named was asserting when the notify source address was not available
and TSIG was being used. Check this scenario by adding a nameserver
to the zone which is configured to uses a non-existent source address
and a blackholed destination address and a TSIG using a server clause
for that destination address.
(cherry picked from commit f99d7f4217)
RFC 7871 only defines family 1 (IPv4) and 2 (IPv6). Additionally
it requires FORMERR to be returned for all unknown families.
(cherry picked from commit 757e503536)
Replace the custom DNS server used in the "pipelined" system test with
new code based on the isctest.asyncserver module.
(cherry picked from commit 3954025218)
Add a new response handler, ForwarderHandler, which enables forwarding
all queries to another DNS server. To simplify implementation, always
forward queries to the target server via UDP, even if they are
originally received using a different transport protocol.
(cherry picked from commit 10a2fc7f1f)
Extend AsyncDnsServer._log_query() and AsyncDnsServer._log_response() so
that they also log the <address, port> tuple for the socket on which a
given query was received on. Minimize the signatures of those methods
by taking advantage of all the information contained in the QueryContext
instances passed to them.
(cherry picked from commit d3d9d166ed)
Extend the QueryContext class with a field holding the <address, port>
tuple for the socket on which a given query was received. This will
enable query handlers to act upon that information in arbitrary ways.
(cherry picked from commit 94a4793596)
Previously, the issue when the kasp.test_kasp_case[secondary.kasp] fails
due to a timeout has been only ocassionally observed on FreeBSD 13
in our CI. It seems to have come back on FreeBSD 15.
(cherry picked from commit e4abb5bd07)
The zone file is updated too soon causing the reload to fail.
Add a 1 second sleep to ensure the modification time has changed.
(cherry picked from commit 8f413fd589)
Add two short records to example.com.db that cause assertion failures
when converted to wire form.
The checks added to tests.sh are technically not required: the relevant
assertion failures are already hit when the zone is transferred out of
ns1.
Update the relevant unit tests with 1-byte records.
Co-authored-by: Mark Andrews <marka@isc.org>
(cherry picked from commit ce1d68cbc5)
If the system_test_dir contains a symlink, then it might cause issues
further down when using relative_to(), unless it is resolved first. This
has been observed on FreeBSD13 in CI where /home is a symlink to
/usr/home.
(cherry picked from commit b1e3469059)
Turns out the original ans.pl implementation before (!10928) was a copy
of an old version of the ans2 server from the resolver system test.
I reimplemented it fully, even though only two ResponseHandlers are
actually used in the statistics test.
(cherry picked from commit 7d5ec7167b)
Store the most specific matching domain in DomainHandler and
expose it through the `matched_domain` property for subclasses
to use in their implementations of `get_responses`.
(cherry picked from commit b89cc2bd86)
The minimum required hypothesis version has been set in requirements.txt
and no longer needs to be checked at runtime.
Since the hypothesis package is now a mandatory prerequisite, include it
in isctest as the other subpackages.
(cherry picked from commit 1291fa1a6d)
Drop support of EoL python versions for running system tests. The
maintenance cost of supporting end of life ecosystem, especially Python
3.6 on EL8 and the related outdated packages (pytest, dnspython, ...),
has become unreasonable.
(cherry picked from commit ac8e2905b8)
Use collection_path rather than the deprecated path argument for
pytest_ignore_collect() hook.
The collection_path argument was added in pytest 7.0.0, which is the
minimum supported pytest version from now on.
(cherry picked from commit 093bef9211)
This file lists the required Python packages and versions for running
system tests. The easiest way to obtain them is:
pip install -r requirements.txt
The minimum dnspython version is 2.7.0 because it supports TSIG parsing
without validation (for tsig/tests_tsig_hypothesis.py) and wire() (for
names/tests_names.py).
The minimum pytest version was bumped to 7.0.0 because it supports the
collection hook API required by pytest 9.
The minimum hypothesis version was set to 4.41.2 as prior versions might
have issues on FIPS systems.
(cherry picked from commit 628e16d057)
ns3/nsec3-ent.kasp.db is regenerated too fast resulting in
the subsequent 'rndc reload' call failing. This has been
fixed.
(cherry picked from commit f01497e05b)
C23 now has qualifier preserving standard functions for strchr,
bsearch, strpbrk, strrchr, strstr, memchr. There where a few places
where the return value was not assigned to a const qualified pointer.
These have been fixed.
(cherry picked from commit af379e10cc)
To provide feature parity with `bin/tests/system/ans.pl` add a control
command to allow easy switching between different sequences of
ResponseHandlers.
(cherry picked from commit 2302fe1235)
It saves an indent and brackets on the call sites.
Also sort the handlers alphabetically where their order doesn't matter
and split the fallback handlers into a separate call to signify that
their position in the end matters.
(cherry picked from commit 7e587201a4)
Since there was no 10.53.0.6 server in the test, renumber the remaining
ones so that there's no gap in the server names.
This commit simply moves the ans.py files without any changes and
renumbers the IP addresses in tests.
(cherry picked from commit 9b63187a99)
Previously, the ans8 server had different response modes that applied to
all queries. Replace it with AsyncDnsServer that has serves the different
response modes under different domains without the need to change the
server behaviour at runtime.
Add the new queries that require an ns3 fallback to the ns3/example.db
zone.
(cherry picked from commit 0b7a089c7f)
The server has three modes of operation - either no response, a partial
AXFR or a complete AXFR. To test the fallback behaviour of dig, these
actions are be combined in a specific sequences. To set up the desired
server behaviour, use the _control queries for the server.
(cherry picked from commit 575f0e3916)
