]>
Commit | Line | Data |
---|---|---|
30ee601a RG |
1 | #define BOOST_TEST_DYN_LINK |
2 | #define BOOST_TEST_NO_MAIN | |
3 | #include <boost/test/unit_test.hpp> | |
4 | ||
5 | #include "arguments.hh" | |
8455425c RG |
6 | #include "dnssecinfra.hh" |
7 | #include "dnsseckeeper.hh" | |
30ee601a RG |
8 | #include "lua-recursor4.hh" |
9 | #include "namespaces.hh" | |
10 | #include "rec-lua-conf.hh" | |
11 | #include "root-dnssec.hh" | |
12 | #include "syncres.hh" | |
6dfff36f | 13 | #include "utility.hh" |
30ee601a RG |
14 | #include "validate-recursor.hh" |
15 | ||
30ee601a RG |
16 | RecursorStats g_stats; |
17 | GlobalStateHolder<LuaConfigItems> g_luaconfs; | |
f26bf547 | 18 | thread_local std::unique_ptr<MemRecursorCache> t_RC{nullptr}; |
30ee601a RG |
19 | unsigned int g_numThreads = 1; |
20 | ||
21 | /* Fake some required functions we didn't want the trouble to | |
22 | link with */ | |
23 | ArgvMap &arg() | |
24 | { | |
25 | static ArgvMap theArg; | |
26 | return theArg; | |
27 | } | |
28 | ||
29 | int getMTaskerTID() | |
30 | { | |
31 | return 0; | |
32 | } | |
33 | ||
34 | bool RecursorLua4::preoutquery(const ComboAddress& ns, const ComboAddress& requestor, const DNSName& query, const QType& qtype, bool isTcp, vector<DNSRecord>& res, int& ret) | |
35 | { | |
36 | return false; | |
37 | } | |
38 | ||
39 | int asyncresolve(const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) | |
40 | { | |
41 | return 0; | |
42 | } | |
43 | ||
44 | /* primeHints() is only here for now because it | |
45 | was way too much trouble to link with the real one. | |
46 | We should fix this, empty functions are one thing, but this is | |
47 | bad. | |
48 | */ | |
49 | ||
50 | #include "root-addresses.hh" | |
51 | ||
52 | void primeHints(void) | |
53 | { | |
54 | vector<DNSRecord> nsset; | |
55 | if(!t_RC) | |
f26bf547 | 56 | t_RC = std::unique_ptr<MemRecursorCache>(new MemRecursorCache()); |
30ee601a RG |
57 | |
58 | DNSRecord arr, aaaarr, nsrr; | |
59 | nsrr.d_name=g_rootdnsname; | |
60 | arr.d_type=QType::A; | |
61 | aaaarr.d_type=QType::AAAA; | |
62 | nsrr.d_type=QType::NS; | |
63 | arr.d_ttl=aaaarr.d_ttl=nsrr.d_ttl=time(nullptr)+3600000; | |
64 | ||
65 | for(char c='a';c<='m';++c) { | |
66 | static char templ[40]; | |
67 | strncpy(templ,"a.root-servers.net.", sizeof(templ) - 1); | |
68 | templ[sizeof(templ)-1] = '\0'; | |
69 | *templ=c; | |
70 | aaaarr.d_name=arr.d_name=DNSName(templ); | |
71 | nsrr.d_content=std::make_shared<NSRecordContent>(DNSName(templ)); | |
72 | arr.d_content=std::make_shared<ARecordContent>(ComboAddress(rootIps4[c-'a'])); | |
73 | vector<DNSRecord> aset; | |
74 | aset.push_back(arr); | |
2b984251 | 75 | t_RC->replace(time(0), DNSName(templ), QType(QType::A), aset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true); // auth, nuke it all |
30ee601a RG |
76 | if (rootIps6[c-'a'] != NULL) { |
77 | aaaarr.d_content=std::make_shared<AAAARecordContent>(ComboAddress(rootIps6[c-'a'])); | |
78 | ||
79 | vector<DNSRecord> aaaaset; | |
80 | aaaaset.push_back(aaaarr); | |
2b984251 | 81 | t_RC->replace(time(0), DNSName(templ), QType(QType::AAAA), aaaaset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), true); |
30ee601a RG |
82 | } |
83 | ||
84 | nsset.push_back(nsrr); | |
85 | } | |
2b984251 | 86 | t_RC->replace(time(0), g_rootdnsname, QType(QType::NS), nsset, vector<std::shared_ptr<RRSIGRecordContent>>(), vector<std::shared_ptr<DNSRecord>>(), false); // and stuff in the cache |
30ee601a RG |
87 | } |
88 | ||
89 | LuaConfigItems::LuaConfigItems() | |
90 | { | |
91 | for (const auto &dsRecord : rootDSs) { | |
92 | auto ds=unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(dsRecord))); | |
93 | dsAnchors[g_rootdnsname].insert(*ds); | |
94 | } | |
95 | } | |
96 | ||
97 | /* Some helpers functions */ | |
98 | ||
99 | static void init(bool debug=false) | |
100 | { | |
101 | if (debug) { | |
102 | L.setName("test"); | |
103 | L.setLoglevel((Logger::Urgency)(6)); // info and up | |
104 | L.disableSyslog(true); | |
105 | L.toConsole(Logger::Info); | |
106 | } | |
107 | ||
108 | seedRandom("/dev/urandom"); | |
d6e797b8 | 109 | reportAllTypes(); |
30ee601a | 110 | |
f26bf547 | 111 | t_RC = std::unique_ptr<MemRecursorCache>(new MemRecursorCache()); |
30ee601a | 112 | |
30ee601a RG |
113 | SyncRes::s_maxqperq = 50; |
114 | SyncRes::s_maxtotusec = 1000*7000; | |
115 | SyncRes::s_maxdepth = 40; | |
116 | SyncRes::s_maxnegttl = 3600; | |
117 | SyncRes::s_maxcachettl = 86400; | |
118 | SyncRes::s_packetcachettl = 3600; | |
119 | SyncRes::s_packetcacheservfailttl = 60; | |
120 | SyncRes::s_serverdownmaxfails = 64; | |
121 | SyncRes::s_serverdownthrottletime = 60; | |
122 | SyncRes::s_doIPv6 = true; | |
e9f9b8ec RG |
123 | SyncRes::s_ecsipv4limit = 24; |
124 | SyncRes::s_ecsipv6limit = 56; | |
f58c8379 | 125 | SyncRes::s_rootNXTrust = true; |
d6e797b8 | 126 | SyncRes::s_minimumTTL = 0; |
648bcbd1 | 127 | SyncRes::s_serverID = "PowerDNS Unit Tests Server ID"; |
9065eb05 RG |
128 | SyncRes::clearEDNSSubnets(); |
129 | SyncRes::clearEDNSDomains(); | |
130 | SyncRes::clearDelegationOnly(); | |
131 | SyncRes::clearDontQuery(); | |
648bcbd1 | 132 | |
a712cb56 | 133 | SyncRes::clearNSSpeeds(); |
6dfff36f | 134 | BOOST_CHECK_EQUAL(SyncRes::getNSSpeedsSize(), 0); |
a712cb56 | 135 | SyncRes::clearEDNSStatuses(); |
6dfff36f | 136 | BOOST_CHECK_EQUAL(SyncRes::getEDNSStatusesSize(), 0); |
a712cb56 | 137 | SyncRes::clearThrottle(); |
6dfff36f | 138 | BOOST_CHECK_EQUAL(SyncRes::getThrottledServersSize(), 0); |
a712cb56 | 139 | SyncRes::clearFailedServers(); |
6dfff36f | 140 | BOOST_CHECK_EQUAL(SyncRes::getFailedServersSize(), 0); |
a712cb56 | 141 | |
648bcbd1 RG |
142 | auto luaconfsCopy = g_luaconfs.getCopy(); |
143 | luaconfsCopy.dfe.clear(); | |
8455425c RG |
144 | luaconfsCopy.dsAnchors.clear(); |
145 | for (const auto &dsRecord : rootDSs) { | |
146 | auto ds=unique_ptr<DSRecordContent>(dynamic_cast<DSRecordContent*>(DSRecordContent::make(dsRecord))); | |
147 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(*ds); | |
148 | } | |
149 | luaconfsCopy.negAnchors.clear(); | |
648bcbd1 RG |
150 | g_luaconfs.setState(luaconfsCopy); |
151 | ||
8455425c | 152 | g_dnssecmode = DNSSECMode::Off; |
895449a5 | 153 | g_dnssecLOG = debug; |
8455425c | 154 | |
648bcbd1 | 155 | ::arg().set("version-string", "string reported on version.pdns or version.bind")="PowerDNS Unit Tests"; |
30ee601a RG |
156 | } |
157 | ||
895449a5 | 158 | static void initSR(std::unique_ptr<SyncRes>& sr, bool dnssec=false, bool debug=false, time_t fakeNow=0) |
30ee601a RG |
159 | { |
160 | struct timeval now; | |
d6e797b8 RG |
161 | if (fakeNow > 0) { |
162 | now.tv_sec = fakeNow; | |
163 | now.tv_usec = 0; | |
164 | } | |
165 | else { | |
166 | Utility::gettimeofday(&now, 0); | |
167 | } | |
168 | ||
895449a5 RG |
169 | init(debug); |
170 | ||
30ee601a | 171 | sr = std::unique_ptr<SyncRes>(new SyncRes(now)); |
895449a5 | 172 | sr->setDoEDNS0(true); |
30ee601a | 173 | sr->setDoDNSSEC(dnssec); |
895449a5 RG |
174 | sr->setLogMode(debug == false ? SyncRes::LogNone : SyncRes::Log); |
175 | ||
a712cb56 RG |
176 | SyncRes::setDomainMap(std::make_shared<SyncRes::domainmap_t>()); |
177 | SyncRes::clearNegCache(); | |
30ee601a RG |
178 | } |
179 | ||
180 | static void setLWResult(LWResult* res, int rcode, bool aa=false, bool tc=false, bool edns=false) | |
181 | { | |
182 | res->d_rcode = rcode; | |
183 | res->d_aabit = aa; | |
184 | res->d_tcbit = tc; | |
185 | res->d_haveEDNS = edns; | |
186 | } | |
187 | ||
8455425c | 188 | static std::shared_ptr<DNSRecordContent> getRecordContent(uint16_t type, const std::string& content) |
30ee601a | 189 | { |
8455425c | 190 | std::shared_ptr<DNSRecordContent> result = nullptr; |
30ee601a RG |
191 | |
192 | if (type == QType::NS) { | |
8455425c | 193 | result = std::make_shared<NSRecordContent>(DNSName(content)); |
30ee601a RG |
194 | } |
195 | else if (type == QType::A) { | |
8455425c | 196 | result = std::make_shared<ARecordContent>(ComboAddress(content)); |
30ee601a | 197 | } |
778bcea6 | 198 | else if (type == QType::AAAA) { |
8455425c | 199 | result = std::make_shared<AAAARecordContent>(ComboAddress(content)); |
30ee601a | 200 | } |
778bcea6 | 201 | else if (type == QType::CNAME) { |
8455425c | 202 | result = std::make_shared<CNAMERecordContent>(DNSName(content)); |
778bcea6 | 203 | } |
d6e797b8 | 204 | else if (type == QType::OPT) { |
8455425c | 205 | result = std::make_shared<OPTRecordContent>(); |
d6e797b8 | 206 | } |
30ee601a | 207 | else { |
8455425c | 208 | result = DNSRecordContent::mastermake(type, QClass::IN, content); |
30ee601a RG |
209 | } |
210 | ||
8455425c RG |
211 | return result; |
212 | } | |
213 | ||
214 | static void addRecordToList(std::vector<DNSRecord>& records, const DNSName& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place, uint32_t ttl) | |
215 | { | |
216 | DNSRecord rec; | |
217 | rec.d_place = place; | |
218 | rec.d_name = name; | |
219 | rec.d_type = type; | |
220 | rec.d_ttl = ttl; | |
221 | ||
222 | rec.d_content = getRecordContent(type, content); | |
223 | ||
d6e797b8 RG |
224 | records.push_back(rec); |
225 | } | |
226 | ||
d6e797b8 RG |
227 | static void addRecordToLW(LWResult* res, const DNSName& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place=DNSResourceRecord::ANSWER, uint32_t ttl=60) |
228 | { | |
229 | addRecordToList(res->d_records, name, type, content, place, ttl); | |
30ee601a RG |
230 | } |
231 | ||
232 | static void addRecordToLW(LWResult* res, const std::string& name, uint16_t type, const std::string& content, DNSResourceRecord::Place place=DNSResourceRecord::ANSWER, uint32_t ttl=60) | |
233 | { | |
234 | addRecordToLW(res, DNSName(name), type, content, place, ttl); | |
235 | } | |
236 | ||
237 | static bool isRootServer(const ComboAddress& ip) | |
238 | { | |
8455425c RG |
239 | if (ip.isIPv4()) { |
240 | for (size_t idx = 0; idx < rootIps4Count; idx++) { | |
241 | if (ip.toString() == rootIps4[idx]) { | |
242 | return true; | |
243 | } | |
30ee601a RG |
244 | } |
245 | } | |
8455425c RG |
246 | else { |
247 | for (size_t idx = 0; idx < rootIps6Count; idx++) { | |
248 | if (ip.toString() == rootIps6[idx]) { | |
249 | return true; | |
250 | } | |
30ee601a RG |
251 | } |
252 | } | |
8455425c | 253 | |
30ee601a RG |
254 | return false; |
255 | } | |
256 | ||
3d5ebf10 | 257 | static void computeRRSIG(const DNSSECPrivateKey& dpk, const DNSName& signer, const DNSName& signQName, uint16_t signQType, uint32_t signTTL, uint32_t sigValidity, RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& toSign, boost::optional<uint8_t> algo=boost::none) |
8455425c RG |
258 | { |
259 | time_t now = time(nullptr); | |
260 | DNSKEYRecordContent drc = dpk.getDNSKEY(); | |
261 | const std::shared_ptr<DNSCryptoKeyEngine> rc = dpk.getKey(); | |
262 | ||
263 | rrc.d_type = signQType; | |
264 | rrc.d_labels = signQName.countLabels() - signQName.isWildcard(); | |
265 | rrc.d_originalttl = signTTL; | |
812c3a69 | 266 | rrc.d_siginception = now - 10; |
8455425c RG |
267 | rrc.d_sigexpire = now + sigValidity; |
268 | rrc.d_signer = signer; | |
269 | rrc.d_tag = 0; | |
270 | rrc.d_tag = drc.getTag(); | |
3d5ebf10 | 271 | rrc.d_algorithm = algo ? *algo : drc.d_algorithm; |
8455425c RG |
272 | |
273 | std::string msg = getMessageForRRSET(signQName, rrc, toSign); | |
274 | ||
275 | rrc.d_signature = rc->sign(msg); | |
276 | } | |
277 | ||
b7f378d1 RG |
278 | typedef std::unordered_map<DNSName, std::pair<DNSSECPrivateKey, DSRecordContent> > testkeysset_t; |
279 | ||
2b984251 | 280 | static void addRRSIG(const testkeysset_t& keys, std::vector<DNSRecord>& records, const DNSName& signer, uint32_t sigValidity, bool broken=false, boost::optional<uint8_t> algo=boost::none, boost::optional<DNSName> wildcard=boost::none) |
8455425c RG |
281 | { |
282 | if (records.empty()) { | |
283 | return; | |
284 | } | |
285 | ||
286 | const auto it = keys.find(signer); | |
287 | if (it == keys.cend()) { | |
288 | throw std::runtime_error("No DNSKEY found for " + signer.toString() + ", unable to compute the requested RRSIG"); | |
289 | } | |
290 | ||
291 | size_t recordsCount = records.size(); | |
292 | const DNSName& name = records[recordsCount-1].d_name; | |
293 | const uint16_t type = records[recordsCount-1].d_type; | |
294 | ||
295 | std::vector<std::shared_ptr<DNSRecordContent> > recordcontents; | |
296 | for (const auto record : records) { | |
297 | if (record.d_name == name && record.d_type == type) { | |
298 | recordcontents.push_back(record.d_content); | |
299 | } | |
300 | } | |
301 | ||
302 | RRSIGRecordContent rrc; | |
2b984251 | 303 | computeRRSIG(it->second.first, signer, wildcard ? * wildcard : records[recordsCount-1].d_name, records[recordsCount-1].d_type, records[recordsCount-1].d_ttl, sigValidity, rrc, recordcontents, algo); |
3d5ebf10 RG |
304 | if (broken) { |
305 | rrc.d_signature[0] ^= 42; | |
306 | } | |
8455425c RG |
307 | |
308 | DNSRecord rec; | |
309 | rec.d_place = records[recordsCount-1].d_place; | |
310 | rec.d_name = records[recordsCount-1].d_name; | |
311 | rec.d_type = QType::RRSIG; | |
312 | rec.d_ttl = sigValidity; | |
313 | ||
314 | rec.d_content = std::make_shared<RRSIGRecordContent>(rrc); | |
315 | records.push_back(rec); | |
316 | } | |
317 | ||
b7f378d1 | 318 | static void addDNSKEY(const testkeysset_t& keys, const DNSName& signer, uint32_t ttl, std::vector<DNSRecord>& records) |
8455425c RG |
319 | { |
320 | const auto it = keys.find(signer); | |
321 | if (it == keys.cend()) { | |
322 | throw std::runtime_error("No DNSKEY found for " + signer.toString()); | |
323 | } | |
324 | ||
325 | DNSRecord rec; | |
326 | rec.d_place = DNSResourceRecord::ANSWER; | |
327 | rec.d_name = signer; | |
328 | rec.d_type = QType::DNSKEY; | |
329 | rec.d_ttl = ttl; | |
330 | ||
b7f378d1 | 331 | rec.d_content = std::make_shared<DNSKEYRecordContent>(it->second.first.getDNSKEY()); |
8455425c RG |
332 | records.push_back(rec); |
333 | } | |
334 | ||
a53e8fe3 | 335 | static void addDS(const DNSName& domain, uint32_t ttl, std::vector<DNSRecord>& records, const testkeysset_t& keys, DNSResourceRecord::Place place=DNSResourceRecord::AUTHORITY) |
8455425c | 336 | { |
b7f378d1 RG |
337 | const auto it = keys.find(domain); |
338 | if (it == keys.cend()) { | |
8455425c RG |
339 | return; |
340 | } | |
341 | ||
b7f378d1 RG |
342 | DNSRecord rec; |
343 | rec.d_name = domain; | |
344 | rec.d_type = QType::DS; | |
a53e8fe3 | 345 | rec.d_place = place; |
b7f378d1 RG |
346 | rec.d_ttl = ttl; |
347 | rec.d_content = std::make_shared<DSRecordContent>(it->second.second); | |
8455425c | 348 | |
b7f378d1 | 349 | records.push_back(rec); |
8455425c RG |
350 | } |
351 | ||
352 | static void addNSECRecordToLW(const DNSName& domain, const DNSName& next, const std::set<uint16_t>& types, uint32_t ttl, std::vector<DNSRecord>& records) | |
353 | { | |
354 | NSECRecordContent nrc; | |
355 | nrc.d_next = next; | |
356 | nrc.d_set = types; | |
357 | ||
358 | DNSRecord rec; | |
359 | rec.d_name = domain; | |
360 | rec.d_ttl = ttl; | |
361 | rec.d_type = QType::NSEC; | |
362 | rec.d_content = std::make_shared<NSECRecordContent>(nrc); | |
363 | rec.d_place = DNSResourceRecord::AUTHORITY; | |
364 | ||
365 | records.push_back(rec); | |
366 | } | |
367 | ||
b7f378d1 | 368 | static void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest, testkeysset_t& keys) |
8455425c RG |
369 | { |
370 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(algo)); | |
b7f378d1 | 371 | dcke->create((algo <= 10) ? 2048 : dcke->getBits()); |
8455425c RG |
372 | DNSSECPrivateKey dpk; |
373 | dpk.d_flags = 256; | |
374 | dpk.setKey(dcke); | |
8455425c | 375 | DSRecordContent ds = makeDSFromDNSKey(name, dpk.getDNSKEY(), digest); |
b7f378d1 RG |
376 | keys[name] = std::pair<DNSSECPrivateKey,DSRecordContent>(dpk,ds); |
377 | } | |
378 | ||
379 | static void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest, testkeysset_t& keys, map<DNSName,dsmap_t>& dsAnchors) | |
380 | { | |
381 | generateKeyMaterial(name, algo, digest, keys); | |
382 | dsAnchors[name].insert(keys[name].second); | |
8455425c RG |
383 | } |
384 | ||
30ee601a RG |
385 | /* Real tests */ |
386 | ||
387 | BOOST_AUTO_TEST_SUITE(syncres_cc) | |
388 | ||
389 | BOOST_AUTO_TEST_CASE(test_root_primed) { | |
390 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 391 | initSR(sr); |
30ee601a RG |
392 | |
393 | primeHints(); | |
895449a5 | 394 | |
4d2be65d | 395 | const DNSName target("a.root-servers.net."); |
30ee601a | 396 | |
4d2be65d | 397 | /* we are primed, we should be able to resolve A a.root-servers.net. without any query */ |
30ee601a | 398 | vector<DNSRecord> ret; |
4d2be65d | 399 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); |
b7f378d1 | 400 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
4d2be65d RG |
401 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
402 | BOOST_CHECK(ret[0].d_type == QType::A); | |
403 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
404 | ||
405 | ret.clear(); | |
406 | res = sr->beginResolve(target, QType(QType::AAAA), QClass::IN, ret); | |
b7f378d1 RG |
407 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
408 | BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); | |
4d2be65d RG |
409 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
410 | BOOST_CHECK(ret[0].d_type == QType::AAAA); | |
411 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
4d2be65d RG |
412 | } |
413 | ||
414 | BOOST_AUTO_TEST_CASE(test_root_primed_ns) { | |
415 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 416 | initSR(sr); |
4d2be65d RG |
417 | |
418 | primeHints(); | |
419 | const DNSName target("."); | |
420 | ||
421 | /* we are primed, but we should not be able to NS . without any query | |
422 | because the . NS entry is not stored as authoritative */ | |
423 | ||
424 | size_t queriesCount = 0; | |
425 | ||
426 | sr->setAsyncCallback([target,&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
427 | queriesCount++; | |
428 | ||
429 | if (domain == target && type == QType::NS) { | |
430 | ||
431 | setLWResult(res, 0, true, false, true); | |
8455425c | 432 | char addr[] = "a.root-servers.net."; |
4d2be65d | 433 | for (char idx = 'a'; idx <= 'm'; idx++) { |
8455425c RG |
434 | addr[0] = idx; |
435 | addRecordToLW(res, g_rootdnsname, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
4d2be65d RG |
436 | } |
437 | ||
438 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
439 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
440 | ||
441 | return 1; | |
442 | } | |
443 | ||
444 | return 0; | |
445 | }); | |
446 | ||
447 | vector<DNSRecord> ret; | |
448 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 | 449 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
4d2be65d RG |
450 | BOOST_REQUIRE_EQUAL(ret.size(), 13); |
451 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
30ee601a RG |
452 | } |
453 | ||
454 | BOOST_AUTO_TEST_CASE(test_root_not_primed) { | |
455 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 456 | initSR(sr); |
30ee601a RG |
457 | |
458 | size_t queriesCount = 0; | |
459 | ||
460 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
461 | queriesCount++; | |
462 | ||
463 | if (domain == g_rootdnsname && type == QType::NS) { | |
464 | setLWResult(res, 0, true, false, true); | |
465 | addRecordToLW(res, g_rootdnsname, QType::NS, "a.root-servers.net.", DNSResourceRecord::ANSWER, 3600); | |
466 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
467 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
468 | ||
469 | return 1; | |
470 | } | |
471 | ||
472 | return 0; | |
473 | }); | |
474 | ||
475 | /* we are not primed yet, so SyncRes will have to call primeHints() | |
476 | then call getRootNS(), for which at least one of the root servers needs to answer */ | |
477 | vector<DNSRecord> ret; | |
478 | int res = sr->beginResolve(DNSName("."), QType(QType::NS), QClass::IN, ret); | |
b7f378d1 | 479 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a RG |
480 | BOOST_CHECK_EQUAL(ret.size(), 1); |
481 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
482 | } | |
483 | ||
484 | BOOST_AUTO_TEST_CASE(test_root_not_primed_and_no_response) { | |
485 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 486 | initSR(sr); |
30ee601a RG |
487 | std::set<ComboAddress> downServers; |
488 | ||
489 | /* we are not primed yet, so SyncRes will have to call primeHints() | |
490 | then call getRootNS(), for which at least one of the root servers needs to answer. | |
491 | None will, so it should ServFail. | |
492 | */ | |
493 | sr->setAsyncCallback([&downServers](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
494 | ||
495 | downServers.insert(ip); | |
496 | return 0; | |
497 | }); | |
498 | ||
499 | vector<DNSRecord> ret; | |
500 | int res = sr->beginResolve(DNSName("."), QType(QType::NS), QClass::IN, ret); | |
f58c8379 | 501 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
30ee601a RG |
502 | BOOST_CHECK_EQUAL(ret.size(), 0); |
503 | BOOST_CHECK(downServers.size() > 0); | |
504 | /* we explicitly refuse to mark the root servers down */ | |
505 | for (const auto& server : downServers) { | |
a712cb56 | 506 | BOOST_CHECK_EQUAL(SyncRes::getServerFailsCount(server), 0); |
30ee601a RG |
507 | } |
508 | } | |
509 | ||
510 | BOOST_AUTO_TEST_CASE(test_edns_formerr_fallback) { | |
511 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 512 | initSR(sr); |
30ee601a RG |
513 | |
514 | ComboAddress noEDNSServer; | |
515 | size_t queriesWithEDNS = 0; | |
516 | size_t queriesWithoutEDNS = 0; | |
517 | ||
518 | sr->setAsyncCallback([&queriesWithEDNS, &queriesWithoutEDNS, &noEDNSServer](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
