ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Add two checkds test servers

Browse Source 
Add two new checkds test servers, that are hidden secondaries (hidden
as in not published in the NS RRset), that can be used specifically
for testing explicitly configured parental-agents.
This commit is contained in:
Matthijs Mekking
2023-03-28 16:47:16 +02:00
parent a921cabb8c
commit 47f7cb0a36
8 changed files with 271 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
bin/tests/system/checkds/README
View File

@@ -12,19 +12,28 @@ information regarding copyright ownership.
The test setup for the checkds tests.
These servers are parent servers:
- ns1 is the root server.
- ns2 is a primary authoritative server that serves the parent zone for zones
configured in ns9.
- ns3 is a resolver that can be configured as a parental agent.
- ns4 is the secondary server for ns2.
- ns8 is the secondary server for ns2 that is not part of the NS RRset,
used for testing explicit parental-agents.
- ns5 is a primary authoritative server that serves the parent zone for zones
configured in ns9, but this one does not publish DS records (to test cases
where the DS is missing).
where the DS is missing and the DS needs to be withdrawn).
- ns7 is the secondary server for ns5.
- ns10 is the secondary server for ns5 that is not part of the NS RRset,
used for testing explicit parental-agents.
- ns6 is an authoritative server for a different zone, to test badly configured
parental agents.
- ns7 is the secondary server for ns5.
Finally, ns9 is the authoritative server for the various DNSSEC enabled test
domains.
- ns3 is a resolver that can be configured as a parental agent.
- Finally, ns9 is the authoritative server for the various DNSSEC enabled test
domains.
We need multiple test cases for testing the "checkds" functionality. Basically,
the behavior of "checkds" is of importance in three cases:

89
bin/tests/system/checkds/ns10/named.conf.in Normal file
View File

@@ -0,0 +1,89 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS10
options {
query-source address 10.53.0.10;
notify-source 10.53.0.10;
transfer-source 10.53.0.10;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.10; };
listen-on-v6 { none; };
allow-transfer { any; };
recursion no;
};
key rndc_key {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
controls {
inet 10.53.0.10 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "ns2" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns2.db";
};
zone "ns2-4" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns2-4.db";
};
zone "ns2-4-5" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns2-4-5.db";
};
zone "ns2-4-6" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns2-4-6.db";
};
zone "ns2-5-7" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns2-5-7.db";
};
zone "ns5" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns5.db";
};
zone "ns5-6-7" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns5-6-7.db";
};
zone "ns5-7" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns5-7.db";
};
zone "ns6" {
type secondary;
primaries source 10.53.0.10 { 10.53.0.5 port @PORT@; };
file "ns6.db";
};

36
bin/tests/system/checkds/ns2/named.conf.in
View File

@@ -42,8 +42,8 @@ zone "." {
zone "ns2" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns2.db";
};
@@ -51,8 +51,8 @@ zone "ns2" {
zone "ns2-4" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns2-4.db";
};
@@ -60,8 +60,8 @@ zone "ns2-4" {
zone "ns2-4-5" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns2-4-5.db";
};
@@ -69,8 +69,8 @@ zone "ns2-4-5" {
zone "ns2-4-6" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns2-4-6.db";
};
@@ -78,8 +78,8 @@ zone "ns2-4-6" {
zone "ns2-5-7" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns2-5-7.db";
};
@@ -87,8 +87,8 @@ zone "ns2-5-7" {
zone "ns5" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns5.db";
};
@@ -96,8 +96,8 @@ zone "ns5" {
zone "ns5-6-7" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns5-6-7.db";
};
@@ -105,8 +105,8 @@ zone "ns5-6-7" {
zone "ns5-7" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns5-7.db";
};
@@ -114,8 +114,8 @@ zone "ns5-7" {
zone "ns6" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.2; 10.53.0.4; };
also-notify { 10.53.0.4; };
allow-transfer { 10.53.0.2; 10.53.0.4; 10.53.0.8; };
also-notify { 10.53.0.4; 10.53.0.8; };
dnssec-policy default;
file "ns6.db";
};

