From e92d1eeafca6e5a75299bff6a90ce37848409e85 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Wed, 13 Sep 2023 13:17:38 +0000 Subject: [PATCH] Check zone transfer transports in the statistics channel Add two more secondary zones to ns3 to be transferred from ns1, using its IPv6 address for which the 'tcp-only' is set to 'yes'. Check the statistics channel's incoming zone transfers information to confirm that the expected transports were used for each of the SOA query cases (UDP, TCP, TLS), and also for zone transfers (TCP, TLS). --- bin/tests/system/statschannel/clean.sh | 2 +- .../system/statschannel/ns1/example-tcp.db | 49 +++++++++++++++++++ .../system/statschannel/ns1/example-tls.db | 49 +++++++++++++++++++ .../system/statschannel/ns1/named.conf.in | 23 ++++++++- .../system/statschannel/ns3/named.conf.in | 20 ++++++++ bin/tests/system/statschannel/tests.sh | 45 ++++++++++++++--- bin/tests/system/statschannel/xfrins-json.pl | 34 +++++++++++++ 7 files changed, 212 insertions(+), 10 deletions(-) create mode 100644 bin/tests/system/statschannel/ns1/example-tcp.db create mode 100644 bin/tests/system/statschannel/ns1/example-tls.db create mode 100644 bin/tests/system/statschannel/xfrins-json.pl diff --git a/bin/tests/system/statschannel/clean.sh b/bin/tests/system/statschannel/clean.sh index d1c381e629..1ff2586850 100644 --- a/bin/tests/system/statschannel/clean.sh +++ b/bin/tests/system/statschannel/clean.sh @@ -32,5 +32,5 @@ rm -f traffic traffic.out.* traffic.json.* traffic.xml.* rm -f xml.*mem json.*mem rm -f xml.*stats json.*stats rm -f zones zones.out.* zones.json.* zones.xml.* zones.expect.* -rm -f xfrins xfrins.json.* xfrins.xml.* +rm -f xfrins xfrins.* rm -rf ./__pycache__ diff --git a/bin/tests/system/statschannel/ns1/example-tcp.db b/bin/tests/system/statschannel/ns1/example-tcp.db new file mode 100644 index 0000000000..77b2bbfeb8 --- /dev/null +++ b/bin/tests/system/statschannel/ns1/example-tcp.db @@ -0,0 +1,49 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +example-tcp IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +example-tcp. NS ns2.example-tcp. +ns2.example-tcp. A 10.53.0.2 + +$ORIGIN example-tcp. +a A 10.0.0.1 + MX 10 mail.example-tcp. +short TXT "short text" +long TXT ( + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + ) + +mail A 10.0.0.2 diff --git a/bin/tests/system/statschannel/ns1/example-tls.db b/bin/tests/system/statschannel/ns1/example-tls.db new file mode 100644 index 0000000000..24c47eb54e --- /dev/null +++ b/bin/tests/system/statschannel/ns1/example-tls.db @@ -0,0 +1,49 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +example-tls IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +example-tls. NS ns2.example-tls. +ns2.example-tls. A 10.53.0.2 + +$ORIGIN example-tls. +a A 10.0.0.1 + MX 10 mail.example-tls. +short TXT "short text" +long TXT ( + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + ) + +mail A 10.0.0.2 diff --git a/bin/tests/system/statschannel/ns1/named.conf.in b/bin/tests/system/statschannel/ns1/named.conf.in index 52e8a7339f..5bdfdf0cb6 100644 --- a/bin/tests/system/statschannel/ns1/named.conf.in +++ b/bin/tests/system/statschannel/ns1/named.conf.in @@ -13,12 +13,17 @@ options { query-source address 10.53.0.1; + query-source-v6 address fd92:7065:b8e:ffff::1; notify-source 10.53.0.1; + notify-source-v6 fd92:7065:b8e:ffff::1; transfer-source 10.53.0.1; + transfer-source-v6 fd92:7065:b8e:ffff::1; port @PORT@; + tls-port @TLSPORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; - listen-on-v6 { none; }; + listen-on-v6 { fd92:7065:b8e:ffff::1; }; + listen-on-v6 tls ephemeral { fd92:7065:b8e:ffff::1; }; recursion no; dnssec-validation no; notify explicit; @@ -41,8 +46,24 @@ server 10.53.0.3 { transfer-format one-answer; }; +server fd92:7065:b8e:ffff::3 { + transfer-format one-answer; +}; + zone "example" { type primary; file "example.db"; allow-transfer { any; }; }; + +zone "example-tcp" { + type primary; + file "example-tcp.db"; + allow-transfer { any; }; +}; + +zone "example-tls" { + type primary; + file "example-tls.db"; + allow-transfer { any; }; +}; diff --git a/bin/tests/system/statschannel/ns3/named.conf.in b/bin/tests/system/statschannel/ns3/named.conf.in index cf3fc0935b..4fa2adeb40 100644 --- a/bin/tests/system/statschannel/ns3/named.conf.in +++ b/bin/tests/system/statschannel/ns3/named.conf.in @@ -13,9 +13,13 @@ options { query-source address 10.53.0.3; + query-source-v6 fd92:7065:b8e:ffff::3; notify-source 10.53.0.3; + notify-source-v6 fd92:7065:b8e:ffff::3; transfer-source 10.53.0.3; + transfer-source-v6 