From 1069eb1969b87cea69b96ef201cca80b5699d8e4 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 30 Jul 2024 09:12:39 +0200 Subject: [PATCH] Rewrite stub system test to pytest --- bin/tests/system/stub/knowngood.dig.out.norec | 21 ---- bin/tests/system/stub/knowngood.dig.out.rec | 18 ---- bin/tests/system/stub/ns3/named.conf.in | 9 ++ bin/tests/system/stub/tests.sh | 100 ------------------ bin/tests/system/stub/tests_sh_stub.py | 24 ----- bin/tests/system/stub/tests_stub.py | 100 ++++++++++++++++++ 6 files changed, 109 insertions(+), 163 deletions(-) delete mode 100644 bin/tests/system/stub/knowngood.dig.out.norec delete mode 100644 bin/tests/system/stub/knowngood.dig.out.rec delete mode 100644 bin/tests/system/stub/tests.sh delete mode 100644 bin/tests/system/stub/tests_sh_stub.py create mode 100644 bin/tests/system/stub/tests_stub.py diff --git a/bin/tests/system/stub/knowngood.dig.out.norec b/bin/tests/system/stub/knowngood.dig.out.norec deleted file mode 100644 index ca0e458e8b..0000000000 --- a/bin/tests/system/stub/knowngood.dig.out.norec +++ /dev/null @@ -1,21 +0,0 @@ - -; <<>> DiG 8.2 <<>> -p @10.53.0.3 +norec data.child.example txt -; (1 server found) -;; res options: init defnam dnsrch -;; got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 216 -;; flags: qr ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 -;; QUERY SECTION: -;; data.child.example, type = TXT, class = IN - -;; AUTHORITY SECTION: -child.example. 5M IN NS ns2.child.example. - -;; ADDITIONAL SECTION: -ns2.child.example. 5M IN A 10.53.0.2 - -;; Total query time: 3 msec -;; FROM: draco to SERVER: 10.53.0.3 -;; WHEN: Wed Jun 21 10:58:37 2000 -;; MSG SIZE sent: 36 rcvd: 70 - diff --git a/bin/tests/system/stub/knowngood.dig.out.rec b/bin/tests/system/stub/knowngood.dig.out.rec deleted file mode 100644 index 8ea19680d7..0000000000 --- a/bin/tests/system/stub/knowngood.dig.out.rec +++ /dev/null @@ -1,18 +0,0 @@ - -; <<>> DiG 8.2 <<>> -p @10.53.0.3 data.child.example txt -; (1 server found) -;; res options: init recurs defnam dnsrch -;; got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 -;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 -;; QUERY SECTION: -;; data.child.example, type = TXT, class = IN - -;; ANSWER SECTION: -data.child.example. 5M IN TXT "some" "test" "data" - -;; Total query time: 8 msec -;; FROM: draco to SERVER: 10.53.0.3 -;; WHEN: Wed Jun 21 10:58:54 2000 -;; MSG SIZE sent: 36 rcvd: 97 - diff --git a/bin/tests/system/stub/ns3/named.conf.in b/bin/tests/system/stub/ns3/named.conf.in index a8e692f186..5f987e1393 100644 --- a/bin/tests/system/stub/ns3/named.conf.in +++ b/bin/tests/system/stub/ns3/named.conf.in @@ -25,6 +25,15 @@ options { minimal-responses no; }; +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + zone "." { type hint; file "../../_common/root.hint"; diff --git a/bin/tests/system/stub/tests.sh b/bin/tests/system/stub/tests.sh deleted file mode 100644 index 2311de973d..0000000000 --- a/bin/tests/system/stub/tests.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/sh - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -set -e - -. ../conf.sh - -DIGOPTS="+tcp -p ${PORT}" - -status=0 -echo_i "check that the stub zone has been saved to disk" -for i in 1 2 3 4 5 6 7 8 9 20; do - [ -f ns3/child.example.st ] && break - sleep 1 -done -[ -f ns3/child.example.st ] || { - status=1 - echo_i "failed" -} - -for pass in 1 2; do - - echo_i "trying an axfr that should be denied (NOTAUTH) (pass=$pass)" - ret=0 - $DIG $DIGOPTS child.example. @10.53.0.3 axfr >dig.out.ns3 || ret=1 - grep "; Transfer failed." dig.out.ns3 >/dev/null || ret=1 - [ $ret = 0 ] || { - status=1 - echo_i "failed" - } - - echo_i "look for stub zone data without recursion (should not be found) (pass=$pass)" - for i in 1 2 3 4 5 6 7 8 9; do - ret=0 - $DIG $DIGOPTS +norec data.child.example. \ - @10.53.0.3 txt >dig.out.ns3 || ret=1 - grep "status: NOERROR" dig.out.ns3 >/dev/null || ret=1 - [ $ret = 0 ] && break - sleep 1 - done - digcomp knowngood.dig.out.norec dig.out.ns3 || ret=1 - [ $ret = 0 ] || { - status=1 - echo_i "failed" - } - - echo_i "look for stub zone data with recursion (should be found) (pass=$pass)" - ret=0 - $DIG $DIGOPTS +noauth +noadd data.child.example. @10.53.0.3 txt >dig.out.ns3 || ret=1 - digcomp knowngood.dig.out.rec dig.out.ns3 || ret=1 - [ $ret = 0 ] || { - status=1 - echo_i "failed" - } - - [ $pass = 1 ] && { - echo_i "stopping stub server" - stop_server ns3 - - echo_i "re-starting stub server" - start_server --noclean --restart --port ${PORT} ns3 - } -done - -echo_i "check that glue record is correctly transferred from primary when minimal-responses is on" -ret=0 -# First ensure that zone data was transfered. -for i in 1 2 3 4 5 6 7; do - [ -f ns5/example.db ] && break - sleep 1 -done - -if [ -f ns5/example.db ]; then - # If NS glue wasn't transferred, this query would fail. - $DIG $DIGOPTS +nodnssec @10.53.0.5 target.example. txt >dig.out.ns5 || ret=1 - grep 'target\.example.