Commit Graph

2572 Commits

Author SHA1 Message Date
Evan Hunt
ddcd3b61be adjust style, match test to other tests
(cherry picked from commit 9949163936)
2019-02-07 17:33:00 -08:00
Tony Finch
8b4c9c3981 dnssec-coverage: fix handling of zones without trailing dots
After change 5143, zones listed on the command line without trailing
dots were ignored.

(cherry picked from commit a159675f44)
2019-02-07 17:33:00 -08:00
Evan Hunt
079d86dd31 Add support for ZONEMD
(cherry picked from commit 3183663dd4)
2019-02-08 08:32:45 +11:00
Mark Andrews
93a8a99191 Add support for ATMRELAY
(cherry picked from commit 66922ee7af)
2019-02-08 08:32:44 +11:00
Ondřej Surý
bec6058ead Simplify the inline clean script
(cherry picked from commit 519152b191)
2019-02-06 17:51:50 +11:00
Mark Andrews
a908c62b0c clean K* files in inline system test directory
(cherry picked from commit 1878efe661)
2019-02-06 17:20:22 +11:00
Mark Andrews
48fedfce69 send over and undersized cookie
(cherry picked from commit 0207199bb8)
2019-02-06 13:13:11 +11:00
Evan Hunt
cd0b538e90 disable the check for crash on shutdown when running under cygwin
(cherry picked from commit 449842e1ce)
2019-01-31 22:56:17 -08:00
Mark Andrews
5115d677de log RPZ type and class
(cherry picked from commit 28442f11f0)
2019-01-31 17:39:29 -08:00
Evan Hunt
47d1688078 silence a spurious dnssec-keygen warning in the dnssec system test
the occluded-key test creates both a KEY and a DNSKEY. the second
call to dnssec-keygen calls dns_dnssec_findmatchingkeys(), which causes
a spurious warning to be printed when it sees the type KEY record.
this should be fixed in dnssec.c, but the meantime this change silences
the warning by reversing the order in which the keys are created.

(cherry picked from commit 6661db9564)
2019-01-31 14:00:14 -08:00
Matthijs Mekking
cf235900d7 Add tests for dumpdb stale ttl
This adds a test for rndc dumpdb to ensure the correct "stale
comment" is printed.  It also adds a test for non-stale data to
ensure no "stale comment" is printed for active RRsets.

In addition, the serve-stale tests are hardened with more accurate
grep calls.
2019-01-31 10:30:11 -08:00
Evan Hunt
ab5feb57ef detect crash on shutdown in stop.pl
(cherry picked from commit 9bf37f4e48)
2019-01-31 09:42:49 -08:00
Matthijs Mekking
b0b846a4bb Harden GSS-TSIG tests, verify signed TKEY response 2019-01-30 12:11:08 -08:00
Mark Andrews
cb2d79b456 only use a single policy file when testing.
(cherry picked from commit 36ea9b8181)
2019-01-30 16:00:14 +11:00
Evan Hunt
96bf857b65 also add -D options for transient named processes started in tests.sh
(cherry picked from commit dd45831acc)
2019-01-28 21:19:28 -08:00
Evan Hunt
e233f33fc3 add properly-formatted -D options to named.args files
this prevents servers that use arguments specified in named.args
from appearing different in 'ps' output from servers run with arguments
from start.pl

(cherry picked from commit 175d6e9bfb)
2019-01-28 21:19:25 -08:00
Evan Hunt
2a53564d08 reset SYSTEMTESTTOP when changing directories
(cherry picked from commit 70f36a25e4)
2019-01-28 20:40:48 -08:00
Evan Hunt
29e89d08f7 fix rrl test
strip CR characters before using awk/sed
2019-01-25 11:24:11 -08:00
Evan Hunt
9d1b0f314d fix rpz test
- work around a CR newline problem
- use rndc to stop servers
2019-01-25 11:24:11 -08:00
Evan Hunt
b322cc74ea fix rpzrecurse test
use rndc to stop servers
2019-01-25 11:24:11 -08:00
Evan Hunt
e37a32276e fix dnssec test
- work around CR issues
- use UTC for time comparisons
- use $DIFF instead of cmp
2019-01-25 11:24:11 -08:00
Evan Hunt
7658ba4216 fix legacy test
use rndc rather than signals to stop the server
2019-01-25 11:24:11 -08:00
Evan Hunt
1e1f1d4ef7 fix fetchlimit test
use TCP for the test queries in between UDP bursts; this avoids
congestion issues that interfered with the test on windows
2019-01-25 11:24:11 -08:00
Evan Hunt
678c3211af fix sfcache test
use a lame server configuration to force SERVFAILs instead of killing ns2.
this prevents test failures that occurred due to a different behavior of
the netowrking stack in windows.
2019-01-25 11:24:10 -08:00
Evan Hunt
d04e771dcf fix nsupdate test
rndc_reload was failing on windows
2019-01-25 11:24:10 -08:00
Evan Hunt
b282b4dd5e fix rndc test
use regex instead of exact string matching to deal with CR at end of line
2019-01-25 11:24:10 -08:00
Evan Hunt
28f8899e21 fix statistics test
the active sockets test is supposed to be commented out on win32, but
only part of it was
2019-01-25 11:24:10 -08:00
Evan Hunt
0b0c110577 fix redirect test
strip CR characters before using sed
2019-01-25 11:24:10 -08:00
Evan Hunt
75278f0f54 fix notify test
test the average delay between notifies instead of the minimum delay;
this helps avoid unnecessary test failures on systems with bursty
network performance.
2019-01-25 11:24:10 -08:00
Evan Hunt
bb256ea268 fix masterformat test
use stop.pl instead of rndc to stop server
2019-01-25 11:24:10 -08:00
Evan Hunt
95d2dff101 fix inline test
use regex instead of exact string matching, to deal with CR at end of ine
2019-01-25 11:24:10 -08:00
Evan Hunt
9dc3aac7a7 fix forward test
strip CR characters before using sed
2019-01-25 11:24:09 -08:00
Evan Hunt
659bc0d09d fix cookie test
strip CR characters before comparing files
2019-01-25 11:24:09 -08:00
Evan Hunt
0279793e03 fix cds test
- use $PERL instead of perl
- use $DIFF instead of cmp for windows portability; cmp doesn't
  handle CR characters properly
2019-01-25 11:24:09 -08:00
Evan Hunt
362eb56189 use $DIFF instead of diff 2019-01-25 11:24:09 -08:00
Evan Hunt
bd9ffedbcf set and use SYSTEMTESTTOP consistently 2019-01-25 11:24:09 -08:00
Evan Hunt
2189f00e63 complete the set of tools available in windows tests
- dnssec-cds wasn't being built for windows
- nsec3hash was available, but the NSEC3HASH variable wasn't
  set in conf.sh.win32
2019-01-25 11:24:09 -08:00
Evan Hunt
3cf4ecf177 more reliable method for killing "ans" servers on windows
as perl and python are both native to cygwin, we don't want to use
the "kill -f" option to terminate them.
2019-01-25 10:43:10 -08:00
Evan Hunt
b5f8d60565 update ifconfig.bat with current test interfaces
the addresses set up in ifconfig.bat were out of sync with the
ones in ifconfig.sh
2019-01-25 10:43:10 -08:00
Evan Hunt
47ef534511 update conf.sh.win32 test list
- the test lists in conf.sh.in and conf.sh.win32 were out of sync
2019-01-25 10:43:10 -08:00
Evan Hunt
4f06d65e38 improve handling of trailing dots in dnssec-keymgr and dnssec-coverage
- mishandling of trailing dots caused bad behavior with the
  root zone or names like "example.com."
- fixing this exposed an error in dnssec-coverage caused the
  wrong return value if there were KSK errors but no ZSK errors
- incidentally silenced the dnssec-keygen output in the coverage
  system test