fd92:7065:b8e:ffff::3; port @PORT@; + tls-port @TLSPORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; @@ -37,8 +41,24 @@ controls { inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; +server fd92:7065:b8e:ffff::1 { + tcp-only yes; +}; + zone "example" { type secondary; file "example.db"; primaries { 10.53.0.1; }; }; + +zone "example-tcp" { + type secondary; + file "example-tcp.db"; + primaries { fd92:7065:b8e:ffff::1; }; +}; + +zone "example-tls" { + type secondary; + file "example-tls.db"; + primaries { fd92:7065:b8e:ffff::1 tls ephemeral; }; +}; diff --git a/bin/tests/system/statschannel/tests.sh b/bin/tests/system/statschannel/tests.sh index 6772ac8d1a..5f965b5c0f 100644 --- a/bin/tests/system/statschannel/tests.sh +++ b/bin/tests/system/statschannel/tests.sh @@ -98,7 +98,7 @@ getxfrins() { *) return 1 ;; esac file=`$PERL fetch.pl -s 10.53.0.3 -p ${EXTRAPORT1} $path` - cp $file $file.$1.$3 + cp $file $file.$1.$2 result=$? return $result } @@ -701,26 +701,55 @@ i=0 # Restart ns1 with '-T transferslowly' to see the xfrins information in ns3's statschannel while it's ongoing stop_server ns1 start_server --noclean --restart --port ${PORT} ns1 -- "-D statschannel-ns1 $NS_PARAMS -T transferslowly" -# Request a retransfer of the "example" zone +# Request a retransfer of the secondary zones nextpart ns3/named.run > /dev/null $RNDCCMD 10.53.0.3 retransfer example | sed "s/^/ns3 /" | cat_i +$RNDCCMD 10.53.0.3 retransfer example-tcp | sed "s/^/ns3 /" | cat_i +$RNDCCMD 10.53.0.3 retransfer example-tls | sed "s/^/ns3 /" | cat_i wait_for_log_fast 200 "zone example/IN: Transfer started" ns3/named.run || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) -# We have now less than one second to catch the zone transfer in process +_wait_for_transfers() { + getxfrins xml x$n || return 1 + getxfrins json j$n || return 1 + # XML is encoded in one line, use sed to separate each transfer + count=$(sed 's/\(Initial SOA\|First Data\|Receiving AXFR Data\)') + if [ $count != 3 ]; then return 1; fi + count=$(grep -c '"state":"\(Initial SOA\|First Data\|Receiving AXFR Data\)"' xfrins.json.j$n) + if [ $count != 3 ]; then return 1; fi +} + +# We have now less than one second to catch the zone transfers in progress echo_i "Checking zone transfer information in the statistics channel ($n)" ret=0 -i=0 -getxfrins xml example x$n || ret=1 -getxfrins json example j$n || ret=1 -grep -F 'Initial SOA' xfrins.xml.x$n >/dev/null || ret=1 -grep -F '"state":"Initial SOA"' xfrins.json.j$n >/dev/null || ret=1 +retry_quiet_fast 200 _wait_for_transfers || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) +if [ $PERL_JSON ]; then + echo_i "Checking zone transfer transports ($n)" + ret=0 + cp xfrins.json.j$((n - 1)) xfrins.json.j$n + $PERL xfrins-json.pl xfrins.json.j$n example > xfrins.example.format$n + echo "soatransport: UDP" > xfrins.example.expect$n + echo "transport: TCP" >> xfrins.example.expect$n + cmp xfrins.example.format$n xfrins.example.expect$n || ret=1 + $PERL xfrins-json.pl xfrins.json.j$n example-tcp > xfrins.example-tcp.format$n + echo "soatransport: TCP" > xfrins.example-tcp.expect$n + echo "transport: TCP" >> xfrins.example-tcp.expect$n + cmp xfrins.example-tcp.format$n xfrins.example-tcp.expect$n || ret=1 + $PERL xfrins-json.pl xfrins.json.j$n example-tls > xfrins.example-tls.format$n + echo "soatransport: TLS" > xfrins.example-tls.expect$n + echo "transport: TLS" >> xfrins.example-tls.expect$n + cmp xfrins.example-tls.format$n xfrins.example-tls.expect$n || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + n=$((n + 1)) +fi + echo_i "Wait for slow zone transfer to complete ($n)" ret=0 wait_for_log 20 "zone example/IN: zone transfer finished: success" ns3/named.run || ret=1 diff --git a/bin/tests/system/statschannel/xfrins-json.pl b/bin/tests/system/statschannel/xfrins-json.pl new file mode 100644 index 0000000000..912a5cb4c9 --- /dev/null +++ b/bin/tests/system/statschannel/xfrins-json.pl @@ -0,0 +1,34 @@ +#!/usr/bin/perl + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# zones-json.pl: +# Parses the JSON version of the dnssec sign stats for the +# "dnssec" zone in the default view into a normalized format. + +use JSON; + +my $file = $ARGV[0]; +my $zone = $ARGV[1]; +open(INPUT, "<$file"); +my $text = do{local$/;}; +close(INPUT); + +my $ref = decode_json($text); +my $xfrins = $ref->{views}->{_default}->{xfrins}; + +for my $xfrin (@$xfrins) { + if ($xfrin->{name} eq $zone) { + print "soatransport: " . $xfrin->{"soatransport"} . "\n"; + print "transport: " . $xfrin->{"transport"} . "\n"; + } +}