*TXT.*"test"' dig.out.ns5 >/dev/null || ret=1 - # Ensure both ipv4 and ipv6 glue records were transferred. - grep -E 'ns4.example.[[:space:]]+300 IN A[[:space:]]+10.53.0.4' ns5/example.db >/dev/null || ret=1 - grep -E 'ns4.example.[[:space:]]+300 IN AAAA[[:space:]]+fd92:7065:b8e:ffff::4' ns5/example.db >/dev/null || ret=1 - [ $ret = 0 ] || { - status=1 - echo_i "failed" - } -else - status=1 - echo_i "failed: stub zone transfer failed ns4(primary) <---> ns5/example.db" -fi - -echo_i "exit status: $status" -[ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/stub/tests_sh_stub.py b/bin/tests/system/stub/tests_sh_stub.py deleted file mode 100644 index 7511f26bfa..0000000000 --- a/bin/tests/system/stub/tests_sh_stub.py +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -import pytest - -pytestmark = pytest.mark.extra_artifacts( - [ - "dig.out.*", - "ns3/child.example.st", - "ns5/example.db", - ] -) - - -def test_stub(run_tests_sh): - run_tests_sh() diff --git a/bin/tests/system/stub/tests_stub.py b/bin/tests/system/stub/tests_stub.py new file mode 100644 index 0000000000..a456a911ba --- /dev/null +++ b/bin/tests/system/stub/tests_stub.py @@ -0,0 +1,100 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + + +import os + +import dns.message +import pytest + +import isctest + +pytestmark = pytest.mark.extra_artifacts( + [ + "dig.out.*", + "ns3/child.example.st", + "ns5/example.db", + ] +) + + +def test_stub_zones_availability(servers): + # check that the stub zone has been saved to disk + assert os.path.exists("ns3/child.example.st") + + # try an AXFR that should be denied (NOTAUTH) + def axfr_denied(): + msg = dns.message.make_query("child.example.", "AXFR") + res = isctest.query.tcp(msg, "10.53.0.3") + isctest.check.notauth(res) + + # look for stub zone data without recursion (should not be found) + def stub_zone_lookout_without_recursion(): + # drop all flags (dns.flags.RD is set by default) + msg = dns.message.make_query("data.child.example.", "TXT") + msg.flags = 0 + res = isctest.query.tcp(msg, "10.53.0.3") + isctest.check.noerror(res) + assert not res.answer + assert res.authority[0] == dns.rrset.from_text( + "child.example.", "300", "IN", "NS", "ns2.child.example." + ) + assert res.additional[0] == dns.rrset.from_text( + "ns2.child.example.", "300", "IN", "A", "10.53.0.2" + ) + + # look for stub zone data with recursion (should be found) + def stub_zone_lookout_with_recursion(): + # dns.flags.RD is set by default + msg = dns.message.make_query("data.child.example.", "TXT") + res = isctest.query.tcp(msg, "10.53.0.3") + isctest.check.noerror(res) + assert res.answer[0] == dns.rrset.from_text( + "data.child.example.", "300", "IN", "TXT", '"some" "test" "data"' + ) + + axfr_denied() + stub_zone_lookout_without_recursion() + stub_zone_lookout_with_recursion() + + servers["ns3"].stop() + servers["ns3"].start(["--noclean", "--restart", "--port", os.environ["PORT"]]) + + axfr_denied() + stub_zone_lookout_without_recursion() + stub_zone_lookout_with_recursion() + + +# check that glue record is correctly transferred from primary when the "minimal-responses" option is on +def test_stub_glue_record_with_minimal_response(): + # ensure zone data were transfered + assert os.path.exists("ns5/example.db") + + # this query would fail if NS glue wasn't transferred + msg_txt = dns.message.make_query("target.example.", "TXT", want_dnssec=False) + res_txt = isctest.query.tcp(msg_txt, "10.53.0.5") + isctest.check.noerror(res_txt) + assert res_txt.answer[0] == dns.rrset.from_text( + "target.example.", "300", "IN", "TXT", '"test"' + ) + + # ensure both IPv4 and IPv6 glue records were transferred + msg_a = dns.message.make_query("ns4.example.", "A") + res_a = isctest.query.tcp(msg_a, "10.53.0.5") + assert res_a.answer[0] == dns.rrset.from_text( + "ns4.example.", "300", "IN", "A", "10.53.0.4" + ) + + msg_aaaa = dns.message.make_query("ns4.example.", "AAAA") + res_aaaa = isctest.query.tcp(msg_aaaa, "10.53.0.5") + assert res_aaaa.answer[0] == dns.rrset.from_text( + "ns4.example.", "300", "IN", "AAAA", "fd92:7065:b8e:ffff::4" + )