mirror of
https://github.com/isc-projects/bind9.git
synced 2026-04-15 22:09:31 -04:00
convert TAT tests to python
the trust-anchor-telemetry tests have been moved to a new python subtest, dnssec/tests_tat.py.
This commit is contained in:
Evan Hunt
parent
e1fa6f089b
commit
0fabb0fbb6
2 changed files with 61 additions and 48 deletions
|
|
@ -2510,54 +2510,6 @@ n=$((n + 1))
|
|||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "check that trust-anchor-telemetry queries are logged ($n)"
|
||||
ret=0
|
||||
grep "sending trust-anchor-telemetry query '_ta-[0-9a-f]*/NULL" ns6/named.run >/dev/null || ret=1
|
||||
n=$((n + 1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "check that _ta-XXXX trust-anchor-telemetry queries are logged ($n)"
|
||||
ret=0
|
||||
grep "trust-anchor-telemetry '_ta-[0-9a-f]*/IN' from" ns1/named.run >/dev/null || ret=1
|
||||
n=$((n + 1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "check that _ta-AAAA trust-anchor-telemetry are not sent when disabled ($n)"
|
||||
ret=0
|
||||
grep "sending trust-anchor-telemetry query '_ta-[0-9a-f]*/IN" ns1/named.run >/dev/null && ret=1
|
||||
n=$((n + 1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "check that KEY-TAG trust-anchor-telemetry queries are logged ($n)"
|
||||
ret=0
|
||||
dig_with_opts . dnskey +ednsopt=KEY-TAG:ffff @10.53.0.1 >dig.out.ns1.test$n || ret=1
|
||||
grep "trust-anchor-telemetry './IN' from .* 65535" ns1/named.run >/dev/null || ret=1
|
||||
n=$((n + 1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "check that multiple KEY-TAG trust-anchor-telemetry options don't leak memory ($n)"
|
||||
ret=0
|
||||
dig_with_opts . dnskey +ednsopt=KEY-TAG:fffe +ednsopt=KEY-TAG:fffd @10.53.0.1 >dig.out.ns1.test$n || ret=1
|
||||
grep "trust-anchor-telemetry './IN' from .* 65534" ns1/named.run >/dev/null || ret=1
|
||||
grep "trust-anchor-telemetry './IN' from .* 65533" ns1/named.run >/dev/null && ret=1
|
||||
stop_server ns1 || ret=1
|
||||
nextpart ns1/named.run >/dev/null
|
||||
start_server --noclean --restart --port ${PORT} ns1 || ret=1
|
||||
n=$(($n + 1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "waiting for root server to finish reloading ($n)"
|
||||
ret=0
|
||||
wait_for_log 20 "all zones loaded" ns1/named.run || ret=1
|
||||
n=$(($n + 1))
|
||||
test "$ret" -eq 0 || echo_i "failed"
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "check that the view is logged in messages from the validator when using views ($n)"
|
||||
ret=0
|
||||
grep "view rec: *validat" ns4/named.run >/dev/null || ret=1
|
||||
|
|
|
|||
61
bin/tests/system/dnssec/tests_tat.py
Normal file
61
bin/tests/system/dnssec/tests_tat.py
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
#
|
||||
# SPDX-License-Identifier: MPL-2.0
|
||||
#
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
#
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
import os
|
||||
import re
|
||||
|
||||
from dns import edns
|
||||
|
||||
import isctest
|
||||
|
||||
|
||||
def test_tat_queries(servers):
|
||||
ns1 = servers["ns1"]
|
||||
ns6 = servers["ns6"]
|
||||
|
||||
# check that trust-anchor-telemetry queries are logged
|
||||
with ns6.watch_log_from_start() as watcher:
|
||||
watcher.wait_for_line("sending trust-anchor-telemetry query '_ta-")
|
||||
|
||||
# check that _ta-XXXX trust-anchor-telemetry queries are logged
|
||||
with ns1.watch_log_from_start() as watcher:
|
||||
watcher.wait_for_line("trust-anchor-telemetry '_ta-")
|
||||
|
||||
# check that _ta-AAAA trust-anchor-telemetry are not sent when disabled
|
||||
ns1.log.prohibit("sending trust-anchor-telemetry query '_ta")
|
||||
|
||||
# check that KEY-TAG (ednsopt 14) trust-anchor-telemetry queries are
|
||||
# logged. this matches "dig . dnskey +ednsopt=KEY-TAG:ffff":
|
||||
msg = isctest.query.create(".", "DNSKEY")
|
||||
opt = edns.GenericOption(14, b"\xff\xff")
|
||||
msg.use_edns(edns=True, options=[opt])
|
||||
pattern = re.compile("trust-anchor-telemetry './IN' from .* 65535")
|
||||
with ns1.watch_log_from_here() as watcher:
|
||||
res = isctest.query.tcp(msg, "10.53.0.1")
|
||||
watcher.wait_for_line(pattern)
|
||||
|
||||
# check that multiple KEY-TAG trust-anchor-telemetry options don't
|
||||
# leak memory, by stopping and restarting the server (a memory leak
|
||||
# would trigger a core dump).
|
||||
msg = isctest.query.create(".", "DNSKEY")
|
||||
opt1 = edns.GenericOption(14, b"\xff\xff")
|
||||
opt2 = edns.GenericOption(14, b"\xff\xfe")
|
||||
msg.use_edns(edns=True, options=[opt2, opt1])
|
||||
pattern = re.compile("trust-anchor-telemetry './IN' from .* 65534")
|
||||
with ns1.watch_log_from_here() as watcher:
|
||||
res = isctest.query.tcp(msg, "10.53.0.1")
|
||||
isctest.check.noerror(res)
|
||||
watcher.wait_for_line(pattern)
|
||||
|
||||
ns1.stop()
|
||||
with ns1.watch_log_from_here() as watcher:
|
||||
ns1.start(["--noclean", "--restart", "--port", os.environ["PORT"]])
|
||||
watcher.wait_for_line("all zones loaded")
|
||||
Loading…
Reference in a new issue