519 | if (EDNS0Level != 0) { | |
520 | queriesWithEDNS++; | |
521 | noEDNSServer = ip; | |
522 | ||
523 | setLWResult(res, RCode::FormErr); | |
524 | return 1; | |
525 | } | |
526 | ||
527 | queriesWithoutEDNS++; | |
528 | ||
529 | if (domain == DNSName("powerdns.com") && type == QType::A && !doTCP) { | |
530 | setLWResult(res, 0, true, false, false); | |
531 | addRecordToLW(res, domain, QType::A, "192.0.2.1"); | |
532 | return 1; | |
533 | } | |
534 | ||
535 | return 0; | |
536 | }); | |
537 | ||
538 | primeHints(); | |
539 | ||
540 | /* fake that the root NS doesn't handle EDNS, check that we fallback */ | |
541 | vector<DNSRecord> ret; | |
542 | int res = sr->beginResolve(DNSName("powerdns.com."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 543 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a RG |
544 | BOOST_CHECK_EQUAL(ret.size(), 1); |
545 | BOOST_CHECK_EQUAL(queriesWithEDNS, 1); | |
546 | BOOST_CHECK_EQUAL(queriesWithoutEDNS, 1); | |
a712cb56 RG |
547 | BOOST_CHECK_EQUAL(SyncRes::getEDNSStatusesSize(), 1); |
548 | BOOST_CHECK_EQUAL(SyncRes::getEDNSStatus(noEDNSServer), SyncRes::EDNSStatus::NOEDNS); | |
30ee601a RG |
549 | } |
550 | ||
551 | BOOST_AUTO_TEST_CASE(test_edns_notimp_fallback) { | |
552 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 553 | initSR(sr); |
30ee601a RG |
554 | |
555 | size_t queriesWithEDNS = 0; | |
556 | size_t queriesWithoutEDNS = 0; | |
557 | ||
558 | sr->setAsyncCallback([&queriesWithEDNS, &queriesWithoutEDNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
559 | if (EDNS0Level != 0) { | |
560 | queriesWithEDNS++; | |
561 | setLWResult(res, RCode::NotImp); | |
562 | return 1; | |
563 | } | |
564 | ||
565 | queriesWithoutEDNS++; | |
566 | ||
567 | if (domain == DNSName("powerdns.com") && type == QType::A && !doTCP) { | |
568 | setLWResult(res, 0, true, false, false); | |
569 | addRecordToLW(res, domain, QType::A, "192.0.2.1"); | |
570 | return 1; | |
571 | } | |
572 | ||
573 | return 0; | |
574 | }); | |
575 | ||
576 | primeHints(); | |
577 | ||
578 | /* fake that the NS doesn't handle EDNS, check that we fallback */ | |
579 | vector<DNSRecord> ret; | |
580 | int res = sr->beginResolve(DNSName("powerdns.com."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 581 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a RG |
582 | BOOST_CHECK_EQUAL(ret.size(), 1); |
583 | BOOST_CHECK_EQUAL(queriesWithEDNS, 1); | |
584 | BOOST_CHECK_EQUAL(queriesWithoutEDNS, 1); | |
585 | } | |
586 | ||
587 | BOOST_AUTO_TEST_CASE(test_tc_fallback_to_tcp) { | |
588 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 589 | initSR(sr); |
30ee601a RG |
590 | |
591 | sr->setAsyncCallback([](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
592 | if (!doTCP) { | |
593 | setLWResult(res, 0, false, true, false); | |
594 | return 1; | |
595 | } | |
596 | if (domain == DNSName("powerdns.com") && type == QType::A && doTCP) { | |
597 | setLWResult(res, 0, true, false, false); | |
598 | addRecordToLW(res, domain, QType::A, "192.0.2.1"); | |
599 | return 1; | |
600 | } | |
601 | ||
602 | return 0; | |
603 | }); | |
604 | ||
605 | primeHints(); | |
606 | ||
607 | /* fake that the NS truncates every request over UDP, we should fallback to TCP */ | |
608 | vector<DNSRecord> ret; | |
609 | int res = sr->beginResolve(DNSName("powerdns.com."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 610 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a RG |
611 | } |
612 | ||
3337c2f7 RG |
613 | BOOST_AUTO_TEST_CASE(test_tc_over_tcp) { |
614 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 615 | initSR(sr); |
3337c2f7 RG |
616 | |
617 | size_t tcpQueriesCount = 0; | |
618 | ||
619 | sr->setAsyncCallback([&tcpQueriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
620 | if (!doTCP) { | |
621 | setLWResult(res, 0, true, true, false); | |
622 | return 1; | |
623 | } | |
624 | ||
625 | /* first TCP query is answered with a TC response */ | |
626 | tcpQueriesCount++; | |
627 | if (tcpQueriesCount == 1) { | |
628 | setLWResult(res, 0, true, true, false); | |
629 | } | |
630 | else { | |
631 | setLWResult(res, 0, true, false, false); | |
632 | } | |
633 | ||
634 | addRecordToLW(res, domain, QType::A, "192.0.2.1"); | |
635 | return 1; | |
636 | }); | |
637 | ||
638 | primeHints(); | |
639 | ||
640 | vector<DNSRecord> ret; | |
641 | int res = sr->beginResolve(DNSName("powerdns.com."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 642 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
643 | BOOST_CHECK_EQUAL(tcpQueriesCount, 2); |
644 | } | |
645 | ||
30ee601a RG |
646 | BOOST_AUTO_TEST_CASE(test_all_nss_down) { |
647 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 648 | initSR(sr); |
30ee601a RG |
649 | std::set<ComboAddress> downServers; |
650 | ||
651 | primeHints(); | |
652 | ||
653 | sr->setAsyncCallback([&downServers](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
654 | ||
655 | if (isRootServer(ip)) { | |
8455425c | 656 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
657 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
658 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
659 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
660 | return 1; | |
661 | } | |
662 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
8455425c | 663 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
664 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
665 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
666 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 172800); | |
667 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 172800); | |
668 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 172800); | |
669 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 172800); | |
670 | return 1; | |
671 | } | |
672 | else { | |
673 | downServers.insert(ip); | |
674 | return 0; | |
675 | } | |
676 | }); | |
677 | ||
ccb07d93 RG |
678 | DNSName target("powerdns.com."); |
679 | ||
30ee601a | 680 | vector<DNSRecord> ret; |
ccb07d93 | 681 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); |
f58c8379 | 682 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
30ee601a RG |
683 | BOOST_CHECK_EQUAL(ret.size(), 0); |
684 | BOOST_CHECK_EQUAL(downServers.size(), 4); | |
685 | ||
686 | for (const auto& server : downServers) { | |
a712cb56 RG |
687 | BOOST_CHECK_EQUAL(SyncRes::getServerFailsCount(server), 1); |
688 | BOOST_CHECK(SyncRes::isThrottled(time(nullptr), server, target, QType::A)); | |
30ee601a RG |
689 | } |
690 | } | |
691 | ||
648bcbd1 RG |
692 | BOOST_AUTO_TEST_CASE(test_all_nss_network_error) { |
693 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 694 | initSR(sr); |
648bcbd1 RG |
695 | std::set<ComboAddress> downServers; |
696 | ||
697 | primeHints(); | |
698 | ||
699 | sr->setAsyncCallback([&downServers](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
700 | ||
701 | if (isRootServer(ip)) { | |
8455425c | 702 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
703 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
704 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
705 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
706 | return 1; | |
707 | } | |
708 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
8455425c | 709 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
710 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
711 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
712 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 172800); | |
713 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 172800); | |
714 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 172800); | |
715 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 172800); | |
716 | return 1; | |
717 | } | |
718 | else { | |
719 | downServers.insert(ip); | |
720 | return -1; | |
721 | } | |
722 | }); | |
723 | ||
724 | /* exact same test than the previous one, except instead of a time out we fake a network error */ | |
725 | DNSName target("powerdns.com."); | |
726 | ||
727 | vector<DNSRecord> ret; | |
728 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
729 | BOOST_CHECK_EQUAL(res, RCode::ServFail); | |
730 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
731 | BOOST_CHECK_EQUAL(downServers.size(), 4); | |
732 | ||
733 | for (const auto& server : downServers) { | |
a712cb56 RG |
734 | BOOST_CHECK_EQUAL(SyncRes::getServerFailsCount(server), 1); |
735 | BOOST_CHECK(SyncRes::isThrottled(time(nullptr), server, target, QType::A)); | |
736 | ; | |
648bcbd1 RG |
737 | } |
738 | } | |
739 | ||
740 | BOOST_AUTO_TEST_CASE(test_os_limit_errors) { | |
741 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 742 | initSR(sr); |
648bcbd1 RG |
743 | std::set<ComboAddress> downServers; |
744 | ||
745 | primeHints(); | |
746 | ||
747 | sr->setAsyncCallback([&downServers](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
748 | ||
749 | if (isRootServer(ip)) { | |
8455425c | 750 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
751 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
752 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
753 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
754 | return 1; | |
755 | } | |
756 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
8455425c | 757 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
758 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
759 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
760 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 172800); | |
761 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 172800); | |
762 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 172800); | |
763 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 172800); | |
764 | return 1; | |
765 | } | |
766 | else { | |
767 | if (downServers.size() < 3) { | |
768 | /* only the last one will answer */ | |
769 | downServers.insert(ip); | |
770 | return -2; | |
771 | } | |
772 | else { | |
773 | setLWResult(res, 0, true, false, true); | |
774 | addRecordToLW(res, "powerdns.com.", QType::A, "192.0.2.42"); | |
775 | return 1; | |
776 | } | |
777 | } | |
778 | }); | |
779 | ||
780 | DNSName target("powerdns.com."); | |
781 | ||
782 | vector<DNSRecord> ret; | |
783 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 784 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
785 | BOOST_CHECK_EQUAL(ret.size(), 1); |
786 | BOOST_CHECK_EQUAL(downServers.size(), 3); | |
787 | ||
788 | /* Error is reported as "OS limit error" (-2) so the servers should _NOT_ be marked down */ | |
789 | for (const auto& server : downServers) { | |
a712cb56 RG |
790 | BOOST_CHECK_EQUAL(SyncRes::getServerFailsCount(server), 0); |
791 | BOOST_CHECK(!SyncRes::isThrottled(time(nullptr), server, target, QType::A)); | |
648bcbd1 RG |
792 | } |
793 | } | |
794 | ||
30ee601a RG |
795 | BOOST_AUTO_TEST_CASE(test_glued_referral) { |
796 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 797 | initSR(sr); |
30ee601a RG |
798 | |
799 | primeHints(); | |
800 | ||
801 | const DNSName target("powerdns.com."); | |
802 | ||
803 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
804 | /* this will cause issue with qname minimization if we ever implement it */ | |
805 | if (domain != target) { | |
806 | return 0; | |
807 | } | |
808 | ||
809 | if (isRootServer(ip)) { | |
8455425c | 810 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
811 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
812 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
813 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
814 | return 1; | |
815 | } | |
816 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
8455425c | 817 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
818 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
819 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
820 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 172800); | |
821 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 172800); | |
822 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 172800); | |
823 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 172800); | |
824 | return 1; | |
825 | } | |
826 | else if (ip == ComboAddress("192.0.2.2:53") || ip == ComboAddress("192.0.2.3:53") || ip == ComboAddress("[2001:DB8::2]:53") || ip == ComboAddress("[2001:DB8::3]:53")) { | |
827 | setLWResult(res, 0, true, false, true); | |
828 | addRecordToLW(res, target, QType::A, "192.0.2.4"); | |
829 | return 1; | |
830 | } | |
831 | else { | |
832 | return 0; | |
833 | } | |
834 | }); | |
835 | ||
836 | vector<DNSRecord> ret; | |
837 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 838 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a | 839 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
e9f9b8ec | 840 | BOOST_CHECK(ret[0].d_type == QType::A); |
30ee601a RG |
841 | BOOST_CHECK_EQUAL(ret[0].d_name, target); |
842 | } | |
843 | ||
844 | BOOST_AUTO_TEST_CASE(test_glueless_referral) { | |
845 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 846 | initSR(sr); |
30ee601a RG |
847 | |
848 | primeHints(); | |
849 | ||
850 | const DNSName target("powerdns.com."); | |
851 | ||
852 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
853 | ||
854 | if (isRootServer(ip)) { | |
8455425c | 855 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
856 | |
857 | if (domain.isPartOf(DNSName("com."))) { | |
858 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
859 | } else if (domain.isPartOf(DNSName("org."))) { | |
860 | addRecordToLW(res, "org.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
861 | } | |
862 | else { | |
863 | setLWResult(res, RCode::NXDomain, false, false, true); | |
864 | return 1; | |
865 | } | |
866 | ||
867 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
868 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
869 | return 1; | |
870 | } | |
871 | else if (ip == ComboAddress("192.0.2.1:53") || ip == ComboAddress("[2001:DB8::1]:53")) { | |
872 | if (domain == target) { | |
8455425c | 873 | setLWResult(res, 0, false, false, true); |
30ee601a RG |
874 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); |
875 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns2.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
876 | return 1; | |
877 | } | |
878 | else if (domain == DNSName("pdns-public-ns1.powerdns.org.")) { | |
879 | setLWResult(res, 0, true, false, true); | |
880 | addRecordToLW(res, "pdns-public-ns1.powerdns.org.", QType::A, "192.0.2.2"); | |
881 | addRecordToLW(res, "pdns-public-ns1.powerdns.org.", QType::AAAA, "2001:DB8::2"); | |
882 | return 1; | |
883 | } | |
884 | else if (domain == DNSName("pdns-public-ns2.powerdns.org.")) { | |
885 | setLWResult(res, 0, true, false, true); | |
886 | addRecordToLW(res, "pdns-public-ns2.powerdns.org.", QType::A, "192.0.2.3"); | |
887 | addRecordToLW(res, "pdns-public-ns2.powerdns.org.", QType::AAAA, "2001:DB8::3"); | |
888 | return 1; | |
889 | } | |
890 | ||
891 | setLWResult(res, RCode::NXDomain, false, false, true); | |
892 | return 1; | |
893 | } | |
894 | else if (ip == ComboAddress("192.0.2.2:53") || ip == ComboAddress("192.0.2.3:53") || ip == ComboAddress("[2001:DB8::2]:53") || ip == ComboAddress("[2001:DB8::3]:53")) { | |
895 | setLWResult(res, 0, true, false, true); | |
896 | addRecordToLW(res, target, QType::A, "192.0.2.4"); | |
897 | return 1; | |
898 | } | |
899 | else { | |
900 | return 0; | |
901 | } | |
902 | }); | |
903 | ||
904 | vector<DNSRecord> ret; | |
905 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 906 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
30ee601a | 907 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
e9f9b8ec | 908 | BOOST_CHECK(ret[0].d_type == QType::A); |
30ee601a RG |
909 | BOOST_CHECK_EQUAL(ret[0].d_name, target); |
910 | } | |
911 | ||
e9f9b8ec RG |
912 | BOOST_AUTO_TEST_CASE(test_edns_submask_by_domain) { |
913 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 914 | initSR(sr); |
e9f9b8ec RG |
915 | |
916 | primeHints(); | |
917 | ||
918 | const DNSName target("powerdns.com."); | |
9065eb05 | 919 | SyncRes::addEDNSDomain(target); |
e9f9b8ec RG |
920 | |
921 | EDNSSubnetOpts incomingECS; | |
922 | incomingECS.source = Netmask("192.0.2.128/32"); | |
923 | sr->setIncomingECSFound(true); | |
924 | sr->setIncomingECS(incomingECS); | |
925 | ||
926 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
927 | ||
928 | BOOST_REQUIRE(srcmask); | |
929 | BOOST_CHECK_EQUAL(srcmask->toString(), "192.0.2.0/24"); | |
930 | return 0; | |
931 | }); | |
932 | ||
933 | vector<DNSRecord> ret; | |
934 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
f58c8379 | 935 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
e9f9b8ec RG |
936 | } |
937 | ||
938 | BOOST_AUTO_TEST_CASE(test_edns_submask_by_addr) { | |
939 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 940 | initSR(sr); |
e9f9b8ec RG |
941 | |
942 | primeHints(); | |
943 | ||
944 | const DNSName target("powerdns.com."); | |
9065eb05 | 945 | SyncRes::addEDNSSubnet(Netmask("192.0.2.1/32")); |
e9f9b8ec RG |
946 | |
947 | EDNSSubnetOpts incomingECS; | |
948 | incomingECS.source = Netmask("2001:DB8::FF/128"); | |
949 | sr->setIncomingECSFound(true); | |
950 | sr->setIncomingECS(incomingECS); | |
951 | ||
952 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
953 | ||
954 | if (isRootServer(ip)) { | |
955 | BOOST_REQUIRE(!srcmask); | |
956 | ||
8455425c | 957 | setLWResult(res, 0, false, false, true); |
e9f9b8ec RG |
958 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
959 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
960 | return 1; | |
961 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
962 | ||
963 | BOOST_REQUIRE(srcmask); | |
964 | BOOST_CHECK_EQUAL(srcmask->toString(), "2001:db8::/56"); | |
965 | ||
966 | setLWResult(res, 0, true, false, false); | |
967 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
968 | return 1; | |
969 | } | |
970 | ||
971 | return 0; | |
972 | }); | |
973 | ||
974 | vector<DNSRecord> ret; | |
975 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 976 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
778bcea6 RG |
977 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
978 | BOOST_CHECK(ret[0].d_type == QType::A); | |
979 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
980 | } | |
981 | ||
982 | BOOST_AUTO_TEST_CASE(test_following_cname) { | |
983 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 984 | initSR(sr); |
778bcea6 RG |
985 | |
986 | primeHints(); | |
987 | ||
988 | const DNSName target("cname.powerdns.com."); | |
989 | const DNSName cnameTarget("cname-target.powerdns.com"); | |
990 | ||
991 | sr->setAsyncCallback([target, cnameTarget](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
992 | ||
993 | if (isRootServer(ip)) { | |
8455425c | 994 | setLWResult(res, 0, false, false, true); |
778bcea6 RG |
995 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
996 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
997 | return 1; | |
998 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
999 | ||
1000 | if (domain == target) { | |
1001 | setLWResult(res, 0, true, false, false); | |
1002 | addRecordToLW(res, domain, QType::CNAME, cnameTarget.toString()); | |
1003 | return 1; | |
1004 | } | |
1005 | else if (domain == cnameTarget) { | |
1006 | setLWResult(res, 0, true, false, false); | |
1007 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1008 | } | |
1009 | ||
1010 | return 1; | |
1011 | } | |
1012 | ||
1013 | return 0; | |
1014 | }); | |
1015 | ||
1016 | vector<DNSRecord> ret; | |
1017 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1018 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
778bcea6 RG |
1019 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
1020 | BOOST_CHECK(ret[0].d_type == QType::CNAME); | |
1021 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
1022 | BOOST_CHECK(ret[1].d_type == QType::A); | |
1023 | BOOST_CHECK_EQUAL(ret[1].d_name, cnameTarget); | |
1024 | } | |
1025 | ||
4fff116b RG |
1026 | BOOST_AUTO_TEST_CASE(test_included_poisonous_cname) { |
1027 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1028 | initSR(sr); |
4fff116b RG |
1029 | |
1030 | primeHints(); | |
1031 | ||
1032 | /* In this test we directly get the NS server for cname.powerdns.com., | |
1033 | and we don't know whether it's also authoritative for | |
1034 | cname-target.powerdns.com or powerdns.com, so we shouldn't accept | |
1035 | the additional A record for cname-target.powerdns.com. */ | |
1036 | const DNSName target("cname.powerdns.com."); | |
1037 | const DNSName cnameTarget("cname-target.powerdns.com"); | |
1038 | ||
1039 | sr->setAsyncCallback([target, cnameTarget](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1040 | ||
1041 | if (isRootServer(ip)) { | |
1042 | ||
8455425c | 1043 | setLWResult(res, 0, false, false, true); |
4fff116b RG |
1044 | |
1045 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1046 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1047 | return 1; | |
1048 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1049 | ||
1050 | if (domain == target) { | |
1051 | setLWResult(res, 0, true, false, false); | |
1052 | addRecordToLW(res, domain, QType::CNAME, cnameTarget.toString()); | |
1053 | addRecordToLW(res, cnameTarget, QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL); | |
1054 | return 1; | |
1055 | } else if (domain == cnameTarget) { | |
1056 | setLWResult(res, 0, true, false, false); | |
1057 | addRecordToLW(res, cnameTarget, QType::A, "192.0.2.3"); | |
1058 | return 1; | |
