diff --git a/bin/tests/system/Makefile.am b/bin/tests/system/Makefile.am index 530ca50053..2014f67ce7 100644 --- a/bin/tests/system/Makefile.am +++ b/bin/tests/system/Makefile.am @@ -71,6 +71,7 @@ TESTS = \ autosign \ builtin \ cacheclean \ + camp \ case \ catz \ cds \ diff --git a/bin/tests/system/camp/ns1/named.conf.in b/bin/tests/system/camp/ns1/named.conf.in new file mode 100644 index 0000000000..208a651b0c --- /dev/null +++ b/bin/tests/system/camp/ns1/named.conf.in @@ -0,0 +1,31 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS1 + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +zone "." { + type primary; + file "root.db"; +}; diff --git a/bin/tests/system/camp/ns1/root.db b/bin/tests/system/camp/ns1/root.db new file mode 100644 index 0000000000..64c8ac5910 --- /dev/null +++ b/bin/tests/system/camp/ns1/root.db @@ -0,0 +1,51 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +. IN SOA gson.nominum.com. a.root.servers.nil. ( + 2000042100 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +. NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 + +tld0. NS ns.tld0. +ns.tld0. A 10.53.0.2 + +tld1. NS ns.tld1. +ns.tld1. A 10.53.0.2 + +tld2. NS ns.tld2. +ns.tld2. A 10.53.0.2 + +tld3. NS ns.tld3. +ns.tld3. A 10.53.0.2 + +tld4. NS ns.tld4. +ns.tld4. A 10.53.0.2 + +tld5. NS ns.tld5. +ns.tld5. A 10.53.0.2 + +tld6. NS ns.tld6. +ns.tld6. A 10.53.0.2 + +tld7. NS ns.tld7. +ns.tld7. A 10.53.0.2 + +tld8. NS ns.tld8. +ns.tld8. A 10.53.0.2 + +tld9. NS ns.tld9. +ns.tld9. A 10.53.0.2 diff --git a/bin/tests/system/camp/ns2/named.conf.in b/bin/tests/system/camp/ns2/named.conf.in new file mode 100644 index 0000000000..52b20438a9 --- /dev/null +++ b/bin/tests/system/camp/ns2/named.conf.in @@ -0,0 +1,31 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS2 + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; + notify yes; +}; + +zone "tld0" { + type primary; + file "tld0.db"; +}; diff --git a/bin/tests/system/camp/ns2/setup.sh b/bin/tests/system/camp/ns2/setup.sh new file mode 100644 index 0000000000..d75a190e0d --- /dev/null +++ b/bin/tests/system/camp/ns2/setup.sh @@ -0,0 +1,57 @@ +#!/bin/sh -e + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# shellcheck source=conf.sh +. ../../conf.sh + +echo_i "ns2/setup.sh" + +cp template.db.in tld0.db +echo "final.tld0. IN NS ns.final.tld0." >>tld0.db +echo "ns.final.tld0. IN A 10.53.0.3" >>tld0.db + +DEPTH=5 + +tld=1 +while [ $tld -le $DEPTH ]; do + + cat >>"named.conf" <>tld${tld}.db + echo "ns.label${label}.tld${tld}. IN A 10.53.0.3" >>tld${tld}.db + echo "" >>tld${tld}.db + + label=$((label + 1)) + done + + tld=$((tld + 1)) +done + +goto=1 +tld=1 +while [ $goto -le $DEPTH ]; do + echo "goto${goto}.tld${tld}. IN NS ns.goto${goto}.tld${tld}." >>tld${tld}.db + echo "ns.goto${goto}.tld${tld}. IN A 10.53.0.3" >>tld${tld}.db + echo "" >>tld${tld}.db + + goto=$((goto + 1)) +done diff --git a/bin/tests/system/camp/ns2/template.db.in b/bin/tests/system/camp/ns2/template.db.in new file mode 100644 index 0000000000..278478e86c --- /dev/null +++ b/bin/tests/system/camp/ns2/template.db.in @@ -0,0 +1,26 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + + NS ns2 +ns2 A 10.53.0.2 + NS ns +ns A 10.53.0.2 + +; camp attack diff --git a/bin/tests/system/camp/ns3/named.conf.in b/bin/tests/system/camp/ns3/named.conf.in new file mode 100644 index 0000000000..958119bcae --- /dev/null +++ b/bin/tests/system/camp/ns3/named.conf.in @@ -0,0 +1,42 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS3 + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion yes; + dnssec-validation no; + + max-query-count 150; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "final.tld0" { + type primary; + file "final.tld0.db"; +}; diff --git a/bin/tests/system/camp/ns3/setup.sh b/bin/tests/system/camp/ns3/setup.sh new file mode 100644 index 0000000000..79d1f6cb9c --- /dev/null +++ b/bin/tests/system/camp/ns3/setup.sh @@ -0,0 +1,79 @@ +#!