]>
Commit | Line | Data |
---|---|---|
30ee601a RG |
1 | #define BOOST_TEST_DYN_LINK |
2 | #define BOOST_TEST_NO_MAIN | |
3 | #include <boost/test/unit_test.hpp> | |
4 | ||
5 | #include "arguments.hh" | |
8455425c RG |
6 | #include "dnssecinfra.hh" |
7 | #include "dnsseckeeper.hh" | |
30ee601a RG |
8 | #include "lua-recursor4.hh" |
9 | #include "namespaces.hh" | |
10 | #include "rec-lua-conf.hh" | |
11 | #include "root-dnssec.hh" | |
12 | #include "syncres.hh" | |
6dfff36f | 13 | #include "utility.hh" |
30ee601a RG |
14 | #include "validate-recursor.hh" |
15 | ||
30ee601a RG |
16 | RecursorStats g_stats; |
17 | GlobalStateHolder<LuaConfigItems> g_luaconfs; | |
f26bf547 | 18 | thread_local std::unique_ptr<MemRecursorCache> t_RC{nullptr}; |
30ee601a RG |
19 | unsigned int g_numThreads = 1; |
20 | ||
21 | /* Fake some required functions we didn't want the trouble to | |
22 | link with */ | |
23 | ArgvMap &arg() | |
24 | { | |
25 | static ArgvMap theArg; | |
26 | return theArg; | |
27 | } | |
28 | ||
29 | int getMTaskerTID() | |
30 | { | |
31 | return 0; | |
32 | } | |
33 | ||
34 | bool RecursorLua4::preoutquery(const ComboAddress& ns, const ComboAddress& requestor, const DNSName& query, const QType& qtype, bool isTcp, vector<DNSRecord>& res, int& ret) | |
35 | { | |
36 | return false; | |
37 | } | |
38 | ||
39 | int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) | |
40 | { | |
41 | return 0; | |
42 | } | |
43 | ||
44 | /* primeHints() is only here for now because it | |
45 | was way too much trouble to link with the real one. | |
46 | We should fix this, empty functions are one thing, but this is | |
47 | bad. | |
48 | */ | |
49 | ||
50 | #include "root-addresses.hh" | |
51 | ||
52 | void primeHints(void) | |
53 | { | |
54 | vector<DNSRecord> nsset; | |
55 | if(!t_RC) | |
f26bf547 | 56 | t_RC = std::unique_ptr<MemRecursorCache>(new MemRecursorCache()); |
30ee601a RG |
57 | |
58 | DNSRecord arr, aaaarr, nsrr; | |
59 | nsrr.d_name=g_rootdnsname; | |
60 | arr.d_type=QType::A; | |
61 | aaaarr.d_type=QType::AAAA; | |
62 | nsrr.d_type=QType::NS; | |
63 | arr.d_ttl=aaaarr.d_ttl=nsrr.d_ttl=time(nullptr)+3600000; | |
64 | ||
65 | for(char c='a';c<='m';++c) { | |
66 | static char templ[40]; | |
67 | strncpy(templ,"a.root-servers.net.", sizeof(templ) - 1); | |
68 | templ[sizeof(templ)-1] = '\0'; | |
69 | *templ=c; | |
70 | aaaarr.d_name=arr.d_name=DNSName(templ); | |
71 | nsrr.d_content=std::make_shared<NSRecordContent>(DNSName(templ)); | |
72 | arr.d_content=std::make_shared<ARecordContent>(ComboAddress(rootIps4[c-'a'])); | |
73 | vector<DNSRecord> aset; | |
74 | aset.push_back(arr); | |
2b984251 | 75 | t_RC->replace(time(0), DNSName(templ), QType(QType::A), aset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true); // auth, nuke it all |
30ee601a RG |
76 | if (rootIps6[c-'a'] != NULL) { |
77 | aaaarr.d_content=std::make_shared<AAAARecordContent>(ComboAddress(rootIps6[c-'a'])); | |
78 | ||
79 | vector<DNSRecord> aaaaset; | |
80 | aaaaset.push_back(aaaarr); | |
2b984251 | 81 | t_RC->replace(time(0), DNSName(templ), QType(QType::AAAA), aaaaset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true); |
30ee601a RG |
82 | } |
83 | ||
84 | nsset.push_back(nsrr); | |
85 | } | |
2b984251 | 86 | t_RC->replace(time(0), g_rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), false); // and stuff in the cache |
30ee601a RG |
87 | } |
88 | ||
89 | LuaConfigItems::LuaConfigItems() | |
90 | { | |
91 | for (const auto &dsRecord : rootDSs) { | |
92 | auto ds=unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(dsRecord))); | |
93 | dsAnchors[g_rootdnsname].insert(*ds); | |
94 | } | |
95 | } | |
96 | ||
97 | /* Some helpers functions */ | |
98 | ||
99 | static void init(bool debug=false) | |
100 | { | |
101 | if (debug) { | |
102 | L.setName("test"); | |
103 | L.setLoglevel((Logger::Urgency)(6)); // info and up | |
104 | L.disableSyslog(true); | |
105 | L.toConsole(Logger::Info); | |
106 | } | |
107 | ||
108 | seedRandom("/dev/urandom"); | |
d6e797b8 | 109 | reportAllTypes(); |
30ee601a | 110 | |
f26bf547 | 111 | t_RC = std::unique_ptr<MemRecursorCache>(new MemRecursorCache()); |
30ee601a | 112 | |
30ee601a RG |
113 | SyncRes::s_maxqperq = 50; |
114 | SyncRes::s_maxtotusec = 1000*7000; | |
115 | SyncRes::s_maxdepth = 40; | |
116 | SyncRes::s_maxnegttl = 3600; | |
117 | SyncRes::s_maxcachettl = 86400; | |
118 | SyncRes::s_packetcachettl = 3600; | |
119 | SyncRes::s_packetcacheservfailttl = 60; | |
120 | SyncRes::s_serverdownmaxfails = 64; | |
121 | SyncRes::s_serverdownthrottletime = 60; | |
122 | SyncRes::s_doIPv6 = true; | |
e9f9b8ec RG |
123 | SyncRes::s_ecsipv4limit = 24; |
124 | SyncRes::s_ecsipv6limit = 56; | |
f58c8379 | 125 | SyncRes::s_rootNXTrust = true; |
d6e797b8 | 126 | SyncRes::s_minimumTTL = 0; |
648bcbd1 | 127 | SyncRes::s_serverID = "PowerDNS Unit Tests Server ID"; |
9065eb05 RG |
128 | SyncRes::clearEDNSSubnets(); |
129 | SyncRes::clearEDNSDomains(); | |
130 | SyncRes::clearDelegationOnly(); | |
131 | SyncRes::clearDontQuery(); | |
648bcbd1 | 132 | |
a712cb56 | 133 | SyncRes::clearNSSpeeds(); |
6dfff36f | 134 | BOOST_CHECK_EQUAL(SyncRes::getNSSpeedsSize(), 0); |
a712cb56 | 135 | SyncRes::clearEDNSStatuses(); |
6dfff36f | 136 | BOOST_CHECK_EQUAL(SyncRes::getEDNSStatusesSize(), 0); |
a712cb56 | 137 | SyncRes::clearThrottle(); |
6dfff36f | 138 | BOOST_CHECK_EQUAL(SyncRes::getThrottledServersSize(), 0); |
a712cb56 | 139 | SyncRes::clearFailedServers(); |
6dfff36f | 140 | BOOST_CHECK_EQUAL(SyncRes::getFailedServersSize(), 0); |
a712cb56 | 141 | |
648bcbd1 RG |
142 | auto luaconfsCopy = g_luaconfs.getCopy(); |
143 | luaconfsCopy.dfe.clear(); | |
8455425c RG |
144 | luaconfsCopy.dsAnchors.clear(); |
145 | for (const auto &dsRecord : rootDSs) { | |
146 | auto ds=unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(dsRecord))); | |
147 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(*ds); | |
148 | } | |
149 | luaconfsCopy.negAnchors.clear(); | |
648bcbd1 RG |
150 | g_luaconfs.setState(luaconfsCopy); |
151 | ||
8455425c | 152 | g_dnssecmode = DNSSECMode::Off; |
895449a5 | 153 | g_dnssecLOG = debug; |
8455425c | 154 | |
648bcbd1 | 155 | ::arg().set("version-string", "string reported on version.pdns or version.bind")="PowerDNS Unit Tests"; |
30ee601a RG |
156 | } |
157 | ||
895449a5 | 158 | static void initSR(std::unique_ptr<SyncRes>& sr, bool dnssec=false, bool debug=false, time_t fakeNow=0) |
30ee601a RG |
159 | { |
160 | struct timeval now; | |
d6e797b8 RG |
161 | if (fakeNow > 0) { |
162 | now.tv_sec = fakeNow; | |
163 | now.tv_usec = 0; | |
164 | } | |
165 | else { | |
166 | Utility::gettimeofday(&now, 0); | |
167 | } | |
168 | ||
895449a5 RG |
169 | init(debug); |
170 | ||
30ee601a | 171 | sr = std::unique_ptr<SyncRes>(new SyncRes(now)); |
895449a5 | 172 | sr->setDoEDNS0(true); |
30ee601a | 173 | sr->setDoDNSSEC(dnssec); |
895449a5 RG |
174 | sr->setLogMode(debug == false ? SyncRes::LogNone : SyncRes::Log); |
175 | ||
a712cb56 RG |
176 | SyncRes::setDomainMap(std::make_shared<SyncRes::domainmap_t>()); |
177 | SyncRes::clearNegCache(); | |
30ee601a RG |
178 | } |
179 | ||
180 | static void setLWResult(LWResult* res, int rcode, bool aa=false, bool tc=false, bool edns=false) | |
181 | { | |
182 | res->d_rcode = rcode; | |
183 | res->d_aabit = aa; | |
184 | res->d_tcbit = tc; | |
185 | res->d_haveEDNS = edns; | |
186 | } | |
187 | ||
8455425c | 188 | static std::shared_ptr<DNSRecordContent> getRecordContent(uint16_t type, const std::string& content) |
30ee601a | 189 | { |
8455425c | 190 | std::shared_ptr<DNSRecordContent> result = nullptr; |
30ee601a RG |
191 | |
192 | if (type == QType::NS) { | |
8455425c | 193 | result = std::make_shared<NSRecordContent>(DNSName(content)); |
30ee601a RG |
194 | } |
195 | else if (type == QType::A) { | |
8455425c | 196 | result = std::make_shared<ARecordContent>(ComboAddress(content)); |
30ee601a | 197 | } |
778bcea6 | 198 | else if (type == QType::AAAA) { |
8455425c | 199 | result = std::make_shared<AAAARecordContent>(ComboAddress(content)); |
30ee601a | 200 | } |
778bcea6 | 201 | else if (type == QType::CNAME) { |
8455425c | 202 | result = std::make_shared<CNAMERecordContent>(DNSName(content)); |
778bcea6 | 203 | } |
d6e797b8 | 204 | else if (type == QType::OPT) { |
8455425c | 205 | result = std::make_shared<OPTRecordContent>(); |
d6e797b8 | 206 | } |
30ee601a | 207 | else { |
8455425c | 208 | result = DNSRecordContent::mastermake(type, QClass::IN, content); |
30ee601a RG |
209 | } |
210 | ||
8455425c RG |
211 | return result; |
212 | } | |
213 | ||
214 | static void addRecordToList(std::vector<DNSRecord>& records, const DNSName& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place, uint32_t ttl) | |
215 | { | |
216 | DNSRecord rec; | |
217 | rec.d_place = place; | |
218 | rec.d_name = name; | |
219 | rec.d_type = type; | |
220 | rec.d_ttl = ttl; | |
221 | ||
222 | rec.d_content = getRecordContent(type, content); | |
223 | ||
d6e797b8 RG |
224 | records.push_back(rec); |
225 | } | |
226 | ||
227 | static void addRecordToList(std::vector<DNSRecord>& records, const std::string& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place, uint32_t ttl) | |
228 | { | |
229 | addRecordToList(records, name, type, content, place, ttl); | |
230 | } | |
231 | ||
232 | static void addRecordToLW(LWResult* res, const DNSName& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place=DNSResourceRecord::ANSWER, uint32_t ttl=60) | |
233 | { | |
234 | addRecordToList(res->d_records, name, type, content, place, ttl); | |
30ee601a RG |
235 | } |
236 | ||
237 | static void addRecordToLW(LWResult* res, const std::string& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place=DNSResourceRecord::ANSWER, uint32_t ttl=60) | |
238 | { | |
239 | addRecordToLW(res, DNSName(name), type, content, place, ttl); | |
240 | } | |
241 | ||
242 | static bool isRootServer(const ComboAddress& ip) | |
243 | { | |
8455425c RG |
244 | if (ip.isIPv4()) { |
245 | for (size_t idx = 0; idx < rootIps4Count; idx++) { | |
246 | if (ip.toString() == rootIps4[idx]) { | |
247 | return true; | |
248 | } | |
30ee601a RG |
249 | } |
250 | } | |
8455425c RG |
251 | else { |
252 | for (size_t idx = 0; idx < rootIps6Count; idx++) { | |
253 | if (ip.toString() == rootIps6[idx]) { | |
254 | return true; | |
255 | } | |
30ee601a RG |
256 | } |
257 | } | |
8455425c | 258 | |
30ee601a RG |
259 | return false; |
260 | } | |
261 | ||
3d5ebf10 | 262 | static void computeRRSIG(const DNSSECPrivateKey& dpk, const DNSName& signer, const DNSName& signQName, uint16_t signQType, uint32_t signTTL, uint32_t sigValidity, RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& toSign, boost::optional<uint8_t> algo=boost::none) |
8455425c RG |
263 | { |
264 | time_t now = time(nullptr); | |
265 | DNSKEYRecordContent drc = dpk.getDNSKEY(); | |
266 | const std::shared_ptr<DNSCryptoKeyEngine> rc = dpk.getKey(); | |
267 | ||
268 | rrc.d_type = signQType; | |
269 | rrc.d_labels = signQName.countLabels() - signQName.isWildcard(); | |
270 | rrc.d_originalttl = signTTL; | |
812c3a69 | 271 | rrc.d_siginception = now - 10; |
8455425c RG |
272 | rrc.d_sigexpire = now + sigValidity; |
273 | rrc.d_signer = signer; | |
274 | rrc.d_tag = 0; | |
275 | rrc.d_tag = drc.getTag(); | |
3d5ebf10 | 276 | rrc.d_algorithm = algo ? *algo : drc.d_algorithm; |
8455425c RG |
277 | |
278 | std::string msg = getMessageForRRSET(signQName, rrc, toSign); | |
279 | ||
280 | rrc.d_signature = rc->sign(msg); | |
281 | } | |
282 | ||
b7f378d1 RG |
283 | typedef std::unordered_map<DNSName, std::pair<DNSSECPrivateKey, DSRecordContent> > testkeysset_t; |
284 | ||
2b984251 | 285 | static void addRRSIG(const testkeysset_t& keys, std::vector<DNSRecord>& records, const DNSName& signer, uint32_t sigValidity, bool broken=false, boost::optional<uint8_t> algo=boost::none, boost::optional<DNSName> wildcard=boost::none) |
8455425c RG |
286 | { |
287 | if (records.empty()) { | |
288 | return; | |
289 | } | |
290 | ||
291 | const auto it = keys.find(signer); | |
292 | if (it == keys.cend()) { | |
293 | throw std::runtime_error("No DNSKEY found for " + signer.toString() + ", unable to compute the requested RRSIG"); | |
294 | } | |
295 | ||
296 | size_t recordsCount = records.size(); | |
297 | const DNSName& name = records[recordsCount-1].d_name; | |
298 | const uint16_t type = records[recordsCount-1].d_type; | |
299 | ||
300 | std::vector<std::shared_ptr<DNSRecordContent> > recordcontents; | |
301 | for (const auto record : records) { | |
302 | if (record.d_name == name && record.d_type == type) { | |
303 | recordcontents.push_back(record.d_content); | |
304 | } | |
305 | } | |
306 | ||
307 | RRSIGRecordContent rrc; | |
2b984251 | 308 | computeRRSIG(it->second.first, signer, wildcard ? * wildcard : records[recordsCount-1].d_name, records[recordsCount-1].d_type, records[recordsCount-1].d_ttl, sigValidity, rrc, recordcontents, algo); |
3d5ebf10 RG |
309 | if (broken) { |
310 | rrc.d_signature[0] ^= 42; | |
311 | } | |
8455425c RG |
312 | |
313 | DNSRecord rec; | |
314 | rec.d_place = records[recordsCount-1].d_place; | |
315 | rec.d_name = records[recordsCount-1].d_name; | |
316 | rec.d_type = QType::RRSIG; | |
317 | rec.d_ttl = sigValidity; | |
318 | ||
319 | rec.d_content = std::make_shared<RRSIGRecordContent>(rrc); | |
320 | records.push_back(rec); | |
321 | } | |
322 | ||
b7f378d1 | 323 | static void addDNSKEY(const testkeysset_t& keys, const DNSName& signer, uint32_t ttl, std::vector<DNSRecord>& records) |
8455425c RG |
324 | { |
325 | const auto it = keys.find(signer); | |
326 | if (it == keys.cend()) { | |
327 | throw std::runtime_error("No DNSKEY found for " + signer.toString()); | |
328 | } | |
329 | ||
330 | DNSRecord rec; | |
331 | rec.d_place = DNSResourceRecord::ANSWER; | |
332 | rec.d_name = signer; | |
333 | rec.d_type = QType::DNSKEY; | |
334 | rec.d_ttl = ttl; | |
335 | ||
b7f378d1 | 336 | rec.d_content = std::make_shared<DNSKEYRecordContent>(it->second.first.getDNSKEY()); |
8455425c RG |
337 | records.push_back(rec); |
338 | } | |
339 | ||
a53e8fe3 | 340 | static void addDS(const DNSName& domain, uint32_t ttl, std::vector<DNSRecord>& records, const testkeysset_t& keys, DNSResourceRecord::Place place=DNSResourceRecord::AUTHORITY) |
8455425c | 341 | { |
b7f378d1 RG |
342 | const auto it = keys.find(domain); |
343 | if (it == keys.cend()) { | |
8455425c RG |
344 | return; |
345 | } | |
346 | ||
b7f378d1 RG |
347 | DNSRecord rec; |
348 | rec.d_name = domain; | |
349 | rec.d_type = QType::DS; | |
a53e8fe3 | 350 | rec.d_place = place; |
b7f378d1 RG |
351 | rec.d_ttl = ttl; |
352 | rec.d_content = std::make_shared<DSRecordContent>(it->second.second); | |
8455425c | 353 | |
b7f378d1 | 354 | records.push_back(rec); |
8455425c RG |
355 | } |
356 | ||
357 | static void addNSECRecordToLW(const DNSName& domain, const DNSName& next, const std::set<uint16_t>& types, uint32_t ttl, std::vector<DNSRecord>& records) | |
358 | { | |
359 | NSECRecordContent nrc; | |
360 | nrc.d_next = next; | |
361 | nrc.d_set = types; | |
362 | ||
363 | DNSRecord rec; | |
364 | rec.d_name = domain; | |
365 | rec.d_ttl = ttl; | |
366 | rec.d_type = QType::NSEC; | |
367 | rec.d_content = std::make_shared<NSECRecordContent>(nrc); | |
368 | rec.d_place = DNSResourceRecord::AUTHORITY; | |
369 | ||
370 | records.push_back(rec); | |
371 | } | |
372 | ||
b7f378d1 | 373 | static void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest, testkeysset_t& keys) |
8455425c RG |
374 | { |
375 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(algo)); | |
b7f378d1 | 376 | dcke->create((algo <= 10) ? 2048 : dcke->getBits()); |
8455425c RG |
377 | DNSSECPrivateKey dpk; |
378 | dpk.d_flags = 256; | |
379 | dpk.setKey(dcke); | |
8455425c | 380 | DSRecordContent ds = makeDSFromDNSKey(name, dpk.getDNSKEY(), digest); |
b7f378d1 RG |
381 | keys[name] = std::pair<DNSSECPrivateKey,DSRecordContent>(dpk,ds); |
382 | } | |
383 | ||
384 | static void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest, testkeysset_t& keys, map<DNSName,dsmap_t>& dsAnchors) | |
385 | { | |
386 | generateKeyMaterial(name, algo, digest, keys); | |
387 | dsAnchors[name].insert(keys[name].second); | |
8455425c RG |
388 | } |
389 | ||
30ee601a RG |
390 | /* Real tests */ |
391 | ||
392 | BOOST_AUTO_TEST_SUITE(syncres_cc) | |
393 | ||
394 | BOOST_AUTO_TEST_CASE(test_root_primed) { | |
395 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 396 | initSR(sr); |
30ee601a RG |
397 | |
398 | primeHints(); | |
895449a5 | 399 | |
4d2be65d | 400 | const DNSName target("a.root-servers.net."); |
30ee601a | 401 | |
4d2be65d | 402 | /* we are primed, we should be able to resolve A a.root-servers.net. without any query */ |
30ee601a | 403 | vector<DNSRecord> ret; |
4d2be65d | 404 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); |
b7f378d1 | 405 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
4d2be65d RG |
406 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
407 | BOOST_CHECK(ret[0].d_type == QType::A); | |
408 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
409 | ||
410 | ret.clear(); | |
411 | res = sr->beginResolve(target, QType(QType::AAAA), QClass::IN, ret); | |
b7f378d1 RG |
412 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
413 | BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); | |
4d2be65d RG |
414 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
415 | BOOST_CHECK(ret[0].d_type == QType::AAAA); | |
416 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
4d2be65d RG |
417 | } |
418 | ||
419 | BOOST_AUTO_TEST_CASE(test_root_primed_ns) { | |
420 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 421 | initSR(sr); |
4d2be65d RG |
422 | |
423 | primeHints(); | |
424 | const DNSName target("."); | |
425 | ||
426 | /* we are primed, but we should not be able to NS . without any query | |
427 | because the . NS entry is not stored as authoritative */ | |
428 | ||
429 | size_t queriesCount = 0; | |
430 | ||
431 | sr->setAsyncCallback([target,&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
432 | queriesCount++; | |
433 | ||
434 | if (domain == target && type == QType::NS) { | |
435 | ||
436 | setLWResult(res, 0, true, false, true); | |
8455425c | 437 | char addr[] = "a.root-servers.net."; |
4d2be65d | 438 | for (char idx = 'a'; idx <= 'm'; idx++) { |
8455425c RG |
439 | addr[0] = idx; |
440 | addRecordToLW(res, g_rootdnsname, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
4d2be65d RG |
441 | } |
442 | ||
443 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
444 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
445 | ||
446 | return 1; | |
447 | } | |
448 | ||
449 | return 0; | |
450 | }); | |
451 | ||
452 | vector<DNSRecord> ret; | |
453 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 | 454 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
4d2be65d RG |
455 | BOOST_REQUIRE_EQUAL(ret.size(), 13); |
456 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
30ee601a RG |
457 | } |
458 | ||
459 | BOOST_AUTO_TEST_CASE(test_root_not_primed) { | |
460 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 461 | initSR(sr); |
30ee601a RG |
462 | |
463 | size_t queriesCount = 0; | |
464 | ||
465 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
466 | queriesCount++; | |
467 | ||
468 | if (domain == g_rootdnsname && type == QType::NS) { | |
469 | setLWResult(res, 0, true, false, true); | |
470 | addRecordToLW(res, g_rootdnsname, QType::NS, "a.root-servers.net.", DNSResourceRecord::ANSWER, 3600); | |
471 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
472 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
473 | ||
474 | return 1; | |
475 | } | |
476 | ||
477 | return 0; | |
478 | }); | |
479 | ||
480 | /* we are not primed yet, so SyncRes will have to call primeHints() | |
481 | then call getRootNS(), for which at least one of the root servers needs to answer */ | |
482 | vector<DNSRecord> ret; | |
483 | int res = sr->beginResolve(DNSName("."), QType(QType::NS), QClass::IN, ret); | |
b7f378d1 | 484 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a RG |
485 | BOOST_CHECK_EQUAL(ret.size(), 1); |
486 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
487 | } | |
488 | ||
489 | BOOST_AUTO_TEST_CASE(test_root_not_primed_and_no_response) { | |
490 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 491 | initSR(sr); |
30ee601a RG |
492 | std::set<ComboAddress> downServers; |
493 | ||
494 | /* we are not primed yet, so SyncRes will have to call primeHints() | |
495 | then call getRootNS(), for which at least one of the root servers needs to answer. | |
496 | None will, so it should ServFail. | |
497 | */ | |
498 | sr->setAsyncCallback([&downServers](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
499 | ||
500 | downServers.insert(ip); | |
501 | return 0; | |
502 | }); | |
503 | ||
504 | vector<DNSRecord> ret; | |
505 | int res = sr->beginResolve(DNSName("."), QType(QType::NS), QClass::IN, ret); | |
f58c8379 | 506 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
30ee601a RG |
507 | BOOST_CHECK_EQUAL(ret.size(), 0); |
508 | BOOST_CHECK(downServers.size() > 0); | |
509 | /* we explicitly refuse to mark the root servers down */ | |
510 | for (const auto& server : downServers) { | |
a712cb56 | 511 | BOOST_CHECK_EQUAL(SyncRes::getServerFailsCount(server), 0); |
30ee601a RG |
512 | } |
513 | } | |
514 | ||
515 | BOOST_AUTO_TEST_CASE(test_edns_formerr_fallback) { | |
516 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 517 | initSR(sr); |
30ee601a RG |
518 | |
519 | ComboAddress noEDNSServer; | |
520 | size_t queriesWithEDNS = 0; | |
521 | size_t queriesWithoutEDNS = 0; | |
522 | ||
523 | sr->setAsyncCallback([&queriesWithEDNS, &queriesWithoutEDNS, &noEDNSServer](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
524 | if (EDNS0Level != 0) { | |
525 | queriesWithEDNS++; | |
526 | noEDNSServer = ip; | |
527 | ||
528 | setLWResult(res, RCode::FormErr); | |
529 | return 1; | |
530 | } | |
531 | ||
532 | queriesWithoutEDNS++; | |
533 | ||
534 | if (domain == DNSName("powerdns.com") && type == QType::A && !doTCP) { | |
535 | setLWResult(res, 0, true, false, false); | |
536 | addRecordToLW(res, domain, QType::A, "192.0.2.1"); | |
537 | return 1; | |
538 | } | |
539 | ||
540 | return 0; | |
541 | }); | |
542 | ||
543 | primeHints(); | |
544 | ||
545 | /* fake that the root NS doesn't handle EDNS, check that we fallback */ | |
546 | vector<DNSRecord> ret; | |
547 | int res = sr->beginResolve(DNSName("powerdns.com."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 548 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a RG |
549 | BOOST_CHECK_EQUAL(ret.size(), 1); |
550 | BOOST_CHECK_EQUAL(queriesWithEDNS, 1); | |
551 | BOOST_CHECK_EQUAL(queriesWithoutEDNS, 1); | |
a712cb56 RG |
552 | BOOST_CHECK_EQUAL(SyncRes::getEDNSStatusesSize(), 1); |
553 | BOOST_CHECK_EQUAL(SyncRes::getEDNSStatus(noEDNSServer), SyncRes::EDNSStatus::NOEDNS); | |
30ee601a RG |
554 | } |
555 | ||
556 | BOOST_AUTO_TEST_CASE(test_edns_notimp_fallback) { | |
557 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 558 | initSR(sr); |
30ee601a RG |
559 | |
560 | size_t queriesWithEDNS = 0; | |
561 | size_t queriesWithoutEDNS = 0; | |
562 | ||
563 | sr->setAsyncCallback([&queriesWithEDNS, &queriesWithoutEDNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
564 | if (EDNS0Level != 0) { | |
565 | queriesWithEDNS++; | |
566 | setLWResult(res, RCode::NotImp); | |
567 | return 1; | |
568 | } | |
569 | ||
570 | queriesWithoutEDNS++; | |
571 | ||
572 | if (domain == DNSName("powerdns.com") && type == QType::A && !doTCP) { | |
573 | setLWResult(res, 0, true, false, false); | |
574 | addRecordToLW(res, domain, QType::A, "192.0.2.1"); | |
575 | return 1; | |
576 | } | |
577 | ||
578 | return 0; | |
579 | }); | |
580 | ||
581 | primeHints(); | |
582 | ||
583 | /* fake that the NS doesn't handle EDNS, check that we fallback */ | |
584 | vector<DNSRecord> ret; | |
585 | int res = sr->beginResolve(DNSName("powerdns.com."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 586 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a RG |
587 | BOOST_CHECK_EQUAL(ret.size(), 1); |
588 | BOOST_CHECK_EQUAL(queriesWithEDNS, 1); | |
589 | BOOST_CHECK_EQUAL(queriesWithoutEDNS, 1); | |
590 | } | |
591 | ||
592 | BOOST_AUTO_TEST_CASE(test_tc_fallback_to_tcp) { | |
593 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 594 | initSR(sr); |
30ee601a RG |
595 | |
596 | sr->setAsyncCallback([](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
597 | if (!doTCP) { | |
598 | setLWResult(res, 0, false, true, false); | |
599 | return 1; | |
600 | } | |
601 | if (domain == DNSName("powerdns.com") && type == QType::A && doTCP) { | |
602 | setLWResult(res, 0, true, false, false); | |
603 | addRecordToLW(res, domain, QType::A, "192.0.2.1"); | |
604 | return 1; | |
605 | } | |
606 | ||
607 | return 0; | |
608 | }); | |
609 | ||
610 | primeHints(); | |
611 | ||
612 | /* fake that the NS truncates every request over UDP, we should fallback to TCP */ | |
613 | vector<DNSRecord> ret; | |
614 | int res = sr->beginResolve(DNSName("powerdns.com."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 615 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a RG |
616 | } |
617 | ||
3337c2f7 RG |
618 | BOOST_AUTO_TEST_CASE(test_tc_over_tcp) { |
619 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 620 | initSR(sr); |
3337c2f7 RG |
621 | |
622 | size_t tcpQueriesCount = 0; | |
623 | ||
624 | sr->setAsyncCallback([&tcpQueriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
625 | if (!doTCP) { | |
626 | setLWResult(res, 0, true, true, false); | |
627 | return 1; | |
628 | } | |
629 | ||
630 | /* first TCP query is answered with a TC response */ | |
631 | tcpQueriesCount++; | |
632 | if (tcpQueriesCount == 1) { | |
633 | setLWResult(res, 0, true, true, false); | |
634 | } | |
635 | else { | |
636 | setLWResult(res, 0, true, false, false); | |
637 | } | |
638 | ||
639 | addRecordToLW(res, domain, QType::A, "192.0.2.1"); | |
640 | return 1; | |
641 | }); | |
642 | ||
643 | primeHints(); | |
644 | ||
645 | vector<DNSRecord> ret; | |
646 | int res = sr->beginResolve(DNSName("powerdns.com."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 647 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
648 | BOOST_CHECK_EQUAL(tcpQueriesCount, 2); |
649 | } | |
650 | ||
30ee601a RG |
651 | BOOST_AUTO_TEST_CASE(test_all_nss_down) { |
652 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 653 | initSR(sr); |
30ee601a RG |
654 | std::set<ComboAddress> downServers; |
655 | ||
656 | primeHints(); | |
657 | ||
658 | sr->setAsyncCallback([&downServers](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
659 | ||
660 | if (isRootServer(ip)) { | |
8455425c | 661 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
662 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
663 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
664 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
665 | return 1; | |
666 | } | |
667 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
8455425c | 668 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
669 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
670 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
671 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 172800); | |
672 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 172800); | |
673 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 172800); | |
674 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 172800); | |
675 | return 1; | |
676 | } | |
677 | else { | |
678 | downServers.insert(ip); | |
679 | return 0; | |
680 | } | |
681 | }); | |
682 | ||
ccb07d93 RG |
683 | DNSName target("powerdns.com."); |
684 | ||
30ee601a | 685 | vector<DNSRecord> ret; |
ccb07d93 | 686 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); |
f58c8379 | 687 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
30ee601a RG |
688 | BOOST_CHECK_EQUAL(ret.size(), 0); |
689 | BOOST_CHECK_EQUAL(downServers.size(), 4); | |
690 | ||
691 | for (const auto& server : downServers) { | |
a712cb56 RG |
692 | BOOST_CHECK_EQUAL(SyncRes::getServerFailsCount(server), 1); |
693 | BOOST_CHECK(SyncRes::isThrottled(time(nullptr), server, target, QType::A)); | |
30ee601a RG |
694 | } |
695 | } | |
696 | ||
648bcbd1 RG |
697 | BOOST_AUTO_TEST_CASE(test_all_nss_network_error) { |
698 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 699 | initSR(sr); |
648bcbd1 RG |
700 | std::set<ComboAddress> downServers; |
701 | ||
702 | primeHints(); | |
703 | ||
704 | sr->setAsyncCallback([&downServers](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
705 | ||
706 | if (isRootServer(ip)) { | |
8455425c | 707 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
708 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
709 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
710 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
711 | return 1; | |
712 | } | |
713 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
8455425c | 714 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
715 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
716 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
717 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 172800); | |
718 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 172800); | |
719 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 172800); | |
720 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 172800); | |
721 | return 1; | |
722 | } | |
723 | else { | |
724 | downServers.insert(ip); | |
725 | return -1; | |
726 | } | |
727 | }); | |