1059 | } | |
1060 | ||
1061 | return 1; | |
1062 | } | |
1063 | ||
1064 | return 0; | |
1065 | }); | |
1066 | ||
1067 | vector<DNSRecord> ret; | |
1068 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1069 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
4fff116b RG |
1070 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
1071 | BOOST_REQUIRE(ret[0].d_type == QType::CNAME); | |
1072 | BOOST_CHECK_EQUAL(ret[0].d_name, target); | |
1073 | BOOST_CHECK_EQUAL(getRR<CNAMERecordContent>(ret[0])->getTarget(), cnameTarget); | |
1074 | BOOST_REQUIRE(ret[1].d_type == QType::A); | |
1075 | BOOST_CHECK_EQUAL(ret[1].d_name, cnameTarget); | |
1076 | BOOST_CHECK(getRR<ARecordContent>(ret[1])->getCA() == ComboAddress("192.0.2.3")); | |
1077 | } | |
1078 | ||
778bcea6 RG |
1079 | BOOST_AUTO_TEST_CASE(test_cname_loop) { |
1080 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1081 | initSR(sr); |
778bcea6 RG |
1082 | |
1083 | primeHints(); | |
1084 | ||
1085 | size_t count = 0; | |
1086 | const DNSName target("cname.powerdns.com."); | |
1087 | ||
1088 | sr->setAsyncCallback([target,&count](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1089 | ||
1090 | count++; | |
1091 | ||
1092 | if (isRootServer(ip)) { | |
778bcea6 | 1093 | |
8455425c | 1094 | setLWResult(res, 0, false, false, true); |
778bcea6 RG |
1095 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1096 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1097 | return 1; | |
1098 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1099 | ||
1100 | if (domain == target) { | |
1101 | setLWResult(res, 0, true, false, false); | |
1102 | addRecordToLW(res, domain, QType::CNAME, domain.toString()); | |
1103 | return 1; | |
1104 | } | |
1105 | ||
1106 | return 1; | |
1107 | } | |
1108 | ||
1109 | return 0; | |
1110 | }); | |
1111 | ||
1112 | vector<DNSRecord> ret; | |
1113 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
f58c8379 RG |
1114 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
1115 | BOOST_CHECK_GT(ret.size(), 0); | |
778bcea6 | 1116 | BOOST_CHECK_EQUAL(count, 2); |
e9f9b8ec RG |
1117 | } |
1118 | ||
4fff116b RG |
1119 | BOOST_AUTO_TEST_CASE(test_cname_depth) { |
1120 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1121 | initSR(sr); |
4fff116b RG |
1122 | |
1123 | primeHints(); | |
1124 | ||
1125 | size_t depth = 0; | |
1126 | const DNSName target("cname.powerdns.com."); | |
1127 | ||
1128 | sr->setAsyncCallback([target,&depth](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1129 | ||
1130 | if (isRootServer(ip)) { | |
4fff116b | 1131 | |
8455425c | 1132 | setLWResult(res, 0, false, false, true); |
4fff116b RG |
1133 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1134 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1135 | return 1; | |
1136 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1137 | ||
1138 | setLWResult(res, 0, true, false, false); | |
1139 | addRecordToLW(res, domain, QType::CNAME, std::to_string(depth) + "-cname.powerdns.com"); | |
1140 | depth++; | |
1141 | return 1; | |
1142 | } | |
1143 | ||
1144 | return 0; | |
1145 | }); | |
1146 | ||
1147 | vector<DNSRecord> ret; | |
1148 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
f58c8379 RG |
1149 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
1150 | BOOST_CHECK_EQUAL(ret.size(), depth); | |
4fff116b RG |
1151 | /* we have an arbitrary limit at 10 when following a CNAME chain */ |
1152 | BOOST_CHECK_EQUAL(depth, 10 + 2); | |
1153 | } | |
1154 | ||
d6e797b8 RG |
1155 | BOOST_AUTO_TEST_CASE(test_time_limit) { |
1156 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1157 | initSR(sr); |
d6e797b8 RG |
1158 | |
1159 | primeHints(); | |
1160 | ||
1161 | size_t queries = 0; | |
1162 | const DNSName target("cname.powerdns.com."); | |
1163 | ||
1164 | sr->setAsyncCallback([target,&queries](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1165 | ||
1166 | queries++; | |
1167 | ||
1168 | if (isRootServer(ip)) { | |
8455425c | 1169 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1170 | /* Pretend that this query took 2000 ms */ |
1171 | res->d_usec = 2000; | |
1172 | ||
1173 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1174 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1175 | return 1; | |
1176 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1177 | ||
1178 | setLWResult(res, 0, true, false, false); | |
1179 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1180 | return 1; | |
1181 | } | |
1182 | ||
1183 | return 0; | |
1184 | }); | |
1185 | ||
1186 | /* Set the maximum time to 1 ms */ | |
1187 | SyncRes::s_maxtotusec = 1000; | |
1188 | ||
1189 | try { | |
1190 | vector<DNSRecord> ret; | |
1191 | sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1192 | BOOST_CHECK(false); | |
1193 | } | |
1194 | catch(const ImmediateServFailException& e) { | |
1195 | } | |
1196 | BOOST_CHECK_EQUAL(queries, 1); | |
1197 | } | |
1198 | ||
1199 | BOOST_AUTO_TEST_CASE(test_referral_depth) { | |
1200 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1201 | initSR(sr); |
d6e797b8 RG |
1202 | |
1203 | primeHints(); | |
1204 | ||
1205 | size_t queries = 0; | |
1206 | const DNSName target("www.powerdns.com."); | |
1207 | ||
1208 | sr->setAsyncCallback([target,&queries](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1209 | ||
1210 | queries++; | |
1211 | ||
1212 | if (isRootServer(ip)) { | |
8455425c | 1213 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1214 | |
1215 | if (domain == DNSName("www.powerdns.com.")) { | |
1216 | addRecordToLW(res, domain, QType::NS, "ns.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
1217 | } | |
1218 | else if (domain == DNSName("ns.powerdns.com.")) { | |
1219 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1220 | } | |
1221 | else if (domain == DNSName("ns1.powerdns.org.")) { | |
1222 | addRecordToLW(res, domain, QType::NS, "ns2.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1223 | } | |
1224 | else if (domain == DNSName("ns2.powerdns.org.")) { | |
1225 | addRecordToLW(res, domain, QType::NS, "ns3.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1226 | } | |
1227 | else if (domain == DNSName("ns3.powerdns.org.")) { | |
1228 | addRecordToLW(res, domain, QType::NS, "ns4.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1229 | } | |
1230 | else if (domain == DNSName("ns4.powerdns.org.")) { | |
1231 | addRecordToLW(res, domain, QType::NS, "ns5.powerdns.org.", DNSResourceRecord::AUTHORITY, 172800); | |
1232 | addRecordToLW(res, domain, QType::A, "192.0.2.1", DNSResourceRecord::AUTHORITY, 172800); | |
1233 | } | |
1234 | ||
1235 | return 1; | |
1236 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1237 | ||
1238 | setLWResult(res, 0, true, false, false); | |
1239 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1240 | return 1; | |
1241 | } | |
1242 | ||
1243 | return 0; | |
1244 | }); | |
1245 | ||
1246 | /* Set the maximum depth low */ | |
1247 | SyncRes::s_maxdepth = 10; | |
1248 | ||
1249 | try { | |
1250 | vector<DNSRecord> ret; | |
1251 | sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1252 | BOOST_CHECK(false); | |
1253 | } | |
1254 | catch(const ImmediateServFailException& e) { | |
1255 | } | |
1256 | } | |
1257 | ||
1258 | BOOST_AUTO_TEST_CASE(test_cname_qperq) { | |
1259 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1260 | initSR(sr); |
d6e797b8 RG |
1261 | |
1262 | primeHints(); | |
1263 | ||
1264 | size_t queries = 0; | |
1265 | const DNSName target("cname.powerdns.com."); | |
1266 | ||
1267 | sr->setAsyncCallback([target,&queries](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1268 | ||
1269 | queries++; | |
1270 | ||
1271 | if (isRootServer(ip)) { | |
1272 | ||
8455425c | 1273 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1274 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1275 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1276 | return 1; | |
1277 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1278 | ||
1279 | setLWResult(res, 0, true, false, false); | |
1280 | addRecordToLW(res, domain, QType::CNAME, std::to_string(queries) + "-cname.powerdns.com"); | |
1281 | return 1; | |
1282 | } | |
1283 | ||
1284 | return 0; | |
1285 | }); | |
1286 | ||
1287 | /* Set the maximum number of questions very low */ | |
1288 | SyncRes::s_maxqperq = 5; | |
1289 | ||
1290 | try { | |
1291 | vector<DNSRecord> ret; | |
1292 | sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1293 | BOOST_CHECK(false); | |
1294 | } | |
1295 | catch(const ImmediateServFailException& e) { | |
1296 | BOOST_CHECK_EQUAL(queries, SyncRes::s_maxqperq); | |
1297 | } | |
1298 | } | |
1299 | ||
ccb07d93 RG |
1300 | BOOST_AUTO_TEST_CASE(test_throttled_server) { |
1301 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1302 | initSR(sr); |
ccb07d93 RG |
1303 | |
1304 | primeHints(); | |
1305 | ||
1306 | const DNSName target("throttled.powerdns.com."); | |
1307 | const ComboAddress ns("192.0.2.1:53"); | |
1308 | size_t queriesToNS = 0; | |
1309 | ||
1310 | sr->setAsyncCallback([target,ns,&queriesToNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1311 | ||
1312 | if (isRootServer(ip)) { | |
ccb07d93 | 1313 | |
8455425c | 1314 | setLWResult(res, 0, false, false, true); |
ccb07d93 RG |
1315 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1316 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1317 | return 1; | |
1318 | } else if (ip == ns) { | |
1319 | ||
1320 | queriesToNS++; | |
1321 | ||
1322 | setLWResult(res, 0, true, false, false); | |
1323 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1324 | ||
1325 | return 1; | |
1326 | } | |
1327 | ||
1328 | return 0; | |
1329 | }); | |
1330 | ||
1331 | /* mark ns as down */ | |
a712cb56 | 1332 | SyncRes::doThrottle(time(nullptr), ns, SyncRes::s_serverdownthrottletime, 10000); |
ccb07d93 RG |
1333 | |
1334 | vector<DNSRecord> ret; | |
1335 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
f58c8379 RG |
1336 | BOOST_CHECK_EQUAL(res, RCode::ServFail); |
1337 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
1338 | /* we should not have sent any queries to ns */ | |
ccb07d93 RG |
1339 | BOOST_CHECK_EQUAL(queriesToNS, 0); |
1340 | } | |
1341 | ||
1342 | BOOST_AUTO_TEST_CASE(test_throttled_server_count) { | |
1343 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1344 | initSR(sr); |
ccb07d93 RG |
1345 | |
1346 | primeHints(); | |
1347 | ||
1348 | const ComboAddress ns("192.0.2.1:53"); | |
1349 | ||
1350 | const size_t blocks = 10; | |
1351 | /* mark ns as down for 'blocks' queries */ | |
a712cb56 | 1352 | SyncRes::doThrottle(time(nullptr), ns, SyncRes::s_serverdownthrottletime, blocks); |
ccb07d93 RG |
1353 | |
1354 | for (size_t idx = 0; idx < blocks; idx++) { | |
a712cb56 | 1355 | BOOST_CHECK(SyncRes::isThrottled(time(nullptr), ns)); |
ccb07d93 RG |
1356 | } |
1357 | ||
1358 | /* we have been throttled 'blocks' times, we should not be throttled anymore */ | |
a712cb56 | 1359 | BOOST_CHECK(!SyncRes::isThrottled(time(nullptr), ns)); |
ccb07d93 RG |
1360 | } |
1361 | ||
1362 | BOOST_AUTO_TEST_CASE(test_throttled_server_time) { | |
1363 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1364 | initSR(sr); |
ccb07d93 RG |
1365 | |
1366 | primeHints(); | |
1367 | ||
1368 | const ComboAddress ns("192.0.2.1:53"); | |
1369 | ||
1370 | const size_t seconds = 1; | |
1371 | /* mark ns as down for 'seconds' seconds */ | |
a712cb56 RG |
1372 | SyncRes::doThrottle(time(nullptr), ns, seconds, 10000); |
1373 | ||
1374 | BOOST_CHECK(SyncRes::isThrottled(time(nullptr), ns)); | |
ccb07d93 RG |
1375 | |
1376 | sleep(seconds + 1); | |
1377 | ||
1378 | /* we should not be throttled anymore */ | |
a712cb56 | 1379 | BOOST_CHECK(!SyncRes::isThrottled(time(nullptr), ns)); |
ccb07d93 RG |
1380 | } |
1381 | ||
f58c8379 RG |
1382 | BOOST_AUTO_TEST_CASE(test_dont_query_server) { |
1383 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1384 | initSR(sr); |
f58c8379 RG |
1385 | |
1386 | primeHints(); | |
1387 | ||
1388 | const DNSName target("throttled.powerdns.com."); | |
1389 | const ComboAddress ns("192.0.2.1:53"); | |
1390 | size_t queriesToNS = 0; | |
1391 | ||
1392 | sr->setAsyncCallback([target,ns,&queriesToNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1393 | ||
1394 | if (isRootServer(ip)) { | |
1395 | ||
8455425c | 1396 | setLWResult(res, 0, false, false, true); |
f58c8379 RG |
1397 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1398 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1399 | return 1; | |
1400 | } else if (ip == ns) { | |
1401 | ||
1402 | queriesToNS++; | |
1403 | ||
1404 | setLWResult(res, 0, true, false, false); | |
1405 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1406 | ||
1407 | return 1; | |
1408 | } | |
1409 | ||
1410 | return 0; | |
1411 | }); | |
1412 | ||
1413 | /* prevent querying this NS */ | |
9065eb05 | 1414 | SyncRes::addDontQuery(Netmask(ns)); |
f58c8379 RG |
1415 | |
1416 | vector<DNSRecord> ret; | |
1417 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1418 | BOOST_CHECK_EQUAL(res, RCode::ServFail); | |
1419 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
1420 | /* we should not have sent any queries to ns */ | |
1421 | BOOST_CHECK_EQUAL(queriesToNS, 0); | |
1422 | } | |
1423 | ||
1424 | BOOST_AUTO_TEST_CASE(test_root_nx_trust) { | |
1425 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1426 | initSR(sr); |
f58c8379 RG |
1427 | |
1428 | primeHints(); | |
1429 | ||
1430 | const DNSName target1("powerdns.com."); | |
1431 | const DNSName target2("notpowerdns.com."); | |
1432 | const ComboAddress ns("192.0.2.1:53"); | |
1433 | size_t queriesCount = 0; | |
1434 | ||
1435 | sr->setAsyncCallback([target1, target2, ns, &queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1436 | ||
1437 | queriesCount++; | |
1438 | ||
1439 | if (isRootServer(ip)) { | |
1440 | ||
1441 | if (domain == target1) { | |
1442 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1443 | addRecordToLW(res, ".", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
1444 | } | |
1445 | else { | |
1446 | setLWResult(res, 0, true, false, true); | |
1447 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1448 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1449 | } | |
1450 | ||
1451 | return 1; | |
1452 | } else if (ip == ns) { | |
1453 | ||
1454 | setLWResult(res, 0, true, false, false); | |
1455 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1456 | ||
1457 | return 1; | |
1458 | } | |
1459 | ||
1460 | return 0; | |
1461 | }); | |
1462 | ||
1463 | vector<DNSRecord> ret; | |
1464 | int res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); | |
1465 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1466 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
1467 | /* one for target1 and one for the entire TLD */ | |
a712cb56 | 1468 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2); |
f58c8379 RG |
1469 | |
1470 | ret.clear(); | |
1471 | res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); | |
1472 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1473 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
1474 | /* one for target1 and one for the entire TLD */ | |
a712cb56 | 1475 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2); |
f58c8379 RG |
1476 | |
1477 | /* we should have sent only one query */ | |
1478 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
1479 | } | |
1480 | ||
898856ca RG |
1481 | BOOST_AUTO_TEST_CASE(test_root_nx_trust_specific) { |
1482 | std::unique_ptr<SyncRes> sr; | |
1483 | init(); | |
1484 | initSR(sr, true, false); | |
1485 | ||
1486 | primeHints(); | |
1487 | ||
1488 | const DNSName target1("powerdns.com."); | |
1489 | const DNSName target2("notpowerdns.com."); | |
1490 | const ComboAddress ns("192.0.2.1:53"); | |
1491 | size_t queriesCount = 0; | |
1492 | ||
1493 | /* This time the root denies target1 with a "com." SOA instead of a "." one. | |
1494 | We should add target1 to the negcache, but not "com.". */ | |
1495 | ||
1496 | sr->setAsyncCallback([target1, target2, ns, &queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1497 | ||
1498 | queriesCount++; | |
1499 | ||
1500 | if (isRootServer(ip)) { | |
1501 | ||
1502 | if (domain == target1) { | |
1503 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1504 | addRecordToLW(res, "com.", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
1505 | } | |
1506 | else { | |
1507 | setLWResult(res, 0, true, false, true); | |
1508 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1509 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1510 | } | |
1511 | ||
1512 | return 1; | |
1513 | } else if (ip == ns) { | |
1514 | ||
1515 | setLWResult(res, 0, true, false, false); | |
1516 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1517 | ||
1518 | return 1; | |
1519 | } | |
1520 | ||
1521 | return 0; | |
1522 | }); | |
1523 | ||
1524 | vector<DNSRecord> ret; | |
1525 | int res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); | |
1526 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1527 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
1528 | ||
1529 | /* even with root-nx-trust on and a NX answer from the root, | |
1530 | we should not have cached the entire TLD this time. */ | |
a712cb56 | 1531 | BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); |
898856ca RG |
1532 | |
1533 | ret.clear(); | |
1534 | res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); | |
1535 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
1536 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
1537 | BOOST_REQUIRE(ret[0].d_type == QType::A); | |
1538 | BOOST_CHECK_EQUAL(ret[0].d_name, target2); | |
1539 | BOOST_CHECK(getRR<ARecordContent>(ret[0])->getCA() == ComboAddress("192.0.2.2")); | |
1540 | ||
a712cb56 | 1541 | BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1); |
898856ca RG |
1542 | |
1543 | BOOST_CHECK_EQUAL(queriesCount, 3); | |
1544 | } | |
1545 | ||
f58c8379 RG |
1546 | BOOST_AUTO_TEST_CASE(test_root_nx_dont_trust) { |
1547 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1548 | initSR(sr); |
f58c8379 RG |
1549 | |
1550 | primeHints(); | |
1551 | ||
1552 | const DNSName target1("powerdns.com."); | |
1553 | const DNSName target2("notpowerdns.com."); | |
1554 | const ComboAddress ns("192.0.2.1:53"); | |
1555 | size_t queriesCount = 0; | |
1556 | ||
1557 | sr->setAsyncCallback([target1, target2, ns, &queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1558 | ||
1559 | queriesCount++; | |
1560 | ||
1561 | if (isRootServer(ip)) { | |
1562 | ||
1563 | if (domain == target1) { | |
1564 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1565 | addRecordToLW(res, ".", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
1566 | } | |
1567 | else { | |
1568 | setLWResult(res, 0, true, false, true); | |
1569 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); | |
1570 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
1571 | } | |
1572 | ||
1573 | return 1; | |
1574 | } else if (ip == ns) { | |
1575 | ||
1576 | setLWResult(res, 0, true, false, false); | |
1577 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1578 | ||
1579 | return 1; | |
1580 | } | |
1581 | ||
1582 | return 0; | |
1583 | }); | |
1584 | ||
1585 | SyncRes::s_rootNXTrust = false; | |
1586 | ||
1587 | vector<DNSRecord> ret; | |
1588 | int res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); | |
1589 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1590 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
1591 | /* one for target1 */ | |
a712cb56 | 1592 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1); |
f58c8379 RG |
1593 | |
1594 | ret.clear(); | |
1595 | res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1596 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
f58c8379 RG |
1597 | BOOST_CHECK_EQUAL(ret.size(), 1); |
1598 | /* one for target1 */ | |
a712cb56 | 1599 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1); |
f58c8379 RG |
1600 | |
1601 | /* we should have sent three queries */ | |
1602 | BOOST_CHECK_EQUAL(queriesCount, 3); | |
1603 | } | |
1604 | ||
1605 | BOOST_AUTO_TEST_CASE(test_skip_negcache_for_variable_response) { | |
1606 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1607 | initSR(sr); |
f58c8379 RG |
1608 | |
1609 | primeHints(); | |
1610 | ||
1611 | const DNSName target("www.powerdns.com."); | |
1612 | const DNSName cnameTarget("cname.powerdns.com."); | |
1613 | ||
9065eb05 | 1614 | SyncRes::addEDNSDomain(DNSName("powerdns.com.")); |
f58c8379 RG |
1615 | |
1616 | EDNSSubnetOpts incomingECS; | |
1617 | incomingECS.source = Netmask("192.0.2.128/32"); | |
1618 | sr->setIncomingECSFound(true); | |
1619 | sr->setIncomingECS(incomingECS); | |
1620 | ||
1621 | sr->setAsyncCallback([target,cnameTarget](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1622 | ||
1623 | BOOST_REQUIRE(srcmask); | |
1624 | BOOST_CHECK_EQUAL(srcmask->toString(), "192.0.2.0/24"); | |
1625 | ||
1626 | if (isRootServer(ip)) { | |
8455425c | 1627 | setLWResult(res, 0, false, false, true); |
f58c8379 RG |
1628 | addRecordToLW(res, "powerdns.com.", QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1629 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1630 | ||
1631 | return 1; | |
1632 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1633 | if (domain == target) { | |
1634 | /* Type 2 NXDOMAIN (rfc2308 section-2.1) */ | |
1635 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1636 | addRecordToLW(res, domain, QType::CNAME, cnameTarget.toString()); | |
1637 | addRecordToLW(res, "powerdns.com", QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
1638 | } | |