36
bin/tests/system/checkds/ns5/named.conf.in
View File

@@ -42,8 +42,8 @@ zone "." {
zone "ns2" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns2.db";
};
@@ -51,8 +51,8 @@ zone "ns2" {
zone "ns2-4" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns2-4.db";
};
@@ -60,8 +60,8 @@ zone "ns2-4" {
zone "ns2-4-5" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns2-4-5.db";
};
@@ -69,8 +69,8 @@ zone "ns2-4-5" {
zone "ns2-4-6" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns2-4-6.db";
};
@@ -78,8 +78,8 @@ zone "ns2-4-6" {
zone "ns2-5-7" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns2-5-7.db";
};
@@ -87,8 +87,8 @@ zone "ns2-5-7" {
zone "ns5" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns5.db";
};
@@ -96,8 +96,8 @@ zone "ns5" {
zone "ns5-6-7" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns5-6-7.db";
};
@@ -105,8 +105,8 @@ zone "ns5-6-7" {
zone "ns5-7" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns5-7.db";
};
@@ -114,8 +114,8 @@ zone "ns5-7" {
zone "ns6" {
type primary;
allow-update { any; };
allow-transfer { 10.53.0.5; 10.53.0.7; };
also-notify { 10.53.0.7; };
allow-transfer { 10.53.0.5; 10.53.0.7; 10.53.0.10; };
also-notify { 10.53.0.7; 10.53.0.10; };
dnssec-policy default;
file "ns6.db";
};

89
bin/tests/system/checkds/ns8/named.conf.in Normal file
View File

@@ -0,0 +1,89 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS8
options {
query-source address 10.53.0.8;
notify-source 10.53.0.8;
transfer-source 10.53.0.8;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.8; };
listen-on-v6 { none; };
allow-transfer { any; };
recursion no;
};
key rndc_key {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
controls {
inet 10.53.0.8 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
zone "ns2" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns2.db";
};
zone "ns2-4" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns2-4.db";
};
zone "ns2-4-5" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns2-4-5.db";
};
zone "ns2-4-6" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns2-4-6.db";
};
zone "ns2-5-7" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns2-5-7.db";
};
zone "ns5" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns5.db";
};
zone "ns5-6-7" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns5-6-7.db";
};
zone "ns5-7" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns5-7.db";
};
zone "ns6" {
type secondary;
primaries source 10.53.0.8 { 10.53.0.2 port @PORT@; };
file "ns6.db";
};