728 | ||
729 | /* exact same test than the previous one, except instead of a time out we fake a network error */ | |
730 | DNSName target("powerdns.com."); | |
731 | ||
732 | vector<DNSRecord> ret; | |
733 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
734 | BOOST_CHECK_EQUAL(res, RCode::ServFail); | |
735 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
736 | BOOST_CHECK_EQUAL(downServers.size(), 4); | |
737 | ||
738 | for (const auto& server : downServers) { | |
a712cb56 RG |
739 | BOOST_CHECK_EQUAL(SyncRes::getServerFailsCount(server), 1); |
740 | BOOST_CHECK(SyncRes::isThrottled(time(nullptr), server, target, QType::A)); | |
741 | ; | |
648bcbd1 RG |
742 | } |
743 | } | |
744 | ||
745 | BOOST_AUTO_TEST_CASE(test_os_limit_errors) { | |
746 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 747 | initSR(sr); |
648bcbd1 RG |
748 | std::set<ComboAddress> downServers; |
749 | ||
750 | primeHints(); | |
751 | ||
752 | sr->setAsyncCallback([&downServers](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
753 | ||
754 | if (isRootServer(ip)) { | |
8455425c | 755 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
756 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
757 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
758 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
759 | return 1; | |
760 | } | |
761 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
8455425c | 762 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
763 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
764 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
765 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 172800); | |
766 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 172800); | |
767 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 172800); | |
768 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 172800); | |
769 | return 1; | |
770 | } | |
771 | else { | |
772 | if (downServers.size() < 3) { | |
773 | /* only the last one will answer */ | |
774 | downServers.insert(ip); | |
775 | return -2; | |
776 | } | |
777 | else { | |
778 | setLWResult(res, 0, true, false, true); | |
779 | addRecordToLW(res, "powerdns.com.", QType::A, "192.0.2.42"); | |
780 | return 1; | |
781 | } | |
782 | } | |
783 | }); | |
784 | ||
785 | DNSName target("powerdns.com."); | |
786 | ||
787 | vector<DNSRecord> ret; | |
788 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 789 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
790 | BOOST_CHECK_EQUAL(ret.size(), 1); |
791 | BOOST_CHECK_EQUAL(downServers.size(), 3); | |
792 | ||
793 | /* Error is reported as "OS limit error" (-2) so the servers should _NOT_ be marked down */ | |
794 | for (const auto& server : downServers) { | |
a712cb56 RG |
795 | BOOST_CHECK_EQUAL(SyncRes::getServerFailsCount(server), 0); |
796 | BOOST_CHECK(!SyncRes::isThrottled(time(nullptr), server, target, QType::A)); | |
648bcbd1 RG |
797 | } |
798 | } | |
799 | ||
30ee601a RG |
800 | BOOST_AUTO_TEST_CASE(test_glued_referral) { |
801 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 802 | initSR(sr); |
30ee601a RG |
803 | |
804 | primeHints(); | |
805 | ||
806 | const DNSName target("powerdns.com."); | |
807 | ||
808 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
809 | /* this will cause issue with qname minimization if we ever implement it */ | |
810 | if (domain != target) { | |
811 | return 0; | |
812 | } | |
813 | ||
814 | if (isRootServer(ip)) { | |
8455425c | 815 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
816 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
817 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
818 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
819 | return 1; | |
820 | } | |
821 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
8455425c | 822 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
823 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
824 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
825 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 172800); | |
826 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 172800); | |
827 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 172800); | |
828 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 172800); | |
829 | return 1; | |
830 | } | |
831 | else if (ip == ComboAddress("192.0.2.2:53") || ip == ComboAddress("192.0.2.3:53") || ip == ComboAddress("[2001:DB8::2]:53") || ip == ComboAddress("[2001:DB8::3]:53")) { | |
832 | setLWResult(res, 0, true, false, true); | |
833 | addRecordToLW(res, target, QType::A, "192.0.2.4"); | |
834 | return 1; | |
835 | } | |
836 | else { | |
837 | return 0; | |
838 | } | |
839 | }); | |
840 | ||
841 | vector<DNSRecord> ret; | |
842 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 843 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a | 844 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
e9f9b8ec | 845 | BOOST_CHECK(ret[0].d_type == QType::A); |
30ee601a RG |
846 | BOOST_CHECK_EQUAL(ret[0].d_name, target); |
847 | } | |
848 | ||
849 | BOOST_AUTO_TEST_CASE(test_glueless_referral) { | |
850 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 851 | initSR(sr); |
30ee601a RG |
852 | |
853 | primeHints(); | |
854 | ||
855 | const DNSName target("powerdns.com."); | |
856 | ||
857 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
858 | ||
859 | if (isRootServer(ip)) { | |
8455425c | 860 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
861 | |
862 | if (domain.isPartOf(DNSName("com."))) { | |
863 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
864 | } else if (domain.isPartOf(DNSName("org."))) { | |
865 | addRecordToLW(res, "org.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
866 | } | |
867 | else { | |
868 | setLWResult(res, RCode::NXDomain, false, false, true); | |
869 | return 1; | |
870 | } | |
871 | ||
872 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
873 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
874 | return 1; | |
875 | } | |
876 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
877 | if (domain == target) { | |
8455425c | 878 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
879 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); |
880 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
881 | return 1; | |
882 | } | |
883 | else if (domain == DNSName("pdns-public-ns1.powerdns.org.")) { | |
884 | setLWResult(res, 0, true, false, true); | |
885 | addRecordToLW(res, "pdns-public-ns1.powerdns.org.", QType::A, "192.0.2.2"); | |
886 | addRecordToLW(res, "pdns-public-ns1.powerdns.org.", QType::AAAA, "2001:DB8::2"); | |
887 | return 1; | |
888 | } | |
889 | else if (domain == DNSName("pdns-public-ns2.powerdns.org.")) { | |
890 | setLWResult(res, 0, true, false, true); | |
891 | addRecordToLW(res, "pdns-public-ns2.powerdns.org.", QType::A, "192.0.2.3"); | |
892 | addRecordToLW(res, "pdns-public-ns2.powerdns.org.", QType::AAAA, "2001:DB8::3"); | |
893 | return 1; | |
894 | } | |
895 | ||
896 | setLWResult(res, RCode::NXDomain, false, false, true); | |
897 | return 1; | |
898 | } | |
899 | else if (ip == ComboAddress("192.0.2.2:53") || ip == ComboAddress("192.0.2.3:53") || ip == ComboAddress("[2001:DB8::2]:53") || ip == ComboAddress("[2001:DB8::3]:53")) { | |
900 | setLWResult(res, 0, true, false, true); | |
901 | addRecordToLW(res, target, QType::A, "192.0.2.4"); | |
902 | return 1; | |
903 | } | |
904 | else { | |
905 | return 0; | |
906 | } | |
907 | }); | |
908 | ||
909 | vector<DNSRecord> ret; | |
910 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 911 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a | 912 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
e9f9b8ec | 913 | BOOST_CHECK(ret[0].d_type == QType::A); |
30ee601a RG |
914 | BOOST_CHECK_EQUAL(ret[0].d_name, target); |
915 | } | |
916 | ||
e9f9b8ec RG |
917 | BOOST_AUTO_TEST_CASE(test_edns_submask_by_domain) { |
918 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 919 | initSR(sr); |
e9f9b8ec RG |
920 | |
921 | primeHints(); | |
922 | ||
923 | const DNSName target("powerdns.com."); | |
9065eb05 | 924 | SyncRes::addEDNSDomain(target); |
e9f9b8ec RG |
925 | |
926 | EDNSSubnetOpts incomingECS; | |
927 | incomingECS.source = Netmask("192.0.2.128/32"); | |
928 | sr->setIncomingECSFound(true); | |
929 | sr->setIncomingECS(incomingECS); | |
930 | ||
931 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
932 | ||
933 | BOOST_REQUIRE(srcmask); | |
934 | BOOST_CHECK_EQUAL(srcmask->toString(), "192.0.2.0/24"); | |
935 | return 0; | |
936 | }); | |
937 | ||
938 | vector<DNSRecord> ret; | |
939 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
f58c8379 | 940 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
e9f9b8ec RG |
941 | } |
942 | ||
943 | BOOST_AUTO_TEST_CASE(test_edns_submask_by_addr) { | |
944 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 945 | initSR(sr); |
e9f9b8ec RG |
946 | |
947 | primeHints(); | |
948 | ||
949 | const DNSName target("powerdns.com."); | |
9065eb05 | 950 | SyncRes::addEDNSSubnet(Netmask("192.0.2.1/32")); |
e9f9b8ec RG |
951 | |
952 | EDNSSubnetOpts incomingECS; | |
953 | incomingECS.source = Netmask("2001:DB8::FF/128"); | |
954 | sr->setIncomingECSFound(true); | |
955 | sr->setIncomingECS(incomingECS); | |
956 | ||
957 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
958 | ||
959 | if (isRootServer(ip)) { | |
960 | BOOST_REQUIRE(!srcmask); | |
961 | ||
8455425c | 962 | setLWResult(res, 0, false, false, true); |
e9f9b8ec RG |
963 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
964 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
965 | return 1; | |
966 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
967 | ||
968 | BOOST_REQUIRE(srcmask); | |
969 | BOOST_CHECK_EQUAL(srcmask->toString(), "2001:db8::/56"); | |
970 | ||
971 | setLWResult(res, 0, true, false, false); | |
972 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
973 | return 1; | |
974 | } | |
975 | ||
976 | return 0; | |
977 | }); | |
978 | ||
979 | vector<DNSRecord> ret; | |
980 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 981 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
778bcea6 RG |
982 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
983 | BOOST_CHECK(ret[0].d_type == QType::A); | |
984 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
985 | } | |
986 | ||
987 | BOOST_AUTO_TEST_CASE(test_following_cname) { | |
988 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 989 | initSR(sr); |
778bcea6 RG |
990 | |
991 | primeHints(); | |
992 | ||
993 | const DNSName target("cname.powerdns.com."); | |
994 | const DNSName cnameTarget("cname-target.powerdns.com"); | |
995 | ||
996 | sr->setAsyncCallback([target, cnameTarget](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
997 | ||
998 | if (isRootServer(ip)) { | |
8455425c | 999 | setLWResult(res, 0, false, false, true); |
778bcea6 RG |
1000 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1001 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1002 | return 1; | |
1003 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1004 | ||
1005 | if (domain == target) { | |
1006 | setLWResult(res, 0, true, false, false); | |
1007 | addRecordToLW(res, domain, QType::CNAME, cnameTarget.toString()); | |
1008 | return 1; | |
1009 | } | |
1010 | else if (domain == cnameTarget) { | |
1011 | setLWResult(res, 0, true, false, false); | |
1012 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1013 | } | |
1014 | ||
1015 | return 1; | |
1016 | } | |
1017 | ||
1018 | return 0; | |
1019 | }); | |
1020 | ||
1021 | vector<DNSRecord> ret; | |
1022 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1023 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
778bcea6 RG |
1024 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
1025 | BOOST_CHECK(ret[0].d_type == QType::CNAME); | |
1026 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
1027 | BOOST_CHECK(ret[1].d_type == QType::A); | |
1028 | BOOST_CHECK_EQUAL(ret[1].d_name, cnameTarget); | |
1029 | } | |
1030 | ||
4fff116b RG |
1031 | BOOST_AUTO_TEST_CASE(test_included_poisonous_cname) { |
1032 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1033 | initSR(sr); |
4fff116b RG |
1034 | |
1035 | primeHints(); | |
1036 | ||
1037 | /* In this test we directly get the NS server for cname.powerdns.com., | |
1038 | and we don't know whether it's also authoritative for | |
1039 | cname-target.powerdns.com or powerdns.com, so we shouldn't accept | |
1040 | the additional A record for cname-target.powerdns.com. */ | |
1041 | const DNSName target("cname.powerdns.com."); | |
1042 | const DNSName cnameTarget("cname-target.powerdns.com"); | |
1043 | ||
1044 | sr->setAsyncCallback([target, cnameTarget](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1045 | ||
1046 | if (isRootServer(ip)) { | |
1047 | ||
8455425c | 1048 | setLWResult(res, 0, false, false, true); |
4fff116b RG |
1049 | |
1050 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1051 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1052 | return 1; | |
1053 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1054 | ||
1055 | if (domain == target) { | |
1056 | setLWResult(res, 0, true, false, false); | |
1057 | addRecordToLW(res, domain, QType::CNAME, cnameTarget.toString()); | |
1058 | addRecordToLW(res, cnameTarget, QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL); | |
1059 | return 1; | |
1060 | } else if (domain == cnameTarget) { | |
1061 | setLWResult(res, 0, true, false, false); | |
1062 | addRecordToLW(res, cnameTarget, QType::A, "192.0.2.3"); | |
1063 | return 1; | |
1064 | } | |
1065 | ||
1066 | return 1; | |
1067 | } | |
1068 | ||
1069 | return 0; | |
1070 | }); | |
1071 | ||
1072 | vector<DNSRecord> ret; | |
1073 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1074 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
4fff116b RG |
1075 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
1076 | BOOST_REQUIRE(ret[0].d_type == QType::CNAME); | |
1077 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
1078 | BOOST_CHECK_EQUAL(getRR<CNAMERecordContent>(ret[0])->getTarget(), cnameTarget); | |
1079 | BOOST_REQUIRE(ret[1].d_type == QType::A); | |
1080 | BOOST_CHECK_EQUAL(ret[1].d_name, cnameTarget); | |
1081 | BOOST_CHECK(getRR<ARecordContent>(ret[1])->getCA() == ComboAddress("192.0.2.3")); | |
1082 | } | |
1083 | ||
778bcea6 RG |
1084 | BOOST_AUTO_TEST_CASE(test_cname_loop) { |
1085 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1086 | initSR(sr); |
778bcea6 RG |
1087 | |
1088 | primeHints(); | |
1089 | ||
1090 | size_t count = 0; | |
1091 | const DNSName target("cname.powerdns.com."); | |
1092 | ||
1093 | sr->setAsyncCallback([target,&count](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1094 | ||
1095 | count++; | |
1096 | ||
1097 | if (isRootServer(ip)) { | |
778bcea6 | 1098 | |
8455425c | 1099 | setLWResult(res, 0, false, false, true); |
778bcea6 RG |
1100 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1101 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1102 | return 1; | |
1103 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1104 | ||
1105 | if (domain == target) { | |
1106 | setLWResult(res, 0, true, false, false); | |
1107 | addRecordToLW(res, domain, QType::CNAME, domain.toString()); | |
1108 | return 1; | |
1109 | } | |
1110 | ||
1111 | return 1; | |
1112 | } | |
1113 | ||
1114 | return 0; | |
1115 | }); | |
1116 | ||
1117 | vector<DNSRecord> ret; | |
1118 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
f58c8379 RG |
1119 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
1120 | BOOST_CHECK_GT(ret.size(), 0); | |
778bcea6 | 1121 | BOOST_CHECK_EQUAL(count, 2); |
e9f9b8ec RG |
1122 | } |
1123 | ||
4fff116b RG |
1124 | BOOST_AUTO_TEST_CASE(test_cname_depth) { |
1125 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1126 | initSR(sr); |
4fff116b RG |
1127 | |
1128 | primeHints(); | |
1129 | ||
1130 | size_t depth = 0; | |
1131 | const DNSName target("cname.powerdns.com."); | |
1132 | ||
1133 | sr->setAsyncCallback([target,&depth](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1134 | ||
1135 | if (isRootServer(ip)) { | |
4fff116b | 1136 | |
8455425c | 1137 | setLWResult(res, 0, false, false, true); |
4fff116b RG |
1138 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1139 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1140 | return 1; | |
1141 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1142 | ||
1143 | setLWResult(res, 0, true, false, false); | |
1144 | addRecordToLW(res, domain, QType::CNAME, std::to_string(depth) + "-cname.powerdns.com"); | |
1145 | depth++; | |
1146 | return 1; | |
1147 | } | |
1148 | ||
1149 | return 0; | |
1150 | }); | |
1151 | ||
1152 | vector<DNSRecord> ret; | |
1153 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
f58c8379 RG |
1154 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
1155 | BOOST_CHECK_EQUAL(ret.size(), depth); | |
4fff116b RG |
1156 | /* we have an arbitrary limit at 10 when following a CNAME chain */ |
1157 | BOOST_CHECK_EQUAL(depth, 10 + 2); | |
1158 | } | |
1159 | ||
d6e797b8 RG |
1160 | BOOST_AUTO_TEST_CASE(test_time_limit) { |
1161 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1162 | initSR(sr); |
d6e797b8 RG |
1163 | |
1164 | primeHints(); | |
1165 | ||
1166 | size_t queries = 0; | |
1167 | const DNSName target("cname.powerdns.com."); | |
1168 | ||
1169 | sr->setAsyncCallback([target,&queries](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1170 | ||
1171 | queries++; | |
1172 | ||
1173 | if (isRootServer(ip)) { | |
8455425c | 1174 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1175 | /* Pretend that this query took 2000 ms */ |
1176 | res->d_usec = 2000; | |
1177 | ||
1178 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1179 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1180 | return 1; | |
1181 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1182 | ||
1183 | setLWResult(res, 0, true, false, false); | |
1184 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1185 | return 1; | |
1186 | } | |
1187 | ||
1188 | return 0; | |
1189 | }); | |
1190 | ||
1191 | /* Set the maximum time to 1 ms */ | |
1192 | SyncRes::s_maxtotusec = 1000; | |
1193 | ||
1194 | try { | |
1195 | vector<DNSRecord> ret; | |
1196 | sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1197 | BOOST_CHECK(false); | |
1198 | } | |
1199 | catch(const ImmediateServFailException& e) { | |
1200 | } | |
1201 | BOOST_CHECK_EQUAL(queries, 1); | |
1202 | } | |
1203 | ||
1204 | BOOST_AUTO_TEST_CASE(test_referral_depth) { | |
1205 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1206 | initSR(sr); |
d6e797b8 RG |
1207 | |
1208 | primeHints(); | |
1209 | ||
1210 | size_t queries = 0; | |
1211 | const DNSName target("www.powerdns.com."); | |
1212 | ||
1213 | sr->setAsyncCallback([target,&queries](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1214 | ||
1215 | queries++; | |
1216 | ||
1217 | if (isRootServer(ip)) { | |
8455425c | 1218 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1219 | |
1220 | if (domain == DNSName("www.powerdns.com.")) { | |
1221 | addRecordToLW(res, domain, QType::NS, "ns.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
1222 | } | |
1223 | else if (domain == DNSName("ns.powerdns.com.")) { | |
1224 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1225 | } | |
1226 | else if (domain == DNSName("ns1.powerdns.org.")) { | |
1227 | addRecordToLW(res, domain, QType::NS, "ns2.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1228 | } | |
1229 | else if (domain == DNSName("ns2.powerdns.org.")) { | |
1230 | addRecordToLW(res, domain, QType::NS, "ns3.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1231 | } | |
1232 | else if (domain == DNSName("ns3.powerdns.org.")) { | |
1233 | addRecordToLW(res, domain, QType::NS, "ns4.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1234 | } | |
1235 | else if (domain == DNSName("ns4.powerdns.org.")) { | |
1236 | addRecordToLW(res, domain, QType::NS, "ns5.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1237 | addRecordToLW(res, domain, QType::A, "192.0.2.1", DNSResourceRecord::AUTHORITY, 172800); | |
1238 | } | |
1239 | ||
1240 | return 1; | |
1241 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1242 | ||
1243 | setLWResult(res, 0, true, false, false); | |
1244 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1245 | return 1; | |
1246 | } | |
1247 | ||
1248 | return 0; | |
1249 | }); | |
1250 | ||
1251 | /* Set the maximum depth low */ | |
1252 | SyncRes::s_maxdepth = 10; | |
1253 | ||
1254 | try { | |
1255 | vector<DNSRecord> ret; | |
1256 | sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1257 | BOOST_CHECK(false); | |
1258 | } | |
1259 | catch(const ImmediateServFailException& e) { | |
1260 | } | |
1261 | } | |
1262 | ||
1263 | BOOST_AUTO_TEST_CASE(test_cname_qperq) { | |
1264 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1265 | initSR(sr); |
d6e797b8 RG |
1266 | |
1267 | primeHints(); | |
1268 | ||
1269 | size_t queries = 0; | |
1270 | const DNSName target("cname.powerdns.com."); | |
1271 | ||
1272 | sr->setAsyncCallback([target,&queries](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1273 | ||
1274 | queries++; | |
1275 | ||
1276 | if (isRootServer(ip)) { | |
1277 | ||
8455425c | 1278 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1279 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1280 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1281 | return 1; | |
1282 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1283 | ||
1284 | setLWResult(res, 0, true, false, false); | |
1285 | addRecordToLW(res, domain, QType::CNAME, std::to_string(queries) + "-cname.powerdns.com"); | |
1286 | return 1; | |
1287 | } | |
1288 | ||
1289 | return 0; | |
1290 | }); | |
1291 | ||
1292 | /* Set the maximum number of questions very low */ | |
1293 | SyncRes::s_maxqperq = 5; | |
1294 | ||
1295 | try { | |
1296 | vector<DNSRecord> ret; | |
1297 | sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1298 | BOOST_CHECK(false); | |
1299 | } | |
1300 | catch(const ImmediateServFailException& e) { | |
1301 | BOOST_CHECK_EQUAL(queries, SyncRes::s_maxqperq); | |
1302 | } | |
1303 | } | |
1304 | ||
ccb07d93 RG |
1305 | BOOST_AUTO_TEST_CASE(test_throttled_server) { |
1306 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1307 | initSR(sr); |
ccb07d93 RG |
1308 | |
1309 | primeHints(); | |
1310 | ||
1311 | const DNSName target("throttled.powerdns.com."); | |
1312 | const ComboAddress ns("192.0.2.1:53"); | |
1313 | size_t queriesToNS = 0; | |
1314 | ||
1315 | sr->setAsyncCallback([target,ns,&queriesToNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1316 | ||
1317 | if (isRootServer(ip)) { | |
ccb07d93 | 1318 | |
8455425c | 1319 | setLWResult(res, 0, false, false, true); |
ccb07d93 RG |
1320 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1321 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1322 | return 1; | |
1323 | } else if (ip == ns) { | |
1324 | ||
1325 | queriesToNS++; | |
1326 | ||
1327 | setLWResult(res, 0, true, false, false); | |
1328 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1329 | ||
1330 | return 1; | |
1331 | } | |
1332 | ||
1333 | return 0; | |
1334 | }); | |
1335 | ||
1336 | /* mark ns as down */ | |
a712cb56 | 1337 | SyncRes::doThrottle(time(nullptr), ns, SyncRes::s_serverdownthrottletime, 10000); |
ccb07d93 RG |
1338 | |
1339 | vector<DNSRecord> ret; | |
1340 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
f58c8379 RG |
1341 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
1342 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
1343 | /* we should not have sent any queries to ns */ | |
ccb07d93 RG |
1344 | BOOST_CHECK_EQUAL(queriesToNS, 0); |
1345 | } | |
1346 | ||
1347 | BOOST_AUTO_TEST_CASE(test_throttled_server_count) { | |
1348 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1349 | initSR(sr); |
ccb07d93 RG |
1350 | |
1351 | primeHints(); | |
1352 | ||
1353 | const ComboAddress ns("192.0.2.1:53"); | |
1354 | ||
1355 | const size_t blocks = 10; | |
1356 | /* mark ns as down for 'blocks' queries */ | |
a712cb56 | 1357 | SyncRes::doThrottle(time(nullptr), ns, SyncRes::s_serverdownthrottletime, blocks); |
ccb07d93 RG |
1358 | |
1359 | for (size_t idx = 0; idx < blocks; idx++) { | |
a712cb56 | 1360 | BOOST_CHECK(SyncRes::isThrottled(time(nullptr), ns)); |
ccb07d93 RG |
1361 | } |
1362 | ||
1363 | /* we have been throttled 'blocks' times, we should not be throttled anymore */ | |
a712cb56 | 1364 | BOOST_CHECK(!SyncRes::isThrottled(time(nullptr), ns)); |
ccb07d93 RG |
1365 | } |
1366 | ||
1367 | BOOST_AUTO_TEST_CASE(test_throttled_server_time) { | |
1368 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1369 | initSR(sr); |
ccb07d93 RG |
1370 | |
1371 | primeHints(); | |
1372 | ||
1373 | const ComboAddress ns("192.0.2.1:53"); | |
1374 | ||
1375 | const size_t seconds = 1; | |
1376 | /* mark ns as down for 'seconds' seconds */ | |
a712cb56 RG |
1377 | SyncRes::doThrottle(time(nullptr), ns, seconds, 10000); |
1378 | ||
1379 | BOOST_CHECK(SyncRes::isThrottled(time(nullptr), ns)); | |
ccb07d93 RG |
1380 | |
1381 | sleep(seconds + 1); | |
1382 | ||
1383 | /* we should not be throttled anymore */ | |
a712cb56 | 1384 | BOOST_CHECK(!SyncRes::isThrottled(time(nullptr), ns)); |
ccb07d93 RG |
1385 | } |
1386 | ||
f58c8379 RG |
1387 | BOOST_AUTO_TEST_CASE(test_dont_query_server) { |
1388 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1389 | initSR(sr); |
f58c8379 RG |
1390 | |
1391 | primeHints(); | |
1392 | ||
1393 | const DNSName target("throttled.powerdns.com."); | |
1394 | const ComboAddress ns("192.0.2.1:53"); | |
1395 | size_t queriesToNS = 0; | |
1396 | ||
1397 | sr->setAsyncCallback([target,ns,&queriesToNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1398 | ||
1399 | if (isRootServer(ip)) { | |
1400 | ||
8455425c | 1401 | setLWResult(res, 0, false, false, true); |
f58c8379 RG |
1402 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1403 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1404 | return 1; | |
1405 | } else if (ip == ns) { | |
1406 | ||
1407 | queriesToNS++; | |
1408 | ||
1409 | setLWResult(res, 0, true, false, false); | |
1410 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1411 | ||
1412 | return 1; | |
1413 | } | |
1414 | ||
1415 | return 0; | |
1416 | }); | |
1417 | ||
1418 | /* prevent querying this NS */ | |
9065eb05 | 1419 | SyncRes::addDontQuery(Netmask(ns)); |
f58c8379 RG |
1420 | |
1421 | vector<DNSRecord> ret; | |
1422 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1423 | BOOST_CHECK_EQUAL(res, RCode::ServFail); | |
1424 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
1425 | /* we should not have sent any queries to ns */ | |
1426 | BOOST_CHECK_EQUAL(queriesToNS, 0); | |
1427 | } | |
1428 | ||
1429 | BOOST_AUTO_TEST_CASE(test_root_nx_trust) { | |
1430 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1431 | initSR(sr); |
f58c8379 RG |
1432 | |
1433 | primeHints(); | |
1434 | ||
1435 | const DNSName target1("powerdns.com."); | |
1436 | const DNSName target2("notpowerdns.com."); | |
1437 | const ComboAddress ns("192.0.2.1:53"); | |
1438 | size_t queriesCount = 0; | |
1439 | ||
1440 | sr->setAsyncCallback([target1, target2, ns, &queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1441 | ||
1442 | queriesCount++; | |
1443 | ||
1444 | if (isRootServer(ip)) { | |
1445 | ||
1446 | if (domain == target1) { | |
1447 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1448 | addRecordToLW(res, ".", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
1449 | } | |
1450 | else { | |
1451 | setLWResult(res, 0, true, false, true); | |
1452 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1453 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1454 | } | |
1455 | ||
1456 | return 1; | |
1457 | } else if (ip == ns) { | |
1458 | ||
1459 | setLWResult(res, 0, true, false, false); | |
1460 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1461 | ||
1462 | return 1; | |
1463 | } | |
1464 | ||
1465 | return 0; | |
1466 | }); | |
1467 | ||
1468 | vector<DNSRecord> ret; | |
1469 | int res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); | |
1470 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1471 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
1472 | /* one for target1 and one for the entire TLD */ | |
a712cb56 | 1473 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2); |
f58c8379 RG |
1474 | |
1475 | ret.clear(); | |
1476 | res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); | |
1477 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1478 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
1479 | /* one for target1 and one for the entire TLD */ | |
a712cb56 | 1480 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2); |
f58c8379 RG |
1481 | |
1482 | /* we should have sent only one query */ | |
1483 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
1484 | } | |
1485 | ||
898856ca RG |
1486 | BOOST_AUTO_TEST_CASE(test_root_nx_trust_specific) { |
1487 | std::unique_ptr<SyncRes> sr; | |
1488 | init(); | |
1489 | initSR(sr, true, false); | |
1490 | ||
1491 | primeHints(); | |
1492 | ||
1493 | const DNSName target1("powerdns.com."); | |
1494 | const DNSName target2("notpowerdns.com."); | |
1495 | const ComboAddress ns("192.0.2.1:53"); | |
1496 | size_t queriesCount = 0; | |
1497 | ||
1498 | /* This time the root denies target1 with a "com." SOA instead of a "." one. | |
1499 | We should add target1 to the negcache, but not "com.". */ | |
1500 | ||
