving +STEP 21 TRAFFIC SCENARIO_END diff --git a/testdata/nss_compile.tdir/nss_compile.dsc b/testdata/nss_compile.tdir/nss_compile.dsc index 6c59d245fa41..a719a260d0e4 100644 --- a/testdata/nss_compile.tdir/nss_compile.dsc +++ b/testdata/nss_compile.tdir/nss_compile.dsc @@ -8,7 +8,7 @@ Component: CmdDepends: Depends: Help: -Pre: +Pre: nss_compile.pre Post: Test: nss_compile.test AuxFiles: diff --git a/testdata/nss_compile.tdir/nss_compile.pre b/testdata/nss_compile.tdir/nss_compile.pre new file mode 100644 index 000000000000..313f603839e3 --- /dev/null +++ b/testdata/nss_compile.tdir/nss_compile.pre @@ -0,0 +1,13 @@ +# #-- nss_compile.pre --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +if test "`hostname`" = "open.nlnetlabs.nl"; then + echo "on open, continue test" +else + skip_test "not on open, no test, do this explicitly" +fi +exit 0 diff --git a/testdata/nss_compile.tdir/nss_compile.test b/testdata/nss_compile.tdir/nss_compile.test index 82b194668fd9..73afd6401f64 100644 --- a/testdata/nss_compile.tdir/nss_compile.test +++ b/testdata/nss_compile.tdir/nss_compile.test @@ -4,13 +4,6 @@ # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test -if test "`hostname`" = "open.nlnetlabs.nl"; then - echo "on open, continue test" -else - echo "not on open, no test, do this explicitly" - exit 0 -fi - . ../common.sh get_make PRE="../.." diff --git a/testdata/padding.tdir/padding.post b/testdata/padding.tdir/padding.post index 826798a8f4f8..9121ccf257eb 100644 --- a/testdata/padding.tdir/padding.post +++ b/testdata/padding.tdir/padding.post @@ -7,7 +7,6 @@ # do your teardown here . ../common.sh PRE="../.." -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi kill_pid $DNSTAP_SOCKET_PID kill_pid $FWD_PID kill_pid `cat unbound2.pid` diff --git a/testdata/padding.tdir/padding.pre b/testdata/padding.tdir/padding.pre index 4a13d0229b11..fdb6386be4d8 100644 --- a/testdata/padding.tdir/padding.pre +++ b/testdata/padding.tdir/padding.pre @@ -6,7 +6,7 @@ PRE="../.." . ../common.sh -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi get_random_port 5 UNBOUND_PORT=$RND_PORT diff --git a/testdata/padding.tdir/padding.test b/testdata/padding.tdir/padding.test index 5111d8139ca9..6161a49ae25d 100644 --- a/testdata/padding.tdir/padding.test +++ b/testdata/padding.tdir/padding.test @@ -8,7 +8,6 @@ echo There we go... PRE="../.." . ../common.sh -if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi echo "> query www.example.com. A" dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.conf b/testdata/proxy_protocol.tdir/proxy_protocol.conf new file mode 100644 index 000000000000..c5fa0ab332ff --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.conf @@ -0,0 +1,34 @@ +server: + verbosity: 5 + num-threads: 1 + interface: 127.0.0.1@@PORT@ + interface: 127.0.0.1@@PROXYPORT@ + interface: 127.0.0.1@@PROXYTLSPORT@ + interface: @INTERFACE_ALLOW_ADDR@@@PORT@ + interface: @INTERFACE_ALLOW_ADDR@@@PROXYPORT@ + interface: @INTERFACE_ALLOW_ADDR@@@PROXYTLSPORT@ + interface: @INTERFACE_REFUSE_ADDR@@@PORT@ + interface: @INTERFACE_REFUSE_ADDR@@@PROXYPORT@ + interface: @INTERFACE_REFUSE_ADDR@@@PROXYTLSPORT@ + proxy-protocol-port: @PROXYPORT@ + proxy-protocol-port: @PROXYTLSPORT@ + tls-port: @PROXYTLSPORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + + # 127.0.0.0/8 is allowed by default. + access-control: @CLIENT_ADDR_ALLOW@/32 allow + access-control: @CLIENT_ADDR_REFUSE@/32 refuse + access-control: @CLIENT_ADDR_ALLOW6@/128 allow + access-control: @CLIENT_ADDR_REFUSE6@/128 refuse + access-control: @INTERFACE_ALLOW_ADDR@/32 allow + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.dsc b/testdata/proxy_protocol.tdir/proxy_protocol.dsc new file mode 100644 index 000000000000..34155f0350d9 --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.dsc @@ -0,0 +1,16 @@ +BaseName: proxy_protocol +Version: 1.0 +Description: Test proxy protocol +CreationDate: Mon Mar 14 16:17:00 CET 2022 +Maintainer: Yorgos Thessalonikefs +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: proxy_protocol.pre +Post: proxy_protocol.post +Test: proxy_protocol.