2331 Commits

Author SHA1 Message Date
Mukund Sivaraman
49cd7552be return FORMERR when question section is empty if COOKIE is not present
(cherry picked from commit 06d3106002)
(cherry picked from commit ed29b84e16)
2018-06-26 14:44:18 -07:00
Mark Andrews
316eebb699 construct a symtab of valid in-view targets then check that the target exists
(cherry picked from commit e01a4bcb20)
2018-06-26 10:53:59 -07:00
Evan Hunt
b330bcb8a1 add a regression test for default allow-recursion settings 2018-06-14 14:47:11 +02:00
Michał Kępień
6d8a514ecb Treat records below a DNAME as out-of-zone data
DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains.  Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records.  Check that DNAME-obscured
records are not signed.

(cherry picked from commit ff7015a0f8)
2018-06-13 12:58:27 +02:00
Michał Kępień
da430b5f36 Add helper variables in mkeys system test
The keyfile and key ID for the original managed key do not change
throughout the mkeys system test.  Keep them in helper variables to
prevent calling "cat" multiple times and improve code readability.

(cherry picked from commit 2cad382552)
2018-06-13 08:08:25 +02:00
Michał Kępień
a23e9821d6 Replace duplicated code snippet with calls to helper functions
Reduce code duplication by replacing a code snippet repeated throughout
system tests using "trusted-keys" and/or "managed-keys" configuration
sections with calls to keyfile_to_{managed,trusted}_keys() helper
functions.

(cherry picked from commit dce66f7635)
2018-06-13 08:08:25 +02:00
Michał Kępień
36d6a6cc76 Add helper functions for converting keyfile data into configuration sections
Add a set of helper functions for system test scripts which enable
converting key data from a set of keyfiles to either a "trusted-keys"
section or a "managed-keys" section suitable for including in a
resolver's configuration file.

(cherry picked from commit 21d3658bcb)
2018-06-13 08:08:25 +02:00
Evan Hunt
7a00ce2e77 ensure we try to validate glue records so RRSIG TTLs will be capped 2018-06-08 11:41:48 -07:00
Mukund Sivaraman
db12b1a9f9 Add system test
(cherry picked from commit a5933fa2bb)
2018-06-08 17:29:45 +10:00
Mark Andrews
1710e5cfca add duplicate signature test
(cherry picked from commit 0db5b087ed)
(cherry picked from commit 1783fa5aba)
2018-06-06 17:21:29 +10:00
Evan Hunt
81c2298665 use "ip" on linux, falling back to "ifconfig" when it isn't available
(cherry picked from commit d7c5400798)
(cherry picked from commit 3e1a0c2b62)
2018-06-05 21:46:08 -07:00
Evan Hunt
35f4aafb20 expand address range in ifconfig.sh to include more than one subnet
(cherry picked from commit 41b29a436b)
(cherry picked from commit e4487b160c)
2018-06-05 21:46:08 -07:00
Evan Hunt
e229ae6999 add prerequisite check 2018-06-04 17:41:22 -04:00
Mark Andrews
9448c4fd21 add system test for root-key-sentinel
(cherry picked from commit a23b305e6b)
(cherry picked from commit b9e6b124aa)
2018-06-04 17:41:22 -04:00
Mark Andrews
f9d19cab7f 4699. [func] Multiple cookie-secret clauses can now be specified.
The first one specified is used to generate new
                        server cookies.  [RT #45672]
2018-06-04 13:16:28 -07:00
Mukund Sivaraman
3d62545657 Add system test
(cherry picked from commit 303391ea41)
2018-06-04 01:12:18 -04:00
Mukund Sivaraman
0aa9c410d7 Don't insert 2nd space between NSEC3 nexthash and typemap fields
(cherry picked from commit d4ea1edd2c)
2018-06-04 13:02:44 +10:00
Evan Hunt
eb0964a501 fix openbsd color-display problem in system test output
(cherry picked from commit 1e31fdb76d)
2018-05-25 13:01:38 -07:00
Evan Hunt
3fe5acd39f files were left in place after catz run because of non-portable bracket use
(cherry picked from commit af73e16c9c)
2018-05-24 16:18:44 -07:00
Mark Andrews
8543097699 add HOME.ARPA to the list of empty zones
(cherry picked from commit 10dd0b3efe)
2018-05-23 11:14:18 +10:00
Mark Andrews
8d96f3a207 fix handling of failed tests
(cherry picked from commit 4283f9552f)
2018-05-23 11:13:53 +10:00
Ondřej Surý
188526f41c Remove $Id markers, Principal Author and Reviewed tags from the full source tree
(cherry picked from commit 55a10b7acd)
2018-05-11 14:25:15 +02:00
Ondřej Surý
0cbad1b3fc Update tests to not use '>&-' that closes file descriptor, but instead use correct redirection to '>/dev/null'
(cherry picked from commit 3f66b8acb0)
2018-05-11 13:11:20 +02:00
Ondřej Surý
18f4f0d1ac Address GCC 8 -Wstringop-truncation warning
(cherry picked from commit 9845c4c4a7)
2018-05-10 10:54:38 +02:00
Michał Kępień
911836509e Apply raw zone deltas to yet unsigned secure zones
When inline signing is enabled for a zone without creating signing keys
for it, changes subsequently applied to the raw zone will not be
reflected in the secure zone due to the dns_update_signaturesinc() call
inside receive_secure_serial() failing.  Given that an inline zone will
be served (without any signatures) even with no associated signing keys
being present, keep applying raw zone deltas to the secure zone until
keys become available in an attempt to follow the principle of least
astonishment.