1501 | sr->setAsyncCallback([target1, target2, ns, &queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1502 | ||
1503 | queriesCount++; | |
1504 | ||
1505 | if (isRootServer(ip)) { | |
1506 | ||
1507 | if (domain == target1) { | |
1508 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1509 | addRecordToLW(res, "com.", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
1510 | } | |
1511 | else { | |
1512 | setLWResult(res, 0, true, false, true); | |
1513 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1514 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1515 | } | |
1516 | ||
1517 | return 1; | |
1518 | } else if (ip == ns) { | |
1519 | ||
1520 | setLWResult(res, 0, true, false, false); | |
1521 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1522 | ||
1523 | return 1; | |
1524 | } | |
1525 | ||
1526 | return 0; | |
1527 | }); | |
1528 | ||
1529 | vector<DNSRecord> ret; | |
1530 | int res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); | |
1531 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1532 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
1533 | ||
1534 | /* even with root-nx-trust on and a NX answer from the root, | |
1535 | we should not have cached the entire TLD this time. */ | |
a712cb56 | 1536 | BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); |
898856ca RG |
1537 | |
1538 | ret.clear(); | |
1539 | res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); | |
1540 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
1541 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
1542 | BOOST_REQUIRE(ret[0].d_type == QType::A); | |
1543 | BOOST_CHECK_EQUAL(ret[0].d_name, target2); | |
1544 | BOOST_CHECK(getRR<ARecordContent>(ret[0])->getCA() == ComboAddress("192.0.2.2")); | |
1545 | ||
a712cb56 | 1546 | BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); |
898856ca RG |
1547 | |
1548 | BOOST_CHECK_EQUAL(queriesCount, 3); | |
1549 | } | |
1550 | ||
f58c8379 RG |
1551 | BOOST_AUTO_TEST_CASE(test_root_nx_dont_trust) { |
1552 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1553 | initSR(sr); |
f58c8379 RG |
1554 | |
1555 | primeHints(); | |
1556 | ||
1557 | const DNSName target1("powerdns.com."); | |
1558 | const DNSName target2("notpowerdns.com."); | |
1559 | const ComboAddress ns("192.0.2.1:53"); | |
1560 | size_t queriesCount = 0; | |
1561 | ||
1562 | sr->setAsyncCallback([target1, target2, ns, &queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1563 | ||
1564 | queriesCount++; | |
1565 | ||
1566 | if (isRootServer(ip)) { | |
1567 | ||
1568 | if (domain == target1) { | |
1569 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1570 | addRecordToLW(res, ".", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
1571 | } | |
1572 | else { | |
1573 | setLWResult(res, 0, true, false, true); | |
1574 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1575 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1576 | } | |
1577 | ||
1578 | return 1; | |
1579 | } else if (ip == ns) { | |
1580 | ||
1581 | setLWResult(res, 0, true, false, false); | |
1582 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1583 | ||
1584 | return 1; | |
1585 | } | |
1586 | ||
1587 | return 0; | |
1588 | }); | |
1589 | ||
1590 | SyncRes::s_rootNXTrust = false; | |
1591 | ||
1592 | vector<DNSRecord> ret; | |
1593 | int res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); | |
1594 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1595 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
1596 | /* one for target1 */ | |
a712cb56 | 1597 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1); |
f58c8379 RG |
1598 | |
1599 | ret.clear(); | |
1600 | res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1601 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
f58c8379 RG |
1602 | BOOST_CHECK_EQUAL(ret.size(), 1); |
1603 | /* one for target1 */ | |
a712cb56 | 1604 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1); |
f58c8379 RG |
1605 | |
1606 | /* we should have sent three queries */ | |
1607 | BOOST_CHECK_EQUAL(queriesCount, 3); | |
1608 | } | |
1609 | ||
1610 | BOOST_AUTO_TEST_CASE(test_skip_negcache_for_variable_response) { | |
1611 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1612 | initSR(sr); |
f58c8379 RG |
1613 | |
1614 | primeHints(); | |
1615 | ||
1616 | const DNSName target("www.powerdns.com."); | |
1617 | const DNSName cnameTarget("cname.powerdns.com."); | |
1618 | ||
9065eb05 | 1619 | SyncRes::addEDNSDomain(DNSName("powerdns.com.")); |
f58c8379 RG |
1620 | |
1621 | EDNSSubnetOpts incomingECS; | |
1622 | incomingECS.source = Netmask("192.0.2.128/32"); | |
1623 | sr->setIncomingECSFound(true); | |
1624 | sr->setIncomingECS(incomingECS); | |
1625 | ||
1626 | sr->setAsyncCallback([target,cnameTarget](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1627 | ||
1628 | BOOST_REQUIRE(srcmask); | |
1629 | BOOST_CHECK_EQUAL(srcmask->toString(), "192.0.2.0/24"); | |
1630 | ||
1631 | if (isRootServer(ip)) { | |
8455425c | 1632 | setLWResult(res, 0, false, false, true); |
f58c8379 RG |
1633 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1634 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1635 | ||
1636 | return 1; | |
1637 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1638 | if (domain == target) { | |
1639 | /* Type 2 NXDOMAIN (rfc2308 section-2.1) */ | |
1640 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1641 | addRecordToLW(res, domain, QType::CNAME, cnameTarget.toString()); | |
1642 | addRecordToLW(res, "powerdns.com", QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
1643 | } | |
1644 | else if (domain == cnameTarget) { | |
1645 | /* we shouldn't get there since the Type NXDOMAIN should have been enough, | |
1646 | but we might if we still chase the CNAME. */ | |
1647 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1648 | addRecordToLW(res, "powerdns.com", QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
1649 | } | |
1650 | ||
1651 | return 1; | |
1652 | } | |
1653 | ||
1654 | return 0; | |
1655 | }); | |
1656 | ||
1657 | vector<DNSRecord> ret; | |
1658 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1659 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1660 | BOOST_CHECK_EQUAL(ret.size(), 2); | |
1661 | /* no negative cache entry because the response was variable */ | |
a712cb56 | 1662 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 0); |
f58c8379 RG |
1663 | } |
1664 | ||
d6e797b8 RG |
1665 | BOOST_AUTO_TEST_CASE(test_ns_speed) { |
1666 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1667 | initSR(sr); |
30ee601a | 1668 | |
d6e797b8 | 1669 | primeHints(); |
30ee601a | 1670 | |
d6e797b8 | 1671 | const DNSName target("powerdns.com."); |
30ee601a | 1672 | |
d6e797b8 | 1673 | std::map<ComboAddress, uint64_t> nsCounts; |
30ee601a | 1674 | |
d6e797b8 | 1675 | sr->setAsyncCallback([target,&nsCounts](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { |
30ee601a | 1676 | |
d6e797b8 | 1677 | if (isRootServer(ip)) { |
8455425c | 1678 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1679 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1680 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
1681 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns3.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
30ee601a | 1682 | |
d6e797b8 RG |
1683 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); |
1684 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
1685 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
1686 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 3600); | |
1687 | addRecordToLW(res, "pdns-public-ns3.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 3600); | |
1688 | addRecordToLW(res, "pdns-public-ns3.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 3600); | |
30ee601a | 1689 | |
d6e797b8 RG |
1690 | return 1; |
1691 | } else { | |
1692 | nsCounts[ip]++; | |
30ee601a | 1693 | |
d6e797b8 RG |
1694 | if (ip == ComboAddress("[2001:DB8::2]:53") || ip == ComboAddress("192.0.2.2:53")) { |
1695 | BOOST_CHECK_LT(nsCounts.size(), 3); | |
1696 | ||
1697 | /* let's time out on pdns-public-ns2.powerdns.com. */ | |
1698 | return 0; | |
1699 | } | |
1700 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
1701 | BOOST_CHECK_EQUAL(nsCounts.size(), 3); | |
1702 | ||
1703 | setLWResult(res, 0, true, false, true); | |
1704 | addRecordToLW(res, domain, QType::A, "192.0.2.254"); | |
1705 | return 1; | |
1706 | } | |
1707 | ||
1708 | return 0; | |
1709 | } | |
30ee601a | 1710 | |
d6e797b8 RG |
1711 | return 0; |
1712 | }); | |
30ee601a | 1713 | |
d6e797b8 RG |
1714 | struct timeval now; |
1715 | gettimeofday(&now, 0); | |
30ee601a | 1716 | |
d6e797b8 RG |
1717 | /* make pdns-public-ns2.powerdns.com. the fastest NS, with its IPv6 address faster than the IPV4 one, |
1718 | then pdns-public-ns1.powerdns.com. on IPv4 */ | |
a712cb56 RG |
1719 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns1.powerdns.com."), ComboAddress("192.0.2.1:53"), 100, &now); |
1720 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns1.powerdns.com."), ComboAddress("[2001:DB8::1]:53"), 10000, &now); | |
1721 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns2.powerdns.com."), ComboAddress("192.0.2.2:53"), 10, &now); | |
1722 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns2.powerdns.com."), ComboAddress("[2001:DB8::2]:53"), 1, &now); | |
1723 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns3.powerdns.com."), ComboAddress("192.0.2.3:53"), 10000, &now); | |
1724 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns3.powerdns.com."), ComboAddress("[2001:DB8::3]:53"), 10000, &now); | |
30ee601a | 1725 | |
d6e797b8 RG |
1726 | vector<DNSRecord> ret; |
1727 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1728 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1729 | BOOST_CHECK_EQUAL(ret.size(), 1); |
1730 | BOOST_CHECK_EQUAL(nsCounts.size(), 3); | |
1731 | BOOST_CHECK_EQUAL(nsCounts[ComboAddress("192.0.2.1:53")], 1); | |
1732 | BOOST_CHECK_EQUAL(nsCounts[ComboAddress("192.0.2.2:53")], 1); | |
1733 | BOOST_CHECK_EQUAL(nsCounts[ComboAddress("[2001:DB8::2]:53")], 1); | |
1734 | } | |
30ee601a | 1735 | |
d6e797b8 RG |
1736 | BOOST_AUTO_TEST_CASE(test_flawed_nsset) { |
1737 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1738 | initSR(sr); |
30ee601a | 1739 | |
d6e797b8 | 1740 | primeHints(); |
30ee601a | 1741 | |
d6e797b8 | 1742 | const DNSName target("powerdns.com."); |
30ee601a | 1743 | |
d6e797b8 RG |
1744 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { |
1745 | ||
1746 | if (isRootServer(ip)) { | |
8455425c | 1747 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1748 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1749 | ||
1750 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1751 | ||
1752 | return 1; | |
1753 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1754 | setLWResult(res, 0, true, false, true); | |
1755 | addRecordToLW(res, domain, QType::A, "192.0.2.254"); | |
1756 | return 1; | |
1757 | } | |
1758 | ||
1759 | return 0; | |
1760 | }); | |
1761 | ||
1762 | /* we populate the cache with a flawed NSset, i.e. there is a NS entry but no corresponding glue */ | |
1763 | time_t now = time(nullptr); | |
1764 | std::vector<DNSRecord> records; | |
1765 | std::vector<shared_ptr<RRSIGRecordContent> > sigs; | |
1766 | addRecordToList(records, target, QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, now + 3600); | |
1767 | ||
2b984251 | 1768 | t_RC->replace(now, target, QType(QType::NS), records, sigs, vector<std::shared_ptr<DNSRecord>>(), true, boost::optional<Netmask>()); |
d6e797b8 RG |
1769 | |
1770 | vector<DNSRecord> ret; | |
1771 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1772 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1773 | BOOST_CHECK_EQUAL(ret.size(), 1); |
1774 | } | |
1775 | ||
3337c2f7 RG |
1776 | BOOST_AUTO_TEST_CASE(test_completely_flawed_nsset) { |
1777 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1778 | initSR(sr); |
3337c2f7 RG |
1779 | |
1780 | primeHints(); | |
1781 | ||
1782 | const DNSName target("powerdns.com."); | |
1783 | size_t queriesCount = 0; | |
1784 | ||
1785 | sr->setAsyncCallback([&queriesCount,target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1786 | ||
1787 | queriesCount++; | |
1788 | ||
1789 | if (isRootServer(ip) && domain == target) { | |
8455425c | 1790 | setLWResult(res, 0, false, false, true); |
3337c2f7 RG |
1791 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1792 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns3.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
1793 | return 1; | |
1794 | } else if (domain == DNSName("pdns-public-ns2.powerdns.com.") || domain == DNSName("pdns-public-ns3.powerdns.com.")){ | |
1795 | setLWResult(res, 0, true, false, true); | |
1796 | addRecordToLW(res, ".", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
1797 | return 1; | |
1798 | } | |
1799 | ||
1800 | return 0; | |
1801 | }); | |
1802 | ||
1803 | vector<DNSRecord> ret; | |
1804 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1805 | BOOST_CHECK_EQUAL(res, RCode::ServFail); | |
1806 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
1807 | /* one query to get NSs, then A and AAAA for each NS */ | |
1808 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
1809 | } | |
1810 | ||
d6e797b8 RG |
1811 | BOOST_AUTO_TEST_CASE(test_cache_hit) { |
1812 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1813 | initSR(sr); |
d6e797b8 RG |
1814 | |
1815 | primeHints(); | |
1816 | ||
1817 | const DNSName target("powerdns.com."); | |
1818 | ||
1819 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1820 | ||
1821 | return 0; | |
1822 | }); | |
1823 | ||
1824 | /* we populate the cache with eveything we need */ | |
1825 | time_t now = time(nullptr); | |
1826 | std::vector<DNSRecord> records; | |
1827 | std::vector<shared_ptr<RRSIGRecordContent> > sigs; | |
1828 | ||
1829 | addRecordToList(records, target, QType::A, "192.0.2.1", DNSResourceRecord::ANSWER, now + 3600); | |
2b984251 | 1830 | t_RC->replace(now, target , QType(QType::A), records, sigs, vector<std::shared_ptr<DNSRecord>>(), true, boost::optional<Netmask>()); |
d6e797b8 RG |
1831 | |
1832 | vector<DNSRecord> ret; | |
1833 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1834 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1835 | BOOST_CHECK_EQUAL(ret.size(), 1); |
1836 | } | |
1837 | ||
648bcbd1 RG |
1838 | BOOST_AUTO_TEST_CASE(test_no_rd) { |
1839 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1840 | initSR(sr); |
648bcbd1 RG |
1841 | |
1842 | primeHints(); | |
1843 | ||
1844 | const DNSName target("powerdns.com."); | |
1845 | size_t queriesCount = 0; | |
1846 | ||
1847 | sr->setCacheOnly(); | |
1848 | ||
1849 | sr->setAsyncCallback([target,&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1850 | ||
1851 | queriesCount++; | |
1852 | return 0; | |
1853 | }); | |
1854 | ||
1855 | vector<DNSRecord> ret; | |
1856 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1857 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
1858 | BOOST_CHECK_EQUAL(ret.size(), 0); |
1859 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
1860 | } | |
1861 | ||
d6e797b8 RG |
1862 | BOOST_AUTO_TEST_CASE(test_cache_min_max_ttl) { |
1863 | std::unique_ptr<SyncRes> sr; | |
a53e8fe3 | 1864 | const time_t now = time(nullptr); |
895449a5 | 1865 | initSR(sr); |
d6e797b8 RG |
1866 | |
1867 | primeHints(); | |
1868 | ||
1869 | const DNSName target("cachettl.powerdns.com."); | |
1870 | const ComboAddress ns("192.0.2.1:53"); | |
1871 | ||
1872 | sr->setAsyncCallback([target,ns](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1873 | ||
1874 | if (isRootServer(ip)) { | |
1875 | ||
8455425c | 1876 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1877 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1878 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 7200); | |
1879 | return 1; | |
1880 | } else if (ip == ns) { | |
1881 | ||
1882 | setLWResult(res, 0, true, false, false); | |
1883 | addRecordToLW(res, domain, QType::A, "192.0.2.2", DNSResourceRecord::ANSWER, 10); | |
1884 | ||
1885 | return 1; | |
1886 | } | |
1887 | ||
1888 | return 0; | |
1889 | }); | |
1890 | ||
1891 | SyncRes::s_minimumTTL = 60; | |
1892 | SyncRes::s_maxcachettl = 3600; | |
1893 | ||
1894 | vector<DNSRecord> ret; | |
1895 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1896 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1897 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
1898 | BOOST_CHECK_EQUAL(ret[0].d_ttl, SyncRes::s_minimumTTL); | |
1899 | ||
1900 | const ComboAddress who; | |
1901 | vector<DNSRecord> cached; | |
24bb9b58 | 1902 | BOOST_REQUIRE_GT(t_RC->get(now, target, QType(QType::A), true, &cached, who), 0); |
d6e797b8 RG |
1903 | BOOST_REQUIRE_EQUAL(cached.size(), 1); |
1904 | BOOST_REQUIRE_GT(cached[0].d_ttl, now); | |
1905 | BOOST_CHECK_EQUAL((cached[0].d_ttl - now), SyncRes::s_minimumTTL); | |
1906 | ||
1907 | cached.clear(); | |
24bb9b58 | 1908 | BOOST_REQUIRE_GT(t_RC->get(now, target, QType(QType::NS), false, &cached, who), 0); |
d6e797b8 RG |
1909 | BOOST_REQUIRE_EQUAL(cached.size(), 1); |
1910 | BOOST_REQUIRE_GT(cached[0].d_ttl, now); | |
1911 | BOOST_CHECK_LE((cached[0].d_ttl - now), SyncRes::s_maxcachettl); | |
1912 | } | |
1913 | ||
1914 | BOOST_AUTO_TEST_CASE(test_cache_expired_ttl) { | |
1915 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1916 | initSR(sr); |
d6e797b8 RG |
1917 | |
1918 | primeHints(); | |
1919 | ||
1920 | const DNSName target("powerdns.com."); | |
1921 | ||
1922 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1923 | ||
1924 | if (isRootServer(ip)) { | |
8455425c | 1925 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1926 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1927 | ||
1928 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1929 | ||
1930 | return 1; | |
1931 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1932 | setLWResult(res, 0, true, false, true); | |
1933 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1934 | return 1; | |
1935 | } | |
1936 | ||
1937 | return 0; | |
1938 | }); | |
1939 | ||
1940 | /* we populate the cache with entries that expired 60s ago*/ | |
1941 | time_t now = time(nullptr); | |
1942 | std::vector<DNSRecord> records; | |
1943 | std::vector<shared_ptr<RRSIGRecordContent> > sigs; | |
1944 | addRecordToList(records, target, QType::A, "192.0.2.42", DNSResourceRecord::ANSWER, now - 60); | |
1945 | ||
2b984251 | 1946 | t_RC->replace(now - 3600, target, QType(QType::A), records, sigs, vector<std::shared_ptr<DNSRecord>>(), true, boost::optional<Netmask>()); |
d6e797b8 RG |
1947 | |
1948 | vector<DNSRecord> ret; | |
1949 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1950 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1951 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
1952 | BOOST_REQUIRE(ret[0].d_type == QType::A); | |
1953 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[0])->getCA().toStringWithPort(), ComboAddress("192.0.2.2").toStringWithPort()); | |
1954 | } | |
1955 | ||
1956 | BOOST_AUTO_TEST_CASE(test_delegation_only) { | |
1957 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1958 | initSR(sr); |
d6e797b8 RG |
1959 | |
1960 | primeHints(); | |
1961 | ||
1962 | /* Thanks, Verisign */ | |
9065eb05 RG |
1963 | SyncRes::addDelegationOnly(DNSName("com.")); |
1964 | SyncRes::addDelegationOnly(DNSName("net.")); | |
d6e797b8 RG |
1965 | |
1966 | const DNSName target("nx-powerdns.com."); | |
1967 | ||
1968 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1969 | ||
1970 | if (isRootServer(ip)) { | |
8455425c | 1971 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1972 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1973 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1974 | return 1; | |
1975 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1976 | ||
1977 | setLWResult(res, 0, true, false, true); | |
1978 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
1979 | return 1; | |
1980 | } | |
1981 | ||
1982 | return 0; | |
1983 | }); | |
1984 | ||
1985 | vector<DNSRecord> ret; | |
1986 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1987 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1988 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
1989 | } | |
1990 | ||
1991 | BOOST_AUTO_TEST_CASE(test_unauth_any) { | |
1992 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1993 | initSR(sr); |
d6e797b8 RG |
1994 | |
1995 | primeHints(); | |
1996 | ||
1997 | const DNSName target("powerdns.com."); | |
1998 | ||
1999 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2000 | ||
2001 | if (isRootServer(ip)) { | |
8455425c | 2002 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
2003 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
2004 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
2005 | return 1; | |
2006 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
2007 | ||
2008 | setLWResult(res, 0, false, false, true); | |
2009 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2010 | return 1; | |
2011 | } | |
2012 | ||
2013 | return 0; | |
2014 | }); | |
2015 | ||
2016 | vector<DNSRecord> ret; | |
2017 | int res = sr->beginResolve(target, QType(QType::ANY), QClass::IN, ret); | |
2018 | BOOST_CHECK_EQUAL(res, RCode::ServFail); | |
2019 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2020 | } | |
2021 | ||
2022 | BOOST_AUTO_TEST_CASE(test_no_data) { | |
2023 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2024 | initSR(sr); |
d6e797b8 RG |
2025 | |
2026 | primeHints(); | |
2027 | ||
2028 | const DNSName target("powerdns.com."); | |
2029 | ||
2030 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2031 | ||
2032 | setLWResult(res, 0, true, false, true); | |
2033 | return 1; | |
2034 | }); | |
2035 | ||
2036 | vector<DNSRecord> ret; | |
2037 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2038 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
2039 | BOOST_CHECK_EQUAL(ret.size(), 0); |
2040 | } | |
2041 | ||
2042 | BOOST_AUTO_TEST_CASE(test_skip_opt_any) { | |
2043 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2044 | initSR(sr); |
d6e797b8 RG |
2045 | |
2046 | primeHints(); | |
2047 | ||
2048 | const DNSName target("powerdns.com."); | |
2049 | ||
2050 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2051 | ||
2052 | setLWResult(res, 0, true, false, true); | |
2053 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2054 | addRecordToLW(res, domain, QType::ANY, "0 0"); | |
2055 | addRecordToLW(res, domain, QType::OPT, ""); | |
2056 | return 1; | |
2057 | }); | |
2058 | ||
2059 | vector<DNSRecord> ret; | |
2060 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2061 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
2062 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2063 | } | |
2064 | ||
2065 | BOOST_AUTO_TEST_CASE(test_nodata_nsec_nodnssec) { | |
2066 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2067 | initSR(sr); |
d6e797b8 RG |
2068 | |
2069 | primeHints(); | |
2070 | ||
2071 | const DNSName target("powerdns.com."); | |
2072 | ||
2073 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2074 | ||
2075 | setLWResult(res, 0, true, false, true); | |
2076 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
2077 | /* the NSEC and RRSIG contents are complete garbage, please ignore them */ | |
2078 | addRecordToLW(res, domain, QType::NSEC, "deadbeef", DNSResourceRecord::AUTHORITY); | |
2b984251 | 2079 | addRecordToLW(res, domain, QType::RRSIG, "NSEC 5 2 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
d6e797b8 RG |
2080 | addRecordToLW(res, domain, QType::RRSIG, "SOA 5 3 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
2081 | return 1; | |
2082 | }); | |
2083 | ||
2084 | vector<DNSRecord> ret; | |
2085 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2086 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
2087 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2088 | } | |
2089 | ||
2090 | BOOST_AUTO_TEST_CASE(test_nodata_nsec_dnssec) { | |
2091 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2092 | initSR(sr, true); |
d6e797b8 RG |
2093 | |
2094 | primeHints(); | |
2095 | ||
2096 | const DNSName target("powerdns.com."); | |
2097 | ||
2098 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2099 | ||
2100 | setLWResult(res, 0, true, false, true); | |
2101 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
2102 | /* the NSEC and RRSIG contents are complete garbage, please ignore them */ | |
2103 | addRecordToLW(res, domain, QType::NSEC, "deadbeef", DNSResourceRecord::AUTHORITY); | |
2b984251 | 2104 | addRecordToLW(res, domain, QType::RRSIG, "NSEC 5 2 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
d6e797b8 RG |
2105 | addRecordToLW(res, domain, QType::RRSIG, "SOA 5 3 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
2106 | return 1; | |
2107 | }); | |
2108 | ||
2109 | vector<DNSRecord> ret; | |
2110 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2111 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
2112 | BOOST_CHECK_EQUAL(ret.size(), 4); |
2113 | } | |
2114 | ||
2115 | BOOST_AUTO_TEST_CASE(test_nx_nsec_nodnssec) { | |
2116 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2117 | initSR(sr); |
d6e797b8 RG |
2118 | |
2119 | primeHints(); | |
2120 | ||
2121 | const DNSName target("powerdns.com."); | |
2122 | ||
2123 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2124 | ||
2125 | setLWResult(res, RCode::NXDomain, true, false, true); | |
2126 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
2127 | /* the NSEC and RRSIG contents are complete garbage, please ignore them */ | |
2128 | addRecordToLW(res, domain, QType::NSEC, "deadbeef", DNSResourceRecord::AUTHORITY); | |
2b984251 | 2129 | addRecordToLW(res, domain, QType::RRSIG, "NSEC 5 2 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
d6e797b8 RG |
2130 | addRecordToLW(res, domain, QType::RRSIG, "SOA 5 3 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
2131 | return 1; | |
2132 | }); | |
2133 | ||
2134 | vector<DNSRecord> ret; | |
2135 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2136 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
2137 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
2138 | } | |
2139 | ||
2140 | BOOST_AUTO_TEST_CASE(test_nx_nsec_dnssec) { | |
2141 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2142 | initSR(sr, true); |
d6e797b8 RG |
2143 | |
2144 | primeHints(); | |
2145 | ||
2146 | const DNSName target("powerdns.com."); | |
2147 | ||
2148 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2149 | ||
2150 | setLWResult(res, RCode::NXDomain, true, false, true); | |
2151 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
2152 | /* the NSEC and RRSIG contents are complete garbage, please ignore them */ | |
2153 | addRecordToLW(res, domain, QType::NSEC, "deadbeef", DNSResourceRecord::AUTHORITY); | |
2b984251 | 2154 | addRecordToLW(res, domain, QType::RRSIG, "NSEC 5 2 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
d6e797b8 RG |
2155 | addRecordToLW(res, domain, QType::RRSIG, "SOA 5 3 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
2156 | return 1; | |
2157 | }); | |
2158 | ||
2159 | vector<DNSRecord> ret; | |
2160 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2161 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
2162 | BOOST_CHECK_EQUAL(ret.size(), 4); | |
2163 | } | |
2164 | ||
648bcbd1 RG |
2165 | BOOST_AUTO_TEST_CASE(test_qclass_none) { |
2166 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2167 | initSR(sr); |
648bcbd1 RG |
2168 | |
2169 | primeHints(); | |
2170 | ||
2171 | /* apart from special names and QClass::ANY, anything else than QClass::IN should be rejected right away */ | |
2172 | size_t queriesCount = 0; | |
2173 | ||
2174 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2175 | ||
2176 | queriesCount++; | |
2177 | return 0; | |
2178 | }); | |
2179 | ||
2180 | const DNSName target("powerdns.com."); | |
2181 | vector<DNSRecord> ret; | |
2182 | int res = sr->beginResolve(target, QType(QType::A), QClass::NONE, ret); | |
2183 | BOOST_CHECK_EQUAL(res, -1); | |
2184 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2185 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2186 | } | |
2187 | ||
2188 | BOOST_AUTO_TEST_CASE(test_xfr) { | |
2189 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2190 | initSR(sr); |
648bcbd1 RG |
2191 | |
2192 | primeHints(); | |
2193 | ||
2194 | /* {A,I}XFR should be rejected right away */ | |
2195 | size_t queriesCount = 0; | |
2196 | ||
2197 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2198 | ||
2199 | cerr<<"asyncresolve called to ask "<<ip.toStringWithPort()<<" about "<<domain.toString()<<" / "<<QType(type).getName()<<" over "<<(doTCP ? "TCP" : "UDP")<<" (rd: "<<sendRDQuery<<", EDNS0 level: "<<EDNS0Level<<")"<<endl; | |
2200 | queriesCount++; | |
2201 | return 0; | |
2202 | }); | |
2203 | ||
2204 | const DNSName target("powerdns.com."); | |
2205 | vector<DNSRecord> ret; | |
2206 | int res = sr->beginResolve(target, QType(QType::AXFR), QClass::IN, ret); | |
2207 | BOOST_CHECK_EQUAL(res, -1); | |
2208 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2209 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2210 | ||
2211 | res = sr->beginResolve(target, QType(QType::IXFR), QClass::IN, ret); | |
2212 | BOOST_CHECK_EQUAL(res, -1); | |
2213 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2214 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2215 | } | |
2216 | ||
2217 | BOOST_AUTO_TEST_CASE(test_special_names) { | |
2218 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2219 | initSR(sr); |