(cherry picked from commit 1ccf4e6c16)
2019-01-24 13:51:53 -08:00
Mark Andrews
15b4240764 introducing keymgr need to preserve functionality
(cherry picked from commit 083b730ec7)
2019-01-22 10:22:10 -08:00
Witold Kręcicki
f8963ad70e If possible don't use forwarders when priming the resolver.
If we try to fetch a record from cache and need to look into
hints database we assume that the resolver is not primed and
start dns_resolver_prime(). Priming query is supposed to return
NSes for "." in ANSWER section and glue records for them in
ADDITIONAL section, so that we can fill that info in 'regular'
cache and not use hints db anymore.
However, if we're using a forwarder the priming query goes through
it, and if it's configured to return minimal answers we won't get
the addresses of root servers in ADDITIONAL section. Since the
only records for root servers we have are in hints database we'll
try to prime the resolver with every single query.

This patch adds a DNS_FETCHOPT_NOFORWARD flag which avoids using
forwarders if possible (that is if we have forward-first policy).
Using this flag on priming fetch fixes the problem as we get the
proper glue. With forward-only policy the problem is non-existent,
as we'll never ask for root server addresses because we'll never
have a need to query them.

Also added a test to confirm priming queries are not forwarded.

(cherry picked from commit b49310ac06)
2019-01-16 16:32:43 -08:00
Mark Andrews
22b77f45b7 add multi-view server and tests
(cherry picked from commit 7122b5786d)
2019-01-14 16:59:02 -08:00
Evan Hunt
b241dc58ec b/t/s/dnssec/tests.sh: Cleanup showprivate() function 2019-01-14 12:30:49 -08:00
Evan Hunt
0b4dca553d fix testing errors
- the checkprivate function in the dnssec test set ret=0, erasing
  results from previous tests and making the test appear to have passed
  when it shouldn't have
- checkprivate needed a delay loop to ensure there was time for all
  private signing records to be updated before the test

(cherry picked from commit 82e83d5dc7)
2019-01-13 18:22:44 -08:00
Mark Andrews
0b8d530c84 Ensure base64/base32/hex fields in DNS records that should be non-empty are.
(cherry picked from commit 5e8b772ad1)
2019-01-09 18:53:29 +11:00
Mark Andrews
675d75e0bc wait longer for dump to complete
(cherry picked from commit 8a8d378def)
2019-01-08 20:17:06 -08:00
Michał Kępień
82103796af Track forwarder timeouts in fetch contexts
Since following a delegation resets most fetch context state, address
marks (FCTX_ADDRINFO_MARK) set inside lib/dns/resolver.c are not
preserved when a delegation is followed.  This is fine for full
recursive resolution but when named is configured with "forward first;"
and one of the specified forwarders times out, triggering a fallback to
full recursive resolution, that forwarder should no longer be consulted
at each delegation point subsequently reached within a given fetch
context.

Add a new badnstype_t enum value, badns_forwarder, and use it to mark a
forwarder as bad when it times out in a "forward first;" configuration.
Since the bad server list is not cleaned when a fetch context follows a
delegation, this prevents a forwarder from being queried again after
falling back to full recursive resolution.  Yet, as each fetch context
maintains its own list of bad servers, this change does not cause a
forwarder timeout to prevent that forwarder from being used by other
fetch contexts.

(cherry picked from commit 33350626f9)
2019-01-08 08:31:16 +01:00
Matthijs Mekking
8a67d9d64a Remove dig_with_opts 2018-12-20 15:49:06 +01:00