1639 | else if (domain == cnameTarget) { | |
1640 | /* we shouldn't get there since the Type NXDOMAIN should have been enough, | |
1641 | but we might if we still chase the CNAME. */ | |
1642 | setLWResult(res, RCode::NXDomain, true, false, true); | |
1643 | addRecordToLW(res, "powerdns.com", QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
1644 | } | |
1645 | ||
1646 | return 1; | |
1647 | } | |
1648 | ||
1649 | return 0; | |
1650 | }); | |
1651 | ||
1652 | vector<DNSRecord> ret; | |
1653 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1654 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1655 | BOOST_CHECK_EQUAL(ret.size(), 2); | |
1656 | /* no negative cache entry because the response was variable */ | |
a712cb56 | 1657 | BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 0); |
f58c8379 RG |
1658 | } |
1659 | ||
d6e797b8 RG |
1660 | BOOST_AUTO_TEST_CASE(test_ns_speed) { |
1661 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1662 | initSR(sr); |
30ee601a | 1663 | |
d6e797b8 | 1664 | primeHints(); |
30ee601a | 1665 | |
d6e797b8 | 1666 | const DNSName target("powerdns.com."); |
30ee601a | 1667 | |
d6e797b8 | 1668 | std::map<ComboAddress, uint64_t> nsCounts; |
30ee601a | 1669 | |
d6e797b8 | 1670 | sr->setAsyncCallback([target,&nsCounts](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { |
30ee601a | 1671 | |
d6e797b8 | 1672 | if (isRootServer(ip)) { |
8455425c | 1673 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1674 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1675 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
1676 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns3.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
30ee601a | 1677 | |
d6e797b8 RG |
1678 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); |
1679 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::AAAA, "2001:DB8::1", DNSResourceRecord::ADDITIONAL, 3600); | |
1680 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
1681 | addRecordToLW(res, "pdns-public-ns2.powerdns.com.", QType::AAAA, "2001:DB8::2", DNSResourceRecord::ADDITIONAL, 3600); | |
1682 | addRecordToLW(res, "pdns-public-ns3.powerdns.com.", QType::A, "192.0.2.3", DNSResourceRecord::ADDITIONAL, 3600); | |
1683 | addRecordToLW(res, "pdns-public-ns3.powerdns.com.", QType::AAAA, "2001:DB8::3", DNSResourceRecord::ADDITIONAL, 3600); | |
30ee601a | 1684 | |
d6e797b8 RG |
1685 | return 1; |
1686 | } else { | |
1687 | nsCounts[ip]++; | |
30ee601a | 1688 | |
d6e797b8 RG |
1689 | if (ip == ComboAddress("[2001:DB8::2]:53") || ip == ComboAddress("192.0.2.2:53")) { |
1690 | BOOST_CHECK_LT(nsCounts.size(), 3); | |
1691 | ||
1692 | /* let's time out on pdns-public-ns2.powerdns.com. */ | |
1693 | return 0; | |
1694 | } | |
1695 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
1696 | BOOST_CHECK_EQUAL(nsCounts.size(), 3); | |
1697 | ||
1698 | setLWResult(res, 0, true, false, true); | |
1699 | addRecordToLW(res, domain, QType::A, "192.0.2.254"); | |
1700 | return 1; | |
1701 | } | |
1702 | ||
1703 | return 0; | |
1704 | } | |
30ee601a | 1705 | |
d6e797b8 RG |
1706 | return 0; |
1707 | }); | |
30ee601a | 1708 | |
d6e797b8 RG |
1709 | struct timeval now; |
1710 | gettimeofday(&now, 0); | |
30ee601a | 1711 | |
d6e797b8 RG |
1712 | /* make pdns-public-ns2.powerdns.com. the fastest NS, with its IPv6 address faster than the IPV4 one, |
1713 | then pdns-public-ns1.powerdns.com. on IPv4 */ | |
a712cb56 RG |
1714 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns1.powerdns.com."), ComboAddress("192.0.2.1:53"), 100, &now); |
1715 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns1.powerdns.com."), ComboAddress("[2001:DB8::1]:53"), 10000, &now); | |
1716 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns2.powerdns.com."), ComboAddress("192.0.2.2:53"), 10, &now); | |
1717 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns2.powerdns.com."), ComboAddress("[2001:DB8::2]:53"), 1, &now); | |
1718 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns3.powerdns.com."), ComboAddress("192.0.2.3:53"), 10000, &now); | |
1719 | SyncRes::submitNSSpeed(DNSName("pdns-public-ns3.powerdns.com."), ComboAddress("[2001:DB8::3]:53"), 10000, &now); | |
30ee601a | 1720 | |
d6e797b8 RG |
1721 | vector<DNSRecord> ret; |
1722 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1723 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1724 | BOOST_CHECK_EQUAL(ret.size(), 1); |
1725 | BOOST_CHECK_EQUAL(nsCounts.size(), 3); | |
1726 | BOOST_CHECK_EQUAL(nsCounts[ComboAddress("192.0.2.1:53")], 1); | |
1727 | BOOST_CHECK_EQUAL(nsCounts[ComboAddress("192.0.2.2:53")], 1); | |
1728 | BOOST_CHECK_EQUAL(nsCounts[ComboAddress("[2001:DB8::2]:53")], 1); | |
1729 | } | |
30ee601a | 1730 | |
d6e797b8 RG |
1731 | BOOST_AUTO_TEST_CASE(test_flawed_nsset) { |
1732 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1733 | initSR(sr); |
30ee601a | 1734 | |
d6e797b8 | 1735 | primeHints(); |
30ee601a | 1736 | |
d6e797b8 | 1737 | const DNSName target("powerdns.com."); |
30ee601a | 1738 | |
d6e797b8 RG |
1739 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { |
1740 | ||
1741 | if (isRootServer(ip)) { | |
8455425c | 1742 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1743 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1744 | ||
1745 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1746 | ||
1747 | return 1; | |
1748 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1749 | setLWResult(res, 0, true, false, true); | |
1750 | addRecordToLW(res, domain, QType::A, "192.0.2.254"); | |
1751 | return 1; | |
1752 | } | |
1753 | ||
1754 | return 0; | |
1755 | }); | |
1756 | ||
1757 | /* we populate the cache with a flawed NSset, i.e. there is a NS entry but no corresponding glue */ | |
1758 | time_t now = time(nullptr); | |
1759 | std::vector<DNSRecord> records; | |
1760 | std::vector<shared_ptr<RRSIGRecordContent> > sigs; | |
1761 | addRecordToList(records, target, QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, now + 3600); | |
1762 | ||
2b984251 | 1763 | t_RC->replace(now, target, QType(QType::NS), records, sigs, vector<std::shared_ptr<DNSRecord>>(), true, boost::optional<Netmask>()); |
d6e797b8 RG |
1764 | |
1765 | vector<DNSRecord> ret; | |
1766 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1767 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1768 | BOOST_CHECK_EQUAL(ret.size(), 1); |
1769 | } | |
1770 | ||
3337c2f7 RG |
1771 | BOOST_AUTO_TEST_CASE(test_completely_flawed_nsset) { |
1772 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1773 | initSR(sr); |
3337c2f7 RG |
1774 | |
1775 | primeHints(); | |
1776 | ||
1777 | const DNSName target("powerdns.com."); | |
1778 | size_t queriesCount = 0; | |
1779 | ||
1780 | sr->setAsyncCallback([&queriesCount,target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1781 | ||
1782 | queriesCount++; | |
1783 | ||
1784 | if (isRootServer(ip) && domain == target) { | |
8455425c | 1785 | setLWResult(res, 0, false, false, true); |
3337c2f7 RG |
1786 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns2.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1787 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns3.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); | |
1788 | return 1; | |
1789 | } else if (domain == DNSName("pdns-public-ns2.powerdns.com.") || domain == DNSName("pdns-public-ns3.powerdns.com.")){ | |
1790 | setLWResult(res, 0, true, false, true); | |
1791 | addRecordToLW(res, ".", QType::SOA, "a.root-servers.net. nstld.verisign-grs.com. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); | |
1792 | return 1; | |
1793 | } | |
1794 | ||
1795 | return 0; | |
1796 | }); | |
1797 | ||
1798 | vector<DNSRecord> ret; | |
1799 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1800 | BOOST_CHECK_EQUAL(res, RCode::ServFail); | |
1801 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
1802 | /* one query to get NSs, then A and AAAA for each NS */ | |
1803 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
1804 | } | |
1805 | ||
d6e797b8 RG |
1806 | BOOST_AUTO_TEST_CASE(test_cache_hit) { |
1807 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1808 | initSR(sr); |
d6e797b8 RG |
1809 | |
1810 | primeHints(); | |
1811 | ||
1812 | const DNSName target("powerdns.com."); | |
1813 | ||
1814 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1815 | ||
1816 | return 0; | |
1817 | }); | |
1818 | ||
1819 | /* we populate the cache with eveything we need */ | |
1820 | time_t now = time(nullptr); | |
1821 | std::vector<DNSRecord> records; | |
1822 | std::vector<shared_ptr<RRSIGRecordContent> > sigs; | |
1823 | ||
1824 | addRecordToList(records, target, QType::A, "192.0.2.1", DNSResourceRecord::ANSWER, now + 3600); | |
2b984251 | 1825 | t_RC->replace(now, target , QType(QType::A), records, sigs, vector<std::shared_ptr<DNSRecord>>(), true, boost::optional<Netmask>()); |
d6e797b8 RG |
1826 | |
1827 | vector<DNSRecord> ret; | |
1828 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1829 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1830 | BOOST_CHECK_EQUAL(ret.size(), 1); |
1831 | } | |
1832 | ||
648bcbd1 RG |
1833 | BOOST_AUTO_TEST_CASE(test_no_rd) { |
1834 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1835 | initSR(sr); |
648bcbd1 RG |
1836 | |
1837 | primeHints(); | |
1838 | ||
1839 | const DNSName target("powerdns.com."); | |
1840 | size_t queriesCount = 0; | |
1841 | ||
1842 | sr->setCacheOnly(); | |
1843 | ||
1844 | sr->setAsyncCallback([target,&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1845 | ||
1846 | queriesCount++; | |
1847 | return 0; | |
1848 | }); | |
1849 | ||
1850 | vector<DNSRecord> ret; | |
1851 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1852 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
1853 | BOOST_CHECK_EQUAL(ret.size(), 0); |
1854 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
1855 | } | |
1856 | ||
d6e797b8 RG |
1857 | BOOST_AUTO_TEST_CASE(test_cache_min_max_ttl) { |
1858 | std::unique_ptr<SyncRes> sr; | |
a53e8fe3 | 1859 | const time_t now = time(nullptr); |
895449a5 | 1860 | initSR(sr); |
d6e797b8 RG |
1861 | |
1862 | primeHints(); | |
1863 | ||
1864 | const DNSName target("cachettl.powerdns.com."); | |
1865 | const ComboAddress ns("192.0.2.1:53"); | |
1866 | ||
1867 | sr->setAsyncCallback([target,ns](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1868 | ||
1869 | if (isRootServer(ip)) { | |
1870 | ||
8455425c | 1871 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1872 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1873 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 7200); | |
1874 | return 1; | |
1875 | } else if (ip == ns) { | |
1876 | ||
1877 | setLWResult(res, 0, true, false, false); | |
1878 | addRecordToLW(res, domain, QType::A, "192.0.2.2", DNSResourceRecord::ANSWER, 10); | |
1879 | ||
1880 | return 1; | |
1881 | } | |
1882 | ||
1883 | return 0; | |
1884 | }); | |
1885 | ||
1886 | SyncRes::s_minimumTTL = 60; | |
1887 | SyncRes::s_maxcachettl = 3600; | |
1888 | ||
1889 | vector<DNSRecord> ret; | |
1890 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1891 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1892 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
1893 | BOOST_CHECK_EQUAL(ret[0].d_ttl, SyncRes::s_minimumTTL); | |
1894 | ||
1895 | const ComboAddress who; | |
1896 | vector<DNSRecord> cached; | |
24bb9b58 | 1897 | BOOST_REQUIRE_GT(t_RC->get(now, target, QType(QType::A), true, &cached, who), 0); |
d6e797b8 RG |
1898 | BOOST_REQUIRE_EQUAL(cached.size(), 1); |
1899 | BOOST_REQUIRE_GT(cached[0].d_ttl, now); | |
1900 | BOOST_CHECK_EQUAL((cached[0].d_ttl - now), SyncRes::s_minimumTTL); | |
1901 | ||
1902 | cached.clear(); | |
24bb9b58 | 1903 | BOOST_REQUIRE_GT(t_RC->get(now, target, QType(QType::NS), false, &cached, who), 0); |
d6e797b8 RG |
1904 | BOOST_REQUIRE_EQUAL(cached.size(), 1); |
1905 | BOOST_REQUIRE_GT(cached[0].d_ttl, now); | |
1906 | BOOST_CHECK_LE((cached[0].d_ttl - now), SyncRes::s_maxcachettl); | |
1907 | } | |
1908 | ||
1909 | BOOST_AUTO_TEST_CASE(test_cache_expired_ttl) { | |
1910 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1911 | initSR(sr); |
d6e797b8 RG |
1912 | |
1913 | primeHints(); | |
1914 | ||
1915 | const DNSName target("powerdns.com."); | |
1916 | ||
1917 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1918 | ||
1919 | if (isRootServer(ip)) { | |
8455425c | 1920 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1921 | addRecordToLW(res, domain, QType::NS, "pdns-public-ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 172800); |
1922 | ||
1923 | addRecordToLW(res, "pdns-public-ns1.powerdns.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1924 | ||
1925 | return 1; | |
1926 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1927 | setLWResult(res, 0, true, false, true); | |
1928 | addRecordToLW(res, domain, QType::A, "192.0.2.2"); | |
1929 | return 1; | |
1930 | } | |
1931 | ||
1932 | return 0; | |
1933 | }); | |
1934 | ||
1935 | /* we populate the cache with entries that expired 60s ago*/ | |
1936 | time_t now = time(nullptr); | |
1937 | std::vector<DNSRecord> records; | |
1938 | std::vector<shared_ptr<RRSIGRecordContent> > sigs; | |
1939 | addRecordToList(records, target, QType::A, "192.0.2.42", DNSResourceRecord::ANSWER, now - 60); | |
1940 | ||
2b984251 | 1941 | t_RC->replace(now - 3600, target, QType(QType::A), records, sigs, vector<std::shared_ptr<DNSRecord>>(), true, boost::optional<Netmask>()); |
d6e797b8 RG |
1942 | |
1943 | vector<DNSRecord> ret; | |
1944 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 1945 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
1946 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
1947 | BOOST_REQUIRE(ret[0].d_type == QType::A); | |
1948 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[0])->getCA().toStringWithPort(), ComboAddress("192.0.2.2").toStringWithPort()); | |
1949 | } | |
1950 | ||
1951 | BOOST_AUTO_TEST_CASE(test_delegation_only) { | |
1952 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1953 | initSR(sr); |
d6e797b8 RG |
1954 | |
1955 | primeHints(); | |
1956 | ||
1957 | /* Thanks, Verisign */ | |
9065eb05 RG |
1958 | SyncRes::addDelegationOnly(DNSName("com.")); |
1959 | SyncRes::addDelegationOnly(DNSName("net.")); | |
d6e797b8 RG |
1960 | |
1961 | const DNSName target("nx-powerdns.com."); | |
1962 | ||
1963 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1964 | ||
1965 | if (isRootServer(ip)) { | |
8455425c | 1966 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1967 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1968 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
1969 | return 1; | |
1970 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
1971 | ||
1972 | setLWResult(res, 0, true, false, true); | |
1973 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
1974 | return 1; | |
1975 | } | |
1976 | ||
1977 | return 0; | |
1978 | }); | |
1979 | ||
1980 | vector<DNSRecord> ret; | |
1981 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
1982 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
1983 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
1984 | } | |
1985 | ||
1986 | BOOST_AUTO_TEST_CASE(test_unauth_any) { | |
1987 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 1988 | initSR(sr); |
d6e797b8 RG |
1989 | |
1990 | primeHints(); | |
1991 | ||
1992 | const DNSName target("powerdns.com."); | |
1993 | ||
1994 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
1995 | ||
1996 | if (isRootServer(ip)) { | |
8455425c | 1997 | setLWResult(res, 0, false, false, true); |
d6e797b8 RG |
1998 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
1999 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
2000 | return 1; | |
2001 | } else if (ip == ComboAddress("192.0.2.1:53")) { | |
2002 | ||
2003 | setLWResult(res, 0, false, false, true); | |
2004 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2005 | return 1; | |
2006 | } | |
2007 | ||
2008 | return 0; | |
2009 | }); | |
2010 | ||
2011 | vector<DNSRecord> ret; | |
2012 | int res = sr->beginResolve(target, QType(QType::ANY), QClass::IN, ret); | |
2013 | BOOST_CHECK_EQUAL(res, RCode::ServFail); | |
2014 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2015 | } | |
2016 | ||
2017 | BOOST_AUTO_TEST_CASE(test_no_data) { | |
2018 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2019 | initSR(sr); |
d6e797b8 RG |
2020 | |
2021 | primeHints(); | |
2022 | ||
2023 | const DNSName target("powerdns.com."); | |
2024 | ||
2025 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2026 | ||
2027 | setLWResult(res, 0, true, false, true); | |
2028 | return 1; | |
2029 | }); | |
2030 | ||
2031 | vector<DNSRecord> ret; | |
2032 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2033 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
2034 | BOOST_CHECK_EQUAL(ret.size(), 0); |
2035 | } | |
2036 | ||
2037 | BOOST_AUTO_TEST_CASE(test_skip_opt_any) { | |
2038 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2039 | initSR(sr); |
d6e797b8 RG |
2040 | |
2041 | primeHints(); | |
2042 | ||
2043 | const DNSName target("powerdns.com."); | |
2044 | ||
2045 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2046 | ||
2047 | setLWResult(res, 0, true, false, true); | |
2048 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2049 | addRecordToLW(res, domain, QType::ANY, "0 0"); | |
2050 | addRecordToLW(res, domain, QType::OPT, ""); | |
2051 | return 1; | |
2052 | }); | |
2053 | ||
2054 | vector<DNSRecord> ret; | |
2055 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2056 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
2057 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2058 | } | |
2059 | ||
2060 | BOOST_AUTO_TEST_CASE(test_nodata_nsec_nodnssec) { | |
2061 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2062 | initSR(sr); |
d6e797b8 RG |
2063 | |
2064 | primeHints(); | |
2065 | ||
2066 | const DNSName target("powerdns.com."); | |
2067 | ||
2068 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2069 | ||
2070 | setLWResult(res, 0, true, false, true); | |
2071 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
2072 | /* the NSEC and RRSIG contents are complete garbage, please ignore them */ | |
2073 | addRecordToLW(res, domain, QType::NSEC, "deadbeef", DNSResourceRecord::AUTHORITY); | |
2b984251 | 2074 | addRecordToLW(res, domain, QType::RRSIG, "NSEC 5 2 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
d6e797b8 RG |
2075 | addRecordToLW(res, domain, QType::RRSIG, "SOA 5 3 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
2076 | return 1; | |
2077 | }); | |
2078 | ||
2079 | vector<DNSRecord> ret; | |
2080 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2081 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
2082 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2083 | } | |
2084 | ||
2085 | BOOST_AUTO_TEST_CASE(test_nodata_nsec_dnssec) { | |
2086 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2087 | initSR(sr, true); |
d6e797b8 RG |
2088 | |
2089 | primeHints(); | |
2090 | ||
2091 | const DNSName target("powerdns.com."); | |
2092 | ||
2093 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2094 | ||
2095 | setLWResult(res, 0, true, false, true); | |
2096 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
2097 | /* the NSEC and RRSIG contents are complete garbage, please ignore them */ | |
2098 | addRecordToLW(res, domain, QType::NSEC, "deadbeef", DNSResourceRecord::AUTHORITY); | |
2b984251 | 2099 | addRecordToLW(res, domain, QType::RRSIG, "NSEC 5 2 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
d6e797b8 RG |
2100 | addRecordToLW(res, domain, QType::RRSIG, "SOA 5 3 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
2101 | return 1; | |
2102 | }); | |
2103 | ||
2104 | vector<DNSRecord> ret; | |
2105 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2106 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
d6e797b8 RG |
2107 | BOOST_CHECK_EQUAL(ret.size(), 4); |
2108 | } | |
2109 | ||
2110 | BOOST_AUTO_TEST_CASE(test_nx_nsec_nodnssec) { | |
2111 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2112 | initSR(sr); |
d6e797b8 RG |
2113 | |
2114 | primeHints(); | |
2115 | ||
2116 | const DNSName target("powerdns.com."); | |
2117 | ||
2118 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2119 | ||
2120 | setLWResult(res, RCode::NXDomain, true, false, true); | |
2121 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
2122 | /* the NSEC and RRSIG contents are complete garbage, please ignore them */ | |
2123 | addRecordToLW(res, domain, QType::NSEC, "deadbeef", DNSResourceRecord::AUTHORITY); | |
2b984251 | 2124 | addRecordToLW(res, domain, QType::RRSIG, "NSEC 5 2 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
d6e797b8 RG |
2125 | addRecordToLW(res, domain, QType::RRSIG, "SOA 5 3 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
2126 | return 1; | |
2127 | }); | |
2128 | ||
2129 | vector<DNSRecord> ret; | |
2130 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2131 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
2132 | BOOST_CHECK_EQUAL(ret.size(), 1); | |
2133 | } | |
2134 | ||
2135 | BOOST_AUTO_TEST_CASE(test_nx_nsec_dnssec) { | |
2136 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2137 | initSR(sr, true); |
d6e797b8 RG |
2138 | |
2139 | primeHints(); | |
2140 | ||
2141 | const DNSName target("powerdns.com."); | |
2142 | ||
2143 | sr->setAsyncCallback([target](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2144 | ||
2145 | setLWResult(res, RCode::NXDomain, true, false, true); | |
2146 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