648bcbd1 RG |
2220 | |
2221 | primeHints(); | |
2222 | ||
2223 | /* special names should be handled internally */ | |
2224 | ||
2225 | size_t queriesCount = 0; | |
2226 | ||
2227 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2228 | ||
2229 | queriesCount++; | |
2230 | return 0; | |
2231 | }); | |
2232 | ||
2233 | vector<DNSRecord> ret; | |
2234 | int res = sr->beginResolve(DNSName("1.0.0.127.in-addr.arpa."), QType(QType::PTR), QClass::IN, ret); | |
b7f378d1 | 2235 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2236 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2237 | BOOST_CHECK(ret[0].d_type == QType::PTR); | |
2238 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2239 | ||
2240 | ret.clear(); | |
2241 | res = sr->beginResolve(DNSName("1.0.0.127.in-addr.arpa."), QType(QType::ANY), QClass::IN, ret); | |
b7f378d1 | 2242 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2243 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2244 | BOOST_CHECK(ret[0].d_type == QType::PTR); | |
2245 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2246 | ||
2247 | ret.clear(); | |
2248 | res = sr->beginResolve(DNSName("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa."), QType(QType::PTR), QClass::IN, ret); | |
b7f378d1 | 2249 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2250 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2251 | BOOST_CHECK(ret[0].d_type == QType::PTR); | |
2252 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2253 | ||
2254 | ret.clear(); | |
2255 | res = sr->beginResolve(DNSName("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa."), QType(QType::ANY), QClass::IN, ret); | |
b7f378d1 | 2256 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2257 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2258 | BOOST_CHECK(ret[0].d_type == QType::PTR); | |
2259 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2260 | ||
2261 | ret.clear(); | |
2262 | res = sr->beginResolve(DNSName("localhost."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2263 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2264 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2265 | BOOST_CHECK(ret[0].d_type == QType::A); | |
2266 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[0])->getCA().toString(), "127.0.0.1"); | |
2267 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2268 | ||
2269 | ret.clear(); | |
2270 | res = sr->beginResolve(DNSName("localhost."), QType(QType::AAAA), QClass::IN, ret); | |
b7f378d1 | 2271 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2272 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2273 | BOOST_CHECK(ret[0].d_type == QType::AAAA); | |
2274 | BOOST_CHECK_EQUAL(getRR<AAAARecordContent>(ret[0])->getCA().toString(), "::1"); | |
2275 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2276 | ||
2277 | ret.clear(); | |
2278 | res = sr->beginResolve(DNSName("localhost."), QType(QType::ANY), QClass::IN, ret); | |
b7f378d1 | 2279 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2280 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
2281 | for (const auto& rec : ret) { | |
2282 | BOOST_REQUIRE((rec.d_type == QType::A) || rec.d_type == QType::AAAA); | |
2283 | if (rec.d_type == QType::A) { | |
2284 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(rec)->getCA().toString(), "127.0.0.1"); | |
2285 | } | |
2286 | else { | |
2287 | BOOST_CHECK_EQUAL(getRR<AAAARecordContent>(rec)->getCA().toString(), "::1"); | |
2288 | } | |
2289 | } | |
2290 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2291 | ||
2292 | ret.clear(); | |
2293 | res = sr->beginResolve(DNSName("version.bind."), QType(QType::TXT), QClass::CHAOS, ret); | |
b7f378d1 | 2294 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2295 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2296 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2297 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests\""); | |
2298 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2299 | ||
2300 | ret.clear(); | |
2301 | res = sr->beginResolve(DNSName("version.bind."), QType(QType::ANY), QClass::CHAOS, ret); | |
b7f378d1 | 2302 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2303 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2304 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2305 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests\""); | |
2306 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2307 | ||
2308 | ret.clear(); | |
2309 | res = sr->beginResolve(DNSName("version.pdns."), QType(QType::TXT), QClass::CHAOS, ret); | |
b7f378d1 | 2310 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2311 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2312 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2313 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests\""); | |
2314 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2315 | ||
2316 | ret.clear(); | |
2317 | res = sr->beginResolve(DNSName("version.pdns."), QType(QType::ANY), QClass::CHAOS, ret); | |
b7f378d1 | 2318 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2319 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2320 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2321 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests\""); | |
2322 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2323 | ||
2324 | ret.clear(); | |
2325 | res = sr->beginResolve(DNSName("id.server."), QType(QType::TXT), QClass::CHAOS, ret); | |
b7f378d1 | 2326 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2327 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2328 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2329 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests Server ID\""); | |
2330 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2331 | ||
2332 | ret.clear(); | |
2333 | res = sr->beginResolve(DNSName("id.server."), QType(QType::ANY), QClass::CHAOS, ret); | |
b7f378d1 | 2334 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2335 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2336 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2337 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests Server ID\""); | |
2338 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2339 | } | |
2340 | ||
2341 | BOOST_AUTO_TEST_CASE(test_nameserver_ipv4_rpz) { | |
2342 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2343 | initSR(sr); |
648bcbd1 RG |
2344 | |
2345 | primeHints(); | |
2346 | ||
2347 | const DNSName target("rpz.powerdns.com."); | |
2348 | const ComboAddress ns("192.0.2.1:53"); | |
2349 | ||
2350 | sr->setAsyncCallback([target,ns](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2351 | ||
2352 | if (isRootServer(ip)) { | |
8455425c | 2353 | setLWResult(res, false, true, false, true); |
648bcbd1 RG |
2354 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
2355 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
2356 | return 1; | |
2357 | } else if (ip == ns) { | |
2358 | ||
2359 | setLWResult(res, 0, true, false, true); | |
2360 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2361 | return 1; | |
2362 | } | |
2363 | ||
2364 | return 0; | |
2365 | }); | |
2366 | ||
2367 | DNSFilterEngine::Policy pol; | |
2368 | pol.d_kind = DNSFilterEngine::PolicyKind::Drop; | |
6b972d59 RG |
2369 | std::shared_ptr<DNSFilterEngine::Zone> zone = std::make_shared<DNSFilterEngine::Zone>(); |
2370 | zone->setName("Unit test policy 0"); | |
2371 | zone->addNSIPTrigger(Netmask(ns, 32), pol); | |
648bcbd1 | 2372 | auto luaconfsCopy = g_luaconfs.getCopy(); |
6b972d59 | 2373 | luaconfsCopy.dfe.addZone(zone); |
648bcbd1 RG |
2374 | g_luaconfs.setState(luaconfsCopy); |
2375 | ||
2376 | vector<DNSRecord> ret; | |
2377 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2378 | BOOST_CHECK_EQUAL(res, -2); | |
2379 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2380 | } | |
2381 | ||
2382 | BOOST_AUTO_TEST_CASE(test_nameserver_ipv6_rpz) { | |
2383 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2384 | initSR(sr); |
648bcbd1 RG |
2385 | |
2386 | primeHints(); | |
2387 | ||
2388 | const DNSName target("rpz.powerdns.com."); | |
2389 | const ComboAddress ns("[2001:DB8::42]:53"); | |
2390 | ||
2391 | sr->setAsyncCallback([target,ns](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2392 | ||
2393 | if (isRootServer(ip)) { | |
8455425c | 2394 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
2395 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
2396 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
2397 | return 1; | |
2398 | } else if (ip == ns) { | |
2399 | ||
2400 | setLWResult(res, 0, true, false, true); | |
2401 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2402 | return 1; | |
2403 | } | |
2404 | ||
2405 | return 0; | |
2406 | }); | |
2407 | ||
2408 | DNSFilterEngine::Policy pol; | |
2409 | pol.d_kind = DNSFilterEngine::PolicyKind::Drop; | |
6b972d59 RG |
2410 | std::shared_ptr<DNSFilterEngine::Zone> zone = std::make_shared<DNSFilterEngine::Zone>(); |
2411 | zone->setName("Unit test policy 0"); | |
2412 | zone->addNSIPTrigger(Netmask(ns, 128), pol); | |
648bcbd1 | 2413 | auto luaconfsCopy = g_luaconfs.getCopy(); |
6b972d59 | 2414 | luaconfsCopy.dfe.addZone(zone); |
648bcbd1 RG |
2415 | g_luaconfs.setState(luaconfsCopy); |
2416 | ||
2417 | vector<DNSRecord> ret; | |
2418 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2419 | BOOST_CHECK_EQUAL(res, -2); | |
2420 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2421 | } | |
2422 | ||
2423 | BOOST_AUTO_TEST_CASE(test_nameserver_name_rpz) { | |
2424 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2425 | initSR(sr); |
648bcbd1 RG |
2426 | |
2427 | primeHints(); | |
2428 | ||
2429 | const DNSName target("rpz.powerdns.com."); | |
2430 | const ComboAddress ns("192.0.2.1:53"); | |
2431 | const DNSName nsName("ns1.powerdns.com."); | |
2432 | ||
2433 | sr->setAsyncCallback([target,ns,nsName](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2434 | ||
2435 | if (isRootServer(ip)) { | |
8455425c | 2436 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
2437 | addRecordToLW(res, domain, QType::NS, nsName.toString(), DNSResourceRecord::AUTHORITY, 172800); |
2438 | addRecordToLW(res, nsName, QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
2439 | return 1; | |
2440 | } else if (ip == ns) { | |
2441 | ||
2442 | setLWResult(res, 0, true, false, true); | |
2443 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2444 | return 1; | |
2445 | } | |
2446 | ||
2447 | return 0; | |
2448 | }); | |
2449 | ||
2450 | DNSFilterEngine::Policy pol; | |
2451 | pol.d_kind = DNSFilterEngine::PolicyKind::Drop; | |
6b972d59 RG |
2452 | std::shared_ptr<DNSFilterEngine::Zone> zone = std::make_shared<DNSFilterEngine::Zone>(); |
2453 | zone->setName("Unit test policy 0"); | |
2454 | zone->addNSTrigger(nsName, pol); | |
648bcbd1 | 2455 | auto luaconfsCopy = g_luaconfs.getCopy(); |
6b972d59 | 2456 | luaconfsCopy.dfe.addZone(zone); |
648bcbd1 RG |
2457 | g_luaconfs.setState(luaconfsCopy); |
2458 | ||
2459 | vector<DNSRecord> ret; | |
2460 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2461 | BOOST_CHECK_EQUAL(res, -2); | |
2462 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2463 | } | |
2464 | ||
2465 | BOOST_AUTO_TEST_CASE(test_nameserver_name_rpz_disabled) { | |
2466 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2467 | initSR(sr); |
648bcbd1 RG |
2468 | |
2469 | primeHints(); | |
2470 | ||
2471 | const DNSName target("rpz.powerdns.com."); | |
2472 | const ComboAddress ns("192.0.2.1:53"); | |
2473 | const DNSName nsName("ns1.powerdns.com."); | |
2474 | ||
2475 | sr->setAsyncCallback([target,ns,nsName](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2476 | ||
2477 | if (isRootServer(ip)) { | |
8455425c | 2478 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
2479 | addRecordToLW(res, domain, QType::NS, nsName.toString(), DNSResourceRecord::AUTHORITY, 172800); |
2480 | addRecordToLW(res, nsName, QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
2481 | return 1; | |
2482 | } else if (ip == ns) { | |
2483 | ||
2484 | setLWResult(res, 0, true, false, true); | |
2485 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2486 | return 1; | |
2487 | } | |
2488 | ||
2489 | return 0; | |
2490 | }); | |
2491 | ||
2492 | DNSFilterEngine::Policy pol; | |
2493 | pol.d_kind = DNSFilterEngine::PolicyKind::Drop; | |
6b972d59 RG |
2494 | std::shared_ptr<DNSFilterEngine::Zone> zone = std::make_shared<DNSFilterEngine::Zone>(); |
2495 | zone->setName("Unit test policy 0"); | |
2496 | zone->addNSIPTrigger(Netmask(ns, 128), pol); | |
2497 | zone->addNSTrigger(nsName, pol); | |
648bcbd1 | 2498 | auto luaconfsCopy = g_luaconfs.getCopy(); |
6b972d59 | 2499 | luaconfsCopy.dfe.addZone(zone); |
648bcbd1 RG |
2500 | g_luaconfs.setState(luaconfsCopy); |
2501 | ||
2502 | /* RPZ is disabled for this query, we should not be blocked */ | |
2503 | sr->setWantsRPZ(false); | |
2504 | ||
2505 | vector<DNSRecord> ret; | |
2506 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2507 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2508 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2509 | } | |
2510 | ||
3e59ff53 RG |
2511 | BOOST_AUTO_TEST_CASE(test_forward_zone_nord) { |
2512 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2513 | initSR(sr); |
3e59ff53 RG |
2514 | |
2515 | primeHints(); | |
2516 | ||
2517 | const DNSName target("powerdns.com."); | |
2518 | const ComboAddress ns("192.0.2.1:53"); | |
2519 | const ComboAddress forwardedNS("192.0.2.42:53"); | |
2520 | ||
2521 | SyncRes::AuthDomain ad; | |
2522 | ad.d_rdForward = false; | |
2523 | ad.d_servers.push_back(forwardedNS); | |
a712cb56 | 2524 | (*SyncRes::t_sstorage.domainmap)[target] = ad; |
3e59ff53 RG |
2525 | |
2526 | sr->setAsyncCallback([forwardedNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2527 | ||
2528 | if (ip == forwardedNS) { | |
6dfff36f RG |
2529 | BOOST_CHECK_EQUAL(sendRDQuery, false); |
2530 | ||
3e59ff53 RG |
2531 | setLWResult(res, 0, true, false, true); |
2532 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2533 | return 1; | |
2534 | } | |
2535 | ||
2536 | return 0; | |
2537 | }); | |
2538 | ||
2539 | /* simulate a no-RD query */ | |
2540 | sr->setCacheOnly(); | |
2541 | ||
2542 | vector<DNSRecord> ret; | |
2543 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2544 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3e59ff53 RG |
2545 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2546 | } | |
2547 | ||
2548 | BOOST_AUTO_TEST_CASE(test_forward_zone_rd) { | |
2549 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2550 | initSR(sr); |
3e59ff53 RG |
2551 | |
2552 | primeHints(); | |
2553 | ||
2554 | const DNSName target("powerdns.com."); | |
2555 | const ComboAddress ns("192.0.2.1:53"); | |
2556 | const ComboAddress forwardedNS("192.0.2.42:53"); | |
2557 | ||
2558 | SyncRes::AuthDomain ad; | |
2559 | ad.d_rdForward = false; | |
2560 | ad.d_servers.push_back(forwardedNS); | |
a712cb56 | 2561 | (*SyncRes::t_sstorage.domainmap)[target] = ad; |
3e59ff53 RG |
2562 | |
2563 | sr->setAsyncCallback([forwardedNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2564 | ||
2565 | if (ip == forwardedNS) { | |
6dfff36f RG |
2566 | BOOST_CHECK_EQUAL(sendRDQuery, false); |
2567 | ||
3e59ff53 RG |
2568 | setLWResult(res, 0, true, false, true); |
2569 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2570 | return 1; | |
2571 | } | |
2572 | ||
2573 | return 0; | |
2574 | }); | |
2575 | ||
2576 | vector<DNSRecord> ret; | |
2577 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2578 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3e59ff53 RG |
2579 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2580 | } | |
2581 | ||
2582 | BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_nord) { | |
2583 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2584 | initSR(sr); |
3e59ff53 RG |
2585 | |
2586 | primeHints(); | |
2587 | ||
2588 | const DNSName target("powerdns.com."); | |
2589 | const ComboAddress ns("192.0.2.1:53"); | |
2590 | const ComboAddress forwardedNS("192.0.2.42:53"); | |
2591 | ||
2592 | SyncRes::AuthDomain ad; | |
2593 | ad.d_rdForward = true; | |
2594 | ad.d_servers.push_back(forwardedNS); | |
a712cb56 | 2595 | (*SyncRes::t_sstorage.domainmap)[target] = ad; |
3e59ff53 RG |
2596 | |
2597 | sr->setAsyncCallback([forwardedNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2598 | ||
2599 | if (ip == forwardedNS) { | |
6dfff36f RG |
2600 | BOOST_CHECK_EQUAL(sendRDQuery, false); |
2601 | ||
3e59ff53 RG |
2602 | setLWResult(res, 0, true, false, true); |
2603 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2604 | return 1; | |
2605 | } | |
2606 | ||
2607 | return 0; | |
2608 | }); | |
2609 | ||
2610 | /* simulate a no-RD query */ | |
2611 | sr->setCacheOnly(); | |
2612 | ||
2613 | vector<DNSRecord> ret; | |
2614 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2615 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3e59ff53 RG |
2616 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2617 | } | |
2618 | ||
2619 | BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd) { | |
2620 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2621 | initSR(sr); |
3e59ff53 RG |
2622 | |
2623 | primeHints(); | |
2624 | ||
2625 | const DNSName target("powerdns.com."); | |
2626 | const ComboAddress ns("192.0.2.1:53"); | |
2627 | const ComboAddress forwardedNS("192.0.2.42:53"); | |
2628 | ||
2629 | SyncRes::AuthDomain ad; | |
2630 | ad.d_rdForward = true; | |
2631 | ad.d_servers.push_back(forwardedNS); | |
a712cb56 | 2632 | (*SyncRes::t_sstorage.domainmap)[target] = ad; |
3e59ff53 RG |
2633 | |
2634 | sr->setAsyncCallback([forwardedNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2635 | ||
2636 | if (ip == forwardedNS) { | |
6dfff36f RG |
2637 | BOOST_CHECK_EQUAL(sendRDQuery, true); |
2638 | ||
3e59ff53 RG |
2639 | setLWResult(res, 0, true, false, true); |
2640 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2641 | return 1; | |
2642 | } | |
2643 | ||
2644 | return 0; | |
2645 | }); | |
2646 | ||
2647 | vector<DNSRecord> ret; | |
2648 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2649 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3e59ff53 RG |
2650 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2651 | } | |
2652 | ||
f79a4e30 RG |
2653 | BOOST_AUTO_TEST_CASE(test_auth_zone_delegation_oob) { |
2654 | std::unique_ptr<SyncRes> sr; | |
2655 | init(); | |
2656 | initSR(sr, true, false); | |
2657 | ||
2658 | primeHints(); | |
2659 | ||
2660 | size_t queriesCount = 0; | |
2661 | const DNSName target("test.xx."); | |
2662 | const ComboAddress targetAddr("127.0.0.1"); | |
2663 | const DNSName ns("localhost."); | |
2664 | const ComboAddress nsAddr("127.0.0.1"); | |
2665 | const DNSName authZone("test.xx"); | |
2666 | ||
2667 | SyncRes::AuthDomain ad; | |
2668 | DNSRecord dr; | |
2669 | dr.d_place = DNSResourceRecord::ANSWER; | |
2670 | dr.d_name = authZone; | |
2671 | dr.d_type = QType::NS; | |
2672 | dr.d_ttl = 1800; | |
2673 | dr.d_content = std::make_shared<NSRecordContent>("localhost."); | |
2674 | ad.d_records.insert(dr); | |
2675 | ||
2676 | dr.d_place = DNSResourceRecord::ANSWER; | |
2677 | dr.d_name = authZone; | |
2678 | dr.d_type = QType::A; | |
2679 | dr.d_ttl = 1800; | |
2680 | dr.d_content = std::make_shared<ARecordContent>(nsAddr); | |
2681 | ad.d_records.insert(dr); | |
2682 | ||
a712cb56 | 2683 | (*SyncRes::t_sstorage.domainmap)[authZone] = ad; |
f79a4e30 RG |
2684 | |
2685 | sr->setAsyncCallback([&queriesCount,nsAddr,target,targetAddr](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2686 | queriesCount++; | |
2687 | return 0; | |
2688 | }); | |
2689 | ||
2690 | vector<DNSRecord> ret; | |
2691 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2692 | BOOST_CHECK_EQUAL(res, 0); | |
2693 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
2694 | BOOST_CHECK(ret[0].d_type == QType::A); | |
2695 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2696 | BOOST_CHECK(sr->wasOutOfBand()); | |
2697 | ||
2698 | /* a second time, to check that the OOB flag is set when the query cache is used */ | |
2699 | ret.clear(); | |
2700 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2701 | BOOST_CHECK_EQUAL(res, 0); | |
2702 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
2703 | BOOST_CHECK(ret[0].d_type == QType::A); | |
2704 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2705 | BOOST_CHECK(sr->wasOutOfBand()); | |
2706 | } | |
2707 | ||
3337c2f7 RG |
2708 | BOOST_AUTO_TEST_CASE(test_auth_zone) { |
2709 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2710 | initSR(sr); |
3337c2f7 RG |
2711 | |
2712 | primeHints(); | |
2713 | ||
2714 | size_t queriesCount = 0; | |
2715 | const DNSName target("powerdns.com."); | |
2716 | const ComboAddress addr("192.0.2.5"); | |
2717 | ||
2718 | SyncRes::AuthDomain ad; | |
2719 | ad.d_name = target; | |
2720 | DNSRecord dr; | |
2721 | dr.d_place = DNSResourceRecord::ANSWER; | |
2722 | dr.d_name = target; | |
2723 | dr.d_type = QType::SOA; | |
2724 | dr.d_ttl = 3600; | |
2725 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2726 | ad.d_records.insert(dr); | |
2727 | ||
2728 | dr.d_place = DNSResourceRecord::ANSWER; | |
2729 | dr.d_name = target; | |
2730 | dr.d_type = QType::A; | |
2731 | dr.d_ttl = 3600; | |
2732 | dr.d_content = std::make_shared<ARecordContent>(addr); | |
2733 | ad.d_records.insert(dr); | |
2734 | ||
2735 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2736 | (*map)[target] = ad; | |
2737 | SyncRes::setDomainMap(map); | |
2738 | ||
2739 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2740 | ||
2741 | queriesCount++; | |
2742 | setLWResult(res, 0, true, false, true); | |
2743 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2744 | return 1; | |
2745 | }); | |
2746 | ||
2747 | vector<DNSRecord> ret; | |
2748 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2749 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
2750 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2751 | BOOST_CHECK(ret[0].d_type == QType::A); | |
2752 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[0])->getCA().toString(), addr.toString()); | |
2753 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2754 | } | |
2755 | ||
2756 | BOOST_AUTO_TEST_CASE(test_auth_zone_cname_lead_to_oob) { | |
2757 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2758 | initSR(sr); |
3337c2f7 RG |
2759 | |
2760 | primeHints(); | |
2761 | ||
2762 | size_t queriesCount = 0; | |
2763 | const DNSName target("powerdns.com."); | |
2764 | const DNSName authZone("internal.powerdns.com."); | |
2765 | const ComboAddress addr("192.0.2.5"); | |
2766 | ||
2767 | SyncRes::AuthDomain ad; | |
2768 | ad.d_name = authZone; | |
2769 | DNSRecord dr; | |
2770 | dr.d_place = DNSResourceRecord::ANSWER; | |
2771 | dr.d_name = authZone; | |
2772 | dr.d_type = QType::SOA; | |
2773 | dr.d_ttl = 3600; | |
2774 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2775 | ad.d_records.insert(dr); | |
2776 | ||
2777 | dr.d_place = DNSResourceRecord::ANSWER; | |
2778 | dr.d_name = authZone; | |
2779 | dr.d_type = QType::A; | |
2780 | dr.d_ttl = 3600; | |
2781 | dr.d_content = std::make_shared<ARecordContent>(addr); | |
2782 | ad.d_records.insert(dr); | |
2783 | ||
2784 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2785 | (*map)[authZone] = ad; | |
2786 | SyncRes::setDomainMap(map); | |
2787 | ||
2788 | sr->setAsyncCallback([&queriesCount,target,authZone](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2789 | ||
2790 | queriesCount++; | |
2791 | ||
2792 | if (domain == target) { | |
2793 | setLWResult(res, 0, true, false, true); | |
2794 | addRecordToLW(res, target, QType::CNAME, authZone.toString(), DNSResourceRecord::ANSWER, 3600); | |
2795 | return 1; | |
2796 | } | |
2797 | ||
2798 | return 0; | |
2799 | }); | |
2800 | ||
2801 | vector<DNSRecord> ret; | |
2802 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2803 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
2804 | BOOST_CHECK_EQUAL(ret.size(), 2); |
2805 | BOOST_CHECK(ret[0].d_type == QType::CNAME); | |
2806 | BOOST_CHECK_EQUAL(getRR<CNAMERecordContent>(ret[0])->getTarget().toString(), authZone.toString()); | |
2807 | BOOST_CHECK(ret[1].d_type == QType::A); | |
2808 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[1])->getCA().toString(), addr.toString()); | |
2809 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
2810 | } | |
2811 | ||
2812 | BOOST_AUTO_TEST_CASE(test_auth_zone_oob_lead_to_outgoing_queryb) { | |
2813 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2814 | initSR(sr); |
3337c2f7 RG |
2815 | |
2816 | primeHints(); | |
2817 | ||
2818 | size_t queriesCount = 0; | |
2819 | const DNSName target("powerdns.com."); | |
2820 | const DNSName externalCNAME("www.open-xchange.com."); | |
2821 | const ComboAddress addr("192.0.2.5"); | |
2822 | ||
2823 | SyncRes::AuthDomain ad; | |
2824 | ad.d_name = target; | |
2825 | DNSRecord dr; | |
2826 | dr.d_place = DNSResourceRecord::ANSWER; | |
2827 | dr.d_name = target; | |
2828 | dr.d_type = QType::SOA; | |
2829 | dr.d_ttl = 3600; | |
2830 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2831 | ad.d_records.insert(dr); | |
2832 | ||
2833 | dr.d_place = DNSResourceRecord::ANSWER; | |
2834 | dr.d_name = target; | |
2835 | dr.d_type = QType::CNAME; | |
2836 | dr.d_ttl = 3600; | |
2837 | dr.d_content = std::make_shared<CNAMERecordContent>(externalCNAME); | |
2838 | ad.d_records.insert(dr); | |
2839 | ||
2840 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2841 | (*map)[target] = ad; | |
2842 | SyncRes::setDomainMap(map); | |
2843 | ||
2844 | sr->setAsyncCallback([&queriesCount,externalCNAME,addr](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2845 | ||
2846 | queriesCount++; | |
2847 | ||
2848 | if (domain == externalCNAME) { | |
2849 | setLWResult(res, 0, true, false, true); | |
2850 | addRecordToLW(res, externalCNAME, QType::A, addr.toString(), DNSResourceRecord::ANSWER, 3600); | |
2851 | return 1; | |
2852 | } | |
2853 | ||
2854 | return 0; | |
2855 | }); | |
2856 | ||
2857 | vector<DNSRecord> ret; | |
2858 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2859 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
2860 | BOOST_CHECK_EQUAL(ret.size(), 2); |
2861 | BOOST_CHECK(ret[0].d_type == QType::CNAME); | |
2862 | BOOST_CHECK_EQUAL(getRR<CNAMERecordContent>(ret[0])->getTarget().toString(), externalCNAME.toString()); | |
2863 | BOOST_CHECK(ret[1].d_type == QType::A); | |
2864 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[1])->getCA().toString(), addr.toString()); | |
2865 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
2866 | } | |
2867 | ||
2868 | BOOST_AUTO_TEST_CASE(test_auth_zone_nodata) { | |
2869 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2870 | initSR(sr); |
3337c2f7 RG |
2871 | |
2872 | primeHints(); | |
2873 | ||
2874 | size_t queriesCount = 0; | |
2875 | const DNSName target("nodata.powerdns.com."); | |
2876 | const DNSName authZone("powerdns.com"); | |
2877 | ||
2878 | SyncRes::AuthDomain ad; | |
2879 | ad.d_name = authZone; | |
2880 | DNSRecord dr; | |
2881 | dr.d_place = DNSResourceRecord::ANSWER; | |
2882 | dr.d_name = target; | |
2883 | dr.d_type = QType::A; | |
2884 | dr.d_ttl = 3600; | |
2885 | dr.d_content = std::make_shared<ARecordContent>(ComboAddress("192.0.2.1")); | |
2886 | ad.d_records.insert(dr); | |
2887 | ||
2888 | dr.d_place = DNSResourceRecord::ANSWER; | |
2889 | dr.d_name = authZone; | |
2890 | dr.d_type = QType::SOA; | |
2891 | dr.d_ttl = 3600; | |
2892 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2893 | ad.d_records.insert(dr); | |
2894 | ||
2895 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2896 | (*map)[authZone] = ad; | |
2897 | SyncRes::setDomainMap(map); | |
2898 | ||
2899 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2900 | ||
2901 | queriesCount++; | |
2902 | ||
2903 | return 0; | |
2904 | }); | |
2905 | ||
2906 | vector<DNSRecord> ret; | |
2907 | int res = sr->beginResolve(target, QType(QType::AAAA), QClass::IN, ret); | |
b7f378d1 | 2908 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
2909 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2910 | BOOST_CHECK(ret[0].d_type == QType::SOA); | |
2911 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2912 | } | |
2913 | ||
2914 | BOOST_AUTO_TEST_CASE(test_auth_zone_nx) { | |
2915 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2916 | initSR(sr); |
3337c2f7 RG |
2917 | |
2918 | primeHints(); | |
2919 | ||
2920 | size_t queriesCount = 0; | |
2921 | const DNSName target("nx.powerdns.com."); | |
2922 | const DNSName authZone("powerdns.com"); | |
2923 | ||
2924 | SyncRes::AuthDomain ad; | |
2925 | ad.d_name = authZone; | |
2926 | DNSRecord dr; | |
2927 | dr.d_place = DNSResourceRecord::ANSWER; | |
2928 | dr.d_name = DNSName("powerdns.com."); | |
2929 | dr.d_type = QType::SOA; | |
2930 | dr.d_ttl = 3600; | |
2931 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2932 | ad.d_records.insert(dr); | |
2933 | ||
2934 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2935 | (*map)[authZone] = ad; | |
2936 | SyncRes::setDomainMap(map); | |
2937 | ||
2938 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2939 | ||
2940 | queriesCount++; | |
2941 | ||
2942 | return 0; | |
2943 | }); | |
2944 | ||
2945 | vector<DNSRecord> ret; | |
2946 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2947 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
2948 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
2949 | BOOST_CHECK(ret[0].d_type == QType::SOA); | |