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.post b/testdata/proxy_protocol.tdir/proxy_protocol.post new file mode 100644 index 000000000000..cbf56bbd924c --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.post @@ -0,0 +1,12 @@ +# #-- proxy_protocol.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log +exit 0 diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.pre b/testdata/proxy_protocol.tdir/proxy_protocol.pre new file mode 100644 index 000000000000..01cf357f53b7 --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.pre @@ -0,0 +1,66 @@ +# #-- proxy_protocol.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +# This test uses the unshare utility +if test ! -x "`which unshare 2>&1`"; then + skip_test "no unshare (from util-linux package) available, skip test" +fi + +get_make +(cd $PRE; $MAKE streamtcp) + +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +PROXY_PORT=$(($RND_PORT + 2)) +PROXY_TLS_PORT=$(($RND_PORT + 3)) + +INTERFACE_ALLOW=eth123 +INTERFACE_ALLOW_ADDR=10.1.2.3 +INTERFACE_REFUSE=eth234 +INTERFACE_REFUSE_ADDR=10.2.3.4 + +CLIENT_ADDR_ALLOW=1.2.3.4 +CLIENT_ADDR_ALLOW6=2001:db8::cafe:cafe +CLIENT_ADDR_REFUSE=5.6.7.8 +CLIENT_ADDR_REFUSE6=2001:db8::dead:beef + +# make config file +sed \ + -e 's/@PORT\@/'$UNBOUND_PORT'/' \ + -e 's/@TOPORT\@/'$FWD_PORT'/' \ + -e 's/@PROXYPORT\@/'$PROXY_PORT'/' \ + -e 's/@PROXYTLSPORT\@/'$PROXY_TLS_PORT'/' \ + -e 's/@INTERFACE_ALLOW_ADDR\@/'$INTERFACE_ALLOW_ADDR'/' \ + -e 's/@INTERFACE_REFUSE_ADDR\@/'$INTERFACE_REFUSE_ADDR'/' \ + -e 's/@CLIENT_ADDR_ALLOW\@/'$CLIENT_ADDR_ALLOW'/' \ + -e 's/@CLIENT_ADDR_ALLOW6\@/'$CLIENT_ADDR_ALLOW6'/' \ + -e 's/@CLIENT_ADDR_REFUSE\@/'$CLIENT_ADDR_REFUSE'/' \ + -e 's/@CLIENT_ADDR_REFUSE6\@/'$CLIENT_ADDR_REFUSE6'/' \ + < proxy_protocol.conf > ub.conf + +if test -x "`which bash`"; then + shell="bash" +else + shell="sh" +fi + +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test +echo "PROXY_TLS_PORT=$PROXY_TLS_PORT" >> .tpkg.var.test +echo "INTERFACE_ALLOW=$INTERFACE_ALLOW" >> .tpkg.var.test +echo "INTERFACE_ALLOW_ADDR=$INTERFACE_ALLOW_ADDR" >> .tpkg.var.test +echo "INTERFACE_REFUSE=$INTERFACE_REFUSE" >> .tpkg.var.test +echo "INTERFACE_REFUSE_ADDR=$INTERFACE_REFUSE_ADDR" >> .tpkg.var.test +echo "CLIENT_ADDR_ALLOW=$CLIENT_ADDR_ALLOW" >> .tpkg.var.test +echo "CLIENT_ADDR_ALLOW6=$CLIENT_ADDR_ALLOW6" >> .tpkg.var.test +echo "CLIENT_ADDR_REFUSE=$CLIENT_ADDR_REFUSE" >> .tpkg.var.test +echo "CLIENT_ADDR_REFUSE6=$CLIENT_ADDR_REFUSE6" >> .tpkg.var.test +echo "shell=$shell" >> .tpkg.var.test diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.test b/testdata/proxy_protocol.tdir/proxy_protocol.test new file mode 100644 index 000000000000..3f65e293267d --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.test @@ -0,0 +1,12 @@ +# #-- proxy_protocol.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +# Run the scenario in an unshared namespace +unshare -rUn $shell proxy_protocol.test.scenario +exit $? diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.test.scenario b/testdata/proxy_protocol.tdir/proxy_protocol.test.scenario new file mode 100644 index 000000000000..0b8fe6efad22 --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.test.scenario @@ -0,0 +1,193 @@ +# #-- proxy_protocol.test.scenario --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +ip addr add 127.0.0.1 dev lo +ip link set lo up + +ip link add $INTERFACE_ALLOW type dummy +ip addr add $INTERFACE_ALLOW_ADDR dev $INTERFACE_ALLOW +ip link set $INTERFACE_ALLOW up + +ip link add $INTERFACE_REFUSE type dummy +ip addr add $INTERFACE_REFUSE_ADDR dev $INTERFACE_REFUSE +ip link set $INTERFACE_REFUSE up + +# start forwarder in the background +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT proxy_protocol.