2147 | /* the NSEC and RRSIG contents are complete garbage, please ignore them */ | |
2148 | addRecordToLW(res, domain, QType::NSEC, "deadbeef", DNSResourceRecord::AUTHORITY); | |
2b984251 | 2149 | addRecordToLW(res, domain, QType::RRSIG, "NSEC 5 2 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
d6e797b8 RG |
2150 | addRecordToLW(res, domain, QType::RRSIG, "SOA 5 3 600 2100010100000000 2100010100000000 24567 dummy data", DNSResourceRecord::AUTHORITY); |
2151 | return 1; | |
2152 | }); | |
2153 | ||
2154 | vector<DNSRecord> ret; | |
2155 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2156 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
2157 | BOOST_CHECK_EQUAL(ret.size(), 4); | |
2158 | } | |
2159 | ||
648bcbd1 RG |
2160 | BOOST_AUTO_TEST_CASE(test_qclass_none) { |
2161 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2162 | initSR(sr); |
648bcbd1 RG |
2163 | |
2164 | primeHints(); | |
2165 | ||
2166 | /* apart from special names and QClass::ANY, anything else than QClass::IN should be rejected right away */ | |
2167 | size_t queriesCount = 0; | |
2168 | ||
2169 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2170 | ||
2171 | queriesCount++; | |
2172 | return 0; | |
2173 | }); | |
2174 | ||
2175 | const DNSName target("powerdns.com."); | |
2176 | vector<DNSRecord> ret; | |
2177 | int res = sr->beginResolve(target, QType(QType::A), QClass::NONE, ret); | |
2178 | BOOST_CHECK_EQUAL(res, -1); | |
2179 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2180 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2181 | } | |
2182 | ||
2183 | BOOST_AUTO_TEST_CASE(test_xfr) { | |
2184 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2185 | initSR(sr); |
648bcbd1 RG |
2186 | |
2187 | primeHints(); | |
2188 | ||
2189 | /* {A,I}XFR should be rejected right away */ | |
2190 | size_t queriesCount = 0; | |
2191 | ||
2192 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2193 | ||
2194 | cerr<<"asyncresolve called to ask "<<ip.toStringWithPort()<<" about "<<domain.toString()<<" / "<<QType(type).getName()<<" over "<<(doTCP ? "TCP" : "UDP")<<" (rd: "<<sendRDQuery<<", EDNS0 level: "<<EDNS0Level<<")"<<endl; | |
2195 | queriesCount++; | |
2196 | return 0; | |
2197 | }); | |
2198 | ||
2199 | const DNSName target("powerdns.com."); | |
2200 | vector<DNSRecord> ret; | |
2201 | int res = sr->beginResolve(target, QType(QType::AXFR), QClass::IN, ret); | |
2202 | BOOST_CHECK_EQUAL(res, -1); | |
2203 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2204 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2205 | ||
2206 | res = sr->beginResolve(target, QType(QType::IXFR), QClass::IN, ret); | |
2207 | BOOST_CHECK_EQUAL(res, -1); | |
2208 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2209 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2210 | } | |
2211 | ||
2212 | BOOST_AUTO_TEST_CASE(test_special_names) { | |
2213 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2214 | initSR(sr); |
648bcbd1 RG |
2215 | |
2216 | primeHints(); | |
2217 | ||
2218 | /* special names should be handled internally */ | |
2219 | ||
2220 | size_t queriesCount = 0; | |
2221 | ||
2222 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2223 | ||
2224 | queriesCount++; | |
2225 | return 0; | |
2226 | }); | |
2227 | ||
2228 | vector<DNSRecord> ret; | |
2229 | int res = sr->beginResolve(DNSName("1.0.0.127.in-addr.arpa."), QType(QType::PTR), QClass::IN, ret); | |
b7f378d1 | 2230 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2231 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2232 | BOOST_CHECK(ret[0].d_type == QType::PTR); | |
2233 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2234 | ||
2235 | ret.clear(); | |
2236 | res = sr->beginResolve(DNSName("1.0.0.127.in-addr.arpa."), QType(QType::ANY), QClass::IN, ret); | |
b7f378d1 | 2237 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2238 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2239 | BOOST_CHECK(ret[0].d_type == QType::PTR); | |
2240 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2241 | ||
2242 | ret.clear(); | |
2243 | res = sr->beginResolve(DNSName("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa."), QType(QType::PTR), QClass::IN, ret); | |
b7f378d1 | 2244 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2245 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2246 | BOOST_CHECK(ret[0].d_type == QType::PTR); | |
2247 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2248 | ||
2249 | ret.clear(); | |
2250 | res = sr->beginResolve(DNSName("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa."), QType(QType::ANY), QClass::IN, ret); | |
b7f378d1 | 2251 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2252 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2253 | BOOST_CHECK(ret[0].d_type == QType::PTR); | |
2254 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2255 | ||
2256 | ret.clear(); | |
2257 | res = sr->beginResolve(DNSName("localhost."), QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2258 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2259 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2260 | BOOST_CHECK(ret[0].d_type == QType::A); | |
2261 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[0])->getCA().toString(), "127.0.0.1"); | |
2262 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2263 | ||
2264 | ret.clear(); | |
2265 | res = sr->beginResolve(DNSName("localhost."), QType(QType::AAAA), QClass::IN, ret); | |
b7f378d1 | 2266 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2267 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2268 | BOOST_CHECK(ret[0].d_type == QType::AAAA); | |
2269 | BOOST_CHECK_EQUAL(getRR<AAAARecordContent>(ret[0])->getCA().toString(), "::1"); | |
2270 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2271 | ||
2272 | ret.clear(); | |
2273 | res = sr->beginResolve(DNSName("localhost."), QType(QType::ANY), QClass::IN, ret); | |
b7f378d1 | 2274 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2275 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
2276 | for (const auto& rec : ret) { | |
2277 | BOOST_REQUIRE((rec.d_type == QType::A) || rec.d_type == QType::AAAA); | |
2278 | if (rec.d_type == QType::A) { | |
2279 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(rec)->getCA().toString(), "127.0.0.1"); | |
2280 | } | |
2281 | else { | |
2282 | BOOST_CHECK_EQUAL(getRR<AAAARecordContent>(rec)->getCA().toString(), "::1"); | |
2283 | } | |
2284 | } | |
2285 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2286 | ||
2287 | ret.clear(); | |
2288 | res = sr->beginResolve(DNSName("version.bind."), QType(QType::TXT), QClass::CHAOS, ret); | |
b7f378d1 | 2289 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2290 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2291 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2292 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests\""); | |
2293 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2294 | ||
2295 | ret.clear(); | |
2296 | res = sr->beginResolve(DNSName("version.bind."), QType(QType::ANY), QClass::CHAOS, ret); | |
b7f378d1 | 2297 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2298 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2299 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2300 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests\""); | |
2301 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2302 | ||
2303 | ret.clear(); | |
2304 | res = sr->beginResolve(DNSName("version.pdns."), QType(QType::TXT), QClass::CHAOS, ret); | |
b7f378d1 | 2305 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2306 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2307 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2308 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests\""); | |
2309 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2310 | ||
2311 | ret.clear(); | |
2312 | res = sr->beginResolve(DNSName("version.pdns."), QType(QType::ANY), QClass::CHAOS, ret); | |
b7f378d1 | 2313 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2314 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2315 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2316 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests\""); | |
2317 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2318 | ||
2319 | ret.clear(); | |
2320 | res = sr->beginResolve(DNSName("id.server."), QType(QType::TXT), QClass::CHAOS, ret); | |
b7f378d1 | 2321 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2322 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2323 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2324 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests Server ID\""); | |
2325 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2326 | ||
2327 | ret.clear(); | |
2328 | res = sr->beginResolve(DNSName("id.server."), QType(QType::ANY), QClass::CHAOS, ret); | |
b7f378d1 | 2329 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2330 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2331 | BOOST_CHECK(ret[0].d_type == QType::TXT); | |
2332 | BOOST_CHECK_EQUAL(getRR<TXTRecordContent>(ret[0])->d_text, "\"PowerDNS Unit Tests Server ID\""); | |
2333 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2334 | } | |
2335 | ||
2336 | BOOST_AUTO_TEST_CASE(test_nameserver_ipv4_rpz) { | |
2337 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2338 | initSR(sr); |
648bcbd1 RG |
2339 | |
2340 | primeHints(); | |
2341 | ||
2342 | const DNSName target("rpz.powerdns.com."); | |
2343 | const ComboAddress ns("192.0.2.1:53"); | |
2344 | ||
2345 | sr->setAsyncCallback([target,ns](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2346 | ||
2347 | if (isRootServer(ip)) { | |
8455425c | 2348 | setLWResult(res, false, true, false, true); |
648bcbd1 RG |
2349 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
2350 | addRecordToLW(res, "a.gtld-servers.net.", QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
2351 | return 1; | |
2352 | } else if (ip == ns) { | |
2353 | ||
2354 | setLWResult(res, 0, true, false, true); | |
2355 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2356 | return 1; | |
2357 | } | |
2358 | ||
2359 | return 0; | |
2360 | }); | |
2361 | ||
2362 | DNSFilterEngine::Policy pol; | |
2363 | pol.d_kind = DNSFilterEngine::PolicyKind::Drop; | |
6b972d59 RG |
2364 | std::shared_ptr<DNSFilterEngine::Zone> zone = std::make_shared<DNSFilterEngine::Zone>(); |
2365 | zone->setName("Unit test policy 0"); | |
2366 | zone->addNSIPTrigger(Netmask(ns, 32), pol); | |
648bcbd1 | 2367 | auto luaconfsCopy = g_luaconfs.getCopy(); |
6b972d59 | 2368 | luaconfsCopy.dfe.addZone(zone); |
648bcbd1 RG |
2369 | g_luaconfs.setState(luaconfsCopy); |
2370 | ||
2371 | vector<DNSRecord> ret; | |
2372 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2373 | BOOST_CHECK_EQUAL(res, -2); | |
2374 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2375 | } | |
2376 | ||
2377 | BOOST_AUTO_TEST_CASE(test_nameserver_ipv6_rpz) { | |
2378 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2379 | initSR(sr); |
648bcbd1 RG |
2380 | |
2381 | primeHints(); | |
2382 | ||
2383 | const DNSName target("rpz.powerdns.com."); | |
2384 | const ComboAddress ns("[2001:DB8::42]:53"); | |
2385 | ||
2386 | sr->setAsyncCallback([target,ns](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2387 | ||
2388 | if (isRootServer(ip)) { | |
8455425c | 2389 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
2390 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.net.", DNSResourceRecord::AUTHORITY, 172800); |
2391 | addRecordToLW(res, "a.gtld-servers.net.", QType::AAAA, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
2392 | return 1; | |
2393 | } else if (ip == ns) { | |
2394 | ||
2395 | setLWResult(res, 0, true, false, true); | |
2396 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2397 | return 1; | |
2398 | } | |
2399 | ||
2400 | return 0; | |
2401 | }); | |
2402 | ||
2403 | DNSFilterEngine::Policy pol; | |
2404 | pol.d_kind = DNSFilterEngine::PolicyKind::Drop; | |
6b972d59 RG |
2405 | std::shared_ptr<DNSFilterEngine::Zone> zone = std::make_shared<DNSFilterEngine::Zone>(); |
2406 | zone->setName("Unit test policy 0"); | |
2407 | zone->addNSIPTrigger(Netmask(ns, 128), pol); | |
648bcbd1 | 2408 | auto luaconfsCopy = g_luaconfs.getCopy(); |
6b972d59 | 2409 | luaconfsCopy.dfe.addZone(zone); |
648bcbd1 RG |
2410 | g_luaconfs.setState(luaconfsCopy); |
2411 | ||
2412 | vector<DNSRecord> ret; | |
2413 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2414 | BOOST_CHECK_EQUAL(res, -2); | |
2415 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2416 | } | |
2417 | ||
2418 | BOOST_AUTO_TEST_CASE(test_nameserver_name_rpz) { | |
2419 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2420 | initSR(sr); |
648bcbd1 RG |
2421 | |
2422 | primeHints(); | |
2423 | ||
2424 | const DNSName target("rpz.powerdns.com."); | |
2425 | const ComboAddress ns("192.0.2.1:53"); | |
2426 | const DNSName nsName("ns1.powerdns.com."); | |
2427 | ||
2428 | sr->setAsyncCallback([target,ns,nsName](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2429 | ||
2430 | if (isRootServer(ip)) { | |
8455425c | 2431 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
2432 | addRecordToLW(res, domain, QType::NS, nsName.toString(), DNSResourceRecord::AUTHORITY, 172800); |
2433 | addRecordToLW(res, nsName, QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
2434 | return 1; | |
2435 | } else if (ip == ns) { | |
2436 | ||
2437 | setLWResult(res, 0, true, false, true); | |
2438 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2439 | return 1; | |
2440 | } | |
2441 | ||
2442 | return 0; | |
2443 | }); | |
2444 | ||
2445 | DNSFilterEngine::Policy pol; | |
2446 | pol.d_kind = DNSFilterEngine::PolicyKind::Drop; | |
6b972d59 RG |
2447 | std::shared_ptr<DNSFilterEngine::Zone> zone = std::make_shared<DNSFilterEngine::Zone>(); |
2448 | zone->setName("Unit test policy 0"); | |
2449 | zone->addNSTrigger(nsName, pol); | |
648bcbd1 | 2450 | auto luaconfsCopy = g_luaconfs.getCopy(); |
6b972d59 | 2451 | luaconfsCopy.dfe.addZone(zone); |
648bcbd1 RG |
2452 | g_luaconfs.setState(luaconfsCopy); |
2453 | ||
2454 | vector<DNSRecord> ret; | |
2455 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2456 | BOOST_CHECK_EQUAL(res, -2); | |
2457 | BOOST_CHECK_EQUAL(ret.size(), 0); | |
2458 | } | |
2459 | ||
2460 | BOOST_AUTO_TEST_CASE(test_nameserver_name_rpz_disabled) { | |
2461 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2462 | initSR(sr); |
648bcbd1 RG |
2463 | |
2464 | primeHints(); | |
2465 | ||
2466 | const DNSName target("rpz.powerdns.com."); | |
2467 | const ComboAddress ns("192.0.2.1:53"); | |
2468 | const DNSName nsName("ns1.powerdns.com."); | |
2469 | ||
2470 | sr->setAsyncCallback([target,ns,nsName](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2471 | ||
2472 | if (isRootServer(ip)) { | |
8455425c | 2473 | setLWResult(res, 0, false, false, true); |
648bcbd1 RG |
2474 | addRecordToLW(res, domain, QType::NS, nsName.toString(), DNSResourceRecord::AUTHORITY, 172800); |
2475 | addRecordToLW(res, nsName, QType::A, ns.toString(), DNSResourceRecord::ADDITIONAL, 3600); | |
2476 | return 1; | |
2477 | } else if (ip == ns) { | |
2478 | ||
2479 | setLWResult(res, 0, true, false, true); | |
2480 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2481 | return 1; | |
2482 | } | |
2483 | ||
2484 | return 0; | |
2485 | }); | |
2486 | ||
2487 | DNSFilterEngine::Policy pol; | |
2488 | pol.d_kind = DNSFilterEngine::PolicyKind::Drop; | |
6b972d59 RG |
2489 | std::shared_ptr<DNSFilterEngine::Zone> zone = std::make_shared<DNSFilterEngine::Zone>(); |
2490 | zone->setName("Unit test policy 0"); | |
2491 | zone->addNSIPTrigger(Netmask(ns, 128), pol); | |
2492 | zone->addNSTrigger(nsName, pol); | |
648bcbd1 | 2493 | auto luaconfsCopy = g_luaconfs.getCopy(); |
6b972d59 | 2494 | luaconfsCopy.dfe.addZone(zone); |
648bcbd1 RG |
2495 | g_luaconfs.setState(luaconfsCopy); |
2496 | ||
2497 | /* RPZ is disabled for this query, we should not be blocked */ | |
2498 | sr->setWantsRPZ(false); | |
2499 | ||
2500 | vector<DNSRecord> ret; | |
2501 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2502 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
648bcbd1 RG |
2503 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2504 | } | |
2505 | ||
3e59ff53 RG |
2506 | BOOST_AUTO_TEST_CASE(test_forward_zone_nord) { |
2507 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2508 | initSR(sr); |
3e59ff53 RG |
2509 | |
2510 | primeHints(); | |
2511 | ||
2512 | const DNSName target("powerdns.com."); | |
2513 | const ComboAddress ns("192.0.2.1:53"); | |
2514 | const ComboAddress forwardedNS("192.0.2.42:53"); | |
2515 | ||
2516 | SyncRes::AuthDomain ad; | |
2517 | ad.d_rdForward = false; | |
2518 | ad.d_servers.push_back(forwardedNS); | |
a712cb56 | 2519 | (*SyncRes::t_sstorage.domainmap)[target] = ad; |
3e59ff53 RG |
2520 | |
2521 | sr->setAsyncCallback([forwardedNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2522 | ||
2523 | if (ip == forwardedNS) { | |
6dfff36f RG |
2524 | BOOST_CHECK_EQUAL(sendRDQuery, false); |
2525 | ||
3e59ff53 RG |
2526 | setLWResult(res, 0, true, false, true); |
2527 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2528 | return 1; | |
2529 | } | |
2530 | ||
2531 | return 0; | |
2532 | }); | |
2533 | ||
2534 | /* simulate a no-RD query */ | |
2535 | sr->setCacheOnly(); | |
2536 | ||
2537 | vector<DNSRecord> ret; | |
2538 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2539 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3e59ff53 RG |
2540 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2541 | } | |
2542 | ||
2543 | BOOST_AUTO_TEST_CASE(test_forward_zone_rd) { | |
2544 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2545 | initSR(sr); |
3e59ff53 RG |
2546 | |
2547 | primeHints(); | |
2548 | ||
2549 | const DNSName target("powerdns.com."); | |
2550 | const ComboAddress ns("192.0.2.1:53"); | |
2551 | const ComboAddress forwardedNS("192.0.2.42:53"); | |
2552 | ||
2553 | SyncRes::AuthDomain ad; | |
2554 | ad.d_rdForward = false; | |
2555 | ad.d_servers.push_back(forwardedNS); | |
a712cb56 | 2556 | (*SyncRes::t_sstorage.domainmap)[target] = ad; |
3e59ff53 RG |
2557 | |
2558 | sr->setAsyncCallback([forwardedNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2559 | ||
2560 | if (ip == forwardedNS) { | |
6dfff36f RG |
2561 | BOOST_CHECK_EQUAL(sendRDQuery, false); |
2562 | ||
3e59ff53 RG |
2563 | setLWResult(res, 0, true, false, true); |
2564 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2565 | return 1; | |
2566 | } | |
2567 | ||
2568 | return 0; | |
2569 | }); | |
2570 | ||
2571 | vector<DNSRecord> ret; | |
2572 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2573 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3e59ff53 RG |
2574 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2575 | } | |
2576 | ||
2577 | BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_nord) { | |
2578 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2579 | initSR(sr); |
3e59ff53 RG |
2580 | |
2581 | primeHints(); | |
2582 | ||
2583 | const DNSName target("powerdns.com."); | |
2584 | const ComboAddress ns("192.0.2.1:53"); | |
2585 | const ComboAddress forwardedNS("192.0.2.42:53"); | |
2586 | ||
2587 | SyncRes::AuthDomain ad; | |
2588 | ad.d_rdForward = true; | |
2589 | ad.d_servers.push_back(forwardedNS); | |
a712cb56 | 2590 | (*SyncRes::t_sstorage.domainmap)[target] = ad; |
3e59ff53 RG |
2591 | |
2592 | sr->setAsyncCallback([forwardedNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2593 | ||
2594 | if (ip == forwardedNS) { | |
6dfff36f RG |
2595 | BOOST_CHECK_EQUAL(sendRDQuery, false); |
2596 | ||
3e59ff53 RG |
2597 | setLWResult(res, 0, true, false, true); |
2598 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2599 | return 1; | |
2600 | } | |
2601 | ||
2602 | return 0; | |
2603 | }); | |
2604 | ||
2605 | /* simulate a no-RD query */ | |
2606 | sr->setCacheOnly(); | |
2607 | ||
2608 | vector<DNSRecord> ret; | |
2609 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2610 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3e59ff53 RG |
2611 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2612 | } | |
2613 | ||
2614 | BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd) { | |
2615 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2616 | initSR(sr); |
3e59ff53 RG |
2617 | |
2618 | primeHints(); | |
2619 | ||
2620 | const DNSName target("powerdns.com."); | |
2621 | const ComboAddress ns("192.0.2.1:53"); | |
2622 | const ComboAddress forwardedNS("192.0.2.42:53"); | |
2623 | ||
2624 | SyncRes::AuthDomain ad; | |
2625 | ad.d_rdForward = true; | |
2626 | ad.d_servers.push_back(forwardedNS); | |
a712cb56 | 2627 | (*SyncRes::t_sstorage.domainmap)[target] = ad; |
3e59ff53 RG |
2628 | |
2629 | sr->setAsyncCallback([forwardedNS](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2630 | ||
2631 | if (ip == forwardedNS) { | |
6dfff36f RG |
2632 | BOOST_CHECK_EQUAL(sendRDQuery, true); |
2633 | ||
3e59ff53 RG |
2634 | setLWResult(res, 0, true, false, true); |
2635 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2636 | return 1; | |
2637 | } | |
2638 | ||
2639 | return 0; | |
2640 | }); | |
2641 | ||
2642 | vector<DNSRecord> ret; | |
2643 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2644 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3e59ff53 RG |
2645 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2646 | } | |
2647 | ||
f79a4e30 RG |
2648 | BOOST_AUTO_TEST_CASE(test_auth_zone_delegation_oob) { |
2649 | std::unique_ptr<SyncRes> sr; | |