2950 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2951 | } | |
2952 | ||
2953 | BOOST_AUTO_TEST_CASE(test_auth_zone_delegation) { | |
2954 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2955 | initSR(sr); |
3337c2f7 RG |
2956 | |
2957 | primeHints(); | |
2958 | ||
2959 | size_t queriesCount = 0; | |
2960 | const DNSName target("www.test.powerdns.com."); | |
2961 | const ComboAddress targetAddr("192.0.2.2"); | |
2962 | const DNSName ns("ns1.test.powerdns.com."); | |
2963 | const ComboAddress nsAddr("192.0.2.1"); | |
2964 | const DNSName authZone("powerdns.com"); | |
2965 | ||
2966 | SyncRes::AuthDomain ad; | |
2967 | ad.d_name = authZone; | |
2968 | DNSRecord dr; | |
2969 | dr.d_place = DNSResourceRecord::ANSWER; | |
2970 | dr.d_name = authZone; | |
2971 | dr.d_type = QType::SOA; | |
2972 | dr.d_ttl = 3600; | |
2973 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2974 | ad.d_records.insert(dr); | |
2975 | ||
2976 | dr.d_place = DNSResourceRecord::ANSWER; | |
2977 | dr.d_name = DNSName("test.powerdns.com."); | |
2978 | dr.d_type = QType::NS; | |
2979 | dr.d_ttl = 3600; | |
2980 | dr.d_content = std::make_shared<NSRecordContent>(ns); | |
2981 | ad.d_records.insert(dr); | |
2982 | ||
2983 | dr.d_place = DNSResourceRecord::ANSWER; | |
2984 | dr.d_name = ns; | |
2985 | dr.d_type = QType::A; | |
2986 | dr.d_ttl = 3600; | |
2987 | dr.d_content = std::make_shared<ARecordContent>(nsAddr); | |
2988 | ad.d_records.insert(dr); | |
2989 | ||
2990 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2991 | (*map)[authZone] = ad; | |
2992 | SyncRes::setDomainMap(map); | |
2993 | ||
2994 | sr->setAsyncCallback([&queriesCount,target,targetAddr,nsAddr](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2995 | ||
2996 | queriesCount++; | |
2997 | if (ip == ComboAddress(nsAddr.toString(), 53) && domain == target) { | |
2998 | setLWResult(res, 0, true, false, true); | |
2999 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
3000 | return 1; | |
3001 | } | |
3002 | ||
3003 | return 0; | |
3004 | }); | |
3005 | ||
3006 | vector<DNSRecord> ret; | |
3007 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 3008 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3009 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
3010 | BOOST_CHECK(ret[0].d_type == QType::A); | |
3011 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
3012 | } | |
3013 | ||
3014 | BOOST_AUTO_TEST_CASE(test_auth_zone_delegation_point) { | |
3015 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3016 | initSR(sr); |
3337c2f7 RG |
3017 | |
3018 | primeHints(); | |
3019 | ||
3020 | size_t queriesCount = 0; | |
3021 | const DNSName target("test.powerdns.com."); | |
3022 | const ComboAddress targetAddr("192.0.2.2"); | |
3023 | const DNSName ns("ns1.test.powerdns.com."); | |
3024 | const ComboAddress nsAddr("192.0.2.1"); | |
3025 | const DNSName authZone("powerdns.com"); | |
3026 | ||
3027 | SyncRes::AuthDomain ad; | |
3028 | ad.d_name = authZone; | |
3029 | DNSRecord dr; | |
3030 | dr.d_place = DNSResourceRecord::ANSWER; | |
3031 | dr.d_name = authZone; | |
3032 | dr.d_type = QType::SOA; | |
3033 | dr.d_ttl = 3600; | |
3034 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
3035 | ad.d_records.insert(dr); | |
3036 | ||
3037 | dr.d_place = DNSResourceRecord::ANSWER; | |
3038 | dr.d_name = DNSName("test.powerdns.com."); | |
3039 | dr.d_type = QType::NS; | |
3040 | dr.d_ttl = 3600; | |
3041 | dr.d_content = std::make_shared<NSRecordContent>(ns); | |
3042 | ad.d_records.insert(dr); | |
3043 | ||
3044 | dr.d_place = DNSResourceRecord::ANSWER; | |
3045 | dr.d_name = ns; | |
3046 | dr.d_type = QType::A; | |
3047 | dr.d_ttl = 3600; | |
3048 | dr.d_content = std::make_shared<ARecordContent>(nsAddr); | |
3049 | ad.d_records.insert(dr); | |
3050 | ||
3051 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
3052 | (*map)[authZone] = ad; | |
3053 | SyncRes::setDomainMap(map); | |
3054 | ||
3055 | sr->setAsyncCallback([&queriesCount,nsAddr,target,targetAddr](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3056 | ||
3057 | queriesCount++; | |
3058 | ||
3059 | if (ip == ComboAddress(nsAddr.toString(), 53) && domain == target) { | |
3060 | setLWResult(res, 0, true, false, true); | |
3061 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
3062 | return 1; | |
3063 | } | |
3064 | ||
3065 | return 0; | |
3066 | }); | |
3067 | ||
3068 | vector<DNSRecord> ret; | |
3069 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 3070 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3071 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
3072 | BOOST_CHECK(ret[0].d_type == QType::A); | |
3073 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
3074 | } | |
3075 | ||
3076 | BOOST_AUTO_TEST_CASE(test_auth_zone_wildcard) { | |
3077 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3078 | initSR(sr); |
3337c2f7 RG |
3079 | |
3080 | primeHints(); | |
3081 | ||
3082 | size_t queriesCount = 0; | |
3083 | const DNSName target("test.powerdns.com."); | |
3084 | const ComboAddress targetAddr("192.0.2.2"); | |
3085 | const DNSName authZone("powerdns.com"); | |
3086 | ||
3087 | SyncRes::AuthDomain ad; | |
3088 | ad.d_name = authZone; | |
3089 | DNSRecord dr; | |
3090 | dr.d_place = DNSResourceRecord::ANSWER; | |
3091 | dr.d_name = authZone; | |
3092 | dr.d_type = QType::SOA; | |
3093 | dr.d_ttl = 3600; | |
3094 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
3095 | ad.d_records.insert(dr); | |
3096 | ||
3097 | dr.d_place = DNSResourceRecord::ANSWER; | |
3098 | dr.d_name = DNSName("*.powerdns.com."); | |
3099 | dr.d_type = QType::A; | |
3100 | dr.d_ttl = 3600; | |
3101 | dr.d_content = std::make_shared<ARecordContent>(targetAddr); | |
3102 | ad.d_records.insert(dr); | |
3103 | ||
3104 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
3105 | (*map)[authZone] = ad; | |
3106 | SyncRes::setDomainMap(map); | |
3107 | ||
3108 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3109 | ||
3110 | queriesCount++; | |
3111 | ||
3112 | return 0; | |
3113 | }); | |
3114 | ||
3115 | vector<DNSRecord> ret; | |
3116 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 3117 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3118 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
3119 | BOOST_CHECK(ret[0].d_type == QType::A); | |
3120 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
3121 | } | |
3122 | ||
3123 | BOOST_AUTO_TEST_CASE(test_auth_zone_wildcard_nodata) { | |
3124 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3125 | initSR(sr); |
3337c2f7 RG |
3126 | |
3127 | primeHints(); | |
3128 | ||
3129 | size_t queriesCount = 0; | |
3130 | const DNSName target("test.powerdns.com."); | |
3131 | const ComboAddress targetAddr("192.0.2.2"); | |
3132 | const DNSName authZone("powerdns.com"); | |
3133 | ||
3134 | SyncRes::AuthDomain ad; | |
3135 | ad.d_name = authZone; | |
3136 | DNSRecord dr; | |
3137 | dr.d_place = DNSResourceRecord::ANSWER; | |
3138 | dr.d_name = authZone; | |
3139 | dr.d_type = QType::SOA; | |
3140 | dr.d_ttl = 3600; | |
3141 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
3142 | ad.d_records.insert(dr); | |
3143 | ||
3144 | dr.d_place = DNSResourceRecord::ANSWER; | |
3145 | dr.d_name = DNSName("*.powerdns.com."); | |
3146 | dr.d_type = QType::A; | |
3147 | dr.d_ttl = 3600; | |
3148 | dr.d_content = std::make_shared<ARecordContent>(targetAddr); | |
3149 | ad.d_records.insert(dr); | |
3150 | ||
3151 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
3152 | (*map)[authZone] = ad; | |
3153 | SyncRes::setDomainMap(map); | |
3154 | ||
3155 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3156 | ||
3157 | queriesCount++; | |
3158 | ||
3159 | return 0; | |
3160 | }); | |
3161 | ||
3162 | vector<DNSRecord> ret; | |
3163 | int res = sr->beginResolve(target, QType(QType::AAAA), QClass::IN, ret); | |
b7f378d1 | 3164 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3165 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
3166 | BOOST_CHECK(ret[0].d_type == QType::SOA); | |
3167 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
3168 | } | |
3169 | ||
3170 | BOOST_AUTO_TEST_CASE(test_auth_zone_cache_only) { | |
3171 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3172 | initSR(sr); |
3337c2f7 RG |
3173 | |
3174 | primeHints(); | |
3175 | ||
3176 | size_t queriesCount = 0; | |
3177 | const DNSName target("powerdns.com."); | |
3178 | const ComboAddress addr("192.0.2.5"); | |
3179 | ||
3180 | SyncRes::AuthDomain ad; | |
3181 | ad.d_name = target; | |
3182 | DNSRecord dr; | |
3183 | dr.d_place = DNSResourceRecord::ANSWER; | |
3184 | dr.d_name = target; | |
3185 | dr.d_type = QType::SOA; | |
3186 | dr.d_ttl = 3600; | |
3187 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
3188 | ad.d_records.insert(dr); | |
3189 | ||
3190 | dr.d_place = DNSResourceRecord::ANSWER; | |
3191 | dr.d_name = target; | |
3192 | dr.d_type = QType::A; | |
3193 | dr.d_ttl = 3600; | |
3194 | dr.d_content = std::make_shared<ARecordContent>(addr); | |
3195 | ad.d_records.insert(dr); | |
3196 | ||
3197 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
3198 | (*map)[target] = ad; | |
3199 | SyncRes::setDomainMap(map); | |
3200 | ||
3201 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3202 | ||
3203 | queriesCount++; | |
3204 | setLWResult(res, 0, true, false, true); | |
3205 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
3206 | return 1; | |
3207 | }); | |
3208 | ||
3209 | /* simulate a no-RD query */ | |
3210 | sr->setCacheOnly(); | |
3211 | ||
3212 | vector<DNSRecord> ret; | |
3213 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 3214 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3215 | BOOST_CHECK_EQUAL(ret.size(), 1); |
3216 | BOOST_CHECK(ret[0].d_type == QType::A); | |
3217 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[0])->getCA().toString(), addr.toString()); | |
3218 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
3219 | } | |
3220 | ||
8455425c | 3221 | BOOST_AUTO_TEST_CASE(test_dnssec_rrsig) { |
8455425c RG |
3222 | init(); |
3223 | ||
3224 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3225 | dcke->create(dcke->getBits()); | |
3226 | // cerr<<dcke->convertToISC()<<endl; | |
3227 | DNSSECPrivateKey dpk; | |
3228 | dpk.d_flags = 256; | |
3229 | dpk.setKey(dcke); | |
3230 | ||
3231 | std::vector<std::shared_ptr<DNSRecordContent> > recordcontents; | |
3232 | recordcontents.push_back(getRecordContent(QType::A, "192.0.2.1")); | |
3233 | ||
3234 | DNSName qname("powerdns.com."); | |
3235 | ||
3236 | RRSIGRecordContent rrc; | |
3237 | computeRRSIG(dpk, qname, qname, QType::A, 600, 300, rrc, recordcontents); | |
3238 | ||
3239 | skeyset_t keyset; | |
3240 | keyset.insert(std::make_shared<DNSKEYRecordContent>(dpk.getDNSKEY())); | |
3241 | ||
3242 | std::vector<std::shared_ptr<RRSIGRecordContent> > sigs; | |
3243 | sigs.push_back(std::make_shared<RRSIGRecordContent>(rrc)); | |
3244 | ||
3245 | BOOST_CHECK(validateWithKeySet(time(nullptr), qname, recordcontents, sigs, keyset)); | |
3246 | } | |
3247 | ||
3248 | BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_csk) { | |
3249 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3250 | initSR(sr, true); |
8455425c RG |
3251 | |
3252 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3253 | ||
3254 | primeHints(); | |
3255 | const DNSName target("."); | |
b7f378d1 | 3256 | testkeysset_t keys; |
8455425c RG |
3257 | |
3258 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3259 | luaconfsCopy.dsAnchors.clear(); | |
3260 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
3261 | g_luaconfs.setState(luaconfsCopy); | |
3262 | ||
3263 | size_t queriesCount = 0; | |
3264 | ||
3265 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3266 | queriesCount++; | |
3267 | ||
3268 | if (domain == target && type == QType::NS) { | |
3269 | ||
3270 | setLWResult(res, 0, true, false, true); | |
3271 | char addr[] = "a.root-servers.net."; | |
3272 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3273 | addr[0] = idx; | |
3274 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3275 | } | |
3276 | ||
3277 | addRRSIG(keys, res->d_records, domain, 300); | |
3278 | ||
3279 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3280 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3281 | ||
3282 | return 1; | |
3283 | } else if (domain == target && type == QType::DNSKEY) { | |
3284 | ||
3285 | setLWResult(res, 0, true, false, true); | |
3286 | ||
3287 | addDNSKEY(keys, domain, 300, res->d_records); | |
3288 | addRRSIG(keys, res->d_records, domain, 300); | |
3289 | ||
3290 | return 1; | |
3291 | } | |
3292 | ||
3293 | return 0; | |
3294 | }); | |
3295 | ||
3296 | vector<DNSRecord> ret; | |
3297 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3298 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3299 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
8455425c RG |
3300 | /* 13 NS + 1 RRSIG */ |
3301 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3302 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3303 | |
3304 | /* again, to test the cache */ | |
3305 | ret.clear(); | |
3306 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3307 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3308 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); |
b7f378d1 RG |
3309 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3310 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3311 | } |
3312 | ||
3313 | BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_ksk_zsk) { | |
3314 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3315 | initSR(sr, true); |
8455425c RG |
3316 | |
3317 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3318 | ||
3319 | primeHints(); | |
3320 | const DNSName target("."); | |
b7f378d1 RG |
3321 | testkeysset_t zskeys; |
3322 | testkeysset_t kskeys; | |
8455425c RG |
3323 | |
3324 | /* Generate key material for "." */ | |
3325 | auto dckeZ = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3326 | dckeZ->create(dckeZ->getBits()); | |
3327 | DNSSECPrivateKey ksk; | |
3328 | ksk.d_flags = 257; | |
3329 | ksk.setKey(dckeZ); | |
b7f378d1 RG |
3330 | DSRecordContent kskds = makeDSFromDNSKey(target, ksk.getDNSKEY(), DNSSECKeeper::SHA256); |
3331 | ||
8455425c RG |
3332 | auto dckeK = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); |
3333 | dckeK->create(dckeK->getBits()); | |
3334 | DNSSECPrivateKey zsk; | |
3335 | zsk.d_flags = 256; | |
3336 | zsk.setKey(dckeK); | |
b7f378d1 | 3337 | DSRecordContent zskds = makeDSFromDNSKey(target, zsk.getDNSKEY(), DNSSECKeeper::SHA256); |
8455425c | 3338 | |
b7f378d1 RG |
3339 | kskeys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(ksk, kskds); |
3340 | zskeys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(zsk, zskds); | |
8455425c RG |
3341 | |
3342 | /* Set the root DS */ | |
8455425c RG |
3343 | auto luaconfsCopy = g_luaconfs.getCopy(); |
3344 | luaconfsCopy.dsAnchors.clear(); | |
b7f378d1 | 3345 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(kskds); |
8455425c RG |
3346 | g_luaconfs.setState(luaconfsCopy); |
3347 | ||
3348 | size_t queriesCount = 0; | |
3349 | ||
3350 | sr->setAsyncCallback([target,&queriesCount,zskeys,kskeys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3351 | queriesCount++; | |
3352 | ||
3353 | if (domain == target && type == QType::NS) { | |
3354 | ||
3355 | setLWResult(res, 0, true, false, true); | |
3356 | char addr[] = "a.root-servers.net."; | |
3357 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3358 | addr[0] = idx; | |
3359 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3360 | } | |
3361 | ||
3362 | addRRSIG(zskeys, res->d_records, domain, 300); | |
3363 | ||
3364 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3365 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3366 | ||
3367 | return 1; | |
3368 | } else if (domain == target && type == QType::DNSKEY) { | |
3369 | ||
3370 | setLWResult(res, 0, true, false, true); | |
3371 | ||
3372 | addDNSKEY(kskeys, domain, 300, res->d_records); | |
3373 | addDNSKEY(zskeys, domain, 300, res->d_records); | |
3374 | addRRSIG(kskeys, res->d_records, domain, 300); | |
3375 | ||
3376 | return 1; | |
3377 | } | |
3378 | ||
3379 | return 0; | |
3380 | }); | |
3381 | ||
3382 | vector<DNSRecord> ret; | |
3383 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3384 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3385 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
8455425c RG |
3386 | /* 13 NS + 1 RRSIG */ |
3387 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3388 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3389 | |
3390 | /* again, to test the cache */ | |
3391 | ret.clear(); | |
3392 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3393 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3394 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); |
b7f378d1 RG |
3395 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3396 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3397 | } |
3398 | ||
3399 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_dnskey) { | |
3400 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3401 | initSR(sr, true); |
8455425c RG |
3402 | |
3403 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3404 | ||
3405 | primeHints(); | |
3406 | const DNSName target("."); | |
b7f378d1 | 3407 | testkeysset_t keys; |
8455425c RG |
3408 | |
3409 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3410 | luaconfsCopy.dsAnchors.clear(); | |
3411 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
3412 | g_luaconfs.setState(luaconfsCopy); | |
3413 | ||
3414 | size_t queriesCount = 0; | |
3415 | ||
3416 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3417 | queriesCount++; | |
3418 | ||
3419 | if (domain == target && type == QType::NS) { | |
3420 | ||
3421 | setLWResult(res, 0, true, false, true); | |
3422 | char addr[] = "a.root-servers.net."; | |
3423 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3424 | addr[0] = idx; | |
3425 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3426 | } | |
3427 | ||
3428 | addRRSIG(keys, res->d_records, domain, 300); | |
3429 | ||
3430 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3431 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3432 | ||
3433 | return 1; | |
3434 | } else if (domain == target && type == QType::DNSKEY) { | |
3435 | ||
3436 | setLWResult(res, 0, true, false, true); | |
3437 | ||
3438 | /* No DNSKEY */ | |
3439 | ||
3440 | return 1; | |
3441 | } | |
3442 | ||
3443 | return 0; | |
3444 | }); | |
3445 | ||
3446 | vector<DNSRecord> ret; | |
3447 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3448 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3449 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
8455425c RG |
3450 | /* 13 NS + 1 RRSIG */ |
3451 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3452 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3453 | |
3454 | /* again, to test the cache */ | |
3455 | ret.clear(); | |
3456 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3457 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3458 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); |
b7f378d1 RG |
3459 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3460 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3461 | } |
3462 | ||
3463 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) { | |
3464 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3465 | initSR(sr, true); |
8455425c RG |
3466 | |
3467 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3468 | ||
3469 | primeHints(); | |
3470 | const DNSName target("."); | |
b7f378d1 RG |
3471 | testkeysset_t dskeys; |
3472 | testkeysset_t keys; | |
8455425c RG |
3473 | |
3474 | /* Generate key material for "." */ | |
3475 | auto dckeDS = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3476 | dckeDS->create(dckeDS->getBits()); | |
3477 | DNSSECPrivateKey dskey; | |
3478 | dskey.d_flags = 257; | |
3479 | dskey.setKey(dckeDS); | |
b7f378d1 RG |
3480 | DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSECKeeper::SHA256); |
3481 | ||
8455425c RG |
3482 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); |
3483 | dcke->create(dcke->getBits()); | |
3484 | DNSSECPrivateKey dpk; | |
3485 | dpk.d_flags = 256; | |
3486 | dpk.setKey(dcke); | |
b7f378d1 | 3487 | DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::SHA256); |
8455425c | 3488 | |
b7f378d1 RG |
3489 | dskeys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(dskey, drc); |
3490 | keys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(dpk, uselessdrc); | |
8455425c RG |
3491 | |
3492 | /* Set the root DS */ | |
8455425c RG |
3493 | auto luaconfsCopy = g_luaconfs.getCopy(); |
3494 | luaconfsCopy.dsAnchors.clear(); | |
3495 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(drc); | |
3496 | g_luaconfs.setState(luaconfsCopy); | |
3497 | ||
3498 | size_t queriesCount = 0; | |
3499 | ||
3500 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3501 | queriesCount++; | |
3502 | ||
3503 | if (domain == target && type == QType::NS) { | |
3504 | ||
3505 | setLWResult(res, 0, true, false, true); | |
3506 | char addr[] = "a.root-servers.net."; | |
3507 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3508 | addr[0] = idx; | |
3509 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3510 | } | |
3511 | ||
3512 | addRRSIG(keys, res->d_records, domain, 300); | |
3513 | ||
3514 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3515 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3516 | ||
3517 | return 1; | |
3518 | } else if (domain == target && type == QType::DNSKEY) { | |
3519 | ||
3520 | setLWResult(res, 0, true, false, true); | |
3521 | ||
3522 | addDNSKEY(keys, domain, 300, res->d_records); | |
3523 | addRRSIG(keys, res->d_records, domain, 300); | |
3524 | ||
3525 | return 1; | |
3526 | } | |
3527 | ||
3528 | return 0; | |
3529 | }); | |
3530 | ||
3531 | vector<DNSRecord> ret; | |
3532 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3533 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3534 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
8455425c RG |
3535 | /* 13 NS + 1 RRSIG */ |
3536 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3537 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3538 | |
3539 | /* again, to test the cache */ | |
3540 | ret.clear(); | |
3541 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3542 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3543 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); |
b7f378d1 RG |
3544 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3545 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3546 | } |
3547 | ||
3548 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_rrsig_signed_with_unknown_dnskey) { | |
3549 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3550 | initSR(sr, true); |
8455425c RG |
3551 | |
3552 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3553 | ||
3554 | primeHints(); | |
3555 | const DNSName target("."); | |
b7f378d1 RG |
3556 | testkeysset_t keys; |
3557 | testkeysset_t rrsigkeys; | |
8455425c RG |
3558 | |
3559 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3560 | luaconfsCopy.dsAnchors.clear(); | |
3561 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
3562 | g_luaconfs.setState(luaconfsCopy); | |
3563 | ||
3564 | auto dckeRRSIG = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3565 | dckeRRSIG->create(dckeRRSIG->getBits()); | |
3566 | DNSSECPrivateKey rrsigkey; | |
3567 | rrsigkey.d_flags = 257; | |
3568 | rrsigkey.setKey(dckeRRSIG); | |
b7f378d1 RG |
3569 | DSRecordContent rrsigds = makeDSFromDNSKey(target, rrsigkey.getDNSKEY(), DNSSECKeeper::SHA256); |
3570 | ||
3571 | rrsigkeys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(rrsigkey, rrsigds); | |
8455425c RG |
3572 | |
3573 | size_t queriesCount = 0; | |
3574 | ||
3575 | sr->setAsyncCallback([target,&queriesCount,keys,rrsigkeys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3576 | queriesCount++; | |
3577 | ||
3578 | if (domain == target && type == QType::NS) { | |
3579 | ||
3580 | setLWResult(res, 0, true, false, true); | |
3581 | char addr[] = "a.root-servers.net."; | |
3582 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3583 | addr[0] = idx; | |
3584 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3585 | } | |
3586 | ||
3587 | addRRSIG(rrsigkeys, res->d_records, domain, 300); | |
3588 | ||
3589 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3590 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3591 | ||
3592 | return 1; | |
3593 | } else if (domain == target && type == QType::DNSKEY) { | |
3594 | ||
3595 | setLWResult(res, 0, true, false, true); | |
3596 | ||
3597 | addDNSKEY(keys, domain, 300, res->d_records); | |
3598 | addRRSIG(rrsigkeys, res->d_records, domain, 300); | |
3599 | ||
3600 | return 1; | |
3601 | } | |
3602 | ||
3603 | return 0; | |
3604 | }); | |
3605 | ||
3606 | vector<DNSRecord> ret; | |
3607 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3608 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3609 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
8455425c RG |
3610 | /* 13 NS + 1 RRSIG */ |
3611 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3612 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3613 | |
3614 | /* again, to test the cache */ | |
3615 | ret.clear(); | |
3616 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3617 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3618 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); |
b7f378d1 RG |
3619 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3620 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3621 | } |
3622 | ||
3623 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_rrsig) { | |
3624 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3625 | initSR(sr, true); |
8455425c RG |
3626 | |
3627 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3628 | ||
3629 | primeHints(); | |
3630 | const DNSName target("."); | |
b7f378d1 | 3631 | testkeysset_t keys; |
8455425c RG |
3632 | |
3633 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3634 | luaconfsCopy.dsAnchors.clear(); | |
3635 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
3636 | g_luaconfs.setState(luaconfsCopy); | |
3637 | ||
3638 | size_t queriesCount = 0; | |
3639 | ||
3640 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3641 | queriesCount++; | |
3642 | ||
3643 | if (domain == target && type == QType::NS) { | |
3644 | ||
3645 | setLWResult(res, 0, true, false, true); | |
3646 | char addr[] = "a.root-servers.net."; | |
3647 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3648 | addr[0] = idx; | |
3649 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3650 | } | |
3651 | ||
3652 | /* No RRSIG */ | |
3653 | ||
3654 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3655 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3656 | ||
3657 | return 1; | |
3658 | } else if (domain == target && type == QType::DNSKEY) { | |
3659 | ||
3660 | setLWResult(res, 0, true, false, true); | |
3661 | ||
3662 | addDNSKEY(keys, domain, 300, res->d_records); | |
3663 | addRRSIG(keys, res->d_records, domain, 300); | |
3664 | ||
3665 | return 1; | |
3666 | } | |
3667 | ||
3668 | return 0; | |
3669 | }); | |
3670 | ||
3671 | vector<DNSRecord> ret; | |
3672 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3673 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3674 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
8455425c RG |
3675 | /* 13 NS + 0 RRSIG */ |
3676 | BOOST_REQUIRE_EQUAL(ret.size(), 13); | |
3677 | /* no RRSIG so no query for DNSKEYs */ | |
3678 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
3679 | |
3680 | /* again, to test the cache */ | |
3681 | ret.clear(); | |
3682 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3683 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3684 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); |
b7f378d1 RG |
3685 | BOOST_REQUIRE_EQUAL(ret.size(), 13); |
3686 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
3687 | } |
3688 | ||
3689 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_algorithm) { | |
3690 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3691 | initSR(sr, true); |
8455425c RG |
3692 | |
3693 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3694 | ||
3695 | primeHints(); | |
3696 | const DNSName target("."); | |
b7f378d1 | 3697 | testkeysset_t keys; |
8455425c RG |
3698 | |
3699 | /* Generate key material for "." */ | |
3700 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3701 | dcke->create(dcke->getBits()); | |
3702 | DNSSECPrivateKey dpk; | |
3703 | dpk.d_flags = 256; | |
3704 | dpk.setKey(dcke); | |
3705 | /* Fake algorithm number (private) */ | |
3706 | dpk.d_algorithm = 253; | |
3707 | ||
8455425c | 3708 | DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::SHA256); |
b7f378d1 | 3709 | keys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(dpk, drc); |
8455425c RG |
3710 | /* Fake algorithm number (private) */ |
3711 | drc.d_algorithm = 253; | |
3712 | ||
b7f378d1 | 3713 | /* Set the root DS */ |
8455425c RG |
3714 | auto luaconfsCopy = g_luaconfs.getCopy(); |
3715 | luaconfsCopy.dsAnchors.clear(); | |
3716 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(drc); | |
3717 | g_luaconfs.setState(luaconfsCopy); | |
3718 | ||
3719 | size_t queriesCount = 0; | |
3720 | ||
3721 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3722 | queriesCount++; | |
3723 | ||
3724 | if (domain == target && type == QType::NS) { | |
3725 | ||