37
bin/tests/system/checkds/ns9/named.conf.in
View File

@@ -36,8 +36,8 @@ controls {
inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
parental-agents "ns2" port @PORT@ {
10.53.0.2;
parental-agents "ns8" port @PORT@ {
10.53.0.8;
};
zone "." {
@@ -55,7 +55,8 @@ zone "good.explicit.dspublish.ns2" {
file "good.explicit.dspublish.ns2.db";
inline-signing yes;
dnssec-policy "default";
parental-agents { 10.53.0.2 port @PORT@; };
parental-agents { 10.53.0.8 port @PORT@; };
checkds explicit;
};
/* Same as above, but now with a reference to parental-agents. */
@@ -64,7 +65,8 @@ zone "reference.explicit.dspublish.ns2" {
file "reference.explicit.dspublish.ns2.db";
inline-signing yes;
dnssec-policy "default";
parental-agents { "ns2"; };
parental-agents { "ns8"; };
checkds explicit;
};
/* Same as above, but now with resolver parental agent configured. */
@@ -76,6 +78,7 @@ zone "resolver.explicit.dspublish.ns2" {
parental-agents {
10.53.0.3 port @PORT@;
};
checkds explicit;
};
/* Same as above, but now with auto parental agents. */
@@ -118,6 +121,7 @@ zone "not-yet.explicit.dspublish.ns5" {
parental-agents {
10.53.0.5 port @PORT@; // missing
};
checkds explicit;
};
zone "not-yet.yes.dspublish.ns5" {
@@ -141,6 +145,7 @@ zone "bad.explicit.dspublish.ns6" {
parental-agents {
10.53.0.6 port @PORT@; // bad
};
checkds explicit;
};
zone "bad.yes.dspublish.ns6" {
@@ -169,9 +174,10 @@ zone "good.explicit.dspublish.ns2-4" {
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
10.53.0.8 port @PORT@;
10.53.0.4 port @PORT@;
};
checkds explicit;
};
zone "good.yes.dspublish.ns2-4" {
@@ -201,10 +207,11 @@ zone "incomplete.explicit.dspublish.ns2-4-5" {
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
10.53.0.8 port @PORT@;
10.53.0.4 port @PORT@;
10.53.0.5 port @PORT@; // missing
};
checkds explicit;
};
zone "incomplete.yes.dspublish.ns2-4-5" {
@@ -226,10 +233,11 @@ zone "bad.explicit.dspublish.ns2-4-6" {
inline-signing yes;
dnssec-policy "default";
parental-agents {
10.53.0.2 port @PORT@;
10.53.0.8 port @PORT@;
10.53.0.4 port @PORT@;
10.53.0.6 port @PORT@; // bad
};
checkds explicit;
};
zone "bad.yes.dspublish.ns2-4-6" {
@@ -261,7 +269,8 @@ zone "good.explicit.dsremoved.ns5" {
file "good.explicit.dsremoved.ns5.db";
inline-signing yes;
dnssec-policy "insecure";
parental-agents { 10.53.0.5 port @PORT@; };
parental-agents { 10.53.0.10 port @PORT@; };
checkds explicit;
};
zone "resolver.explicit.dsremoved.ns5" {
@@ -272,6 +281,7 @@ zone "resolver.explicit.dsremoved.ns5" {
parental-agents {
10.53.0.3 port @PORT@;
};
checkds explicit;
};
zone "good.yes.dsremoved.ns5" {
@@ -311,6 +321,7 @@ zone "still-there.explicit.dsremoved.ns2" {
parental-agents {
10.53.0.2 port @PORT@; // still published
};
checkds explicit;
};
zone "still-there.yes.dsremoved.ns2" {
@@ -334,6 +345,7 @@ zone "bad.explicit.dsremoved.ns6" {
parental-agents {
10.53.0.6 port @PORT@; // bad
};
checkds explicit;
};
zone "bad.yes.dsremoved.ns6" {
@@ -362,9 +374,10 @@ zone "good.explicit.dsremoved.ns5-7" {
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.5 port @PORT@;
10.53.0.10 port @PORT@;
10.53.0.7 port @PORT@;
};
checkds explicit;
};
zone "good.yes.dsremoved.ns5-7" {
@@ -395,9 +408,10 @@ zone "incomplete.explicit.dsremoved.ns2-5-7" {
dnssec-policy "insecure";
parental-agents {
10.53.0.2 port @PORT@; // still published
10.53.0.5 port @PORT@;
10.53.0.10 port @PORT@;
10.53.0.7 port @PORT@;
};
checkds explicit;
};
zone "incomplete.yes.dsremoved.ns2-5-7" {
@@ -419,10 +433,11 @@ zone "bad.explicit.dsremoved.ns5-6-7" {
inline-signing yes;
dnssec-policy "insecure";
parental-agents {
10.53.0.5 port @PORT@;
10.53.0.10 port @PORT@;
10.53.0.7 port @PORT@;
10.53.0.6 port @PORT@; // bad
};
checkds explicit;
};
zone "bad.yes.dsremoved.ns5-6-7" {

2
bin/tests/system/checkds/setup.sh
View File

@@ -25,7 +25,9 @@ copy_setports ns4/named.conf.in ns4/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
copy_setports ns6/named.conf.in ns6/named.conf
copy_setports ns7/named.conf.in ns7/named.conf
copy_setports ns8/named.conf.in ns8/named.conf
copy_setports ns9/named.conf.in ns9/named.conf
copy_setports ns10/named.conf.in ns10/named.conf
# Setup zones
(

