Commit graph

153 commits

Author SHA1 Message Date
Mark Andrews
4a5400c1b7 use test specific shell variables 2019-09-26 03:30:43 -04:00
Mark Andrews
70dd93bf8a don't escape commas when saving named's command line 2019-08-29 20:16:33 -04:00
Mark Andrews
3705605e0b fix dnssec system tests that fail now that we call dns_zone_cdscheck 2019-08-28 15:46:41 +10:00
Ondřej Surý
94354d4655 Remove 2>&1 from the dnssec-signzone invocation in tests 2019-07-31 10:05:52 +02:00
Evan Hunt
0ef5b8edb7 rename keyfile_to_*_keys system test shell functions
- keyfile_to_trusted_keys -> keyfile_to_static_keys
- keyfile_to_managed_keys -> keyfile_to_initial_keys
2019-06-05 07:49:57 -07:00
Mark Andrews
42ed7e43dc tests/resolver: look for hash algorithm 2 (SHA-256) now 2019-05-08 18:17:55 -07:00
Michał Kępień
b6cce0fb8b Do not rely on default dig options in system tests
Some system tests assume dig's default setings are in effect.  While
these defaults may only be silently overridden (because of specific
options set in /etc/resolv.conf) for BIND releases using liblwres for
parsing /etc/resolv.conf (i.e. BIND 9.11 and older), it is arguably
prudent to make sure that tests relying on specific +timeout and +tries
settings specify these explicitly in their dig invocations, in order to
prevent test failures from being triggered by any potential changes to
current defaults.
2019-04-03 12:57:33 +02:00
Michał Kępień
70ae48e5cb Fix IP regex used in the "resolver" system test
If dots are not escaped in the "1.2.3.4" regular expressions used for
checking whether IP address 1.2.3.4 is present in the tested resolver's
answers, a COOKIE that matches such a regular expression will trigger a
false positive for the "resolver" system test.  Properly escape dots in
the aforementioned regular expressions to prevent that from happening.
2019-03-01 01:32:54 -05:00
Michał Kępień
a077a3ae8a Call clean.sh from all relevant setup.sh scripts
For all system tests utilizing named instances, call clean.sh from each
test's setup.sh script in a consistent way to make sure running the same
system test multiple times using run.sh does not trigger false positives
caused by stale files created by previous runs.

Ideally we would just call clean.sh from run.sh, but that would break
some quirky system tests like "rpz" or "rpzrecurse" and being consistent
for the time being does not hurt.
2019-02-28 12:34:10 +01:00
Evan Hunt
175d6e9bfb add properly-formatted -D options to named.args files
this prevents servers that use arguments specified in named.args
from appearing different in 'ps' output from servers run with arguments
from start.pl
2019-01-28 19:58:24 -08:00
Witold Kręcicki
6d50138405 Use rndc_reload in tests, make sure that reload is complete before continuing 2018-12-19 11:33:37 +01:00
Mark Andrews
280d0ca507 use new packet for response; rename variable to request and response 2018-10-31 16:14:43 +11:00
Witold Kręcicki
0246ea14c4 Make resolver tests more civilized 2018-10-23 12:15:04 +00:00
Witold Kręcicki
b5c9a8caad Set result to SERVFAIL if upstream responded with FORMERR
Commit ba91243542 causes the resolver to
respond to a client query with FORMERR when all upstream queries sent to
the servers authoritative for QNAME elicit FORMERR responses.  This
happens because resolver code returns DNS_R_FORMERR in such a case and
dns_result_torcode() acts as a pass-through for all arguments which are
already a valid RCODE.

The correct RCODE to set in the response returned to the client in the
case described above is SERVFAIL.  Make sure this happens by overriding
the RCODE in query_gotanswer(), on the grounds that any format errors in
the client query itself should be caught long before execution reaches
that point.  This change should not reduce query error logging accuracy
as the resolver code itself reports the exact reason for returning a
DNS_R_FORMERR result using log_formerr().
2018-10-23 13:50:27 +02:00
Mark Andrews
05eb9fd338 simplify 2018-08-31 18:47:29 +10:00
Mark Andrews
feaf381adb use pack to construct the reply as Net::DNS just get it wrong 2018-08-31 03:47:56 -04:00
Michał Kępień
24b9ec555a Do not treat a referral with a non-empty ANSWER section as an error
As part of resquery_response() refactoring [1], a goto statement was
replaced [2] with a call to a new function - originally called
rctx_delegation(), now folded into rctx_answer_none() - extracted from
existing code.  However, one call site of that refactored function does
not reset the "result" variable, causing a referral with a non-empty
ANSWER section to be inadvertently treated as an error, which prevents
resolution of names reliant on servers sending such responses.  Fix by
resetting the "result" variable to ISC_R_SUCCESS when a response
containing a non-empty ANSWER section can be treated as a delegation.

[1] see RT #45362

[2] see commit e1380a16741a3b4a57e54d7a9ce09dd12691522f
2018-08-22 10:14:37 +02:00
Evan Hunt
3f907b8bee caclulate nlabels and set *chainingp correctly 2018-08-08 14:33:19 -07:00
Ondřej Surý
c40425d0f6 RSA and ECDSA cryptography is now mandatory; remove the checks for those 2018-07-19 12:47:03 -04:00
Michał Kępień
e10e6756c9 [squash] Make resolver tests even more civilized (ans8.pl)
Set AA=1 even for truncated responses.  Put glue record in responses to
no-questions/NS queries.  Add comments, simplify code.
2018-07-17 13:01:42 +02:00
Michał Kępień
82082ecd56 [squash] Make resolver tests even more civilized (ans2.pl and ans3.pl)
Prevent ans2.pl from responding authoritatively for any name at or below
example.net.