3726 | setLWResult(res, 0, true, false, true); | |
3727 | char addr[] = "a.root-servers.net."; | |
3728 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3729 | addr[0] = idx; | |
3730 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3731 | } | |
3732 | ||
3733 | addRRSIG(keys, res->d_records, domain, 300); | |
3734 | ||
3735 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3736 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3737 | ||
3738 | return 1; | |
3739 | } else if (domain == target && type == QType::DNSKEY) { | |
3740 | ||
3741 | setLWResult(res, 0, true, false, true); | |
3742 | ||
3743 | addDNSKEY(keys, domain, 300, res->d_records); | |
3744 | addRRSIG(keys, res->d_records, domain, 300); | |
3745 | ||
3746 | return 1; | |
3747 | } | |
3748 | ||
3749 | return 0; | |
3750 | }); | |
3751 | ||
3752 | vector<DNSRecord> ret; | |
3753 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3754 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3755 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
8455425c RG |
3756 | /* 13 NS + 1 RRSIG */ |
3757 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3758 | /* no supported DS so no query for DNSKEYs */ | |
3759 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
3760 | |
3761 | /* again, to test the cache */ | |
3762 | ret.clear(); | |
3763 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3764 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3765 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); |
b7f378d1 RG |
3766 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3767 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
3768 | } |
3769 | ||
3770 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_digest) { | |
3771 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3772 | initSR(sr, true); |
8455425c RG |
3773 | |
3774 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3775 | ||
3776 | primeHints(); | |
3777 | const DNSName target("."); | |
b7f378d1 | 3778 | testkeysset_t keys; |
8455425c RG |
3779 | |
3780 | /* Generate key material for "." */ | |
3781 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3782 | dcke->create(dcke->getBits()); | |
3783 | DNSSECPrivateKey dpk; | |
3784 | dpk.d_flags = 256; | |
3785 | dpk.setKey(dcke); | |
8455425c RG |
3786 | DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::SHA256); |
3787 | /* Fake digest number (reserved) */ | |
3788 | drc.d_digesttype = 0; | |
3789 | ||
b7f378d1 RG |
3790 | keys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(dpk, drc); |
3791 | ||
3792 | /* Set the root DS */ | |
8455425c RG |
3793 | auto luaconfsCopy = g_luaconfs.getCopy(); |
3794 | luaconfsCopy.dsAnchors.clear(); | |
3795 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(drc); | |
3796 | g_luaconfs.setState(luaconfsCopy); | |
3797 | ||
3798 | size_t queriesCount = 0; | |
3799 | ||
3800 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3801 | queriesCount++; | |
3802 | ||
3803 | if (domain == target && type == QType::NS) { | |
3804 | ||
3805 | setLWResult(res, 0, true, false, true); | |
3806 | char addr[] = "a.root-servers.net."; | |
3807 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3808 | addr[0] = idx; | |
3809 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3810 | } | |
3811 | ||
3812 | addRRSIG(keys, res->d_records, domain, 300); | |
3813 | ||
3814 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3815 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3816 | ||
3817 | return 1; | |
3818 | } else if (domain == target && type == QType::DNSKEY) { | |
3819 | ||
3820 | setLWResult(res, 0, true, false, true); | |
3821 | ||
3822 | addDNSKEY(keys, domain, 300, res->d_records); | |
3823 | addRRSIG(keys, res->d_records, domain, 300); | |
3824 | ||
3825 | return 1; | |
3826 | } | |
3827 | ||
3828 | return 0; | |
3829 | }); | |
3830 | ||
3831 | vector<DNSRecord> ret; | |
3832 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3833 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3834 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
8455425c RG |
3835 | /* 13 NS + 1 RRSIG */ |
3836 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3837 | /* no supported DS so no query for DNSKEYs */ | |
3838 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
3839 | |
3840 | /* again, to test the cache */ | |
3841 | ret.clear(); | |
3842 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3843 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3844 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); |
b7f378d1 RG |
3845 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3846 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
3847 | } |
3848 | ||
3d5ebf10 RG |
3849 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_sig) { |
3850 | std::unique_ptr<SyncRes> sr; | |
3851 | initSR(sr, true); | |
3852 | ||
3853 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3854 | ||
3855 | primeHints(); | |
3856 | const DNSName target("."); | |
3857 | testkeysset_t keys; | |
3858 | ||
3859 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3860 | luaconfsCopy.dsAnchors.clear(); | |
3861 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::SHA384, keys, luaconfsCopy.dsAnchors); | |
3862 | ||
3863 | g_luaconfs.setState(luaconfsCopy); | |
3864 | ||
3865 | size_t queriesCount = 0; | |
3866 | ||
3867 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3868 | queriesCount++; | |
3869 | ||
3870 | if (domain == target && type == QType::NS) { | |
3871 | ||
3872 | setLWResult(res, 0, true, false, true); | |
3873 | char addr[] = "a.root-servers.net."; | |
3874 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3875 | addr[0] = idx; | |
3876 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3877 | } | |
3878 | ||
3879 | addRRSIG(keys, res->d_records, domain, 300, true); | |
3880 | ||
3881 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3882 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3883 | ||
3884 | return 1; | |
3885 | } else if (domain == target && type == QType::DNSKEY) { | |
3886 | ||
3887 | setLWResult(res, 0, true, false, true); | |
3888 | ||
3889 | addDNSKEY(keys, domain, 300, res->d_records); | |
3890 | addRRSIG(keys, res->d_records, domain, 300); | |
3891 | ||
3892 | return 1; | |
3893 | } | |
3894 | ||
3895 | return 0; | |
3896 | }); | |
3897 | ||
3898 | vector<DNSRecord> ret; | |
3899 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3900 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
3901 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
3902 | /* 13 NS + 1 RRSIG */ | |
3903 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3904 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
3905 | ||
3906 | /* again, to test the cache */ | |
3907 | ret.clear(); | |
3908 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3909 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
3910 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
3911 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3912 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
3913 | } | |
3914 | ||
3915 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_algo) { | |
3916 | std::unique_ptr<SyncRes> sr; | |
3917 | initSR(sr, true); | |
3918 | ||
3919 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3920 | ||
3921 | primeHints(); | |
3922 | const DNSName target("."); | |
3923 | testkeysset_t keys; | |
3924 | ||
3925 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3926 | luaconfsCopy.dsAnchors.clear(); | |
3927 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::SHA384, keys, luaconfsCopy.dsAnchors); | |
3928 | ||
3929 | g_luaconfs.setState(luaconfsCopy); | |
3930 | ||
3931 | size_t queriesCount = 0; | |
3932 | ||
3933 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3934 | queriesCount++; | |
3935 | ||
3936 | if (domain == target && type == QType::NS) { | |
3937 | ||
3938 | setLWResult(res, 0, true, false, true); | |
3939 | char addr[] = "a.root-servers.net."; | |
3940 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3941 | addr[0] = idx; | |
3942 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3943 | } | |
3944 | ||
3945 | /* FORCE WRONG ALGO */ | |
3946 | addRRSIG(keys, res->d_records, domain, 300, false, DNSSECKeeper::RSASHA256); | |
3947 | ||
3948 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3949 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3950 | ||
3951 | return 1; | |
3952 | } else if (domain == target && type == QType::DNSKEY) { | |
3953 | ||
3954 | setLWResult(res, 0, true, false, true); | |
3955 | ||
3956 | addDNSKEY(keys, domain, 300, res->d_records); | |
3957 | addRRSIG(keys, res->d_records, domain, 300); | |
3958 | ||
3959 | return 1; | |
3960 | } | |
3961 | ||
3962 | return 0; | |
3963 | }); | |
3964 | ||
3965 | vector<DNSRecord> ret; | |
3966 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3967 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
3968 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
3969 | /* 13 NS + 1 RRSIG */ | |
3970 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3971 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
3972 | ||
3973 | /* again, to test the cache */ | |
3974 | ret.clear(); | |
3975 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3976 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
3977 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
3978 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3979 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
3980 | } | |
3981 | ||
b7f378d1 | 3982 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_various_algos) { |
8455425c | 3983 | std::unique_ptr<SyncRes> sr; |
895449a5 | 3984 | initSR(sr, true); |
8455425c RG |
3985 | |
3986 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3987 | ||
3988 | primeHints(); | |
3989 | const DNSName target("powerdns.com."); | |
b7f378d1 RG |
3990 | const ComboAddress targetAddr("192.0.2.42"); |
3991 | testkeysset_t keys; | |
8455425c RG |
3992 | |
3993 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3994 | luaconfsCopy.dsAnchors.clear(); | |
b7f378d1 RG |
3995 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::SHA384, keys, luaconfsCopy.dsAnchors); |
3996 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
3997 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA384, DNSSECKeeper::SHA384, keys); | |
8455425c RG |
3998 | |
3999 | g_luaconfs.setState(luaconfsCopy); | |
4000 | ||
4001 | size_t queriesCount = 0; | |
4002 | ||
b7f378d1 | 4003 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { |
8455425c RG |
4004 | queriesCount++; |
4005 | ||
b7f378d1 RG |
4006 | DNSName auth = domain; |
4007 | if (domain == target) { | |
4008 | auth = DNSName("powerdns.com."); | |
4009 | } | |
8455425c | 4010 | if (type == QType::DS) { |
a53e8fe3 | 4011 | return 0; |
8455425c RG |
4012 | } |
4013 | else if (type == QType::DNSKEY) { | |
4014 | setLWResult(res, 0, true, false, true); | |
b7f378d1 RG |
4015 | addDNSKEY(keys, auth, 300, res->d_records); |
4016 | addRRSIG(keys, res->d_records, auth, 300); | |
8455425c RG |
4017 | return 1; |
4018 | } | |
4019 | else if (domain == target) { | |
4020 | if (isRootServer(ip)) { | |
4021 | setLWResult(res, 0, false, false, true); | |
4022 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
b7f378d1 | 4023 | addDS(DNSName("com."), 300, res->d_records, keys); |
8455425c RG |
4024 | addRRSIG(keys, res->d_records, DNSName("."), 300); |
4025 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4026 | return 1; | |
4027 | } | |
4028 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4029 | setLWResult(res, 0, false, false, true); | |
b7f378d1 RG |
4030 | addRecordToLW(res, auth, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); |
4031 | addDS(auth, 300, res->d_records, keys); | |
8455425c RG |
4032 | addRRSIG(keys, res->d_records, DNSName("com."), 300); |
4033 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4034 | return 1; | |
4035 | } | |
4036 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
b7f378d1 RG |
4037 | setLWResult(res, RCode::NoError, true, false, true); |
4038 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
4039 | addRRSIG(keys, res->d_records, auth, 300); | |
8455425c RG |
4040 | return 1; |
4041 | } | |
4042 | } | |
4043 | ||
4044 | return 0; | |
4045 | }); | |
4046 | ||
4047 | vector<DNSRecord> ret; | |
4048 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 RG |
4049 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
4050 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4051 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
8455425c | 4052 | BOOST_CHECK_EQUAL(queriesCount, 6); |
b7f378d1 RG |
4053 | |
4054 | /* again, to test the cache */ | |
4055 | ret.clear(); | |
4056 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4057 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 4058 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); |
b7f378d1 RG |
4059 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
4060 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
8455425c RG |
4061 | } |
4062 | ||
b7f378d1 | 4063 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_with_nta) { |
8455425c | 4064 | std::unique_ptr<SyncRes> sr; |
895449a5 | 4065 | initSR(sr, true); |
8455425c RG |
4066 | |
4067 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4068 | ||
4069 | primeHints(); | |
b7f378d1 RG |
4070 | const DNSName target("powerdns.com."); |
4071 | const ComboAddress targetAddr("192.0.2.42"); | |
4072 | testkeysset_t keys; | |
8455425c RG |
4073 | |
4074 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4075 | luaconfsCopy.dsAnchors.clear(); | |
b7f378d1 RG |
4076 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); |
4077 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4078 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4079 | ||
4080 | /* Add a NTA for "powerdns.com" */ | |
4081 | luaconfsCopy.negAnchors[target] = "NTA for PowerDNS.com"; | |
8455425c | 4082 | |
8455425c RG |
4083 | g_luaconfs.setState(luaconfsCopy); |
4084 | ||
4085 | size_t queriesCount = 0; | |
4086 | ||
b7f378d1 | 4087 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { |
8455425c RG |
4088 | queriesCount++; |
4089 | ||
b7f378d1 RG |
4090 | DNSName auth = domain; |
4091 | if (domain == target) { | |
4092 | auth = DNSName("powerdns.com."); | |
4093 | } | |
4094 | if (type == QType::DS) { | |
a53e8fe3 | 4095 | return 0; |
b7f378d1 RG |
4096 | } |
4097 | else if (type == QType::DNSKEY) { | |
8455425c | 4098 | setLWResult(res, 0, true, false, true); |
b7f378d1 RG |
4099 | addDNSKEY(keys, auth, 300, res->d_records); |
4100 | addRRSIG(keys, res->d_records, auth, 300); | |
4101 | return 1; | |
4102 | } | |
4103 | else if (domain == target) { | |
4104 | if (isRootServer(ip)) { | |
4105 | setLWResult(res, 0, false, false, true); | |
4106 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4107 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4108 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4109 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4110 | return 1; | |
4111 | } | |
4112 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4113 | setLWResult(res, 0, false, false, true); | |
4114 | addRecordToLW(res, auth, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4115 | addDS(auth, 300, res->d_records, keys); | |
4116 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4117 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4118 | return 1; | |
4119 | } | |
4120 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4121 | setLWResult(res, RCode::NoError, true, false, true); | |
4122 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
4123 | addRRSIG(keys, res->d_records, auth, 300); | |
4124 | return 1; | |
4125 | } | |
4126 | } | |
4127 | ||
4128 | return 0; | |
4129 | }); | |
4130 | ||
4131 | vector<DNSRecord> ret; | |
4132 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4133 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4134 | /* Should be insecure because of the NTA */ | |
4135 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4136 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
4137 | /* and a such, no query for the last DNSKEYs */ | |
4138 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
4139 | ||
4140 | /* again, to test the cache */ | |
4141 | ret.clear(); | |
4142 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4143 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4144 | /* Should be insecure because of the NTA */ | |
4145 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4146 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
4147 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
4148 | } | |
4149 | ||
4150 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_with_nta) { | |
4151 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4152 | initSR(sr, true); |
b7f378d1 RG |
4153 | |
4154 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4155 | ||
4156 | primeHints(); | |
4157 | const DNSName target("powerdns.com."); | |
4158 | const ComboAddress targetAddr("192.0.2.42"); | |
4159 | testkeysset_t keys; | |
4160 | ||
4161 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4162 | luaconfsCopy.dsAnchors.clear(); | |
4163 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4164 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4165 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4166 | ||
4167 | /* Add a NTA for "powerdns.com" */ | |
4168 | luaconfsCopy.negAnchors[target] = "NTA for PowerDNS.com"; | |
4169 | ||
4170 | g_luaconfs.setState(luaconfsCopy); | |
4171 | ||
4172 | size_t queriesCount = 0; | |
4173 | ||
4174 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4175 | queriesCount++; | |
4176 | ||
4177 | if (type == QType::DS || type == QType::DNSKEY) { | |
4178 | setLWResult(res, 0, false, false, true); | |
4179 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4180 | return 1; | |
4181 | } | |
4182 | else if (domain == target) { | |
4183 | if (isRootServer(ip)) { | |
4184 | setLWResult(res, 0, false, false, true); | |
4185 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4186 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4187 | return 1; | |
4188 | } | |
4189 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4190 | setLWResult(res, 0, false, false, true); | |
4191 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4192 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4193 | return 1; | |
4194 | } | |
4195 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4196 | setLWResult(res, RCode::NoError, true, false, true); | |
4197 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
4198 | return 1; | |
4199 | } | |
4200 | } | |
4201 | ||
4202 | return 0; | |
4203 | }); | |
4204 | ||
4205 | /* There is TA for root but no DS/DNSKEY/RRSIG, should be Bogus, but.. */ | |
4206 | vector<DNSRecord> ret; | |
4207 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4208 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4209 | /* Should be insecure because of the NTA */ | |
4210 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4211 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4212 | /* and a such, no query for the DNSKEYs */ | |
4213 | BOOST_CHECK_EQUAL(queriesCount, 4); | |
4214 | ||
4215 | /* again, to test the cache */ | |
4216 | ret.clear(); | |
4217 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4218 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4219 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4220 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4221 | BOOST_CHECK_EQUAL(queriesCount, 4); | |
4222 | } | |
4223 | ||
4224 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec) { | |
4225 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4226 | initSR(sr, true); |
b7f378d1 RG |
4227 | |
4228 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4229 | ||
4230 | primeHints(); | |
4231 | const DNSName target("powerdns.com."); | |
4232 | testkeysset_t keys; | |
4233 | ||
4234 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4235 | luaconfsCopy.dsAnchors.clear(); | |
4236 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4237 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4238 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4239 | ||
4240 | g_luaconfs.setState(luaconfsCopy); | |
4241 | ||
4242 | size_t queriesCount = 0; | |
4243 | ||
4244 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4245 | queriesCount++; | |
4246 | ||
4247 | if (type == QType::DS) { | |
a53e8fe3 | 4248 | return 0; |
b7f378d1 RG |
4249 | } |
4250 | else if (type == QType::DNSKEY) { | |
4251 | setLWResult(res, 0, true, false, true); | |
4252 | addDNSKEY(keys, domain, 300, res->d_records); | |
4253 | addRRSIG(keys, res->d_records, domain, 300); | |
4254 | return 1; | |
4255 | } | |
4256 | else if (domain == target) { | |
4257 | if (isRootServer(ip)) { | |
4258 | setLWResult(res, 0, false, false, true); | |
4259 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4260 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4261 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4262 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4263 | return 1; | |
4264 | } | |
4265 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4266 | setLWResult(res, 0, false, false, true); | |
4267 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4268 | addDS(domain, 300, res->d_records, keys); | |
4269 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4270 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4271 | return 1; | |
4272 | } | |
4273 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4274 | setLWResult(res, 0, true, false, true); | |
4275 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4276 | addRRSIG(keys, res->d_records, domain, 300); | |
4277 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS, QType::DNSKEY }, 600, res->d_records); | |
4278 | addRRSIG(keys, res->d_records, domain, 300); | |
4279 | return 1; | |
4280 | } | |
4281 | } | |
4282 | ||
4283 | return 0; | |
4284 | }); | |
4285 | ||
4286 | vector<DNSRecord> ret; | |
4287 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4288 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4289 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4290 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4291 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4292 | ||
4293 | /* again, to test the cache */ | |
4294 | ret.clear(); | |
4295 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4296 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4297 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4298 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4299 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4300 | } | |
4301 | ||
4302 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_nxdomain_nsec) { | |
4303 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4304 | initSR(sr, true); |
b7f378d1 RG |
4305 | |
4306 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4307 | ||
4308 | primeHints(); | |
4309 | const DNSName target("nx.powerdns.com."); | |
4310 | testkeysset_t keys; | |
4311 | ||
4312 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4313 | luaconfsCopy.dsAnchors.clear(); | |
4314 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4315 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4316 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4317 | ||
4318 | g_luaconfs.setState(luaconfsCopy); | |
4319 | ||
4320 | size_t queriesCount = 0; | |
4321 | ||
4322 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4323 | queriesCount++; | |
4324 | ||
4325 | DNSName auth = domain; | |
4326 | if (domain == target) { | |
4327 | auth = DNSName("powerdns.com."); | |
4328 | } | |
4329 | if (type == QType::DS) { | |
a53e8fe3 | 4330 | return 0; |
b7f378d1 RG |
4331 | } |
4332 | else if (type == QType::DNSKEY) { | |
4333 | setLWResult(res, 0, true, false, true); | |
4334 | addDNSKEY(keys, auth, 300, res->d_records); | |
4335 | addRRSIG(keys, res->d_records, auth, 300); | |
4336 | return 1; | |
4337 | } | |
4338 | else if (domain == target) { | |
4339 | if (isRootServer(ip)) { | |
4340 | setLWResult(res, 0, false, false, true); | |
4341 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4342 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4343 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4344 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4345 | return 1; | |
4346 | } | |
4347 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4348 | setLWResult(res, 0, false, false, true); | |
4349 | addRecordToLW(res, auth, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4350 | addDS(auth, 300, res->d_records, keys); | |
4351 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4352 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4353 | return 1; | |
4354 | } | |
4355 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4356 | setLWResult(res, RCode::NXDomain, true, false, true); | |
4357 | addRecordToLW(res, DNSName("powerdns.com."), QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4358 | addRRSIG(keys, res->d_records, auth, 300); | |
4359 | addNSECRecordToLW(DNSName("nw.powerdns.com."), DNSName("ny.powerdns.com."), { QType::RRSIG, QType::NSEC }, 600, res->d_records); | |
4360 | addRRSIG(keys, res->d_records, auth, 300); | |
4361 | return 1; | |
4362 | } | |
4363 | } | |
4364 | ||
4365 | return 0; | |
4366 | }); | |
4367 | ||
4368 | vector<DNSRecord> ret; | |
4369 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4370 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
4371 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4372 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4373 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4374 | ||
4375 | /* again, to test the cache */ | |
4376 | ret.clear(); | |
4377 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4378 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
4379 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4380 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4381 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4382 | } | |
4383 | ||
2b984251 RG |
4384 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard) { |
4385 | std::unique_ptr<SyncRes> sr; | |
4386 | initSR(sr, true); | |
4387 | ||
4388 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4389 | ||
4390 | primeHints(); | |
4391 | const DNSName target("www.powerdns.com."); | |
4392 | testkeysset_t keys; | |
4393 | ||
4394 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4395 | luaconfsCopy.dsAnchors.clear(); | |
4396 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4397 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4398 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4399 | ||
4400 | g_luaconfs.setState(luaconfsCopy); | |
4401 | ||
4402 | size_t queriesCount = 0; | |
4403 | ||
4404 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4405 | queriesCount++; | |
4406 | ||
4407 | if (type == QType::DS) { | |
a53e8fe3 | 4408 | return 0; |
2b984251 RG |
4409 | } |
4410 | else if (type == QType::DNSKEY) { | |
4411 | setLWResult(res, 0, true, false, true); | |
4412 | addDNSKEY(keys, domain, 300, res->d_records); | |
4413 | addRRSIG(keys, res->d_records, domain, 300); | |
4414 | return 1; | |
4415 | } | |
4416 | else if (domain == target) { | |
4417 | if (isRootServer(ip)) { | |
4418 | setLWResult(res, 0, false, false, true); | |
4419 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4420 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4421 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4422 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4423 | return 1; | |
4424 | } | |
4425 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4426 | setLWResult(res, 0, false, false, true); | |
4427 | addRecordToLW(res, "powerdns.com.", QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4428 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
4429 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4430 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4431 | return 1; | |
4432 | } | |
4433 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4434 | setLWResult(res, 0, true, false, true); | |
4435 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
4436 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300, false, boost::none, DNSName("*.powerdns.com")); | |
4437 | addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("wwz.powerdns.com."), { QType::A, QType::NSEC, QType::RRSIG }, 600, res->d_records); | |
4438 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300); | |
4439 | return 1; | |
4440 | } | |
4441 | } | |
4442 | ||
4443 | return 0; | |
4444 | }); | |
4445 | ||
4446 | vector<DNSRecord> ret; | |
4447 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4448 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4449 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4450 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4451 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4452 | ||
4453 | /* again, to test the cache */ | |
4454 | ret.clear(); | |
4455 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4456 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4457 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4458 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4459 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4460 | } | |
4461 | ||
a53e8fe3 RG |
4462 | BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_secure) { |
4463 | std::unique_ptr<SyncRes> sr; | |
