ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
3dff3eac0aec61ba11afd357220630a4d679b75b
bind9/bin/tests/system/proxy/ns3/named.conf.in
Artem Boldariev 019555fb1d System test for PROXYv2 
This commit adds a system test suite for PROXYv2. The idea on which it
is based is simple:

1. Firstly we check that 'allow-proxy' and 'allow-proxy-on' (whatever
is using the new 'isc_nmhandle_real_localaddr/peeraddr()') do what
they intended to do.

2. Anything else that needs an interface or peer address (ACL
functionality, for example) is using the old
'isc_nmhandle_localaddr/peeraddr()' - which are now returning
addresses received via PROXY (if any) instead of the real connection
addresses. The beauty of it that we DO NOT need to verify every bit of
the code relying on these functions: whatever works in one place will
work everywhere else, as these were the only functions that allowed
any higher level code to get peer and interface addresses.

This way it is relatively easy to see if PROXYv2 works as intended.
2023-12-06 15:15:25 +02:00

57 lines
1.9 KiB
Plaintext
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
include "../../_common/rndc.key";
controls {
inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
tls self-signed {
cert-file "../self-signed-cert.pem";
key-file "../self-signed-key.pem";
};
options {
pid-file "named.pid";
##
# generic test
listen-on port @PORT@ { 10.53.0.3; };
listen-on port @EXTRAPORT1@ proxy plain { 10.53.0.3; };
listen-on port @TLSPORT@ proxy encrypted tls self-signed { 10.53.0.3; };
listen-on port @EXTRAPORT2@ proxy plain tls self-signed { 10.53.0.3; };
listen-on port @HTTPSPORT@ proxy encrypted tls self-signed http default { 10.53.0.3; };
listen-on port @EXTRAPORT3@ proxy plain tls self-signed http default { 10.53.0.3; };
listen-on port @HTTPPORT@ proxy plain tls none http default { 10.53.0.3; };
listen-on-v6 port @EXTRAPORT1@ proxy plain { fd92:7065:b8e:ffff::3; };
listen-on-v6 port @TLSPORT@ proxy encrypted tls self-signed { fd92:7065:b8e:ffff::3; };
listen-on-v6 port @EXTRAPORT2@ proxy plain tls self-signed { fd92:7065:b8e:ffff::3; };
listen-on-v6 port @HTTPSPORT@ proxy encrypted tls self-signed http default { fd92:7065:b8e:ffff::3; };
listen-on-v6 port @EXTRAPORT3@ proxy plain tls self-signed http default { fd92:7065:b8e:ffff::3; };
listen-on-v6 port @HTTPPORT@ proxy plain tls none http default { fd92:7065:b8e:ffff::3; };
recursion no;
notify explicit;
statistics-file "named.stats";
dnssec-validation yes;
tcp-initial-timeout 1200;
};
zone "example" {
type primary;
file "example.db";
allow-query { any; };
};
View Git Blame Copy Permalink