2650 | init(); | |
2651 | initSR(sr, true, false); | |
2652 | ||
2653 | primeHints(); | |
2654 | ||
2655 | size_t queriesCount = 0; | |
2656 | const DNSName target("test.xx."); | |
2657 | const ComboAddress targetAddr("127.0.0.1"); | |
2658 | const DNSName ns("localhost."); | |
2659 | const ComboAddress nsAddr("127.0.0.1"); | |
2660 | const DNSName authZone("test.xx"); | |
2661 | ||
2662 | SyncRes::AuthDomain ad; | |
2663 | DNSRecord dr; | |
2664 | dr.d_place = DNSResourceRecord::ANSWER; | |
2665 | dr.d_name = authZone; | |
2666 | dr.d_type = QType::NS; | |
2667 | dr.d_ttl = 1800; | |
2668 | dr.d_content = std::make_shared<NSRecordContent>("localhost."); | |
2669 | ad.d_records.insert(dr); | |
2670 | ||
2671 | dr.d_place = DNSResourceRecord::ANSWER; | |
2672 | dr.d_name = authZone; | |
2673 | dr.d_type = QType::A; | |
2674 | dr.d_ttl = 1800; | |
2675 | dr.d_content = std::make_shared<ARecordContent>(nsAddr); | |
2676 | ad.d_records.insert(dr); | |
2677 | ||
a712cb56 | 2678 | (*SyncRes::t_sstorage.domainmap)[authZone] = ad; |
f79a4e30 RG |
2679 | |
2680 | sr->setAsyncCallback([&queriesCount,nsAddr,target,targetAddr](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2681 | queriesCount++; | |
2682 | return 0; | |
2683 | }); | |
2684 | ||
2685 | vector<DNSRecord> ret; | |
2686 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2687 | BOOST_CHECK_EQUAL(res, 0); | |
2688 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
2689 | BOOST_CHECK(ret[0].d_type == QType::A); | |
2690 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2691 | BOOST_CHECK(sr->wasOutOfBand()); | |
2692 | ||
2693 | /* a second time, to check that the OOB flag is set when the query cache is used */ | |
2694 | ret.clear(); | |
2695 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2696 | BOOST_CHECK_EQUAL(res, 0); | |
2697 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
2698 | BOOST_CHECK(ret[0].d_type == QType::A); | |
2699 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2700 | BOOST_CHECK(sr->wasOutOfBand()); | |
2701 | } | |
2702 | ||
3337c2f7 RG |
2703 | BOOST_AUTO_TEST_CASE(test_auth_zone) { |
2704 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2705 | initSR(sr); |
3337c2f7 RG |
2706 | |
2707 | primeHints(); | |
2708 | ||
2709 | size_t queriesCount = 0; | |
2710 | const DNSName target("powerdns.com."); | |
2711 | const ComboAddress addr("192.0.2.5"); | |
2712 | ||
2713 | SyncRes::AuthDomain ad; | |
2714 | ad.d_name = target; | |
2715 | DNSRecord dr; | |
2716 | dr.d_place = DNSResourceRecord::ANSWER; | |
2717 | dr.d_name = target; | |
2718 | dr.d_type = QType::SOA; | |
2719 | dr.d_ttl = 3600; | |
2720 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2721 | ad.d_records.insert(dr); | |
2722 | ||
2723 | dr.d_place = DNSResourceRecord::ANSWER; | |
2724 | dr.d_name = target; | |
2725 | dr.d_type = QType::A; | |
2726 | dr.d_ttl = 3600; | |
2727 | dr.d_content = std::make_shared<ARecordContent>(addr); | |
2728 | ad.d_records.insert(dr); | |
2729 | ||
2730 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2731 | (*map)[target] = ad; | |
2732 | SyncRes::setDomainMap(map); | |
2733 | ||
2734 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2735 | ||
2736 | queriesCount++; | |
2737 | setLWResult(res, 0, true, false, true); | |
2738 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
2739 | return 1; | |
2740 | }); | |
2741 | ||
2742 | vector<DNSRecord> ret; | |
2743 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2744 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
2745 | BOOST_CHECK_EQUAL(ret.size(), 1); |
2746 | BOOST_CHECK(ret[0].d_type == QType::A); | |
2747 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[0])->getCA().toString(), addr.toString()); | |
2748 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2749 | } | |
2750 | ||
2751 | BOOST_AUTO_TEST_CASE(test_auth_zone_cname_lead_to_oob) { | |
2752 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2753 | initSR(sr); |
3337c2f7 RG |
2754 | |
2755 | primeHints(); | |
2756 | ||
2757 | size_t queriesCount = 0; | |
2758 | const DNSName target("powerdns.com."); | |
2759 | const DNSName authZone("internal.powerdns.com."); | |
2760 | const ComboAddress addr("192.0.2.5"); | |
2761 | ||
2762 | SyncRes::AuthDomain ad; | |
2763 | ad.d_name = authZone; | |
2764 | DNSRecord dr; | |
2765 | dr.d_place = DNSResourceRecord::ANSWER; | |
2766 | dr.d_name = authZone; | |
2767 | dr.d_type = QType::SOA; | |
2768 | dr.d_ttl = 3600; | |
2769 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2770 | ad.d_records.insert(dr); | |
2771 | ||
2772 | dr.d_place = DNSResourceRecord::ANSWER; | |
2773 | dr.d_name = authZone; | |
2774 | dr.d_type = QType::A; | |
2775 | dr.d_ttl = 3600; | |
2776 | dr.d_content = std::make_shared<ARecordContent>(addr); | |
2777 | ad.d_records.insert(dr); | |
2778 | ||
2779 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2780 | (*map)[authZone] = ad; | |
2781 | SyncRes::setDomainMap(map); | |
2782 | ||
2783 | sr->setAsyncCallback([&queriesCount,target,authZone](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2784 | ||
2785 | queriesCount++; | |
2786 | ||
2787 | if (domain == target) { | |
2788 | setLWResult(res, 0, true, false, true); | |
2789 | addRecordToLW(res, target, QType::CNAME, authZone.toString(), DNSResourceRecord::ANSWER, 3600); | |
2790 | return 1; | |
2791 | } | |
2792 | ||
2793 | return 0; | |
2794 | }); | |
2795 | ||
2796 | vector<DNSRecord> ret; | |
2797 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2798 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
2799 | BOOST_CHECK_EQUAL(ret.size(), 2); |
2800 | BOOST_CHECK(ret[0].d_type == QType::CNAME); | |
2801 | BOOST_CHECK_EQUAL(getRR<CNAMERecordContent>(ret[0])->getTarget().toString(), authZone.toString()); | |
2802 | BOOST_CHECK(ret[1].d_type == QType::A); | |
2803 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[1])->getCA().toString(), addr.toString()); | |
2804 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
2805 | } | |
2806 | ||
2807 | BOOST_AUTO_TEST_CASE(test_auth_zone_oob_lead_to_outgoing_queryb) { | |
2808 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2809 | initSR(sr); |
3337c2f7 RG |
2810 | |
2811 | primeHints(); | |
2812 | ||
2813 | size_t queriesCount = 0; | |
2814 | const DNSName target("powerdns.com."); | |
2815 | const DNSName externalCNAME("www.open-xchange.com."); | |
2816 | const ComboAddress addr("192.0.2.5"); | |
2817 | ||
2818 | SyncRes::AuthDomain ad; | |
2819 | ad.d_name = target; | |
2820 | DNSRecord dr; | |
2821 | dr.d_place = DNSResourceRecord::ANSWER; | |
2822 | dr.d_name = target; | |
2823 | dr.d_type = QType::SOA; | |
2824 | dr.d_ttl = 3600; | |
2825 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2826 | ad.d_records.insert(dr); | |
2827 | ||
2828 | dr.d_place = DNSResourceRecord::ANSWER; | |
2829 | dr.d_name = target; | |
2830 | dr.d_type = QType::CNAME; | |
2831 | dr.d_ttl = 3600; | |
2832 | dr.d_content = std::make_shared<CNAMERecordContent>(externalCNAME); | |
2833 | ad.d_records.insert(dr); | |
2834 | ||
2835 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2836 | (*map)[target] = ad; | |
2837 | SyncRes::setDomainMap(map); | |
2838 | ||
2839 | sr->setAsyncCallback([&queriesCount,externalCNAME,addr](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2840 | ||
2841 | queriesCount++; | |
2842 | ||
2843 | if (domain == externalCNAME) { | |
2844 | setLWResult(res, 0, true, false, true); | |
2845 | addRecordToLW(res, externalCNAME, QType::A, addr.toString(), DNSResourceRecord::ANSWER, 3600); | |
2846 | return 1; | |
2847 | } | |
2848 | ||
2849 | return 0; | |
2850 | }); | |
2851 | ||
2852 | vector<DNSRecord> ret; | |
2853 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 2854 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
2855 | BOOST_CHECK_EQUAL(ret.size(), 2); |
2856 | BOOST_CHECK(ret[0].d_type == QType::CNAME); | |
2857 | BOOST_CHECK_EQUAL(getRR<CNAMERecordContent>(ret[0])->getTarget().toString(), externalCNAME.toString()); | |
2858 | BOOST_CHECK(ret[1].d_type == QType::A); | |
2859 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[1])->getCA().toString(), addr.toString()); | |
2860 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
2861 | } | |
2862 | ||
2863 | BOOST_AUTO_TEST_CASE(test_auth_zone_nodata) { | |
2864 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2865 | initSR(sr); |
3337c2f7 RG |
2866 | |
2867 | primeHints(); | |
2868 | ||
2869 | size_t queriesCount = 0; | |
2870 | const DNSName target("nodata.powerdns.com."); | |
2871 | const DNSName authZone("powerdns.com"); | |
2872 | ||
2873 | SyncRes::AuthDomain ad; | |
2874 | ad.d_name = authZone; | |
2875 | DNSRecord dr; | |
2876 | dr.d_place = DNSResourceRecord::ANSWER; | |
2877 | dr.d_name = target; | |
2878 | dr.d_type = QType::A; | |
2879 | dr.d_ttl = 3600; | |
2880 | dr.d_content = std::make_shared<ARecordContent>(ComboAddress("192.0.2.1")); | |
2881 | ad.d_records.insert(dr); | |
2882 | ||
2883 | dr.d_place = DNSResourceRecord::ANSWER; | |
2884 | dr.d_name = authZone; | |
2885 | dr.d_type = QType::SOA; | |
2886 | dr.d_ttl = 3600; | |
2887 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2888 | ad.d_records.insert(dr); | |
2889 | ||
2890 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2891 | (*map)[authZone] = ad; | |
2892 | SyncRes::setDomainMap(map); | |
2893 | ||
2894 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2895 | ||
2896 | queriesCount++; | |
2897 | ||
2898 | return 0; | |
2899 | }); | |
2900 | ||
2901 | vector<DNSRecord> ret; | |
2902 | int res = sr->beginResolve(target, QType(QType::AAAA), QClass::IN, ret); | |
b7f378d1 | 2903 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
2904 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
2905 | BOOST_CHECK(ret[0].d_type == QType::SOA); | |
2906 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2907 | } | |
2908 | ||
2909 | BOOST_AUTO_TEST_CASE(test_auth_zone_nx) { | |
2910 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2911 | initSR(sr); |
3337c2f7 RG |
2912 | |
2913 | primeHints(); | |
2914 | ||
2915 | size_t queriesCount = 0; | |
2916 | const DNSName target("nx.powerdns.com."); | |
2917 | const DNSName authZone("powerdns.com"); | |
2918 | ||
2919 | SyncRes::AuthDomain ad; | |
2920 | ad.d_name = authZone; | |
2921 | DNSRecord dr; | |
2922 | dr.d_place = DNSResourceRecord::ANSWER; | |
2923 | dr.d_name = DNSName("powerdns.com."); | |
2924 | dr.d_type = QType::SOA; | |
2925 | dr.d_ttl = 3600; | |
2926 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2927 | ad.d_records.insert(dr); | |
2928 | ||
2929 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2930 | (*map)[authZone] = ad; | |
2931 | SyncRes::setDomainMap(map); | |
2932 | ||
2933 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2934 | ||
2935 | queriesCount++; | |
2936 | ||
2937 | return 0; | |
2938 | }); | |
2939 | ||
2940 | vector<DNSRecord> ret; | |
2941 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
2942 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
2943 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
2944 | BOOST_CHECK(ret[0].d_type == QType::SOA); | |
2945 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
2946 | } | |
2947 | ||
2948 | BOOST_AUTO_TEST_CASE(test_auth_zone_delegation) { | |
2949 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 2950 | initSR(sr); |
3337c2f7 RG |
2951 | |
2952 | primeHints(); | |
2953 | ||
2954 | size_t queriesCount = 0; | |
2955 | const DNSName target("www.test.powerdns.com."); | |
2956 | const ComboAddress targetAddr("192.0.2.2"); | |
2957 | const DNSName ns("ns1.test.powerdns.com."); | |
2958 | const ComboAddress nsAddr("192.0.2.1"); | |
2959 | const DNSName authZone("powerdns.com"); | |
2960 | ||
2961 | SyncRes::AuthDomain ad; | |
2962 | ad.d_name = authZone; | |
2963 | DNSRecord dr; | |
2964 | dr.d_place = DNSResourceRecord::ANSWER; | |
2965 | dr.d_name = authZone; | |
2966 | dr.d_type = QType::SOA; | |
2967 | dr.d_ttl = 3600; | |
2968 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
2969 | ad.d_records.insert(dr); | |
2970 | ||
2971 | dr.d_place = DNSResourceRecord::ANSWER; | |
2972 | dr.d_name = DNSName("test.powerdns.com."); | |
2973 | dr.d_type = QType::NS; | |
2974 | dr.d_ttl = 3600; | |
2975 | dr.d_content = std::make_shared<NSRecordContent>(ns); | |
2976 | ad.d_records.insert(dr); | |
2977 | ||
2978 | dr.d_place = DNSResourceRecord::ANSWER; | |
2979 | dr.d_name = ns; | |
2980 | dr.d_type = QType::A; | |
2981 | dr.d_ttl = 3600; | |
2982 | dr.d_content = std::make_shared<ARecordContent>(nsAddr); | |
2983 | ad.d_records.insert(dr); | |
2984 | ||
2985 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
2986 | (*map)[authZone] = ad; | |
2987 | SyncRes::setDomainMap(map); | |
2988 | ||
2989 | sr->setAsyncCallback([&queriesCount,target,targetAddr,nsAddr](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
2990 | ||
2991 | queriesCount++; | |
2992 | if (ip == ComboAddress(nsAddr.toString(), 53) && domain == target) { | |
2993 | setLWResult(res, 0, true, false, true); | |
2994 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
2995 | return 1; | |
2996 | } | |
2997 | ||
2998 | return 0; | |
2999 | }); | |
3000 | ||
3001 | vector<DNSRecord> ret; | |
3002 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 3003 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3004 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
3005 | BOOST_CHECK(ret[0].d_type == QType::A); | |
3006 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
3007 | } | |
3008 | ||
3009 | BOOST_AUTO_TEST_CASE(test_auth_zone_delegation_point) { | |
3010 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3011 | initSR(sr); |
3337c2f7 RG |
3012 | |
3013 | primeHints(); | |
3014 | ||
3015 | size_t queriesCount = 0; | |
3016 | const DNSName target("test.powerdns.com."); | |
3017 | const ComboAddress targetAddr("192.0.2.2"); | |
3018 | const DNSName ns("ns1.test.powerdns.com."); | |
3019 | const ComboAddress nsAddr("192.0.2.1"); | |
3020 | const DNSName authZone("powerdns.com"); | |
3021 | ||
3022 | SyncRes::AuthDomain ad; | |
3023 | ad.d_name = authZone; | |
3024 | DNSRecord dr; | |
3025 | dr.d_place = DNSResourceRecord::ANSWER; | |
3026 | dr.d_name = authZone; | |
3027 | dr.d_type = QType::SOA; | |
3028 | dr.d_ttl = 3600; | |
3029 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
3030 | ad.d_records.insert(dr); | |
3031 | ||
3032 | dr.d_place = DNSResourceRecord::ANSWER; | |
3033 | dr.d_name = DNSName("test.powerdns.com."); | |
3034 | dr.d_type = QType::NS; | |
3035 | dr.d_ttl = 3600; | |
3036 | dr.d_content = std::make_shared<NSRecordContent>(ns); | |
3037 | ad.d_records.insert(dr); | |
3038 | ||
3039 | dr.d_place = DNSResourceRecord::ANSWER; | |
3040 | dr.d_name = ns; | |
3041 | dr.d_type = QType::A; | |
3042 | dr.d_ttl = 3600; | |
3043 | dr.d_content = std::make_shared<ARecordContent>(nsAddr); | |
3044 | ad.d_records.insert(dr); | |
3045 | ||
3046 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
3047 | (*map)[authZone] = ad; | |
3048 | SyncRes::setDomainMap(map); | |
3049 | ||
3050 | sr->setAsyncCallback([&queriesCount,nsAddr,target,targetAddr](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3051 | ||
3052 | queriesCount++; | |
3053 | ||
3054 | if (ip == ComboAddress(nsAddr.toString(), 53) && domain == target) { | |
3055 | setLWResult(res, 0, true, false, true); | |
3056 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
3057 | return 1; | |
3058 | } | |
3059 | ||
3060 | return 0; | |
3061 | }); | |
3062 | ||
3063 | vector<DNSRecord> ret; | |
3064 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 3065 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3066 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
3067 | BOOST_CHECK(ret[0].d_type == QType::A); | |
3068 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
3069 | } | |
3070 | ||
3071 | BOOST_AUTO_TEST_CASE(test_auth_zone_wildcard) { | |
3072 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3073 | initSR(sr); |
3337c2f7 RG |
3074 | |
3075 | primeHints(); | |
3076 | ||
3077 | size_t queriesCount = 0; | |
3078 | const DNSName target("test.powerdns.com."); | |
3079 | const ComboAddress targetAddr("192.0.2.2"); | |
3080 | const DNSName authZone("powerdns.com"); | |
3081 | ||
3082 | SyncRes::AuthDomain ad; | |
3083 | ad.d_name = authZone; | |
3084 | DNSRecord dr; | |
3085 | dr.d_place = DNSResourceRecord::ANSWER; | |
3086 | dr.d_name = authZone; | |
3087 | dr.d_type = QType::SOA; | |
3088 | dr.d_ttl = 3600; | |
3089 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
3090 | ad.d_records.insert(dr); | |
3091 | ||
3092 | dr.d_place = DNSResourceRecord::ANSWER; | |
3093 | dr.d_name = DNSName("*.powerdns.com."); | |
3094 | dr.d_type = QType::A; | |
3095 | dr.d_ttl = 3600; | |
3096 | dr.d_content = std::make_shared<ARecordContent>(targetAddr); | |
3097 | ad.d_records.insert(dr); | |
3098 | ||
3099 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
3100 | (*map)[authZone] = ad; | |
3101 | SyncRes::setDomainMap(map); | |
3102 | ||
3103 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3104 | ||
3105 | queriesCount++; | |
3106 | ||
3107 | return 0; | |
3108 | }); | |
3109 | ||
3110 | vector<DNSRecord> ret; | |
3111 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 3112 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3113 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
3114 | BOOST_CHECK(ret[0].d_type == QType::A); | |
3115 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
3116 | } | |
3117 | ||
3118 | BOOST_AUTO_TEST_CASE(test_auth_zone_wildcard_nodata) { | |
3119 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3120 | initSR(sr); |
3337c2f7 RG |
3121 | |
3122 | primeHints(); | |
3123 | ||
3124 | size_t queriesCount = 0; | |
3125 | const DNSName target("test.powerdns.com."); | |
3126 | const ComboAddress targetAddr("192.0.2.2"); | |
3127 | const DNSName authZone("powerdns.com"); | |
3128 | ||
3129 | SyncRes::AuthDomain ad; | |
3130 | ad.d_name = authZone; | |
3131 | DNSRecord dr; | |
3132 | dr.d_place = DNSResourceRecord::ANSWER; | |
3133 | dr.d_name = authZone; | |
3134 | dr.d_type = QType::SOA; | |
3135 | dr.d_ttl = 3600; | |
3136 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
3137 | ad.d_records.insert(dr); | |
3138 | ||
3139 | dr.d_place = DNSResourceRecord::ANSWER; | |
3140 | dr.d_name = DNSName("*.powerdns.com."); | |
3141 | dr.d_type = QType::A; | |
3142 | dr.d_ttl = 3600; | |
3143 | dr.d_content = std::make_shared<ARecordContent>(targetAddr); | |
3144 | ad.d_records.insert(dr); | |
3145 | ||
3146 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
3147 | (*map)[authZone] = ad; | |
3148 | SyncRes::setDomainMap(map); | |
3149 | ||
3150 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3151 | ||
3152 | queriesCount++; | |
3153 | ||
3154 | return 0; | |
3155 | }); | |
3156 | ||
3157 | vector<DNSRecord> ret; | |
3158 | int res = sr->beginResolve(target, QType(QType::AAAA), QClass::IN, ret); | |
b7f378d1 | 3159 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3160 | BOOST_REQUIRE_EQUAL(ret.size(), 1); |
3161 | BOOST_CHECK(ret[0].d_type == QType::SOA); | |
3162 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
3163 | } | |
3164 | ||
3165 | BOOST_AUTO_TEST_CASE(test_auth_zone_cache_only) { | |
3166 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3167 | initSR(sr); |
3337c2f7 RG |
3168 | |
3169 | primeHints(); | |
3170 | ||
3171 | size_t queriesCount = 0; | |
3172 | const DNSName target("powerdns.com."); | |
3173 | const ComboAddress addr("192.0.2.5"); | |
3174 | ||
3175 | SyncRes::AuthDomain ad; | |
3176 | ad.d_name = target; | |
3177 | DNSRecord dr; | |
3178 | dr.d_place = DNSResourceRecord::ANSWER; | |
3179 | dr.d_name = target; | |
3180 | dr.d_type = QType::SOA; | |
3181 | dr.d_ttl = 3600; | |
3182 | dr.d_content = std::make_shared<SOARecordContent>("pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600"); | |
3183 | ad.d_records.insert(dr); | |
3184 | ||
3185 | dr.d_place = DNSResourceRecord::ANSWER; | |
3186 | dr.d_name = target; | |
3187 | dr.d_type = QType::A; | |
3188 | dr.d_ttl = 3600; | |
3189 | dr.d_content = std::make_shared<ARecordContent>(addr); | |
3190 | ad.d_records.insert(dr); | |
3191 | ||
3192 | auto map = std::make_shared<SyncRes::domainmap_t>(); | |
3193 | (*map)[target] = ad; | |
3194 | SyncRes::setDomainMap(map); | |
3195 | ||
3196 | sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3197 | ||
3198 | queriesCount++; | |
3199 | setLWResult(res, 0, true, false, true); | |
3200 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
3201 | return 1; | |
3202 | }); | |
3203 | ||
3204 | /* simulate a no-RD query */ | |
3205 | sr->setCacheOnly(); | |
3206 | ||
3207 | vector<DNSRecord> ret; | |
3208 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 | 3209 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3337c2f7 RG |
3210 | BOOST_CHECK_EQUAL(ret.size(), 1); |
3211 | BOOST_CHECK(ret[0].d_type == QType::A); | |
3212 | BOOST_CHECK_EQUAL(getRR<ARecordContent>(ret[0])->getCA().toString(), addr.toString()); | |
3213 | BOOST_CHECK_EQUAL(queriesCount, 0); | |
3214 | } | |
3215 | ||
8455425c | 3216 | BOOST_AUTO_TEST_CASE(test_dnssec_rrsig) { |
8455425c RG |
3217 | init(); |
3218 | ||
3219 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3220 | dcke->create(dcke->getBits()); | |
3221 | // cerr<<dcke->convertToISC()<<endl; | |
3222 | DNSSECPrivateKey dpk; | |
3223 | dpk.d_flags = 256; | |
3224 | dpk.setKey(dcke); | |
3225 | ||
3226 | std::vector<std::shared_ptr<DNSRecordContent> > recordcontents; | |