4464 | initSR(sr, true); | |
4465 | ||
4466 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4467 | ||
4468 | primeHints(); | |
4469 | const DNSName target("www.powerdns.com."); | |
4470 | testkeysset_t keys; | |
4471 | ||
4472 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4473 | luaconfsCopy.dsAnchors.clear(); | |
4474 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4475 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4476 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4477 | ||
4478 | g_luaconfs.setState(luaconfsCopy); | |
4479 | ||
4480 | size_t queriesCount = 0; | |
4481 | size_t dsQueriesCount = 0; | |
4482 | ||
4483 | sr->setAsyncCallback([target,&queriesCount,&dsQueriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4484 | queriesCount++; | |
4485 | ||
4486 | if (type == QType::DS) { | |
4487 | DNSName auth(domain); | |
4488 | auth.chopOff(); | |
4489 | dsQueriesCount++; | |
4490 | ||
4491 | setLWResult(res, 0, true, false, true); | |
4492 | addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER); | |
4493 | addRRSIG(keys, res->d_records, auth, 300); | |
4494 | return 1; | |
4495 | } | |
4496 | else if (type == QType::DNSKEY) { | |
4497 | setLWResult(res, 0, true, false, true); | |
4498 | addDNSKEY(keys, domain, 300, res->d_records); | |
4499 | addRRSIG(keys, res->d_records, domain, 300); | |
4500 | return 1; | |
4501 | } | |
4502 | else if (domain == target) { | |
4503 | if (isRootServer(ip)) { | |
4504 | setLWResult(res, 0, false, false, true); | |
4505 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4506 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4507 | /* No DS on referral, and no denial of the DS either */ | |
4508 | return 1; | |
4509 | } | |
4510 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4511 | setLWResult(res, 0, false, false, true); | |
4512 | addRecordToLW(res, "powerdns.com.", QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4513 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4514 | /* No DS on referral, and no denial of the DS either */ | |
4515 | return 1; | |
4516 | } | |
4517 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4518 | setLWResult(res, 0, true, false, true); | |
4519 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
4520 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300, false, boost::none, DNSName("*.powerdns.com")); | |
4521 | addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("wwz.powerdns.com."), { QType::A, QType::NSEC, QType::RRSIG }, 600, res->d_records); | |
4522 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300); | |
4523 | return 1; | |
4524 | } | |
4525 | } | |
4526 | ||
4527 | return 0; | |
4528 | }); | |
4529 | ||
4530 | vector<DNSRecord> ret; | |
4531 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4532 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4533 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4534 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4535 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
4536 | BOOST_CHECK_EQUAL(dsQueriesCount, 2); | |
4537 | ||
4538 | /* again, to test the cache */ | |
4539 | ret.clear(); | |
4540 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4541 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4542 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4543 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4544 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
4545 | BOOST_CHECK_EQUAL(dsQueriesCount, 2); | |
4546 | } | |
4547 | ||
4548 | BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_insecure) { | |
4549 | std::unique_ptr<SyncRes> sr; | |
4550 | initSR(sr, true); | |
4551 | ||
4552 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4553 | ||
4554 | primeHints(); | |
4555 | const DNSName target("www.powerdns.com."); | |
4556 | testkeysset_t keys; | |
4557 | ||
4558 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4559 | luaconfsCopy.dsAnchors.clear(); | |
4560 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4561 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4562 | ||
4563 | g_luaconfs.setState(luaconfsCopy); | |
4564 | ||
4565 | size_t queriesCount = 0; | |
4566 | size_t dsQueriesCount = 0; | |
4567 | ||
4568 | sr->setAsyncCallback([target,&queriesCount,&dsQueriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4569 | queriesCount++; | |
4570 | ||
4571 | if (type == QType::DS) { | |
4572 | DNSName auth(domain); | |
4573 | auth.chopOff(); | |
4574 | dsQueriesCount++; | |
4575 | ||
4576 | setLWResult(res, 0, true, false, true); | |
4577 | if (domain == DNSName("com.")) { | |
4578 | addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER); | |
4579 | } | |
4580 | else { | |
4581 | addNSECRecordToLW(domain, DNSName("powerdnt.com."), { QType::NS }, 600, res->d_records); | |
4582 | } | |
4583 | addRRSIG(keys, res->d_records, auth, 300); | |
4584 | return 1; | |
4585 | } | |
4586 | else if (type == QType::DNSKEY) { | |
4587 | setLWResult(res, 0, true, false, true); | |
4588 | addDNSKEY(keys, domain, 300, res->d_records); | |
4589 | addRRSIG(keys, res->d_records, domain, 300); | |
4590 | return 1; | |
4591 | } | |
4592 | else if (domain == target) { | |
4593 | if (isRootServer(ip)) { | |
4594 | setLWResult(res, 0, false, false, true); | |
4595 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4596 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4597 | /* No DS on referral, and no denial of the DS either */ | |
4598 | return 1; | |
4599 | } | |
4600 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4601 | setLWResult(res, 0, false, false, true); | |
4602 | addRecordToLW(res, "powerdns.com.", QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4603 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4604 | /* No DS on referral, and no denial of the DS either */ | |
4605 | return 1; | |
4606 | } | |
4607 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4608 | setLWResult(res, 0, true, false, true); | |
4609 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
4610 | return 1; | |
4611 | } | |
4612 | } | |
4613 | ||
4614 | return 0; | |
4615 | }); | |
4616 | ||
4617 | vector<DNSRecord> ret; | |
4618 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4619 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4620 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4621 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4622 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
4623 | BOOST_CHECK_EQUAL(dsQueriesCount, 2); | |
4624 | ||
4625 | /* again, to test the cache */ | |
4626 | ret.clear(); | |
4627 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4628 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4629 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4630 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4631 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
4632 | BOOST_CHECK_EQUAL(dsQueriesCount, 2); | |
4633 | } | |
4634 | ||
b7f378d1 RG |
4635 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_no_nsec) { |
4636 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4637 | initSR(sr, true); |
b7f378d1 RG |
4638 | |
4639 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4640 | ||
4641 | primeHints(); | |
4642 | const DNSName target("powerdns.com."); | |
4643 | testkeysset_t keys; | |
4644 | ||
4645 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4646 | luaconfsCopy.dsAnchors.clear(); | |
4647 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4648 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4649 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4650 | ||
4651 | g_luaconfs.setState(luaconfsCopy); | |
4652 | ||
4653 | size_t queriesCount = 0; | |
4654 | ||
4655 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4656 | queriesCount++; | |
4657 | ||
4658 | if (type == QType::DS) { | |
a53e8fe3 | 4659 | return 0; |
b7f378d1 RG |
4660 | } |
4661 | else if (type == QType::DNSKEY) { | |
4662 | setLWResult(res, 0, true, false, true); | |
4663 | addDNSKEY(keys, domain, 300, res->d_records); | |
4664 | addRRSIG(keys, res->d_records, domain, 300); | |
4665 | return 1; | |
4666 | } | |
4667 | else if (domain == target) { | |
4668 | if (isRootServer(ip)) { | |
4669 | setLWResult(res, 0, false, false, true); | |
4670 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4671 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4672 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4673 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4674 | return 1; | |
4675 | } | |
4676 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4677 | setLWResult(res, 0, false, false, true); | |
4678 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4679 | addDS(domain, 300, res->d_records, keys); | |
4680 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4681 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4682 | return 1; | |
4683 | } | |
4684 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4685 | setLWResult(res, 0, true, false, true); | |
4686 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4687 | addRRSIG(keys, res->d_records, domain, 300); | |
4688 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS, QType::DNSKEY }, 600, res->d_records); | |
4689 | /* NO RRSIG for the NSEC record! */ | |
4690 | return 1; | |
4691 | } | |
4692 | } | |
4693 | ||
4694 | return 0; | |
4695 | }); | |
4696 | ||
4697 | /* NSEC record without the corresponding RRSIG in a secure zone, should be Bogus! */ | |
4698 | vector<DNSRecord> ret; | |
4699 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4700 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4701 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
4702 | BOOST_CHECK_EQUAL(ret.size(), 3); | |
4703 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4704 | ||
4705 | /* again, to test the cache */ | |
4706 | ret.clear(); | |
4707 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4708 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4709 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
4710 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
4711 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4712 | } | |
4713 | ||
4714 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_unsigned_nsec) { | |
4715 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4716 | initSR(sr, true); |
b7f378d1 RG |
4717 | |
4718 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4719 | ||
4720 | primeHints(); | |
4721 | const DNSName target("powerdns.com."); | |
4722 | testkeysset_t keys; | |
4723 | ||
4724 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4725 | luaconfsCopy.dsAnchors.clear(); | |
4726 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4727 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4728 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4729 | ||
4730 | g_luaconfs.setState(luaconfsCopy); | |
4731 | ||
4732 | size_t queriesCount = 0; | |
4733 | ||
4734 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4735 | queriesCount++; | |
4736 | ||
4737 | if (type == QType::DS) { | |
a53e8fe3 | 4738 | return 0; |
b7f378d1 RG |
4739 | } |
4740 | else if (type == QType::DNSKEY) { | |
4741 | setLWResult(res, 0, true, false, true); | |
4742 | addDNSKEY(keys, domain, 300, res->d_records); | |
4743 | addRRSIG(keys, res->d_records, domain, 300); | |
4744 | return 1; | |
4745 | } | |
4746 | else if (domain == target) { | |
4747 | if (isRootServer(ip)) { | |
4748 | setLWResult(res, 0, false, false, true); | |
4749 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4750 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4751 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4752 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4753 | return 1; | |
4754 | } | |
4755 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4756 | setLWResult(res, 0, false, false, true); | |
4757 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4758 | addDS(domain, 300, res->d_records, keys); | |
4759 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4760 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4761 | return 1; | |
4762 | } | |
4763 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4764 | setLWResult(res, 0, true, false, true); | |
4765 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4766 | addRRSIG(keys, res->d_records, domain, 300); | |
4767 | ||
4768 | /* NO NSEC record! */ | |
4769 | return 1; | |
4770 | } | |
4771 | } | |
4772 | ||
4773 | return 0; | |
4774 | }); | |
4775 | ||
4776 | /* no NSEC record in a secure zone, should be Bogus! */ | |
4777 | vector<DNSRecord> ret; | |
4778 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4779 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4780 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
4781 | BOOST_CHECK_EQUAL(ret.size(), 2); | |
4782 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4783 | ||
4784 | /* again, to test the cache */ | |
4785 | ret.clear(); | |
4786 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4787 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4788 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
4789 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
4790 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4791 | } | |
4792 | ||
4793 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure) { | |
4794 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4795 | initSR(sr, true); |
b7f378d1 RG |
4796 | |
4797 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4798 | ||
4799 | primeHints(); | |
4800 | const DNSName target("powerdns.com."); | |
4801 | const ComboAddress targetAddr("192.0.2.42"); | |
4802 | testkeysset_t keys; | |
4803 | ||
4804 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4805 | luaconfsCopy.dsAnchors.clear(); | |
4806 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4807 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4808 | ||
4809 | g_luaconfs.setState(luaconfsCopy); | |
4810 | ||
4811 | size_t queriesCount = 0; | |
4812 | ||
4813 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4814 | queriesCount++; | |
4815 | ||
4816 | if (type == QType::DS) { | |
a53e8fe3 | 4817 | if (domain == target) { |
b7f378d1 | 4818 | setLWResult(res, 0, false, false, true); |
895449a5 | 4819 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); |
b7f378d1 RG |
4820 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); |
4821 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4822 | return 1; | |
4823 | } | |
4824 | } | |
4825 | else if (type == QType::DNSKEY) { | |
4826 | if (domain == g_rootdnsname || domain == DNSName("com.")) { | |
4827 | setLWResult(res, 0, true, false, true); | |
4828 | addDNSKEY(keys, domain, 300, res->d_records); | |
4829 | addRRSIG(keys, res->d_records, domain, 300); | |
4830 | return 1; | |
4831 | } | |
4832 | else { | |
4833 | setLWResult(res, 0, false, false, true); | |
895449a5 | 4834 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); |
b7f378d1 RG |
4835 | return 1; |
4836 | } | |
4837 | } | |
4838 | else if (domain == target) { | |
4839 | if (isRootServer(ip)) { | |
4840 | setLWResult(res, 0, false, false, true); | |
4841 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4842 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4843 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4844 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4845 | return 1; | |
4846 | } | |
4847 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4848 | setLWResult(res, 0, false, false, true); | |
4849 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4850 | /* no DS */ | |
4851 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); | |
4852 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4853 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4854 | return 1; | |
4855 | } | |
4856 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4857 | setLWResult(res, 0, true, false, true); | |
4858 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
4859 | return 1; | |
4860 | } | |
4861 | } | |
4862 | ||
4863 | return 0; | |
4864 | }); | |
4865 | ||
4866 | vector<DNSRecord> ret; | |
4867 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4868 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4869 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4870 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4871 | BOOST_CHECK(ret[0].d_type == QType::A); | |
860d5e8e RG |
4872 | /* only 4 because no DS query for powerdns.com (DS denial in referral), and then no DNSKEY query either (insecure) */ |
4873 | BOOST_CHECK_EQUAL(queriesCount, 4); | |
b7f378d1 RG |
4874 | |
4875 | /* again, to test the cache */ | |
4876 | ret.clear(); | |
4877 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4878 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4879 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4880 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4881 | BOOST_CHECK(ret[0].d_type == QType::A); | |
860d5e8e | 4882 | BOOST_CHECK_EQUAL(queriesCount, 4); |
b7f378d1 RG |
4883 | } |
4884 | ||
4885 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nodata) { | |
4886 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4887 | initSR(sr, true); |
b7f378d1 RG |
4888 | |
4889 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4890 | ||
4891 | primeHints(); | |
4892 | const DNSName target("powerdns.com."); | |
4893 | testkeysset_t keys; | |
4894 | ||
4895 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4896 | luaconfsCopy.dsAnchors.clear(); | |
4897 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4898 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4899 | ||
4900 | g_luaconfs.setState(luaconfsCopy); | |
4901 | ||
4902 | size_t queriesCount = 0; | |
4903 | ||
4904 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4905 | queriesCount++; | |
4906 | ||
4907 | if (type == QType::DS) { | |
a53e8fe3 | 4908 | if (domain == target) { |
b7f378d1 | 4909 | setLWResult(res, 0, false, false, true); |
895449a5 | 4910 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); |
b7f378d1 RG |
4911 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); |
4912 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4913 | return 1; | |
4914 | } | |
4915 | } | |
4916 | else if (type == QType::DNSKEY) { | |
4917 | if (domain == g_rootdnsname || domain == DNSName("com.")) { | |
4918 | setLWResult(res, 0, true, false, true); | |
4919 | addDNSKEY(keys, domain, 300, res->d_records); | |
4920 | addRRSIG(keys, res->d_records, domain, 300); | |
4921 | return 1; | |
4922 | } | |
4923 | else { | |
4924 | setLWResult(res, 0, false, false, true); | |
895449a5 | 4925 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); |
b7f378d1 RG |
4926 | return 1; |
4927 | } | |
4928 | } | |
4929 | else if (domain == target) { | |
4930 | if (isRootServer(ip)) { | |
4931 | setLWResult(res, 0, false, false, true); | |
4932 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4933 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4934 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4935 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4936 | return 1; | |
4937 | } | |
4938 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4939 | setLWResult(res, 0, false, false, true); | |
4940 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4941 | /* no DS */ | |
4942 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); | |
4943 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4944 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4945 | return 1; | |
4946 | } | |
4947 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4948 | setLWResult(res, 0, true, false, true); | |
4949 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4950 | return 1; | |
4951 | } | |
4952 | } | |
4953 | ||
4954 | return 0; | |
4955 | }); | |
4956 | ||
4957 | vector<DNSRecord> ret; | |
4958 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4959 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4960 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4961 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
860d5e8e RG |
4962 | /* same as above */ |
4963 | BOOST_CHECK_EQUAL(queriesCount, 4); | |
b7f378d1 RG |
4964 | |
4965 | /* again, to test the cache */ | |
4966 | ret.clear(); | |
4967 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4968 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4969 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4970 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
860d5e8e | 4971 | BOOST_CHECK_EQUAL(queriesCount, 4); |
b7f378d1 RG |
4972 | } |
4973 | ||
895449a5 | 4974 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname) { |
b7f378d1 | 4975 | std::unique_ptr<SyncRes> sr; |
860d5e8e | 4976 | initSR(sr, true); |
b7f378d1 RG |
4977 | |
4978 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4979 | ||
895449a5 RG |
4980 | primeHints(); |
4981 | const DNSName target("powerdns.com."); | |
4982 | const DNSName targetCName("power-dns.com."); | |
4983 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
4984 | testkeysset_t keys; | |
4985 | ||
4986 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4987 | luaconfsCopy.dsAnchors.clear(); | |
4988 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4989 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4990 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4991 | g_luaconfs.setState(luaconfsCopy); | |
4992 | ||
4993 | size_t queriesCount = 0; | |
4994 | ||
4995 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4996 | queriesCount++; | |
4997 | ||
4998 | if (type == QType::DS) { | |
a53e8fe3 | 4999 | if (domain == target) { |
895449a5 RG |
5000 | setLWResult(res, 0, false, false, true); |
5001 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5002 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5003 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5004 | return 1; | |
5005 | } | |
5006 | } | |
5007 | else if (type == QType::DNSKEY) { | |
5008 | if (domain == g_rootdnsname || domain == DNSName("com.") || domain == DNSName("powerdns.com.")) { | |
5009 | setLWResult(res, 0, true, false, true); | |
5010 | addDNSKEY(keys, domain, 300, res->d_records); | |
5011 | addRRSIG(keys, res->d_records, domain, 300); | |
5012 | return 1; | |
5013 | } | |
5014 | else { | |
5015 | setLWResult(res, 0, false, false, true); | |
5016 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5017 | return 1; | |
5018 | } | |
5019 | } | |
5020 | else { | |
5021 | if (isRootServer(ip)) { | |
5022 | setLWResult(res, 0, false, false, true); | |
5023 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5024 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5025 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5026 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5027 | return 1; | |
5028 | } | |
5029 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5030 | setLWResult(res, 0, false, false, true); | |
5031 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5032 | if (domain == DNSName("powerdns.com.")) { | |
5033 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
5034 | } | |
5035 | else if (domain == targetCName) { | |
5036 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5037 | } | |
5038 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5039 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5040 | return 1; | |
5041 | } | |
5042 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5043 | setLWResult(res, 0, true, false, true); | |
5044 | if (domain == DNSName("powerdns.com.")) { | |
5045 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5046 | addRRSIG(keys, res->d_records, domain, 300); | |
5047 | } | |
5048 | else if (domain == targetCName) { | |
5049 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5050 | } | |
5051 | return 1; | |
5052 | } | |
5053 | } | |
5054 | ||
5055 | return 0; | |
5056 | }); | |
5057 | ||
5058 | vector<DNSRecord> ret; | |
5059 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5060 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5061 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5062 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
860d5e8e | 5063 | BOOST_CHECK_EQUAL(queriesCount, 8); |
895449a5 RG |
5064 | |
5065 | /* again, to test the cache */ | |
5066 | ret.clear(); | |
5067 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5068 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5069 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5070 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
860d5e8e | 5071 | BOOST_CHECK_EQUAL(queriesCount, 8); |
895449a5 RG |
5072 | } |
5073 | ||
3d5ebf10 RG |
5074 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_secure_cname) { |
5075 | std::unique_ptr<SyncRes> sr; | |
5076 | initSR(sr, true); | |
5077 | ||
5078 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5079 | ||
5080 | primeHints(); | |
5081 | const DNSName target("power-dns.com."); | |
5082 | const DNSName targetCName("powerdns.com."); | |
5083 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5084 | testkeysset_t keys; | |
5085 | ||
5086 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5087 | luaconfsCopy.dsAnchors.clear(); | |
5088 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5089 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5090 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5091 | g_luaconfs.setState(luaconfsCopy); | |
5092 | ||
5093 | size_t queriesCount = 0; | |
5094 | ||
5095 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5096 | queriesCount++; | |
5097 | ||
5098 | if (type == QType::DS) { | |
a53e8fe3 | 5099 | if (domain == DNSName("power-dns.com.")) { |
3d5ebf10 RG |
5100 | setLWResult(res, 0, false, false, true); |
5101 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5102 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5103 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5104 | return 1; | |
5105 | } | |
5106 | } | |
5107 | else if (type == QType::DNSKEY) { | |
5108 | if (domain == g_rootdnsname || domain == DNSName("com.") || domain == DNSName("powerdns.com.")) { | |
5109 | setLWResult(res, 0, true, false, true); | |
5110 | addDNSKEY(keys, domain, 300, res->d_records); | |
5111 | addRRSIG(keys, res->d_records, domain, 300); | |
5112 | return 1; | |
5113 | } | |
5114 | else { | |
5115 | setLWResult(res, 0, false, false, true); | |
5116 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5117 | return 1; | |
5118 | } | |
5119 | } | |
5120 | else { | |
5121 | if (isRootServer(ip)) { | |
5122 | setLWResult(res, 0, false, false, true); | |
5123 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5124 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5125 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5126 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5127 | return 1; | |
5128 | } | |
5129 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5130 | setLWResult(res, 0, false, false, true); | |
5131 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5132 | if (domain == targetCName) { | |
5133 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
5134 | } | |
5135 | else if (domain == target) { | |
5136 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5137 | } | |
5138 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5139 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5140 | return 1; | |
5141 | } | |
5142 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5143 | setLWResult(res, 0, true, false, true); | |
5144 | if (domain == target) { | |
5145 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5146 | } | |
5147 | else if (domain == targetCName) { | |
5148 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5149 | addRRSIG(keys, res->d_records, domain, 300); | |
5150 | } | |
5151 | return 1; | |
5152 | } | |
5153 | } | |
5154 | ||
5155 | return 0; | |
5156 | }); | |
5157 | ||
5158 | vector<DNSRecord> ret; | |
5159 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5160 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5161 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5162 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
5163 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
5164 | ||
5165 | /* again, to test the cache */ | |
5166 | ret.clear(); | |
5167 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5168 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5169 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5170 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
5171 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
5172 | } | |
5173 | ||
5174 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_secure_cname) { | |
5175 | std::unique_ptr<SyncRes> sr; | |
5176 | initSR(sr, true); | |
5177 | ||
5178 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5179 | ||
5180 | primeHints(); | |
5181 | const DNSName target("power-dns.com."); | |
5182 | const DNSName targetCName("powerdns.com."); | |
5183 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5184 | testkeysset_t keys; | |
5185 | ||
5186 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5187 | luaconfsCopy.dsAnchors.clear(); | |
5188 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5189 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5190 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5191 | generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5192 | g_luaconfs.setState(luaconfsCopy); | |
5193 | ||
5194 | size_t queriesCount = 0; | |
5195 | ||
5196 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5197 | queriesCount++; | |
