Add a system test to verify listener transport change functionality

This commit adds a system test that helps to verify that changing a
listener transport by editing "listen-on" statements before
reconfiguration works as expected.

(cherry picked from commit 211f12ff85)

bin/tests/system/transport-change/clean.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f ./*/named.conf
+rm -f ./*/named.memstats
+rm -f ./*/named.run
+rm -f ./*/named.run.prev
+rm -f ./dig.out.*
+rm -f ./*/example.db
+rm -rf ./headers.*

bin/tests/system/transport-change/ns1/named-http-plain.conf.in

@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "../../_common/rndc.key";
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+tls self-signed {
+	cert-file "../self-signed-cert.pem";
+	key-file "../self-signed-key.pem";
+};
+
+options {
+	pid-file "named.pid";
+	##
+	# generic
+	listen-on port @PORT@ { 10.53.0.1; };
+	# test TLS
+	listen-on port @EXTRAPORT1@ tls none http default { 10.53.0.1; };
+	listen-on-v6 port @EXTRAPORT1@ tls none http default { fd92:7065:b8e:ffff::1; };
+	##
+	recursion no;
+	notify explicit;
+	statistics-file "named.stats";
+	dnssec-validation yes;
+	tcp-initial-timeout 1200;
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	allow-transfer { any; };
+};

bin/tests/system/transport-change/ns1/named-https.conf.in

@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "../../_common/rndc.key";
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+tls self-signed {
+	cert-file "../self-signed-cert.pem";
+	key-file "../self-signed-key.pem";
+};
+
+options {
+	pid-file "named.pid";
+	##
+	# generic
+	listen-on port @PORT@ { 10.53.0.1; };
+	# test TLS
+	listen-on port @EXTRAPORT1@ tls self-signed http default { 10.53.0.1; };
+	listen-on-v6 port @EXTRAPORT1@ tls self-signed http default { fd92:7065:b8e:ffff::1; };
+	##
+	recursion no;
+	notify explicit;
+	statistics-file "named.stats";
+	dnssec-validation yes;
+	tcp-initial-timeout 1200;
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	allow-transfer { any; };
+};

bin/tests/system/transport-change/ns1/named-tls.conf.in

@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "../../_common/rndc.key";
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+tls self-signed {
+	cert-file "../self-signed-cert.pem";
+	key-file "../self-signed-key.pem";
+};
+
+options {
+	pid-file "named.pid";
+	##
+	# generic
+	listen-on port @PORT@ { 10.53.0.1; };
+	# test TLS
+	listen-on port @EXTRAPORT1@ tls self-signed { 10.53.0.1; };
+	listen-on-v6 port @EXTRAPORT1@ tls self-signed { fd92:7065:b8e:ffff::1; };
+	##
+	recursion no;
+	notify explicit;
+	statistics-file "named.stats";
+	dnssec-validation yes;
+	tcp-initial-timeout 1200;
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	allow-transfer { any; };
+};

bin/tests/system/transport-change/ns1/named.conf.in

@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "../../_common/rndc.key";
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+tls self-signed {
+	cert-file "../self-signed-cert.pem";
+	key-file "../self-signed-key.pem";
+};
+
+options {
+	pid-file "named.pid";
+	##
+	# generic
+	listen-on port @PORT@ { 10.53.0.1; };
+	# test
+	listen-on port @EXTRAPORT1@ { 10.53.0.1; };
+	listen-on-v6 port @EXTRAPORT1@ { fd92:7065:b8e:ffff::1; };
+	##
+	recursion no;
+	notify explicit;
+	statistics-file "named.stats";
+	dnssec-validation yes;
+	tcp-initial-timeout 1200;
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	allow-transfer { any; };
+};

bin/tests/system/transport-change/prereq.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# shellcheck disable=SC1091
+. ../conf.sh
+
+$FEATURETEST --with-libnghttp2 || {
+  echo_i "This test requires libnghttp2 support." >&2
+  exit 255
+}
+
+exit 0