3227 | recordcontents.push_back(getRecordContent(QType::A, "192.0.2.1")); | |
3228 | ||
3229 | DNSName qname("powerdns.com."); | |
3230 | ||
3231 | RRSIGRecordContent rrc; | |
3232 | computeRRSIG(dpk, qname, qname, QType::A, 600, 300, rrc, recordcontents); | |
3233 | ||
3234 | skeyset_t keyset; | |
3235 | keyset.insert(std::make_shared<DNSKEYRecordContent>(dpk.getDNSKEY())); | |
3236 | ||
3237 | std::vector<std::shared_ptr<RRSIGRecordContent> > sigs; | |
3238 | sigs.push_back(std::make_shared<RRSIGRecordContent>(rrc)); | |
3239 | ||
3240 | BOOST_CHECK(validateWithKeySet(time(nullptr), qname, recordcontents, sigs, keyset)); | |
3241 | } | |
3242 | ||
3243 | BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_csk) { | |
3244 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3245 | initSR(sr, true); |
8455425c RG |
3246 | |
3247 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3248 | ||
3249 | primeHints(); | |
3250 | const DNSName target("."); | |
b7f378d1 | 3251 | testkeysset_t keys; |
8455425c RG |
3252 | |
3253 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3254 | luaconfsCopy.dsAnchors.clear(); | |
3255 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
3256 | g_luaconfs.setState(luaconfsCopy); | |
3257 | ||
3258 | size_t queriesCount = 0; | |
3259 | ||
3260 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3261 | queriesCount++; | |
3262 | ||
3263 | if (domain == target && type == QType::NS) { | |
3264 | ||
3265 | setLWResult(res, 0, true, false, true); | |
3266 | char addr[] = "a.root-servers.net."; | |
3267 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3268 | addr[0] = idx; | |
3269 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3270 | } | |
3271 | ||
3272 | addRRSIG(keys, res->d_records, domain, 300); | |
3273 | ||
3274 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3275 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3276 | ||
3277 | return 1; | |
3278 | } else if (domain == target && type == QType::DNSKEY) { | |
3279 | ||
3280 | setLWResult(res, 0, true, false, true); | |
3281 | ||
3282 | addDNSKEY(keys, domain, 300, res->d_records); | |
3283 | addRRSIG(keys, res->d_records, domain, 300); | |
3284 | ||
3285 | return 1; | |
3286 | } | |
3287 | ||
3288 | return 0; | |
3289 | }); | |
3290 | ||
3291 | vector<DNSRecord> ret; | |
3292 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3293 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3294 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
8455425c RG |
3295 | /* 13 NS + 1 RRSIG */ |
3296 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3297 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3298 | |
3299 | /* again, to test the cache */ | |
3300 | ret.clear(); | |
3301 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3302 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3303 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); |
b7f378d1 RG |
3304 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3305 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3306 | } |
3307 | ||
3308 | BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_ksk_zsk) { | |
3309 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3310 | initSR(sr, true); |
8455425c RG |
3311 | |
3312 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3313 | ||
3314 | primeHints(); | |
3315 | const DNSName target("."); | |
b7f378d1 RG |
3316 | testkeysset_t zskeys; |
3317 | testkeysset_t kskeys; | |
8455425c RG |
3318 | |
3319 | /* Generate key material for "." */ | |
3320 | auto dckeZ = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3321 | dckeZ->create(dckeZ->getBits()); | |
3322 | DNSSECPrivateKey ksk; | |
3323 | ksk.d_flags = 257; | |
3324 | ksk.setKey(dckeZ); | |
b7f378d1 RG |
3325 | DSRecordContent kskds = makeDSFromDNSKey(target, ksk.getDNSKEY(), DNSSECKeeper::SHA256); |
3326 | ||
8455425c RG |
3327 | auto dckeK = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); |
3328 | dckeK->create(dckeK->getBits()); | |
3329 | DNSSECPrivateKey zsk; | |
3330 | zsk.d_flags = 256; | |
3331 | zsk.setKey(dckeK); | |
b7f378d1 | 3332 | DSRecordContent zskds = makeDSFromDNSKey(target, zsk.getDNSKEY(), DNSSECKeeper::SHA256); |
8455425c | 3333 | |
b7f378d1 RG |
3334 | kskeys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(ksk, kskds); |
3335 | zskeys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(zsk, zskds); | |
8455425c RG |
3336 | |
3337 | /* Set the root DS */ | |
8455425c RG |
3338 | auto luaconfsCopy = g_luaconfs.getCopy(); |
3339 | luaconfsCopy.dsAnchors.clear(); | |
b7f378d1 | 3340 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(kskds); |
8455425c RG |
3341 | g_luaconfs.setState(luaconfsCopy); |
3342 | ||
3343 | size_t queriesCount = 0; | |
3344 | ||
3345 | sr->setAsyncCallback([target,&queriesCount,zskeys,kskeys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3346 | queriesCount++; | |
3347 | ||
3348 | if (domain == target && type == QType::NS) { | |
3349 | ||
3350 | setLWResult(res, 0, true, false, true); | |
3351 | char addr[] = "a.root-servers.net."; | |
3352 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3353 | addr[0] = idx; | |
3354 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3355 | } | |
3356 | ||
3357 | addRRSIG(zskeys, res->d_records, domain, 300); | |
3358 | ||
3359 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3360 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3361 | ||
3362 | return 1; | |
3363 | } else if (domain == target && type == QType::DNSKEY) { | |
3364 | ||
3365 | setLWResult(res, 0, true, false, true); | |
3366 | ||
3367 | addDNSKEY(kskeys, domain, 300, res->d_records); | |
3368 | addDNSKEY(zskeys, domain, 300, res->d_records); | |
3369 | addRRSIG(kskeys, res->d_records, domain, 300); | |
3370 | ||
3371 | return 1; | |
3372 | } | |
3373 | ||
3374 | return 0; | |
3375 | }); | |
3376 | ||
3377 | vector<DNSRecord> ret; | |
3378 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3379 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3380 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
8455425c RG |
3381 | /* 13 NS + 1 RRSIG */ |
3382 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3383 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3384 | |
3385 | /* again, to test the cache */ | |
3386 | ret.clear(); | |
3387 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3388 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3389 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); |
b7f378d1 RG |
3390 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3391 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3392 | } |
3393 | ||
3394 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_dnskey) { | |
3395 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3396 | initSR(sr, true); |
8455425c RG |
3397 | |
3398 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3399 | ||
3400 | primeHints(); | |
3401 | const DNSName target("."); | |
b7f378d1 | 3402 | testkeysset_t keys; |
8455425c RG |
3403 | |
3404 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3405 | luaconfsCopy.dsAnchors.clear(); | |
3406 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
3407 | g_luaconfs.setState(luaconfsCopy); | |
3408 | ||
3409 | size_t queriesCount = 0; | |
3410 | ||
3411 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3412 | queriesCount++; | |
3413 | ||
3414 | if (domain == target && type == QType::NS) { | |
3415 | ||
3416 | setLWResult(res, 0, true, false, true); | |
3417 | char addr[] = "a.root-servers.net."; | |
3418 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3419 | addr[0] = idx; | |
3420 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3421 | } | |
3422 | ||
3423 | addRRSIG(keys, res->d_records, domain, 300); | |
3424 | ||
3425 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3426 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3427 | ||
3428 | return 1; | |
3429 | } else if (domain == target && type == QType::DNSKEY) { | |
3430 | ||
3431 | setLWResult(res, 0, true, false, true); | |
3432 | ||
3433 | /* No DNSKEY */ | |
3434 | ||
3435 | return 1; | |
3436 | } | |
3437 | ||
3438 | return 0; | |
3439 | }); | |
3440 | ||
3441 | vector<DNSRecord> ret; | |
3442 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3443 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3444 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
8455425c RG |
3445 | /* 13 NS + 1 RRSIG */ |
3446 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3447 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3448 | |
3449 | /* again, to test the cache */ | |
3450 | ret.clear(); | |
3451 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3452 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3453 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); |
b7f378d1 RG |
3454 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3455 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3456 | } |
3457 | ||
3458 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) { | |
3459 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3460 | initSR(sr, true); |
8455425c RG |
3461 | |
3462 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3463 | ||
3464 | primeHints(); | |
3465 | const DNSName target("."); | |
b7f378d1 RG |
3466 | testkeysset_t dskeys; |
3467 | testkeysset_t keys; | |
8455425c RG |
3468 | |
3469 | /* Generate key material for "." */ | |
3470 | auto dckeDS = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3471 | dckeDS->create(dckeDS->getBits()); | |
3472 | DNSSECPrivateKey dskey; | |
3473 | dskey.d_flags = 257; | |
3474 | dskey.setKey(dckeDS); | |
b7f378d1 RG |
3475 | DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSECKeeper::SHA256); |
3476 | ||
8455425c RG |
3477 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); |
3478 | dcke->create(dcke->getBits()); | |
3479 | DNSSECPrivateKey dpk; | |
3480 | dpk.d_flags = 256; | |
3481 | dpk.setKey(dcke); | |
b7f378d1 | 3482 | DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::SHA256); |
8455425c | 3483 | |
b7f378d1 RG |
3484 | dskeys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(dskey, drc); |
3485 | keys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(dpk, uselessdrc); | |
8455425c RG |
3486 | |
3487 | /* Set the root DS */ | |
8455425c RG |
3488 | auto luaconfsCopy = g_luaconfs.getCopy(); |
3489 | luaconfsCopy.dsAnchors.clear(); | |
3490 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(drc); | |
3491 | g_luaconfs.setState(luaconfsCopy); | |
3492 | ||
3493 | size_t queriesCount = 0; | |
3494 | ||
3495 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3496 | queriesCount++; | |
3497 | ||
3498 | if (domain == target && type == QType::NS) { | |
3499 | ||
3500 | setLWResult(res, 0, true, false, true); | |
3501 | char addr[] = "a.root-servers.net."; | |
3502 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3503 | addr[0] = idx; | |
3504 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3505 | } | |
3506 | ||
3507 | addRRSIG(keys, res->d_records, domain, 300); | |
3508 | ||
3509 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3510 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3511 | ||
3512 | return 1; | |
3513 | } else if (domain == target && type == QType::DNSKEY) { | |
3514 | ||
3515 | setLWResult(res, 0, true, false, true); | |
3516 | ||
3517 | addDNSKEY(keys, domain, 300, res->d_records); | |
3518 | addRRSIG(keys, res->d_records, domain, 300); | |
3519 | ||
3520 | return 1; | |
3521 | } | |
3522 | ||
3523 | return 0; | |
3524 | }); | |
3525 | ||
3526 | vector<DNSRecord> ret; | |
3527 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3528 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3529 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
8455425c RG |
3530 | /* 13 NS + 1 RRSIG */ |
3531 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3532 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3533 | |
3534 | /* again, to test the cache */ | |
3535 | ret.clear(); | |
3536 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3537 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3538 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); |
b7f378d1 RG |
3539 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3540 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3541 | } |
3542 | ||
3543 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_rrsig_signed_with_unknown_dnskey) { | |
3544 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3545 | initSR(sr, true); |
8455425c RG |
3546 | |
3547 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3548 | ||
3549 | primeHints(); | |
3550 | const DNSName target("."); | |
b7f378d1 RG |
3551 | testkeysset_t keys; |
3552 | testkeysset_t rrsigkeys; | |
8455425c RG |
3553 | |
3554 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3555 | luaconfsCopy.dsAnchors.clear(); | |
3556 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
3557 | g_luaconfs.setState(luaconfsCopy); | |
3558 | ||
3559 | auto dckeRRSIG = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3560 | dckeRRSIG->create(dckeRRSIG->getBits()); | |
3561 | DNSSECPrivateKey rrsigkey; | |
3562 | rrsigkey.d_flags = 257; | |
3563 | rrsigkey.setKey(dckeRRSIG); | |
b7f378d1 RG |
3564 | DSRecordContent rrsigds = makeDSFromDNSKey(target, rrsigkey.getDNSKEY(), DNSSECKeeper::SHA256); |
3565 | ||
3566 | rrsigkeys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(rrsigkey, rrsigds); | |
8455425c RG |
3567 | |
3568 | size_t queriesCount = 0; | |
3569 | ||
3570 | sr->setAsyncCallback([target,&queriesCount,keys,rrsigkeys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3571 | queriesCount++; | |
3572 | ||
3573 | if (domain == target && type == QType::NS) { | |
3574 | ||
3575 | setLWResult(res, 0, true, false, true); | |
3576 | char addr[] = "a.root-servers.net."; | |
3577 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3578 | addr[0] = idx; | |
3579 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3580 | } | |
3581 | ||
3582 | addRRSIG(rrsigkeys, res->d_records, domain, 300); | |
3583 | ||
3584 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3585 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3586 | ||
3587 | return 1; | |
3588 | } else if (domain == target && type == QType::DNSKEY) { | |
3589 | ||
3590 | setLWResult(res, 0, true, false, true); | |
3591 | ||
3592 | addDNSKEY(keys, domain, 300, res->d_records); | |
3593 | addRRSIG(rrsigkeys, res->d_records, domain, 300); | |
3594 | ||
3595 | return 1; | |
3596 | } | |
3597 | ||
3598 | return 0; | |
3599 | }); | |
3600 | ||
3601 | vector<DNSRecord> ret; | |
3602 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3603 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3604 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
8455425c RG |
3605 | /* 13 NS + 1 RRSIG */ |
3606 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3607 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
b7f378d1 RG |
3608 | |
3609 | /* again, to test the cache */ | |
3610 | ret.clear(); | |
3611 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3612 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3613 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); |
b7f378d1 RG |
3614 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3615 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
8455425c RG |
3616 | } |
3617 | ||
3618 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_rrsig) { | |
3619 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3620 | initSR(sr, true); |
8455425c RG |
3621 | |
3622 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3623 | ||
3624 | primeHints(); | |
3625 | const DNSName target("."); | |
b7f378d1 | 3626 | testkeysset_t keys; |
8455425c RG |
3627 | |
3628 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3629 | luaconfsCopy.dsAnchors.clear(); | |
3630 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
3631 | g_luaconfs.setState(luaconfsCopy); | |
3632 | ||
3633 | size_t queriesCount = 0; | |
3634 | ||
3635 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3636 | queriesCount++; | |
3637 | ||
3638 | if (domain == target && type == QType::NS) { | |
3639 | ||
3640 | setLWResult(res, 0, true, false, true); | |
3641 | char addr[] = "a.root-servers.net."; | |
3642 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3643 | addr[0] = idx; | |
3644 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3645 | } | |
3646 | ||
3647 | /* No RRSIG */ | |
3648 | ||
3649 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3650 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3651 | ||
3652 | return 1; | |
3653 | } else if (domain == target && type == QType::DNSKEY) { | |
3654 | ||
3655 | setLWResult(res, 0, true, false, true); | |
3656 | ||
3657 | addDNSKEY(keys, domain, 300, res->d_records); | |
3658 | addRRSIG(keys, res->d_records, domain, 300); | |
3659 | ||
3660 | return 1; | |
3661 | } | |
3662 | ||
3663 | return 0; | |
3664 | }); | |
3665 | ||
3666 | vector<DNSRecord> ret; | |
3667 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3668 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3669 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
8455425c RG |
3670 | /* 13 NS + 0 RRSIG */ |
3671 | BOOST_REQUIRE_EQUAL(ret.size(), 13); | |
3672 | /* no RRSIG so no query for DNSKEYs */ | |
3673 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
3674 | |
3675 | /* again, to test the cache */ | |
3676 | ret.clear(); | |
3677 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3678 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3679 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); |
b7f378d1 RG |
3680 | BOOST_REQUIRE_EQUAL(ret.size(), 13); |
3681 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
3682 | } |
3683 | ||
3684 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_algorithm) { | |
3685 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3686 | initSR(sr, true); |
8455425c RG |
3687 | |
3688 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3689 | ||
3690 | primeHints(); | |
3691 | const DNSName target("."); | |
b7f378d1 | 3692 | testkeysset_t keys; |
8455425c RG |
3693 | |
3694 | /* Generate key material for "." */ | |
3695 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3696 | dcke->create(dcke->getBits()); | |
3697 | DNSSECPrivateKey dpk; | |
3698 | dpk.d_flags = 256; | |
3699 | dpk.setKey(dcke); | |
3700 | /* Fake algorithm number (private) */ | |
3701 | dpk.d_algorithm = 253; | |
3702 | ||
8455425c | 3703 | DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::SHA256); |
b7f378d1 | 3704 | keys[target] = std::pair<DNSSECPrivateKey,DSRecordContent>(dpk, drc); |
8455425c RG |
3705 | /* Fake algorithm number (private) */ |
3706 | drc.d_algorithm = 253; | |
3707 | ||
b7f378d1 | 3708 | /* Set the root DS */ |
8455425c RG |
3709 | auto luaconfsCopy = g_luaconfs.getCopy(); |
3710 | luaconfsCopy.dsAnchors.clear(); | |
3711 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(drc); | |
3712 | g_luaconfs.setState(luaconfsCopy); | |
3713 | ||
3714 | size_t queriesCount = 0; | |
3715 | ||
3716 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3717 | queriesCount++; | |
3718 | ||
3719 | if (domain == target && type == QType::NS) { | |
3720 | ||
3721 | setLWResult(res, 0, true, false, true); | |
3722 | char addr[] = "a.root-servers.net."; | |
3723 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3724 | addr[0] = idx; | |
3725 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3726 | } | |
3727 | ||
3728 | addRRSIG(keys, res->d_records, domain, 300); | |
3729 | ||
3730 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3731 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3732 | ||
3733 | return 1; | |
3734 | } else if (domain == target && type == QType::DNSKEY) { | |
3735 | ||
3736 | setLWResult(res, 0, true, false, true); | |
3737 | ||
3738 | addDNSKEY(keys, domain, 300, res->d_records); | |
3739 | addRRSIG(keys, res->d_records, domain, 300); | |
3740 | ||
3741 | return 1; | |
3742 | } | |
3743 | ||
3744 | return 0; | |
3745 | }); | |
3746 | ||
3747 | vector<DNSRecord> ret; | |
3748 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3749 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3750 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
8455425c RG |
3751 | /* 13 NS + 1 RRSIG */ |
3752 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3753 | /* no supported DS so no query for DNSKEYs */ | |
3754 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
3755 | |
3756 | /* again, to test the cache */ | |
3757 | ret.clear(); | |
3758 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3759 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3760 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); |
b7f378d1 RG |
3761 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3762 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
3763 | } |
3764 | ||
3765 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_digest) { | |
3766 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 3767 | initSR(sr, true); |
8455425c RG |
3768 | |
3769 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3770 | ||
3771 | primeHints(); | |
3772 | const DNSName target("."); | |
b7f378d1 | 3773 | testkeysset_t keys; |
8455425c RG |
3774 | |
3775 | /* Generate key material for "." */ | |
3776 | auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256)); | |
3777 | dcke->create(dcke->getBits()); | |
3778 | DNSSECPrivateKey dpk; | |
3779 | dpk.d_flags = 256; | |
3780 | dpk.setKey(dcke); | |
8455425c RG |
3781 | DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::SHA256); |