Make ans3.pl properly answer example.net/NS queries.  Use string
comparisons instead of regular expressions where possible.
2018-07-17 13:00:34 +02:00
Witold Kręcicki
c8b36ea6b9 Make resolver tests more civilized 2018-07-17 11:31:09 +02:00
Michał Kępień
6c3c6aea37 Fix a Net::DNS version quirk in the "resolver" system test
Net::DNS versions older than 0.68 insert a ./ANY RR into the QUESTION
section if the latter is empty.  Since the latest Net::DNS version
available with stock RHEL/CentOS 6 packages is 0.65 and we officially
support that operating system, bin/tests/system/resolver/ans8/ans.pl
should behave consistently for various Net::DNS versions.  Ensure that
by making handleUDP() return the query ID and flags generated by
Net::DNS with 8 zero bytes appended.
2018-07-10 14:53:29 +02:00
Michał Kępień
120af964ce Replace duplicated code snippet with calls to helper functions
Reduce code duplication by replacing a code snippet repeated throughout
system tests using "trusted-keys" and/or "managed-keys" configuration
sections with calls to keyfile_to_{managed,trusted}_keys() helper
functions.
2018-06-13 07:57:40 +02:00
Witold Kręcicki
265052df49 qname-minimization: Some post-review style/minor fixes 2018-06-12 09:20:12 +02:00
Witold Kręcicki
4f9c718803 qname minimization: fix tests 2018-06-12 09:18:47 +02:00
Evan Hunt
a7a2fa296a update system tests so validation won't fail when using IANA key
- all tests with "recursion yes" now also specify "dnssec-validation yes",
  and all tests with "recursion no" also specify "dnssec-validation no".
  this must be maintained in all new tests, or else validation will fail
  when we use local root zones for testing.
- clean.sh has been modified where necessary to remove managed-keys.bind
  and viewname.mkeys files.
2018-05-31 18:22:33 +02:00
Ondřej Surý
2b8fab6828 Remove genrandom command and all usage of specific random files throughout the system test suite 2018-05-16 09:54:35 +02:00
Ondřej Surý
55a10b7acd Remove $Id markers, Principal Author and Reviewed tags from the full source tree 2018-05-11 13:17:46 +02:00
Evan Hunt
0fabe0da83 update file headers 2018-03-15 18:33:13 -07:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Evan Hunt
0c559199bf final cleanup
- add CHANGES note
- update copyrights and license headers
- add -j to the make commands in .gitlab-ci.yml to take
  advantage of parallelization in the gitlab CI process
2018-02-22 22:58:15 -08:00
Evan Hunt
c032c54dda parallelize most system tests 2018-02-22 15:29:02 -08:00
Tinderbox User
ffbe6b9537 update copyright notice / whitespace 2017-09-19 23:46:23 +00:00
Mukund Sivaraman
32bcafc316 Change default minimal-responses setting to no-auth-recursive (#46016) 2017-09-19 19:49:02 +05:30
Tinderbox User
1e33899f86 update copyright notice / whitespace 2017-09-12 23:46:14 +00:00
Evan Hunt
25b33bede4 [master] improve handling of qcount=0 replies
4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
			FORMERR if TC=0, and log the error correctly.
			[RT #45836]
2017-09-12 15:26:30 -07:00
Evan Hunt
45afdb2672 [master] remove default algorithm in dnssec-keygen
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
2017-08-30 18:51:11 -07:00
Tinderbox User
b168f3f805 update copyright notice / whitespace 2017-05-02 23:45:36 +00:00
Mark Andrews
33e94f501f 4615. [bug] AD could be set on truncated answer with no records
present in the answer and authority sections.
                        [RT #45140]
2017-05-03 07:51:41 +10:00
Evan Hunt
6ce8a05f6c [master] update copyrights that had been missed recently 2017-04-23 17:06:00 -07:00
Tinderbox User
1f6505a424 update copyright notice / whitespace 2017-04-22 23:45:41 +00:00
Mukund Sivaraman
03be5a6b4e Improve performance for delegation heavy answers and also general query performance (#44029) 2017-04-22 09:22:44 +05:30
Mukund Sivaraman
dd7d1df874 Increase minimum RSA keygen size to 1024 bits (#36895) 2017-04-21 12:00:40 +05:30
Mark Andrews
def6b33bad 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] 2016-12-13 16:27:18 +11:00
Mark Andrews
4914e3ddc6 number all resolver tests 2016-12-13 15:02:32 +11:00
Evan Hunt
5480a74b70 [master] simplify prereq checks by using feature-test.c
4498.	[test]		Simplify prerequisite checks in system tests.
			[RT #43516]
2016-10-31 16:53:37 -07:00
Witold Krecicki
358dfaee18 4487. [test] Make system tests work on Windows. [RT #42931] 2016-10-19 17:18:42 +02:00
Mark Andrews
e1f590a59a remove spurious 'i' 2016-08-26 13:41:57 +10:00
Tinderbox User
fba207e51a update copyright notice / whitespace 2016-08-25 23:45:37 +00:00