/bin/sh -e + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# shellcheck source=conf.sh +. ../../conf.sh + +echo_i "ns3/setup.sh" + +cp template.db.in final.tld0.db +echo "q.final.tld0. IN A 1.2.3.4" >>final.tld0.db + +DEPTH=5 + +tld=1 +while [ $tld -le $DEPTH ]; do + nexttld=$((tld + 1)) + + label=1 + while [ $label -le $DEPTH ]; do + nextlabel=$((label + 1)) + + cat >>"named.conf" <>label${label}.tld${tld}.db + elif [ $tld -eq $DEPTH ]; then + nextlabel=$((label + 1)) + echo "q.label${label}.tld${tld}. IN CNAME q.label${nextlabel}.tld1." >>label${label}.tld${tld}.db + else + echo "q.label${label}.tld${tld}. IN CNAME q.label${label}.tld${nexttld}." >>label${label}.tld${tld}.db + fi + + label=$nextlabel + done + + echo "" >>label${label}.tld${tld}.db + tld=$nexttld +done + +goto=1 +tld=1 +while [ $goto -le $DEPTH ]; do + nextgoto=$((goto + 1)) + + cat >>"named.conf" <>goto${goto}.tld${tld}.db + else + echo "q.goto${goto}.tld${tld}. IN CNAME q.goto${nextgoto}.tld${tld}." >>goto${goto}.tld${tld}.db + fi + + echo "" >>label${label}.tld${tld}.db + goto=$nextgoto +done diff --git a/bin/tests/system/camp/ns3/template.db.in b/bin/tests/system/camp/ns3/template.db.in new file mode 100644 index 0000000000..dc6bd9b045 --- /dev/null +++ b/bin/tests/system/camp/ns3/template.db.in @@ -0,0 +1,26 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + + NS ns + NS ns3 +ns A 10.53.0.3 +ns3 A 10.53.0.3 + +; camp attack diff --git a/bin/tests/system/camp/ns9/hints.db b/bin/tests/system/camp/ns9/hints.db new file mode 100644 index 0000000000..691e813076 --- /dev/null +++ b/bin/tests/system/camp/ns9/hints.db @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +. 60 IN NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 diff --git a/bin/tests/system/camp/ns9/named.conf.in b/bin/tests/system/camp/ns9/named.conf.in new file mode 100644 index 0000000000..89045ad092 --- /dev/null +++ b/bin/tests/system/camp/ns9/named.conf.in @@ -0,0 +1,41 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS9 + +options { + query-source address 10.53.0.9; + notify-source 10.53.0.9; + transfer-source 10.53.0.9; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.9; }; + listen-on-v6 { none; }; + recursion yes; + dnssec-validation no; + + max-recursion-queries 50; + max-query-restarts 50; + max-query-count 100; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +zone "." { type hint; file "hints.db"; }; diff --git a/bin/tests/system/camp/setup.sh b/bin/tests/system/camp/setup.sh new file mode 100644 index 0000000000..8d17ffc715 --- /dev/null +++ b/bin/tests/system/camp/setup.sh @@ -0,0 +1,32 @@ +#!/bin/sh -e + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# shellcheck source=conf.sh +. ../conf.sh + +set -e + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns3/named.conf.in ns3/named.conf +copy_setports ns9/named.conf.in ns9/named.conf + +( + cd ns3 + $SHELL setup.sh +) + +( + cd ns2 + $SHELL setup.sh +) diff --git a/bin/tests/system/camp/tests.sh b/bin/tests/system/camp/tests.sh new file mode 100755 index 0000000000..3f831f45ea --- /dev/null +++ b/bin/tests/system/camp/tests.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -e + +# shellcheck source=../conf.sh +. ../conf.sh + +dig_with_opts() { + "${DIG}" -p "${PORT}" "${@}" +} + +status=0 +n=0 + +n=$((n + 1)) +echo_i "checking max-query-count is in effect ($n)" +ret=0 +dig_with_opts q.label1.tld1. @10.53.0.9 a >dig.out.ns9.test${n} || ret=1 +grep "status: SERVFAIL" dig.out.ns9.test${n} >/dev/null || ret=1 +grep "exceeded global max queries resolving" ns9/named.run >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/camp/tests_sh_camp.py b/bin/tests/system/camp/tests_sh_camp.py new file mode 100644 index 0000000000..177a0f2ae7 --- /dev/null +++ b/bin/tests/system/camp/tests_sh_camp.py @@ -0,0 +1,25 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import pytest + +pytestmark = pytest.mark.extra_artifacts( + [ + "dig.out*", + "ans*/ans.run", + "ns*/*.jnl", + "ns*/*tld*.db", + ] +) + + +def test_camp(run_tests_sh): + run_tests_sh()