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + +# call streamtcp and check return value +do_streamtcp () { + $PRE/streamtcp $* A IN >outfile 2>&1 + if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 + fi +} + +send_query () { + server=$1 + client=$2 + prot=$3 + query=$4 + echo -n "> query $query to $server" + port=$UNBOUND_PORT + if test ! -z "$client"; then + port=$PROXY_PORT + fi + case $prot in + -u) + echo -n " (over UDP)" + ;; + -s) + echo -n " (over TLS)" + port=$PROXY_TLS_PORT + ;; + *) + echo -n " (over TCP)" + esac + if test ! -z "$client"; then + echo -n " ($client proxied)" + fi + echo + do_streamtcp $prot -f $server@$port $client $query + #cat outfile +} + +expect_answer () { + #query=$1 + #answer=$2 + if grep "$query" outfile | grep "$answer"; then + echo "content OK" + echo + else + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 + fi +} + +expect_refuse () { + if grep "rcode: REFUSE" outfile; then + echo "content OK" + echo + else + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 + fi +} + +# Start the test + +# Query without PROXYv2 +# Client localhost +# Expect the result back +server=127.0.0.1 +client="" +query="two.example.net." +answer="2.2.2.2" +for prot in "-u" ""; do + send_query "$server" "$client" "$prot" "$query" + expect_answer +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_ALLOW should be allowed +# Expect the result back +server=127.0.0.1 +client="-p $CLIENT_ADDR_ALLOW@1234" +query="one.example.net." +answer="1.1.1.1" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_answer +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_ALLOW6 should be allowed +# Expect the result back +server=127.0.0.1 +client="-p $CLIENT_ADDR_ALLOW6@1234" +query="one.example.net." +answer="1.1.1.1" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_answer +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_REFUSE should be refused +# Expect the REFUSE back +server=127.0.0.1 +client="-p $CLIENT_ADDR_REFUSE" +query="one.example.net." +answer="" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_refuse +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_REFUSE6 should be refused +# Expect the REFUSE back +server=127.0.0.1 +client="-p $CLIENT_ADDR_REFUSE6" +query="one.example.net." +answer="" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_refuse +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be allowed +# Expect the result back +server=$INTERFACE_ALLOW_ADDR +client="-p $CLIENT_ADDR_ALLOW@1234" +query="one.example.net." +answer="1.1.1.1" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_answer +done + +# Query with PROXYv2 +# Client $CLIENT_ADDR_ALLOW should be allowed; proxy source address should be refused +# Expect the REFUSE back +server=$INTERFACE_REFUSE_ADDR +client="-p $CLIENT_ADDR_ALLOW@1234" +query="one.example.net." +answer="" +for prot in "-u" "" "-s"; do + send_query "$server" "$client" "$prot" "$query" + expect_refuse +done + +echo "OK" +exit 0 + diff --git a/testdata/proxy_protocol.tdir/proxy_protocol.testns b/testdata/proxy_protocol.tdir/proxy_protocol.testns new file mode 100644 index 000000000000..176bc936a260 --- /dev/null +++ b/testdata/proxy_protocol.tdir/proxy_protocol.testns @@ -0,0 +1,23 @@ +; nameserver test file +$ORIGIN example.net. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR RD RA NOERROR +ADJUST copy_id +SECTION QUESTION +one IN A +SECTION ANSWER +one IN A 1.1.1.1 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR RD RA NOERROR +ADJUST copy_id +SECTION QUESTION +two IN A +SECTION ANSWER +two IN A 2.2.2.2 +ENTRY_END diff --git a/testdata/proxy_protocol.tdir/unbound_server.key b/testdata/proxy_protocol.tdir/unbound_server.key new file mode 100644 index 000000000000..370a7bbb2f22 --- /dev/null +++ b/testdata/proxy_protocol.