upstream/knot-dns
1
0
Fork 0
mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-02-13 15:53:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
knot-dns/tests-extra/tests/tls/bind_knot/test.py
Jan Doskočil 43fef05180
tests: fix a typo
2025-04-24 15:18:03 +02:00

55 lines
1.7 KiB
Python
Raw Permalink Blame History

#!/usr/bin/env python3
'''Test of zone transfers over TLS between Bind and Knot.'''
from dnstest.test import Test
from dnstest.utils import *
import random
import shutil
import subprocess
def upd_check_zones(master, slave, zones, prev_serials):
for z in zones:
master.random_ddns(z, allow_empty=False)
serials = slave.zones_wait(zones, prev_serials)
t.xfr_diff(master, slave, zones, prev_serials)
return serials
t = Test(tls=True, tsig=True) # TSIG needed to skip weaker ACL rules
master = t.server("bind")
slave = t.server("knot")
zones = t.zone("example.")
t.link(zones, master, slave, ddns=True)
master.use_default_cert_key()
# Knot's autogenerated self-signed certificate only contains the hostname in the CN field, for the sake of size.
# Bind doesn't accept it with conformance of RFC 8310 §8.1. Use the pregenerated key/cert.
slave.use_default_cert_key()
t.start()
tcpdump_pcap = t.out_dir + "/traffic.pcap"
tcpdump_fout = t.out_dir + "/tcpdump.out"
tcpdump_ferr = t.out_dir + "/tcpdump.err"
tcpdump_proc = subprocess.Popen(["tcpdump", "-i", "lo", "-w", tcpdump_pcap,
"port", str(master.tls_port), "or", "port", str(slave.tls_port)],
stdout=open(tcpdump_fout, mode="a"), stderr=open(tcpdump_ferr, mode="a"))
try:
# Initial AXFR over TLS.
serials = master.zones_wait(zones)
slave.zones_wait(zones, serials, equal=True, greater=False)
t.xfr_diff(master, slave, zones)
# Following IXFR over TLS.
serials = upd_check_zones(master, slave, zones, serials)
finally:
tcpdump_proc.terminate()
if not slave.log_search("TLS/0-RTT"):
set_err("0-RTT NOT WORKING")
t.end()
Reference in a new issue View git blame Copy permalink