upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-05-28 04:02:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
knot-dns/tests-extra
History
Bron Gondwana 2946fe16f2 mod-alias: synthesise ALIAS records from locally-served targets 
Add the `mod-alias` query module which synthesises answers for ALIAS
records (type 65401) at query time by looking up the ALIAS target in
the server's zone database and copying the target's records into the
response with the original query name as the owner.

The module hooks at KNOTD_STAGE_PREANSWER and is attached at zone
scope (typically via a template).  Behaviour:

  * Fires for A/AAAA queries, any others passed through to the
    standard resolver.
  * ALIAS is additive: direct rrsets on the alias node are merged
    with the synthesised target rrsets.
  * Multiple ALIAS rdata on a node are followed and their results
    merged.
  * TTL = min(alias_ttl, all contributing source TTLs).
  * Targets not served by a zone in this server are ignored;
    external resolution is out of scope.
  * Synthesised records are not signed; pair with mod-onlinesign
    if signed answers are required.

The integration test runs in two random modes per invocation
(plain and DNSSEC-via-mod-onlinesign) so both code paths are
exercised over time.

Co-authored-by: Daniel Salzman <daniel.salzman@nic.cz>
2026-05-10 23:36:27 -04:00
..
data tests-extra: add SoftHSM backend support 2025-12-12 15:32:49 +00:00
tests mod-alias: synthesise ALIAS records from locally-served targets 2026-05-10 23:36:27 -04:00
tools mod-alias: synthesise ALIAS records from locally-served targets 2026-05-10 23:36:27 -04:00
.gitignore func-tests: change location 2013-12-19 16:35:31 +01:00
README tests-extra: add SoftHSM backend support 2025-12-12 15:32:49 +00:00
requirements.txt scripts: add script to resolve ALIASes in Redis backed zone 2026-03-06 14:30:04 +01:00
runtests.py tests-extra: add progress information 2026-04-29 14:45:53 +02:00

README 

Prerequisites:
--------------

python3
dnspython >=2.2.0 (python3-dnspython)
psutil            (python3-psutil)
bind9
dnssec-signzone   (bind9-utils)
dnssec-keygen     (bind9-utils)
dnssec-verify     (bind9-utils)
certtool          (gnutls-bin)
ldnsutils
lsof
gawk
objdump
softhsm2
(valgrind)
(gdb)

Python modules:
---------------

To install necessary Python modules using pip, run:
$ pip install -r requirements.txt

Optional loopback addresses configuration:
------------------------------------------

# for i in {1..64}; do sudo ip address add 127.0.1.$i/32 dev lo; done
# for i in {1..64}; do sudo ip address add ::1$i/128 dev lo; done

Ubuntu:
-------

Disable apparmor protection for system Bind:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.named
or
$ sudo ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/
$ sudo /etc/init.d/apparmor restart

Allow ptrace:
# echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
or
# vim /etc/sysctl.d/10-ptrace.conf
# kernel.yama.ptrace_scope = 0

XDP:
----

XDP testing with Valgrind requires running under root. Testing with ASAN is
possible if lsof has two following capabilities:

$ sudo setcap "CAP_SYS_PTRACE,CAP_DAC_OVERRIDE+ep" `which lsof`

And knotd has set:

$ sudo setcap "CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_ADMIN,CAP_IPC_LOCK,CAP_SYS_PTRACE+ep" `readlink -f ../src/knotd`

Tcpdump:
--------

$ sudo setcap "CAP_NET_RAW+ep" `which tcpdump`