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/proxy_protocol.tdir/unbound_server.pem b/testdata/proxy_protocol.tdir/unbound_server.pem new file mode 100644 index 000000000000..986807310f2b --- /dev/null +++ b/testdata/proxy_protocol.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/pylib.tdir/pylib.post b/testdata/pylib.tdir/pylib.post index 875e06d0ae34..8dbde8d2efd6 100644 --- a/testdata/pylib.tdir/pylib.post +++ b/testdata/pylib.tdir/pylib.post @@ -8,13 +8,6 @@ PRE="../.." . ../common.sh -# if no python; exit -if grep "define WITH_PYUNBOUND 1" $PRE/config.h; then - echo "have pyunbound" -else - echo "no pyunbound" - exit 0 -fi # kill fwder kill_pid $FWD_PID diff --git a/testdata/pylib.tdir/pylib.pre b/testdata/pylib.tdir/pylib.pre index 30e0059064ab..3a74b6019c3d 100644 --- a/testdata/pylib.tdir/pylib.pre +++ b/testdata/pylib.tdir/pylib.pre @@ -10,8 +10,7 @@ PRE="../.." if grep "define WITH_PYUNBOUND 1" $PRE/config.h; then echo "have pyunbound" else - echo "no pyunbound" - exit 0 + skip_test "no pyunbound" fi # Copy the required libraries diff --git a/testdata/pylib.tdir/pylib.test b/testdata/pylib.tdir/pylib.test index 59f996459c17..a583daba4727 100644 --- a/testdata/pylib.tdir/pylib.test +++ b/testdata/pylib.tdir/pylib.test @@ -5,13 +5,6 @@ [ -f .tpkg.var.test ] && source .tpkg.var.test PRE="../.." -if grep "define WITH_PYUNBOUND 1" $PRE/config.h; then - echo "have pyunbound" -else - echo "no pyunbound" - exit 0 -fi - if test "`uname 2>&1`" = "Darwin"; then echo export DYLD_LIBRARY_PATH="$DYLD_LIBRARY_PATH:../../.libs" export DYLD_LIBRARY_PATH="$DYLD_LIBRARY_PATH:../../.libs" diff --git a/testdata/pymod.tdir/pymod.post b/testdata/pymod.tdir/pymod.post index 368d285edab2..5449ad47438b 100644 --- a/testdata/pymod.tdir/pymod.post +++ b/testdata/pymod.tdir/pymod.post @@ -8,13 +8,6 @@ PRE="../.." . ../common.sh -# if no python; exit -if grep "define WITH_PYTHONMODULE 1" $PRE/config.h; then - echo "have python module" -else - echo "no python module" - exit 0 -fi kill_pid $FWD_PID kill_pid $UNBOUND_PID diff --git a/testdata/pymod.tdir/pymod.pre b/testdata/pymod.tdir/pymod.pre index 9029a8742337..f845d6f979f2 100644 --- a/testdata/pymod.tdir/pymod.pre +++ b/testdata/pymod.tdir/pymod.pre @@ -10,8 +10,7 @@ PRE="../.." if grep "define WITH_PYTHONMODULE 1" $PRE/config.h; then echo "have python module" else - echo "no python module" - exit 0 + skip_test "no python module" fi # get module python local cp $PRE/pythonmod/unboundmodule.py . diff --git a/testdata/pymod.tdir/pymod.test b/testdata/pymod.tdir/pymod.test index 43bf6e65f87f..5ea87282b6f7 100644 --- a/testdata/pymod.tdir/pymod.test +++ b/testdata/pymod.tdir/pymod.test @@ -5,12 +5,6 @@ [ -f .tpkg.var.test ] && source .tpkg.var.test PRE="../.." -if grep "define WITH_PYTHONMODULE 1" $PRE/config.h; then - echo "have python module" -else - echo "no python module" - exit 0 -fi if test "`uname 2>&1`" = "Darwin"; then ldnsdir=`grep ldnsdir= ../../Makefile | sed -e 's/ldnsdir=//'` diff --git a/testdata/pymod_thread.tdir/pymod_thread.post b/testdata/pymod_thread.tdir/pymod_thread.post index e9b307548ba7..b438958b26e3 100644 --- a/testdata/pymod_thread.tdir/pymod_thread.post +++ b/testdata/pymod_thread.tdir/pymod_thread.post @@ -8,13 +8,6 @@ PRE="../.." . ../common.sh -# if no python; exit -if grep "define WITH_PYTHONMODULE 1" $PRE/config.h; then - echo "have python module" -else - echo "no python module" - exit 0 -fi kill_pid $FWD_PID kill_pid $UNBOUND_PID diff --git a/testdata/pymod_thread.tdir/pymod_thread.pre b/testdata/pymod_thread.tdir/pymod_thread.pre index c16362a0b3fb..79fdc0375ad4 100644 --- a/testdata/pymod_thread.tdir/pymod_thread.pre +++ b/testdata/pymod_thread.tdir/pymod_thread.pre @@ -10,8 +10,7 @@ PRE="../.." if grep "define WITH_PYTHONMODULE 1" $PRE/config.h; then echo "have python module" else - echo "no python module" - exit 0 + skip_test "no python module" fi # get module python local cp $PRE/pythonmod/unboundmodule.py . diff --git