(cherry picked from commit 6acf326969)
(cherry picked from commit 8a58a60772)
2018-04-25 12:09:53 -07:00
Michał Kępień
ecea678dac Use dns_fixedname_initname() where possible
Replace dns_fixedname_init() calls followed by dns_fixedname_name()
calls with calls to dns_fixedname_initname() where it is possible
without affecting current behavior and/or performance.

This patch was mostly prepared using Coccinelle and the following
semantic patch:

    @@
    expression fixedname, name;
    @@
    -	dns_fixedname_init(&fixedname);
    	...
    -	name = dns_fixedname_name(&fixedname);
    +	name = dns_fixedname_initname(&fixedname);

The resulting set of changes was then manually reviewed to exclude false
positives and apply minor tweaks.

It is likely that more occurrences of this pattern can be refactored in
an identical way.  This commit only takes care of the low-hanging fruit.

(cherry picked from commit 4df4a8e731)
(cherry picked from commit 0041aeb751)
2018-04-10 13:26:23 -07:00
Kevin Chen
a39c613ccc Add a Net::DNS prereq for digdelv, fetchlimit, rpzrecurse, and zero
tests to avoid failed tests when Net::DNS is not present.

(cherry picked from commit 8b1b809ab4)
2018-04-04 23:02:58 +02:00
Stephen Morris
79b7a5c89b Check libidn2 version before proceding with one of the tests.
A known issue in libidn2 causes one of the tests of a fake A-label
to fail.  The problem should be corrected in version 2.0.5 of
libidn2.
2018-04-04 09:48:52 -04:00
Ondřej Surý
05880829e0 Use C.UTF-8 if available, and en_US.UTF-8 is available, otherwise do nothing and let the test break 2018-04-04 09:48:51 -04:00
Stephen Morris
8319ece415 Set known locale prior to running tests. 2018-04-04 09:48:50 -04:00
Stephen Morris
dfb264f85c Fix check for the presence of IDNA. 2018-04-04 09:48:49 -04:00
Stephen Morris
777a37affd Added additional tests for invalid punycode strings. 2018-04-04 09:48:49 -04:00
Stephen Morris
e0b6c11840 Initial set of IDNA tests. 2018-04-04 09:48:47 -04:00
Mark Andrews
f56b63d9ac fix temporary file name to have subtest number
(cherry picked from commit e12453f43c88bac722fb511b62f12303735b788c)
2018-03-19 23:13:10 +11:00
Mark Andrews
79c85f5e60 Merge branch 'fixtypo-v9_11' into 'v9_11'
fix typo