5198 | ||
5199 | if (type == QType::DS) { | |
a53e8fe3 | 5200 | return 0; |
3d5ebf10 RG |
5201 | } |
5202 | else if (type == QType::DNSKEY) { | |
5203 | setLWResult(res, 0, true, false, true); | |
5204 | addDNSKEY(keys, domain, 300, res->d_records); | |
5205 | addRRSIG(keys, res->d_records, domain, 300); | |
5206 | return 1; | |
5207 | } | |
5208 | else { | |
5209 | if (isRootServer(ip)) { | |
5210 | setLWResult(res, 0, false, false, true); | |
5211 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5212 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5213 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5214 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5215 | return 1; | |
5216 | } | |
5217 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5218 | setLWResult(res, 0, false, false, true); | |
5219 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5220 | addDS(domain, 300, res->d_records, keys); | |
5221 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5222 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5223 | return 1; | |
5224 | } | |
5225 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5226 | setLWResult(res, 0, true, false, true); | |
5227 | if (domain == target) { | |
5228 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5229 | /* No RRSIG, leading to bogus */ | |
5230 | } | |
5231 | else if (domain == targetCName) { | |
5232 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5233 | addRRSIG(keys, res->d_records, domain, 300); | |
5234 | } | |
5235 | return 1; | |
5236 | } | |
5237 | } | |
5238 | ||
5239 | return 0; | |
5240 | }); | |
5241 | ||
5242 | vector<DNSRecord> ret; | |
5243 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5244 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5245 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5246 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
5247 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
5248 | ||
5249 | /* again, to test the cache */ | |
5250 | ret.clear(); | |
5251 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5252 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5253 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5254 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
5255 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
5256 | } | |
5257 | ||
5258 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_bogus_cname) { | |
5259 | std::unique_ptr<SyncRes> sr; | |
5260 | initSR(sr, true); | |
5261 | ||
5262 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5263 | ||
5264 | primeHints(); | |
5265 | const DNSName target("power-dns.com."); | |
5266 | const DNSName targetCName("powerdns.com."); | |
5267 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5268 | testkeysset_t keys; | |
5269 | ||
5270 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5271 | luaconfsCopy.dsAnchors.clear(); | |
5272 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5273 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5274 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5275 | generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5276 | g_luaconfs.setState(luaconfsCopy); | |
5277 | ||
5278 | size_t queriesCount = 0; | |
5279 | ||
5280 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5281 | queriesCount++; | |
5282 | ||
5283 | if (type == QType::DS) { | |
a53e8fe3 | 5284 | return 0; |
3d5ebf10 RG |
5285 | } |
5286 | else if (type == QType::DNSKEY) { | |
5287 | setLWResult(res, 0, true, false, true); | |
5288 | addDNSKEY(keys, domain, 300, res->d_records); | |
5289 | addRRSIG(keys, res->d_records, domain, 300); | |
5290 | return 1; | |
5291 | } | |
5292 | else { | |
5293 | if (isRootServer(ip)) { | |
5294 | setLWResult(res, 0, false, false, true); | |
5295 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5296 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5297 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5298 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5299 | return 1; | |
5300 | } | |
5301 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5302 | setLWResult(res, 0, false, false, true); | |
5303 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5304 | addDS(domain, 300, res->d_records, keys); | |
5305 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5306 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5307 | return 1; | |
5308 | } | |
5309 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5310 | setLWResult(res, 0, true, false, true); | |
5311 | if (domain == target) { | |
5312 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5313 | addRRSIG(keys, res->d_records, domain, 300); | |
5314 | } | |
5315 | else if (domain == targetCName) { | |
5316 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5317 | /* No RRSIG, leading to bogus */ | |
5318 | } | |
5319 | return 1; | |
5320 | } | |
5321 | } | |
5322 | ||
5323 | return 0; | |
5324 | }); | |
5325 | ||
5326 | vector<DNSRecord> ret; | |
5327 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5328 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5329 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5330 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
5331 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
5332 | ||
5333 | /* again, to test the cache */ | |
5334 | ret.clear(); | |
5335 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5336 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5337 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5338 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
5339 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
5340 | } | |
5341 | ||
5342 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_secure_cname) { | |
5343 | std::unique_ptr<SyncRes> sr; | |
5344 | initSR(sr, true); | |
5345 | ||
5346 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5347 | ||
5348 | primeHints(); | |
5349 | const DNSName target("power-dns.com."); | |
5350 | const DNSName targetCName("powerdns.com."); | |
5351 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5352 | testkeysset_t keys; | |
5353 | ||
5354 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5355 | luaconfsCopy.dsAnchors.clear(); | |
5356 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5357 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5358 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5359 | generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5360 | g_luaconfs.setState(luaconfsCopy); | |
5361 | ||
5362 | size_t queriesCount = 0; | |
5363 | ||
5364 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5365 | queriesCount++; | |
5366 | ||
5367 | if (type == QType::DS) { | |
a53e8fe3 | 5368 | return 0; |
3d5ebf10 RG |
5369 | } |
5370 | else if (type == QType::DNSKEY) { | |
5371 | setLWResult(res, 0, true, false, true); | |
5372 | addDNSKEY(keys, domain, 300, res->d_records); | |
5373 | addRRSIG(keys, res->d_records, domain, 300); | |
5374 | return 1; | |
5375 | } | |
5376 | else { | |
5377 | if (isRootServer(ip)) { | |
5378 | setLWResult(res, 0, false, false, true); | |
5379 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5380 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5381 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5382 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5383 | return 1; | |
5384 | } | |
5385 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5386 | setLWResult(res, 0, false, false, true); | |
5387 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5388 | addDS(domain, 300, res->d_records, keys); | |
5389 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5390 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5391 | return 1; | |
5392 | } | |
5393 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5394 | setLWResult(res, 0, true, false, true); | |
5395 | if (domain == target) { | |
5396 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5397 | addRRSIG(keys, res->d_records, domain, 300); | |
5398 | } | |
5399 | else if (domain == targetCName) { | |
5400 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5401 | addRRSIG(keys, res->d_records, domain, 300); | |
5402 | } | |
5403 | return 1; | |
5404 | } | |
5405 | } | |
5406 | ||
5407 | return 0; | |
5408 | }); | |
5409 | ||
5410 | vector<DNSRecord> ret; | |
5411 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5412 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5413 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
5414 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
5415 | BOOST_CHECK_EQUAL(queriesCount, 9); | |
5416 | ||
5417 | /* again, to test the cache */ | |
5418 | ret.clear(); | |
5419 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5420 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5421 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
5422 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
5423 | BOOST_CHECK_EQUAL(queriesCount, 9); | |
5424 | } | |
5425 | ||
5426 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_insecure_cname) { | |
5427 | std::unique_ptr<SyncRes> sr; | |
5428 | initSR(sr, true); | |
5429 | ||
5430 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5431 | ||
5432 | primeHints(); | |
5433 | const DNSName target("powerdns.com."); | |
5434 | const DNSName targetCName("power-dns.com."); | |
5435 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5436 | testkeysset_t keys; | |
5437 | ||
5438 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5439 | luaconfsCopy.dsAnchors.clear(); | |
5440 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5441 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5442 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5443 | generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5444 | g_luaconfs.setState(luaconfsCopy); | |
5445 | ||
5446 | size_t queriesCount = 0; | |
5447 | ||
5448 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5449 | queriesCount++; | |
5450 | ||
5451 | if (type == QType::DS) { | |
a53e8fe3 | 5452 | if (domain == DNSName("power-dns.com.")) { |
3d5ebf10 RG |
5453 | setLWResult(res, 0, false, false, true); |
5454 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5455 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5456 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5457 | return 1; | |
5458 | } | |
5459 | } | |
5460 | else if (type == QType::DNSKEY) { | |
5461 | if (domain == g_rootdnsname || domain == DNSName("com.") || domain == DNSName("powerdns.com.")) { | |
5462 | setLWResult(res, 0, true, false, true); | |
5463 | addDNSKEY(keys, domain, 300, res->d_records); | |
5464 | addRRSIG(keys, res->d_records, domain, 300); | |
5465 | return 1; | |
5466 | } | |
5467 | else { | |
5468 | setLWResult(res, 0, false, false, true); | |
5469 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5470 | return 1; | |
5471 | } | |
5472 | } | |
5473 | else { | |
5474 | if (isRootServer(ip)) { | |
5475 | setLWResult(res, 0, false, false, true); | |
5476 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5477 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5478 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5479 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5480 | return 1; | |
5481 | } | |
5482 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5483 | setLWResult(res, 0, false, false, true); | |
5484 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5485 | if (domain == DNSName("powerdns.com.")) { | |
5486 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
5487 | } | |
5488 | else if (domain == targetCName) { | |
5489 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5490 | } | |
5491 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5492 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5493 | return 1; | |
5494 | } | |
5495 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5496 | setLWResult(res, 0, true, false, true); | |
5497 | if (domain == DNSName("powerdns.com.")) { | |
5498 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5499 | /* No RRSIG -> Bogus */ | |
5500 | } | |
5501 | else if (domain == targetCName) { | |
5502 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5503 | } | |
5504 | return 1; | |
5505 | } | |
5506 | } | |
5507 | ||
5508 | return 0; | |
5509 | }); | |
5510 | ||
5511 | vector<DNSRecord> ret; | |
5512 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5513 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5514 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5515 | /* no RRSIG to show */ | |
5516 | BOOST_CHECK_EQUAL(ret.size(), 2); | |
5517 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
5518 | ||
5519 | /* again, to test the cache */ | |
5520 | ret.clear(); | |
5521 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5522 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5523 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5524 | BOOST_CHECK_EQUAL(ret.size(), 2); | |
5525 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
5526 | } | |
5527 | ||
895449a5 RG |
5528 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta) { |
5529 | std::unique_ptr<SyncRes> sr; | |
5530 | initSR(sr, true); | |
5531 | ||
5532 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5533 | ||
5534 | primeHints(); | |
5535 | const DNSName target("powerdns.com."); | |
5536 | const ComboAddress targetAddr("192.0.2.42"); | |
5537 | testkeysset_t keys; | |
5538 | ||
5539 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5540 | luaconfsCopy.dsAnchors.clear(); | |
5541 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5542 | /* No key material for .com */ | |
5543 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5544 | luaconfsCopy.dsAnchors[target].insert(keys[target].second); | |
5545 | g_luaconfs.setState(luaconfsCopy); | |
5546 | ||
5547 | size_t queriesCount = 0; | |
5548 | ||
5549 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5550 | queriesCount++; | |
5551 | ||
a53e8fe3 | 5552 | if (type == QType::DNSKEY) { |
895449a5 RG |
5553 | if (domain == g_rootdnsname || domain == DNSName("powerdns.com.")) { |
5554 | setLWResult(res, 0, true, false, true); | |
5555 | addDNSKEY(keys, domain, 300, res->d_records); | |
5556 | addRRSIG(keys, res->d_records, domain, 300); | |
5557 | return 1; | |
5558 | } | |
5559 | else if (domain == DNSName("com.")) { | |
5560 | setLWResult(res, 0, false, false, true); | |
5561 | addRecordToLW(res, domain, QType::SOA, ". yop. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5562 | return 1; | |
5563 | } | |
5564 | } | |
5565 | else if (domain == target) { | |
5566 | if (isRootServer(ip)) { | |
5567 | setLWResult(res, 0, false, false, true); | |
5568 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5569 | addNSECRecordToLW(DNSName("com."), DNSName("com."), { QType::NS }, 600, res->d_records); | |
5570 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5571 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5572 | return 1; | |
5573 | } | |
5574 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5575 | setLWResult(res, 0, false, false, true); | |
5576 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5577 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5578 | return 1; | |
5579 | } | |
5580 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5581 | setLWResult(res, 0, true, false, true); | |
5582 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
5583 | addRRSIG(keys, res->d_records, domain, 300); | |
5584 | return 1; | |
5585 | } | |
5586 | } | |
5587 | ||
5588 | return 0; | |
5589 | }); | |
5590 | ||
5591 | vector<DNSRecord> ret; | |
5592 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5593 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5594 | /* should be insecure but we have a TA for powerdns.com. */ | |
5595 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
5596 | /* We got a RRSIG */ | |
5597 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
5598 | BOOST_CHECK(ret[0].d_type == QType::A); | |
860d5e8e RG |
5599 | /* only 4 because no DNSKEY query for com (insecure) */ |
5600 | BOOST_CHECK_EQUAL(queriesCount, 4); | |
895449a5 RG |
5601 | |
5602 | /* again, to test the cache */ | |
5603 | ret.clear(); | |
5604 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5605 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5606 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
5607 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
5608 | BOOST_CHECK(ret[0].d_type == QType::A); | |
860d5e8e | 5609 | BOOST_CHECK_EQUAL(queriesCount, 4); |
895449a5 RG |
5610 | } |
5611 | ||
5612 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta_norrsig) { | |
5613 | std::unique_ptr<SyncRes> sr; | |
5614 | initSR(sr, true); | |
5615 | ||
5616 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5617 | ||
5618 | primeHints(); | |
5619 | const DNSName target("powerdns.com."); | |
5620 | const ComboAddress targetAddr("192.0.2.42"); | |
5621 | testkeysset_t keys; | |
5622 | ||
5623 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5624 | luaconfsCopy.dsAnchors.clear(); | |
5625 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5626 | /* No key material for .com */ | |
5627 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5628 | luaconfsCopy.dsAnchors[target].insert(keys[target].second); | |
5629 | g_luaconfs.setState(luaconfsCopy); | |
5630 | ||
5631 | size_t queriesCount = 0; | |
5632 | ||
5633 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5634 | queriesCount++; | |
5635 | ||
a53e8fe3 | 5636 | if (type == QType::DNSKEY) { |
895449a5 RG |
5637 | if (domain == g_rootdnsname || domain == DNSName("powerdns.com.")) { |
5638 | setLWResult(res, 0, true, false, true); | |
5639 | addDNSKEY(keys, domain, 300, res->d_records); | |
5640 | addRRSIG(keys, res->d_records, domain, 300); | |
5641 | return 1; | |
5642 | } | |
5643 | else if (domain == DNSName("com.")) { | |
5644 | setLWResult(res, 0, false, false, true); | |
5645 | addRecordToLW(res, domain, QType::SOA, ". yop. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5646 | return 1; | |
5647 | } | |
5648 | } | |
5649 | else if (domain == target) { | |
5650 | if (isRootServer(ip)) { | |
5651 | setLWResult(res, 0, false, false, true); | |
5652 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5653 | addNSECRecordToLW(DNSName("com."), DNSName("com."), { QType::NS }, 600, res->d_records); | |
5654 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5655 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5656 | return 1; | |
5657 | } | |
5658 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5659 | setLWResult(res, 0, false, false, true); | |
5660 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5661 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5662 | return 1; | |
5663 | } | |
5664 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5665 | setLWResult(res, 0, true, false, true); | |
5666 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
5667 | /* No RRSIG in a now (thanks to TA) Secure zone -> Bogus*/ | |
5668 | return 1; | |
5669 | } | |
5670 | } | |
5671 | ||
5672 | return 0; | |
5673 | }); | |
5674 | ||
5675 | vector<DNSRecord> ret; | |
5676 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5677 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5678 | /* should be insecure but we have a TA for powerdns.com., but no RRSIG so Bogus */ | |
5679 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5680 | /* No RRSIG */ | |
5681 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
5682 | BOOST_CHECK(ret[0].d_type == QType::A); | |
860d5e8e RG |
5683 | /* only 3 because no DNSKEY query for com (insecure) and no RRSIG meaning no DNSKEY for powerdns.com */ |
5684 | BOOST_CHECK_EQUAL(queriesCount, 3); | |
895449a5 RG |
5685 | |
5686 | /* again, to test the cache */ | |
5687 | ret.clear(); | |
5688 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5689 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5690 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5691 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
5692 | BOOST_CHECK(ret[0].d_type == QType::A); | |
860d5e8e | 5693 | BOOST_CHECK_EQUAL(queriesCount, 3); |
895449a5 RG |
5694 | } |
5695 | ||
5696 | #if 0 | |
5697 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_hidden_cut) { | |
5698 | std::unique_ptr<SyncRes> sr; | |
860d5e8e | 5699 | initSR(sr, true, true); |
895449a5 RG |
5700 | |
5701 | g_dnssecLOG = true; | |
5702 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5703 | ||
5704 | primeHints(); | |
5705 | const DNSName target("gov.nl.ca."); | |
5706 | const ComboAddress targetAddr("192.0.2.42"); | |
5707 | testkeysset_t keys; | |
5708 | ||
5709 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5710 | luaconfsCopy.dsAnchors.clear(); | |
5711 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5712 | generateKeyMaterial(DNSName("ca."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5713 | ||
5714 | g_luaconfs.setState(luaconfsCopy); | |
5715 | ||
5716 | size_t queriesCount = 0; | |
5717 | ||
5718 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5719 | queriesCount++; | |
5720 | ||
5721 | if (type == QType::DS) { | |
5722 | if (domain == g_rootdnsname || domain == DNSName("ca.")) { | |
5723 | setLWResult(res, 0, false, false, true); | |
a53e8fe3 | 5724 | addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER); |
895449a5 RG |
5725 | addRRSIG(keys, res->d_records, domain, 300); |
5726 | return 1; | |
5727 | } | |
5728 | else { | |
5729 | setLWResult(res, 0, false, false, true); | |
5730 | addRecordToLW(res, DNSName("ca."), QType::SOA, "jbq01.prd.cira.ca. admin-dns.cira.ca. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5731 | addNSECRecordToLW(DNSName("nl.ca."), DNSName("nm.ca."), { QType::NS }, 600, res->d_records); | |
5732 | addRRSIG(keys, res->d_records, DNSName("ca."), 300); | |
5733 | return 1; | |
5734 | } | |
5735 | } | |
5736 | else if (type == QType::DNSKEY) { | |
5737 | if (domain == g_rootdnsname || domain == DNSName("ca.")) { | |
5738 | setLWResult(res, 0, true, false, true); | |
5739 | addDNSKEY(keys, domain, 300, res->d_records); | |
5740 | addRRSIG(keys, res->d_records, domain, 300); | |
5741 | return 1; | |
5742 | } | |
5743 | else { | |
5744 | setLWResult(res, 0, false, false, true); | |
5745 | addRecordToLW(res, domain, QType::SOA, "jbq01.prd.cira.ca. admin-dns.cira.ca. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5746 | return 1; | |
5747 | } | |
5748 | } | |
5749 | else if (domain == target) { | |
5750 | if (isRootServer(ip)) { | |
5751 | setLWResult(res, 0, false, false, true); | |
5752 | addRecordToLW(res, "ca.", QType::NS, "c.ca-servers.ca.", DNSResourceRecord::AUTHORITY, 3600); | |
5753 | addDS(DNSName("ca."), 300, res->d_records, keys); | |
5754 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5755 | addRecordToLW(res, "c.ca-servers.ca.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5756 | return 1; | |
5757 | } | |
5758 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5759 | setLWResult(res, 0, false, false, true); | |
5760 | addRecordToLW(res, domain, QType::NS, "ns.gov.nl.ca.", DNSResourceRecord::AUTHORITY, 3600); | |
860d5e8e RG |
5761 | /* denial of DS FOR nl.ca while sending a referral for gov.nl.ca !! */ |
5762 | addNSECRecordToLW(DNSName("nl.ca"), DNSName("nm.ca."), { QType::NS }, 600, res->d_records); | |
895449a5 RG |
5763 | addRRSIG(keys, res->d_records, DNSName("ca."), 300); |
5764 | addRecordToLW(res, "ns.gov.nl.ca.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5765 | return 1; | |
5766 | } | |
5767 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5768 | setLWResult(res, 0, true, false, true); | |
5769 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
5770 | return 1; | |
5771 | } | |
5772 | } | |
5773 | ||
5774 | return 0; | |
5775 | }); | |
5776 | ||
5777 | vector<DNSRecord> ret; | |
5778 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5779 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5780 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5781 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
5782 | BOOST_CHECK(ret[0].d_type == QType::A); | |
5783 | /* only 5 because no DNSKEY query for powerdns.com (insecure) */ | |
5784 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
5785 | ||
5786 | /* again, to test the cache */ | |
5787 | ret.clear(); | |
5788 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5789 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5790 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5791 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
5792 | BOOST_CHECK(ret[0].d_type == QType::A); | |
5793 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
5794 | } | |
5795 | #endif /* 0 */ | |
5796 | ||
5797 | BOOST_AUTO_TEST_CASE(test_dnssec_nta) { | |
5798 | std::unique_ptr<SyncRes> sr; | |
5799 | initSR(sr, true); | |
5800 | ||
5801 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5802 | ||
b7f378d1 RG |
5803 | primeHints(); |
5804 | const DNSName target("."); | |
5805 | testkeysset_t keys; | |
5806 | ||
5807 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5808 | luaconfsCopy.dsAnchors.clear(); | |
5809 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5810 | /* Add a NTA for "." */ | |
5811 | luaconfsCopy.negAnchors[g_rootdnsname] = "NTA for Root"; | |
5812 | g_luaconfs.setState(luaconfsCopy); | |
5813 | ||
5814 | size_t queriesCount = 0; | |
5815 | ||
5816 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5817 | queriesCount++; | |
5818 | ||
5819 | if (domain == target && type == QType::NS) { | |
5820 | ||
5821 | setLWResult(res, 0, true, false, true); | |
5822 | char addr[] = "a.root-servers.net."; | |
5823 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
5824 | addr[0] = idx; | |
8455425c RG |
5825 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); |
5826 | } | |
5827 | ||
5828 | addRRSIG(keys, res->d_records, domain, 300); | |
5829 | ||
5830 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
5831 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
5832 | ||
5833 | return 1; | |
5834 | } else if (domain == target && type == QType::DNSKEY) { | |
5835 | ||
5836 | setLWResult(res, 0, true, false, true); | |
5837 | ||
5838 | /* No DNSKEY */ | |
5839 | ||
5840 | return 1; | |
5841 | } | |
5842 | ||
5843 | return 0; | |
5844 | }); | |
5845 | ||
5846 | vector<DNSRecord> ret; | |
5847 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
5848 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
5849 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
8455425c RG |
5850 | /* 13 NS + 1 RRSIG */ |
5851 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
5852 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
5853 | |
5854 | /* again, to test the cache */ | |
5855 | ret.clear(); | |
5856 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
5857 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 5858 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); |
b7f378d1 RG |
5859 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
5860 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
5861 | } |
5862 | ||
5863 | BOOST_AUTO_TEST_CASE(test_dnssec_no_ta) { | |
5864 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 5865 | initSR(sr, true); |
8455425c RG |
5866 | |
5867 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5868 | ||
5869 | primeHints(); | |
5870 | const DNSName target("."); | |
b7f378d1 | 5871 | testkeysset_t keys; |
8455425c RG |
5872 | |
5873 | /* Remove the root DS */ | |
5874 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5875 | luaconfsCopy.dsAnchors.clear(); | |
5876 | g_luaconfs.setState(luaconfsCopy); | |
5877 | ||
5878 | size_t queriesCount = 0; | |
5879 | ||
5880 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5881 | queriesCount++; | |
5882 | ||
5883 | if (domain == target && type == QType::NS) { | |
5884 | ||
5885 | setLWResult(res, 0, true, false, true); | |
5886 | char addr[] = "a.root-servers.net."; | |
5887 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
5888 | addr[0] = idx; | |
5889 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
5890 | } | |
5891 | ||
5892 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
5893 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
5894 | ||
5895 | return 1; | |
5896 | } | |
5897 | ||
5898 | return 0; | |
5899 | }); | |
5900 | ||
5901 | vector<DNSRecord> ret; | |
5902 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
5903 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
5904 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
8455425c RG |
5905 | /* 13 NS + 0 RRSIG */ |
5906 | BOOST_REQUIRE_EQUAL(ret.size(), 13); | |
5907 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
5908 | |
5909 | /* again, to test the cache */ | |
5910 | ret.clear(); | |
5911 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
5912 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 5913 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); |
b7f378d1 RG |
5914 | BOOST_REQUIRE_EQUAL(ret.size(), 13); |
5915 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
5916 | } |
5917 | ||
d6e797b8 RG |
5918 | /* |
5919 | // cerr<<"asyncresolve called to ask "<<ip.toStringWithPort()<<" about "<<domain.toString()<<" / "<<QType(type).getName()<<" over "<<(doTCP ? "TCP" : "UDP")<<" (rd: "<<sendRDQuery<<", EDNS0 level: "<<EDNS0Level<<")"<<endl; | |
5920 | ||
648bcbd1 | 5921 | - check out of band support |
d6e797b8 | 5922 | |
648bcbd1 | 5923 | - check preoutquery |
d6e797b8 | 5924 | |
30ee601a RG |
5925 | */ |
5926 | ||
5927 | BOOST_AUTO_TEST_SUITE_END() |