a/testdata/pymod_thread.tdir/pymod_thread.test b/testdata/pymod_thread.tdir/pymod_thread.test index c6baa01be842..7c55d19ab49e 100644 --- a/testdata/pymod_thread.tdir/pymod_thread.test +++ b/testdata/pymod_thread.tdir/pymod_thread.test @@ -5,12 +5,6 @@ [ -f .tpkg.var.test ] && source .tpkg.var.test PRE="../.." -if grep "define WITH_PYTHONMODULE 1" $PRE/config.h; then - echo "have python module" -else - echo "no python module" - exit 0 -fi if test "`uname 2>&1`" = "Darwin"; then ldnsdir=`grep ldnsdir= ../../Makefile | sed -e 's/ldnsdir=//'` diff --git a/testdata/root_anchor.tdir/root_anchor.dsc b/testdata/root_anchor.tdir/root_anchor.dsc index daf231da58de..2ea179e89103 100644 --- a/testdata/root_anchor.tdir/root_anchor.dsc +++ b/testdata/root_anchor.tdir/root_anchor.dsc @@ -8,7 +8,7 @@ Component: CmdDepends: Depends: Help: -Pre: +Pre: root_anchor.pre Post: Test: root_anchor.test AuxFiles: diff --git a/testdata/root_anchor.tdir/root_anchor.pre b/testdata/root_anchor.tdir/root_anchor.pre new file mode 100644 index 000000000000..0357646cdd5a --- /dev/null +++ b/testdata/root_anchor.tdir/root_anchor.pre @@ -0,0 +1,11 @@ +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +# only do this test if the network is up. +if dig @k.root-servers.net . SOA 2>&1 | grep NOERROR ; then + : +else + skip_test "network is not up" +fi diff --git a/testdata/root_anchor.tdir/root_anchor.test b/testdata/root_anchor.tdir/root_anchor.test index f75dadf67871..bbff028beb58 100644 --- a/testdata/root_anchor.tdir/root_anchor.test +++ b/testdata/root_anchor.tdir/root_anchor.test @@ -5,15 +5,6 @@ PRE="../.." -# only do this test if the network is up. -echo "is the net up?" -if dig @k.root-servers.net . SOA 2>&1 | grep NOERROR ; then - echo yes -else - echo no - exit 0 -fi - # test that unbound-anchor, its builtin DNSKEY, works. # so the https is disabled (go to 127.0.0.1@10099). $PRE/unbound-anchor -u "127.0.0.1" -P 10099 -a test.ds -v diff --git a/testdata/root_hints.tdir/root_hints.dsc b/testdata/root_hints.tdir/root_hints.dsc index 5576fbaf942a..c01f29074029 100644 --- a/testdata/root_hints.tdir/root_hints.dsc +++ b/testdata/root_hints.tdir/root_hints.dsc @@ -8,7 +8,7 @@ Component: CmdDepends: Depends: Help: -Pre: +Pre: root_hints.pre Post: Test: root_hints.test AuxFiles: diff --git a/testdata/root_hints.tdir/root_hints.pre b/testdata/root_hints.tdir/root_hints.pre new file mode 100644 index 000000000000..a756693121ab --- /dev/null +++ b/testdata/root_hints.tdir/root_hints.pre @@ -0,0 +1,11 @@ +# #-- root_hints.pre --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +# dig 9 ? +digv=`dig -v 2>&1 | wc -l` +if test $digv -ne 1; then + skip_test "Dig too old. skip test" +fi diff --git a/testdata/root_hints.tdir/root_hints.test b/testdata/root_hints.tdir/root_hints.test index 6ae4ec7f4677..a5c1dc195390 100644 --- a/testdata/root_hints.tdir/root_hints.test +++ b/testdata/root_hints.tdir/root_hints.test @@ -1,4 +1,4 @@ -# #-- 06-ianaports.test --# +# #-- root_hints.test --# # source the master var file when it's there [ -f ../.tpkg.var.master ] && source ../.tpkg.var.master # use .tpkg.var.test for in test variable passing @@ -6,13 +6,6 @@ PRE="../.." -# dig 9 ? -digv=`dig -v 2>&1 | wc -l` -if test $digv -ne 1; then - echo "Dig too old. skip test" - exit 0 -fi - eval `grep ^srcdir= $PRE/Makefile` echo "srcdir="$srcdir diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.conf b/testdata/stub_auth_tc.tdir/stub_auth_tc.conf new file mode 100644 index 000000000000..b74942799001 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.conf @@ -0,0 +1,16 @@ +server: + verbosity: 4 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + +stub-zone: + name: "example.com" + stub-addr: "127.0.0.1@@TOPORT@" + diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.dsc b/testdata/stub_auth_tc.tdir/stub_auth_tc.dsc new file mode 100644 index 000000000000..1f71961f1d15 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.dsc @@ -0,0 +1,16 @@ +BaseName: stub_auth_tc +Version: 1.0 +Description: Authority reply with erroneous TC in TCP +CreationDate: Mon Oct 3 09:11:32 CEST 2022 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: stub_auth_tc.pre +Post: stub_auth_tc.post +Test: stub_auth_tc.