Check zone transfer transports in the statistics channel

Add two more secondary zones to ns3 to be transferred from ns1, using its IPv6 address for which the 'tcp-only' is set to 'yes'. Check the statistics channel's incoming zone transfers information to confirm that the expected transports were used for each of the SOA query cases (UDP, TCP, TLS), and also for zone transfers (TCP, TLS).
2026-06-09 07:32:09 -04:00 · 2023-09-13 13:17:38 +00:00 · 2023-09-13 13:17:38 +00:00 · e92d1eeafc
commit e92d1eeafc
parent 8f4f82e018
7 changed files with 212 additions and 10 deletions
--- a/bin/tests/system/statschannel/clean.sh
+++ b/bin/tests/system/statschannel/clean.sh
@ -32,5 +32,5 @@ rm -f traffic traffic.out.* traffic.json.* traffic.xml.*
 rm -f xml.*mem json.*mem
 rm -f xml.*stats json.*stats
 rm -f zones zones.out.* zones.json.* zones.xml.* zones.expect.*
-rm -f xfrins xfrins.json.* xfrins.xml.*
+rm -f xfrins xfrins.*
 rm -rf ./__pycache__
--- a/bin/tests/system/statschannel/ns1/example-tcp.db
+++ b/bin/tests/system/statschannel/ns1/example-tcp.db
@ -0,0 +1,49 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$ORIGIN .
+$TTL 300	; 5 minutes
+example-tcp			IN SOA	mname1. . (
+				1          ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+example-tcp.		NS	ns2.example-tcp.
+ns2.example-tcp.		A	10.53.0.2
+
+$ORIGIN example-tcp.
+a			A	10.0.0.1
+			MX	10 mail.example-tcp.
+short                   TXT     "short text"
+long                    TXT     (
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                )
+
+mail			A	10.0.0.2
--- a/bin/tests/system/statschannel/ns1/example-tls.db
+++ b/bin/tests/system/statschannel/ns1/example-tls.db
@ -0,0 +1,49 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$ORIGIN .
+$TTL 300	; 5 minutes
+example-tls			IN SOA	mname1. . (
+				1          ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+example-tls.		NS	ns2.example-tls.
+ns2.example-tls.		A	10.53.0.2
+
+$ORIGIN example-tls.
+a			A	10.0.0.1
+			MX	10 mail.example-tls.
+short                   TXT     "short text"
+long                    TXT     (
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                  "longlonglonglonglonglonglonglonglonglong"
+                                )
+
+mail			A	10.0.0.2
--- a/bin/tests/system/statschannel/ns1/named.conf.in
+++ b/bin/tests/system/statschannel/ns1/named.conf.in
@ -13,12 +13,17 @@

 options {
 	query-source address 10.53.0.1;
+	query-source-v6 address fd92:7065:b8e:ffff::1;
 	notify-source 10.53.0.1;
+	notify-source-v6 fd92:7065:b8e:ffff::1;
 	transfer-source 10.53.0.1;
+	transfer-source-v6 fd92:7065:b8e:ffff::1;
 	port @PORT@;
+	tls-port @TLSPORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.1; };
-	listen-on-v6 { none; };
+	listen-on-v6 { fd92:7065:b8e:ffff::1; };
+	listen-on-v6 tls ephemeral { fd92:7065:b8e:ffff::1; };
 	recursion no;
 	dnssec-validation no;
 	notify explicit;
@ -41,8 +46,24 @@ server 10.53.0.3 {
 	transfer-format one-answer;
 };

+server fd92:7065:b8e:ffff::3 {
+	transfer-format one-answer;
+};
+
 zone "example" {
 	type primary;
 	file "example.db";
 	allow-transfer { any; };
 };
+
+zone "example-tcp" {
+	type primary;
+	file "example-tcp.db";
+	allow-transfer { any; };
+};
+
+zone "example-tls" {
+	type primary;
+	file "example-tls.db";
+	allow-transfer { any; };
+};
--- a/bin/tests/system/statschannel/ns3/named.conf.in
+++ b/bin/tests/system/statschannel/ns3/named.conf.in
@ -13,9 +13,13 @@

 options {
 	query-source address 10.53.0.3;
+	query-source-v6 fd92:7065:b8e:ffff::3;
 	notify-source 10.53.0.3;
+	notify-source-v6 fd92:7065:b8e:ffff::3;
 	transfer-source 10.53.0.3;
+	transfer-source-v6 fd92:7065:b8e:ffff::3;
 	port @PORT@;
+	tls-port @TLSPORT@;
 	pid-file "named.pid";
 	listen-on { 10.53.0.3; };
 	listen-on-v6 { none; };
@ -37,8 +41,24 @@ controls {
 	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };

+server fd92:7065:b8e:ffff::1 {
+	tcp-only yes;
+};
+
 zone "example" {
 	type secondary;
 	file "example.db";
 	primaries { 10.53.0.1; };
 };
+
+zone "example-tcp" {
+	type secondary;
+	file "example-tcp.db";
+	primaries { fd92:7065:b8e:ffff::1; };
+};
+
+zone "example-tls" {
+	type secondary;
+	file "example-tls.db";
+	primaries { fd92:7065:b8e:ffff::1 tls ephemeral; };
+};
--- a/bin/tests/system/statschannel/tests.sh
+++ b/bin/tests/system/statschannel/tests.sh
@ -98,7 +98,7 @@ getxfrins() {
        *) return 1 ;;
    esac
    file=`$PERL fetch.pl -s 10.53.0.3 -p ${EXTRAPORT1} $path`
-    cp $file $file.$1.$3
+    cp $file $file.$1.$2
    result=$?
    return $result
 }
@ -701,26 +701,55 @@ i=0
 # Restart ns1 with '-T transferslowly' to see the xfrins information in ns3's statschannel while it's ongoing
 stop_server ns1
 start_server --noclean --restart --port ${PORT} ns1 -- "-D statschannel-ns1 $NS_PARAMS -T transferslowly"
-# Request a retransfer of the "example" zone
+# Request a retransfer of the secondary zones
 nextpart ns3/named.run > /dev/null
 $RNDCCMD 10.53.0.3 retransfer example | sed "s/^/ns3 /" | cat_i
+$RNDCCMD 10.53.0.3 retransfer example-tcp | sed "s/^/ns3 /" | cat_i
+$RNDCCMD 10.53.0.3 retransfer example-tls | sed "s/^/ns3 /" | cat_i
 wait_for_log_fast 200 "zone example/IN: Transfer started" ns3/named.run || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 n=$((n + 1))

-# We have now less than one second to catch the zone transfer in process
+_wait_for_transfers() {
+    getxfrins xml x$n || return 1
+    getxfrins json j$n || return 1
+    # XML is encoded in one line, use sed to separate each transfer
+    count=$(sed 's/<xfrin /\n<xfrin /g' xfrins.xml.x$n | grep -c '<state>\(Initial SOA\|First Data\|Receiving AXFR Data\)</state>')
+    if [ $count != 3 ]; then return 1; fi
+    count=$(grep -c '"state":"\(Initial SOA\|First Data\|Receiving AXFR Data\)"' xfrins.json.j$n)
+    if [ $count != 3 ]; then return 1; fi
+}
+
+# We have now less than one second to catch the zone transfers in progress
 echo_i "Checking zone transfer information in the statistics channel ($n)"
 ret=0
-i=0
-getxfrins xml example x$n || ret=1
-getxfrins json example j$n || ret=1
-grep -F '<state>Initial SOA</state>' xfrins.xml.x$n >/dev/null || ret=1
-grep -F '"state":"Initial SOA"' xfrins.json.j$n >/dev/null || ret=1
+retry_quiet_fast 200 _wait_for_transfers || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 n=$((n + 1))

+if [ $PERL_JSON ]; then
+    echo_i "Checking zone transfer transports ($n)"
+    ret=0
+    cp xfrins.json.j$((n - 1)) xfrins.json.j$n
+    $PERL xfrins-json.pl xfrins.json.j$n example > xfrins.example.format$n
+    echo "soatransport: UDP" > xfrins.example.expect$n
+    echo "transport: TCP" >> xfrins.example.expect$n
+    cmp xfrins.example.format$n xfrins.example.expect$n || ret=1
+    $PERL xfrins-json.pl xfrins.json.j$n example-tcp > xfrins.example-tcp.format$n
+    echo "soatransport: TCP" > xfrins.example-tcp.expect$n
+    echo "transport: TCP" >> xfrins.example-tcp.expect$n
+    cmp xfrins.example-tcp.format$n xfrins.example-tcp.expect$n || ret=1
+    $PERL xfrins-json.pl xfrins.json.j$n example-tls > xfrins.example-tls.format$n
+    echo "soatransport: TLS" > xfrins.example-tls.expect$n
+    echo "transport: TLS" >> xfrins.example-tls.expect$n
+    cmp xfrins.example-tls.format$n xfrins.example-tls.expect$n || ret=1
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status + ret))
+    n=$((n + 1))
+fi
+
 echo_i "Wait for slow zone transfer to complete ($n)"
 ret=0
 wait_for_log 20 "zone example/IN: zone transfer finished: success" ns3/named.run || ret=1
--- a/bin/tests/system/statschannel/xfrins-json.pl
+++ b/bin/tests/system/statschannel/xfrins-json.pl
@ -0,0 +1,34 @@
+#!/usr/bin/perl
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# zones-json.pl:
+# Parses the JSON version of the dnssec sign stats for the
+# "dnssec" zone in the default view into a normalized format.
+
+use JSON;
+
+my $file = $ARGV[0];
+my $zone = $ARGV[1];
+open(INPUT, "<$file");
+my $text = do{local$/;<INPUT>};
+close(INPUT);
+
+my $ref = decode_json($text);
+my $xfrins = $ref->{views}->{_default}->{xfrins};
+
+for my $xfrin (@$xfrins) {
+    if ($xfrin->{name} eq $zone) {
+        print "soatransport: " . $xfrin->{"soatransport"} . "\n";
+        print "transport: " . $xfrin->{"transport"} . "\n";
+    }
+}