See merge request isc-projects/bind9!148
2018-03-19 22:55:24 +11:00
Mark Andrews
c5d1d9d232 fix typo
(cherry picked from commit 6e4b5f2345)
2018-03-19 22:53:09 +11:00
Mark Andrews
7921d18f11 fix numbering of tests and make consistent
(cherry picked from commit dd5dff3096)
2018-03-19 20:27:26 +11:00
Evan Hunt
09cf48603a update file headers 2018-03-15 18:38:48 -07:00
Evan Hunt
8b205089b7 update file headers to remove copyright years 2018-03-14 16:40:20 -07:00
Evan Hunt
01823b89c0 clean up dig.out files that were left behind after xfer test
(cherry picked from commit 733086cc67)
2018-03-10 13:12:39 -08:00
Evan Hunt
8da54db729 Merge branch 'clean-bin-tests' into 'v9_11'
clean up bin/tests, convert unit tests to ATF

Closes #115

See merge request isc-projects/bind9!93
2018-03-09 16:47:51 -08:00
Evan Hunt
442c1530a3 final cleanup
- update Kyuafiles to match Atffiles
- copyrights
- CHANGES note

(cherry picked from commit 86e00cbb71)
(cherry picked from commit 80834b5b90)
2018-03-09 16:17:56 -08:00
Evan Hunt
ade4face27 reduce race risk in parallel builds
(cherry picked from commit 74347f4a55)
(cherry picked from commit 7f4e62d902)
2018-03-09 15:48:34 -08:00
Evan Hunt
dbb225d83e migrate tests from bin/tests/dnssec-signzone to bin/tests/system/dnssec
- added tests to the dnssec system test that duplicate the ones
  from bin/tests/dnssec-signzone
- changed cleanall.sh so it doesn't automatically remove all
  key files, because there are now some of those that are part of the
  distribution

(cherry picked from commit ccfe778c01)
(cherry picked from commit d8f8eee381)
2018-03-09 15:30:27 -08:00
Michał Kępień
bdf0287c2d Fix a race between "rndc reconfig" and waiting for a ./DNSKEY fetch to complete
Calling nextpart() after reconfiguring ns1 is not safe, because the
expected log message may appear in ns5/named.run before nextpart() is
run.  With the TTL for ./DNSKEY set to 20 seconds, ns5 will refresh it
after 10 seconds, by which time wait_for_log() will already have failed.
This results in a false negative.

However, just calling nextpart() before reconfiguring ns1 would
introduce a different problem: if ns5 refreshed ./DNSKEY between these
two steps, the subsequent wait_for_log() call would return immediately
as it would come across the log message about a failure while refreshing
./DNSKEY instead of the expected success.  This in turn would result in
a different false negative as the root key would still be uninitialized
by the time "rndc secroots" is called.

Prevent both kinds of false negatives by:

  - calling nextpart() before reconfiguring ns1, in order to prevent the
    first case described above,

  - looking for a more specific log message, in order to prevent the
    second case described above.

Also look for a more specific log message in the first part of the
relevant check, not to fix any problem, but just to emphasize that a
different fetch result is expected in that case.

With these tweaks in place, if a (failed) ./DNSKEY refresh is scheduled
between nextpart() and reconfiguring ns1, wait_for_log() will just wait
for two more seconds (one "hour"), at which point another refresh
attempt will be made that will succeed.

(cherry picked from commit 012ca0a27d)
2018-03-08 13:43:34 +01:00
Mark Andrews
cb0a385692 add test configuration where a in-view zone collides with a existing zone
(cherry picked from commit ca55c672b0)
2018-03-08 12:16:24 +11:00
Evan Hunt
b28dcef84b use the test name in the -D string for each name server
(cherry picked from commit 1eff695f33)
2018-03-07 14:51:09 -08:00
Evan Hunt
223a646d54 restore long options for run.sh
(cherry picked from commit 4a714bffbc)
2018-03-07 14:35:30 -08:00
Evan Hunt
37a6bb004c eliminate unnecessary waiting in allow-query test
- grep in the log to see if configuration is finished rather
  than sleeping for 5 seconds

(cherry picked from commit a9b6bed6af)
2018-03-07 14:06:32 -08:00
Evan Hunt
5d9e3f9b02 rename allow_query to allow-query
(cherry picked from commit ffc3e73c36)
2018-03-07 14:04:48 -08:00