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.post b/testdata/stub_auth_tc.tdir/stub_auth_tc.post new file mode 100644 index 000000000000..907a885e4653 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.post @@ -0,0 +1,11 @@ +# #-- stub_auth_tc.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID + diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.pre b/testdata/stub_auth_tc.tdir/stub_auth_tc.pre new file mode 100644 index 000000000000..2f7e317bc315 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.pre @@ -0,0 +1,31 @@ +# #-- stub_auth_tc.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT stub_auth_tc.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < stub_auth_tc.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.test b/testdata/stub_auth_tc.tdir/stub_auth_tc.test new file mode 100644 index 000000000000..7b7440274a60 --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.test @@ -0,0 +1,26 @@ +# #-- stub_auth_tc.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +# do the test +echo "> dig www.example.com." +dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> check answer" +if grep "SERVFAIL" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi +if grep "flags:" outfile | grep " tc "; then + echo "Not OK, TC flag in output" + exit 1 +fi + +exit 0 diff --git a/testdata/stub_auth_tc.tdir/stub_auth_tc.testns b/testdata/stub_auth_tc.tdir/stub_auth_tc.testns new file mode 100644 index 000000000000..f2829add418d --- /dev/null +++ b/testdata/stub_auth_tc.tdir/stub_auth_tc.testns @@ -0,0 +1,26 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname UDP +REPLY QR AA TC NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname TCP +; erroneous TC flag here. +REPLY QR AA TC NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +www IN A 10.20.30.41 +www IN A 10.20.30.42 +ENTRY_END diff --git a/testdata/subnet_scopezero.crpl b/testdata/subnet_scopezero.crpl new file mode 100644 index 000000000000..e0065142265a --- /dev/null +++ b/testdata/subnet_scopezero.crpl @@ -0,0 +1,439 @@ +; scope of 0, if the query also had scope of 0, do not answer this +; to everyone, but only for scope 0 queries. Otherwise can answer cached. + +server: + target-fetch-policy: "0 0 0 0 0" + send-client-subnet: 1.2.3.4 + module-config: "subnetcache validator iterator" + verbosity: 4 + qname-minimisation: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test subnet cache with scope zero queries and responses. + +; the upstream server. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ;; we expect to receive empty +HEX_EDNSDATA_END +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 11 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;copy_ednsdata_assume_clientsubnet +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 00 00 ; address +HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +RANGE_BEGIN 20 31 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;copy_ednsdata_assume_clientsubnet +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.41 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 01 00 ; address +HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +RANGE_BEGIN 40 51 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;copy_ednsdata_assume_clientsubnet +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.42 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 ; OPC + 00 04 ; option length + 00 01 ; Family + 00 00 ; source mask, scopemask + ; address 0.0.0.0/0 scope 0 +HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +RANGE_BEGIN 120 131 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;copy_ednsdata_assume_clientsubnet +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.43 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 00 ; source mask, scopemask + 7f 02 00 ; address 127.2.0.0/24 scope 0 +HEX_EDNSDATA_END +ENTRY_END +RANGE_END + +; query for 127.0.0.0/24 +STEP 1 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 00 00 ;127.0.