30
bin/tests/system/checkds/tests_checkds.py
View File

@@ -249,7 +249,7 @@ def wait_for_log(filename, log):
assert found
def checkds_dspublished(named_port, checkds):
def checkds_dspublished(named_port, checkds, addr):
# We create resolver instances that will be used to send queries.
server = dns.resolver.Resolver()
server.nameservers = ["10.53.0.9"]
@@ -269,7 +269,7 @@ def checkds_dspublished(named_port, checkds):
wait_for_log(
"ns9/named.run",
"zone good.{}.dspublish.ns2/IN (signed): checkds: "
"DS response from 10.53.0.2".format(checkds),
"DS response from {}".format(checkds, addr),
)
keystate_check(parent, "good.{}.dspublish.ns2.".format(checkds), "DSPublish")
@@ -317,7 +317,7 @@ def checkds_dspublished(named_port, checkds):
wait_for_log(
"ns9/named.run",
"zone good.{}.dspublish.ns2-4/IN (signed): checkds: "
"DS response from 10.53.0.2".format(checkds),
"DS response from {}".format(checkds, addr),
)
wait_for_log(
"ns9/named.run",
@@ -334,7 +334,7 @@ def checkds_dspublished(named_port, checkds):
wait_for_log(
"ns9/named.run",
"zone incomplete.{}.dspublish.ns2-4-5/IN (signed): checkds: "
"DS response from 10.53.0.2".format(checkds),
"DS response from {}".format(checkds, addr),
)
wait_for_log(
"ns9/named.run",
@@ -357,7 +357,7 @@ def checkds_dspublished(named_port, checkds):
wait_for_log(
"ns9/named.run",
"zone bad.{}.dspublish.ns2-4-6/IN (signed): checkds: "
"DS response from 10.53.0.2".format(checkds),
"DS response from {}".format(checkds, addr),
)
wait_for_log(
"ns9/named.run",
@@ -380,7 +380,7 @@ def checkds_dspublished(named_port, checkds):
# TBD: Check with TLS
def checkds_dswithdrawn(named_port, checkds):
def checkds_dswithdrawn(named_port, checkds, addr):
# We create resolver instances that will be used to send queries.
server = dns.resolver.Resolver()
server.nameservers = ["10.53.0.9"]
@@ -400,7 +400,7 @@ def checkds_dswithdrawn(named_port, checkds):
wait_for_log(
"ns9/named.run",
"zone good.{}.dsremoved.ns5/IN (signed): checkds: "
"empty DS response from 10.53.0.5".format(checkds),
"empty DS response from {}".format(checkds, addr),
)
keystate_check(parent, "good.{}.dsremoved.ns5.".format(checkds), "DSRemoved")
@@ -449,7 +449,7 @@ def checkds_dswithdrawn(named_port, checkds):
wait_for_log(
"ns9/named.run",
"zone good.{}.dsremoved.ns5-7/IN (signed): checkds: "
"empty DS response from 10.53.0.5".format(checkds),
"empty DS response from {}".format(checkds, addr),
)
wait_for_log(
"ns9/named.run",
@@ -471,7 +471,7 @@ def checkds_dswithdrawn(named_port, checkds):
wait_for_log(
"ns9/named.run",
"zone incomplete.{}.dsremoved.ns2-5-7/IN (signed): checkds: "
"empty DS response from 10.53.0.5".format(checkds),
"empty DS response from {}".format(checkds, addr),
)
wait_for_log(
"ns9/named.run",
@@ -489,7 +489,7 @@ def checkds_dswithdrawn(named_port, checkds):
wait_for_log(
"ns9/named.run",
"zone bad.{}.dsremoved.ns5-6-7/IN (signed): checkds: "
"empty DS response from 10.53.0.5".format(checkds),
"empty DS response from {}".format(checkds, addr),
)
wait_for_log(
"ns9/named.run",
@@ -524,7 +524,7 @@ def test_checkds_reference(named_port):
wait_for_log(
"ns9/named.run",
"zone reference.explicit.dspublish.ns2/IN (signed): "
"checkds: DS response from 10.53.0.2",
"checkds: DS response from 10.53.0.8",
)
keystate_check(parent, "reference.explicit.dspublish.ns2.", "DSPublish")
@@ -584,13 +584,13 @@ def test_checkds_no_ent(named_port):
def test_checkds_dspublished(named_port):
checkds_dspublished(named_port, "explicit")
checkds_dspublished(named_port, "yes")
checkds_dspublished(named_port, "explicit", "10.53.0.8")
checkds_dspublished(named_port, "yes", "10.53.0.2")
def test_checkds_dswithdrawn(named_port):
checkds_dswithdrawn(named_port, "explicit")
checkds_dswithdrawn(named_port, "yes")
checkds_dswithdrawn(named_port, "explicit", "10.53.0.10")
checkds_dswithdrawn(named_port, "yes", "10.53.0.5")
def test_checkds_no(named_port):