bin/tests/system/transport-change/self-signed-cert.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBqTCCAVCgAwIBAgIULBCxkDF3scu+KzMu4JWrS1MiD8gwCgYIKoZIzj0EAwIw
+FjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wIBcNMjQwMTEwMTQwOTAyWhgPMjA1MTA1
+MjgxNDA5MDJaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYI
+KoZIzj0DAQcDQgAEraleW8FCXwU72Iva/H2FRiY5yrnKOVG0wZ8UN8bghx2yyK+z
+EFaHS5buo5jEnWnweX2qrX4N9RWDii7nqfwjNaN6MHgwHQYDVR0OBBYEFEGCx9FF
+rNxaR7zTM74ksT4fDaGjMB8GA1UdIwQYMBaAFEGCx9FFrNxaR7zTM74ksT4fDaGj
+MA8GA1UdEwEB/wQFMAMBAf8wJQYDVR0RBB4wHIILZXhhbXBsZS5jb22CDSouZXhh
+bXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgL+cDL9EKz9YY3iR6/fZqjniXaiap
+lMfzbtesX1LVi04CIBOBW97oz4jQ1K4D1QN4aDJpit2LJWrEKHyLk4SPqZUS
+-----END CERTIFICATE-----

bin/tests/system/transport-change/self-signed-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg9uAMbwHDtsF9BDAu
+CafftgyXCZbbRy8aJpoo76B8iwWhRANCAAStqV5bwUJfBTvYi9r8fYVGJjnKuco5
+UbTBnxQ3xuCHHbLIr7MQVodLlu6jmMSdafB5faqtfg31FYOKLuep/CM1
+-----END PRIVATE KEY-----

bin/tests/system/transport-change/setup.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# shellcheck disable=SC1091
+. ../conf.sh
+
+$SHELL clean.sh
+
+$SHELL "${TOP_SRCDIR}"/bin/tests/system/genzone.sh 2 >ns1/example.db
+
+copy_setports ns1/named.conf.in ns1/named.conf

bin/tests/system/transport-change/tests.sh

@@ -0,0 +1,81 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+set -e
+
+# shellcheck disable=SC1091
+. ../conf.sh
+
+dig_out_basename="dig.out.test"
+testing="testing if the query is successfully completed"
+
+dig_with_opts() {
+  # shellcheck disable=SC2086
+  "$DIG" -p "${EXTRAPORT1}" +noadd +nosea +nostat +noquest +nocmd "$@" NS example
+}
+
+status=0
+n=0
+
+run_dig_test() {
+  test_message="$1"
+  shift
+  n=$((n + 1))
+  echo_i "$test_message ($n)"
+  dig_failed=0
+  dig_with_opts "$@" >"$dig_out_basename$n" || dig_failed=1
+}
+
+run_dig_test_expect_success() {
+  ret=0
+  run_dig_test "$@"
+  if [ $dig_failed != 0 ]; then
+    ret=1
+  elif ! [ -s "$dig_out_basename$n" ]; then
+    ret=1
+  fi
+  if [ $ret != 0 ]; then echo_i "failed"; fi
+  status=$((status + ret))
+}
+
+run_dig_multitest_expect_success() {
+  message="$1"
+  shift
+  run_dig_test_expect_success "$message (IPv4)" -b 10.53.0.10 @10.53.0.1 "$@"
+  run_dig_test_expect_success "$message (IPv6)" -b fd92:7065:b8e:ffff::10 @fd92:7065:b8e:ffff::1 "$@"
+}
+
+reconfig_server() {
+  message="$1"
+  shift
+  config_file="$1"
+  shift
+  echo_i "$message"
+  copy_setports "ns1/$config_file" "ns1/named.conf"
+  rndc_reconfig ns1 10.53.0.1
+}
+
+run_dig_multitest_expect_success "$testing: a UDP query over Do53"
+run_dig_multitest_expect_success "$testing: a TCP query over Do53" +tcp
+
+reconfig_server "reconfiguring the server to use TLS/DoT" named-tls.conf.in
+run_dig_multitest_expect_success "$testing: a query over TLS/DoT" +tls
+
+reconfig_server "reconfiguring the server to use HTTPS/DoH" named-https.conf.in
+run_dig_multitest_expect_success "$testing: a query over HTTPS/DoH" +https
+
+reconfig_server "reconfiguring the server to use plain HTTP/DoH" named-http-plain.conf.in
+run_dig_multitest_expect_success "$testing: a query over plain HTTP/DoH" +http-plain
+
+echo_i "exit status: $status"
+[ $status -eq 0 ] || exit 1

bin/tests/system/transport-change/tests_sh_transport_change.py

@@ -0,0 +1,14 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+
+def test_transport_change(run_tests_sh):
+    run_tests_sh()