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer is 10.20.30.40 for 127.0.0.0/24 scope 17 +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 00 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 127.1.0.0/24 +STEP 20 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 01 00 ;127.1.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer is 10.20.30.41 for 127.1.0.0/24 scope 17 +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.41 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.1.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 01 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 0.0.0.0/0 +STEP 40 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 08 + + 00 08 00 04 ; OPC, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ;0.0.0.0/0 +HEX_ANSWER_END +ENTRY_END + +; answer is 10.20.30.42 for 0.0.0.0/0 scope 0 +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.42 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 ; OPC + 00 04 ; option length + 00 01 ; Family + 00 00 ; source mask, scopemask + ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 127.0.0.0/24, again, it should be in cache. +; and not from the scope 0 answer. +STEP 60 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 00 00 ;127.0.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer should be 10.20.30.40 for 127.0.0.0/24 scope 17 +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 00 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 127.1.0.0/24, again, it should be in cache. +STEP 80 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 01 00 ;127.1.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer should be 10.20.30.41 for 127.1.0.0/24 scope 17 +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.41 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.1.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 11 ; source mask, scopemask + 7f 01 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; query for 0.0.0.0/0, again. +STEP 100 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 08 + + 00 08 00 04 ; OPC, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ;0.0.0.0/0 +HEX_ANSWER_END +ENTRY_END + +; answer should be 10.20.30.42 for 0.0.0.0/0 scope 0 +STEP 110 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.42 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 ; OPC + 00 04 ; option length + 00 01 ; Family + 00 00 ; source mask, scopemask + ; address +HEX_EDNSDATA_END +ENTRY_END + +; now a query for a /24 that gets an answer for a /0. +STEP 120 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 02 00 ;127.2.0.0/24 +HEX_ANSWER_END +ENTRY_END + +; answer should be 10.20.30.43 for 127.2.0.0/24 scope 0 +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.43 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.2.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 00 ; source mask, scopemask + 7f 02 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +; the scope 0 answer is now used to answer queries from +; query for 127.0.0.0/24 +STEP 140 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 0b + + 00 08 00 07 ; OPC, optlen + 00 01 18 00 ; ip4, scope 24, source 0 + 7f 00 00 ;127.0.0.0/24 +HEX_ANSWER_END +ENTRY_END + +STEP 150 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.43 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ; client is 127.0.0.1 + 00 08 ; OPC + 00 07 ; option length + 00 01 ; Family + 18 00 ; source mask, scopemask + 7f 00 00 ; address +HEX_EDNSDATA_END +ENTRY_END + +SCENARIO_END |