3782 | /* Fake digest number (reserved) */ | |
3783 | drc.d_digesttype = 0; | |
3784 | ||
b7f378d1 RG |
3785 | keys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(dpk, drc); |
3786 | ||
3787 | /* Set the root DS */ | |
8455425c RG |
3788 | auto luaconfsCopy = g_luaconfs.getCopy(); |
3789 | luaconfsCopy.dsAnchors.clear(); | |
3790 | luaconfsCopy.dsAnchors[g_rootdnsname].insert(drc); | |
3791 | g_luaconfs.setState(luaconfsCopy); | |
3792 | ||
3793 | size_t queriesCount = 0; | |
3794 | ||
3795 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3796 | queriesCount++; | |
3797 | ||
3798 | if (domain == target && type == QType::NS) { | |
3799 | ||
3800 | setLWResult(res, 0, true, false, true); | |
3801 | char addr[] = "a.root-servers.net."; | |
3802 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3803 | addr[0] = idx; | |
3804 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3805 | } | |
3806 | ||
3807 | addRRSIG(keys, res->d_records, domain, 300); | |
3808 | ||
3809 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3810 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3811 | ||
3812 | return 1; | |
3813 | } else if (domain == target && type == QType::DNSKEY) { | |
3814 | ||
3815 | setLWResult(res, 0, true, false, true); | |
3816 | ||
3817 | addDNSKEY(keys, domain, 300, res->d_records); | |
3818 | addRRSIG(keys, res->d_records, domain, 300); | |
3819 | ||
3820 | return 1; | |
3821 | } | |
3822 | ||
3823 | return 0; | |
3824 | }); | |
3825 | ||
3826 | vector<DNSRecord> ret; | |
3827 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
3828 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
3829 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
8455425c RG |
3830 | /* 13 NS + 1 RRSIG */ |
3831 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3832 | /* no supported DS so no query for DNSKEYs */ | |
3833 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
3834 | |
3835 | /* again, to test the cache */ | |
3836 | ret.clear(); | |
3837 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3838 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 3839 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); |
b7f378d1 RG |
3840 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
3841 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
3842 | } |
3843 | ||
3d5ebf10 RG |
3844 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_sig) { |
3845 | std::unique_ptr<SyncRes> sr; | |
3846 | initSR(sr, true); | |
3847 | ||
3848 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3849 | ||
3850 | primeHints(); | |
3851 | const DNSName target("."); | |
3852 | testkeysset_t keys; | |
3853 | ||
3854 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3855 | luaconfsCopy.dsAnchors.clear(); | |
3856 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::SHA384, keys, luaconfsCopy.dsAnchors); | |
3857 | ||
3858 | g_luaconfs.setState(luaconfsCopy); | |
3859 | ||
3860 | size_t queriesCount = 0; | |
3861 | ||
3862 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3863 | queriesCount++; | |
3864 | ||
3865 | if (domain == target && type == QType::NS) { | |
3866 | ||
3867 | setLWResult(res, 0, true, false, true); | |
3868 | char addr[] = "a.root-servers.net."; | |
3869 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3870 | addr[0] = idx; | |
3871 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3872 | } | |
3873 | ||
3874 | addRRSIG(keys, res->d_records, domain, 300, true); | |
3875 | ||
3876 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3877 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3878 | ||
3879 | return 1; | |
3880 | } else if (domain == target && type == QType::DNSKEY) { | |
3881 | ||
3882 | setLWResult(res, 0, true, false, true); | |
3883 | ||
3884 | addDNSKEY(keys, domain, 300, res->d_records); | |
3885 | addRRSIG(keys, res->d_records, domain, 300); | |
3886 | ||
3887 | return 1; | |
3888 | } | |
3889 | ||
3890 | return 0; | |
3891 | }); | |
3892 | ||
3893 | vector<DNSRecord> ret; | |
3894 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3895 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
3896 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
3897 | /* 13 NS + 1 RRSIG */ | |
3898 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3899 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
3900 | ||
3901 | /* again, to test the cache */ | |
3902 | ret.clear(); | |
3903 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3904 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
3905 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
3906 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3907 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
3908 | } | |
3909 | ||
3910 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_algo) { | |
3911 | std::unique_ptr<SyncRes> sr; | |
3912 | initSR(sr, true); | |
3913 | ||
3914 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3915 | ||
3916 | primeHints(); | |
3917 | const DNSName target("."); | |
3918 | testkeysset_t keys; | |
3919 | ||
3920 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3921 | luaconfsCopy.dsAnchors.clear(); | |
3922 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::SHA384, keys, luaconfsCopy.dsAnchors); | |
3923 | ||
3924 | g_luaconfs.setState(luaconfsCopy); | |
3925 | ||
3926 | size_t queriesCount = 0; | |
3927 | ||
3928 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
3929 | queriesCount++; | |
3930 | ||
3931 | if (domain == target && type == QType::NS) { | |
3932 | ||
3933 | setLWResult(res, 0, true, false, true); | |
3934 | char addr[] = "a.root-servers.net."; | |
3935 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
3936 | addr[0] = idx; | |
3937 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
3938 | } | |
3939 | ||
3940 | /* FORCE WRONG ALGO */ | |
3941 | addRRSIG(keys, res->d_records, domain, 300, false, DNSSECKeeper::RSASHA256); | |
3942 | ||
3943 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
3944 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
3945 | ||
3946 | return 1; | |
3947 | } else if (domain == target && type == QType::DNSKEY) { | |
3948 | ||
3949 | setLWResult(res, 0, true, false, true); | |
3950 | ||
3951 | addDNSKEY(keys, domain, 300, res->d_records); | |
3952 | addRRSIG(keys, res->d_records, domain, 300); | |
3953 | ||
3954 | return 1; | |
3955 | } | |
3956 | ||
3957 | return 0; | |
3958 | }); | |
3959 | ||
3960 | vector<DNSRecord> ret; | |
3961 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3962 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
3963 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
3964 | /* 13 NS + 1 RRSIG */ | |
3965 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3966 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
3967 | ||
3968 | /* again, to test the cache */ | |
3969 | ret.clear(); | |
3970 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
3971 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
3972 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
3973 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
3974 | BOOST_CHECK_EQUAL(queriesCount, 2); | |
3975 | } | |
3976 | ||
b7f378d1 | 3977 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_various_algos) { |
8455425c | 3978 | std::unique_ptr<SyncRes> sr; |
895449a5 | 3979 | initSR(sr, true); |
8455425c RG |
3980 | |
3981 | g_dnssecmode = DNSSECMode::ValidateAll; | |
3982 | ||
3983 | primeHints(); | |
3984 | const DNSName target("powerdns.com."); | |
b7f378d1 RG |
3985 | const ComboAddress targetAddr("192.0.2.42"); |
3986 | testkeysset_t keys; | |
8455425c RG |
3987 | |
3988 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
3989 | luaconfsCopy.dsAnchors.clear(); | |
b7f378d1 RG |
3990 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::SHA384, keys, luaconfsCopy.dsAnchors); |
3991 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
3992 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA384, DNSSECKeeper::SHA384, keys); | |
8455425c RG |
3993 | |
3994 | g_luaconfs.setState(luaconfsCopy); | |
3995 | ||
3996 | size_t queriesCount = 0; | |
3997 | ||
b7f378d1 | 3998 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { |
8455425c RG |
3999 | queriesCount++; |
4000 | ||
b7f378d1 RG |
4001 | DNSName auth = domain; |
4002 | if (domain == target) { | |
4003 | auth = DNSName("powerdns.com."); | |
4004 | } | |
8455425c | 4005 | if (type == QType::DS) { |
a53e8fe3 | 4006 | return 0; |
8455425c RG |
4007 | } |
4008 | else if (type == QType::DNSKEY) { | |
4009 | setLWResult(res, 0, true, false, true); | |
b7f378d1 RG |
4010 | addDNSKEY(keys, auth, 300, res->d_records); |
4011 | addRRSIG(keys, res->d_records, auth, 300); | |
8455425c RG |
4012 | return 1; |
4013 | } | |
4014 | else if (domain == target) { | |
4015 | if (isRootServer(ip)) { | |
4016 | setLWResult(res, 0, false, false, true); | |
4017 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
b7f378d1 | 4018 | addDS(DNSName("com."), 300, res->d_records, keys); |
8455425c RG |
4019 | addRRSIG(keys, res->d_records, DNSName("."), 300); |
4020 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4021 | return 1; | |
4022 | } | |
4023 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4024 | setLWResult(res, 0, false, false, true); | |
b7f378d1 RG |
4025 | addRecordToLW(res, auth, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); |
4026 | addDS(auth, 300, res->d_records, keys); | |
8455425c RG |
4027 | addRRSIG(keys, res->d_records, DNSName("com."), 300); |
4028 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4029 | return 1; | |
4030 | } | |
4031 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
b7f378d1 RG |
4032 | setLWResult(res, RCode::NoError, true, false, true); |
4033 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
4034 | addRRSIG(keys, res->d_records, auth, 300); | |
8455425c RG |
4035 | return 1; |
4036 | } | |
4037 | } | |
4038 | ||
4039 | return 0; | |
4040 | }); | |
4041 | ||
4042 | vector<DNSRecord> ret; | |
4043 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
b7f378d1 RG |
4044 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
4045 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4046 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
8455425c | 4047 | BOOST_CHECK_EQUAL(queriesCount, 6); |
b7f378d1 RG |
4048 | |
4049 | /* again, to test the cache */ | |
4050 | ret.clear(); | |
4051 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4052 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 4053 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); |
b7f378d1 RG |
4054 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
4055 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
8455425c RG |
4056 | } |
4057 | ||
b7f378d1 | 4058 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_with_nta) { |
8455425c | 4059 | std::unique_ptr<SyncRes> sr; |
895449a5 | 4060 | initSR(sr, true); |
8455425c RG |
4061 | |
4062 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4063 | ||
4064 | primeHints(); | |
b7f378d1 RG |
4065 | const DNSName target("powerdns.com."); |
4066 | const ComboAddress targetAddr("192.0.2.42"); | |
4067 | testkeysset_t keys; | |
8455425c RG |
4068 | |
4069 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4070 | luaconfsCopy.dsAnchors.clear(); | |
b7f378d1 RG |
4071 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); |
4072 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4073 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4074 | ||
4075 | /* Add a NTA for "powerdns.com" */ | |
4076 | luaconfsCopy.negAnchors[target] = "NTA for PowerDNS.com"; | |
8455425c | 4077 | |
8455425c RG |
4078 | g_luaconfs.setState(luaconfsCopy); |
4079 | ||
4080 | size_t queriesCount = 0; | |
4081 | ||
b7f378d1 | 4082 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { |
8455425c RG |
4083 | queriesCount++; |
4084 | ||
b7f378d1 RG |
4085 | DNSName auth = domain; |
4086 | if (domain == target) { | |
4087 | auth = DNSName("powerdns.com."); | |
4088 | } | |
4089 | if (type == QType::DS) { | |
a53e8fe3 | 4090 | return 0; |
b7f378d1 RG |
4091 | } |
4092 | else if (type == QType::DNSKEY) { | |
8455425c | 4093 | setLWResult(res, 0, true, false, true); |
b7f378d1 RG |
4094 | addDNSKEY(keys, auth, 300, res->d_records); |
4095 | addRRSIG(keys, res->d_records, auth, 300); | |
4096 | return 1; | |
4097 | } | |
4098 | else if (domain == target) { | |
4099 | if (isRootServer(ip)) { | |
4100 | setLWResult(res, 0, false, false, true); | |
4101 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4102 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4103 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4104 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4105 | return 1; | |
4106 | } | |
4107 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4108 | setLWResult(res, 0, false, false, true); | |
4109 | addRecordToLW(res, auth, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4110 | addDS(auth, 300, res->d_records, keys); | |
4111 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4112 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4113 | return 1; | |
4114 | } | |
4115 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4116 | setLWResult(res, RCode::NoError, true, false, true); | |
4117 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
4118 | addRRSIG(keys, res->d_records, auth, 300); | |
4119 | return 1; | |
4120 | } | |
4121 | } | |
4122 | ||
4123 | return 0; | |
4124 | }); | |
4125 | ||
4126 | vector<DNSRecord> ret; | |
4127 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4128 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4129 | /* Should be insecure because of the NTA */ | |
4130 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4131 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
4132 | /* and a such, no query for the last DNSKEYs */ | |
4133 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
4134 | ||
4135 | /* again, to test the cache */ | |
4136 | ret.clear(); | |
4137 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4138 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4139 | /* Should be insecure because of the NTA */ | |
4140 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4141 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
4142 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
4143 | } | |
4144 | ||
4145 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_with_nta) { | |
4146 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4147 | initSR(sr, true); |
b7f378d1 RG |
4148 | |
4149 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4150 | ||
4151 | primeHints(); | |
4152 | const DNSName target("powerdns.com."); | |
4153 | const ComboAddress targetAddr("192.0.2.42"); | |
4154 | testkeysset_t keys; | |
4155 | ||
4156 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4157 | luaconfsCopy.dsAnchors.clear(); | |
4158 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4159 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4160 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4161 | ||
4162 | /* Add a NTA for "powerdns.com" */ | |
4163 | luaconfsCopy.negAnchors[target] = "NTA for PowerDNS.com"; | |
4164 | ||
4165 | g_luaconfs.setState(luaconfsCopy); | |
4166 | ||
4167 | size_t queriesCount = 0; | |
4168 | ||
4169 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4170 | queriesCount++; | |
4171 | ||
4172 | if (type == QType::DS || type == QType::DNSKEY) { | |
4173 | setLWResult(res, 0, false, false, true); | |
4174 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4175 | return 1; | |
4176 | } | |
4177 | else if (domain == target) { | |
4178 | if (isRootServer(ip)) { | |
4179 | setLWResult(res, 0, false, false, true); | |
4180 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4181 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4182 | return 1; | |
4183 | } | |
4184 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4185 | setLWResult(res, 0, false, false, true); | |
4186 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4187 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4188 | return 1; | |
4189 | } | |
4190 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4191 | setLWResult(res, RCode::NoError, true, false, true); | |
4192 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
4193 | return 1; | |
4194 | } | |
4195 | } | |
4196 | ||
4197 | return 0; | |
4198 | }); | |
4199 | ||
4200 | /* There is TA for root but no DS/DNSKEY/RRSIG, should be Bogus, but.. */ | |
4201 | vector<DNSRecord> ret; | |
4202 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4203 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4204 | /* Should be insecure because of the NTA */ | |
4205 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4206 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4207 | /* and a such, no query for the DNSKEYs */ | |
4208 | BOOST_CHECK_EQUAL(queriesCount, 4); | |
4209 | ||
4210 | /* again, to test the cache */ | |
4211 | ret.clear(); | |
4212 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4213 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4214 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4215 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4216 | BOOST_CHECK_EQUAL(queriesCount, 4); | |
4217 | } | |
4218 | ||
4219 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec) { | |
4220 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4221 | initSR(sr, true); |
b7f378d1 RG |
4222 | |
4223 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4224 | ||
4225 | primeHints(); | |
4226 | const DNSName target("powerdns.com."); | |
4227 | testkeysset_t keys; | |
4228 | ||
4229 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4230 | luaconfsCopy.dsAnchors.clear(); | |
4231 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4232 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4233 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4234 | ||
4235 | g_luaconfs.setState(luaconfsCopy); | |
4236 | ||
4237 | size_t queriesCount = 0; | |
4238 | ||
4239 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4240 | queriesCount++; | |
4241 | ||
4242 | if (type == QType::DS) { | |
a53e8fe3 | 4243 | return 0; |
b7f378d1 RG |
4244 | } |
4245 | else if (type == QType::DNSKEY) { | |
4246 | setLWResult(res, 0, true, false, true); | |
4247 | addDNSKEY(keys, domain, 300, res->d_records); | |
4248 | addRRSIG(keys, res->d_records, domain, 300); | |
4249 | return 1; | |
4250 | } | |
4251 | else if (domain == target) { | |
4252 | if (isRootServer(ip)) { | |
4253 | setLWResult(res, 0, false, false, true); | |
4254 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4255 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4256 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4257 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4258 | return 1; | |
4259 | } | |
4260 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4261 | setLWResult(res, 0, false, false, true); | |
4262 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4263 | addDS(domain, 300, res->d_records, keys); | |
4264 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4265 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4266 | return 1; | |
4267 | } | |
4268 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4269 | setLWResult(res, 0, true, false, true); | |
4270 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4271 | addRRSIG(keys, res->d_records, domain, 300); | |
4272 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS, QType::DNSKEY }, 600, res->d_records); | |
4273 | addRRSIG(keys, res->d_records, domain, 300); | |
4274 | return 1; | |
4275 | } | |
4276 | } | |
4277 | ||
4278 | return 0; | |
4279 | }); | |
4280 | ||
4281 | vector<DNSRecord> ret; | |
4282 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4283 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4284 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4285 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4286 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4287 | ||
4288 | /* again, to test the cache */ | |
4289 | ret.clear(); | |
4290 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4291 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4292 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4293 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4294 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4295 | } | |
4296 | ||
4297 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_nxdomain_nsec) { | |
4298 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4299 | initSR(sr, true); |
b7f378d1 RG |
4300 | |
4301 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4302 | ||
4303 | primeHints(); | |
4304 | const DNSName target("nx.powerdns.com."); | |
4305 | testkeysset_t keys; | |
4306 | ||
4307 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4308 | luaconfsCopy.dsAnchors.clear(); | |
4309 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4310 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4311 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4312 | ||
4313 | g_luaconfs.setState(luaconfsCopy); | |
4314 | ||
4315 | size_t queriesCount = 0; | |
4316 | ||
4317 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4318 | queriesCount++; | |
4319 | ||
4320 | DNSName auth = domain; | |
4321 | if (domain == target) { | |
4322 | auth = DNSName("powerdns.com."); | |
4323 | } | |
4324 | if (type == QType::DS) { | |
a53e8fe3 | 4325 | return 0; |
b7f378d1 RG |
4326 | } |
4327 | else if (type == QType::DNSKEY) { | |
4328 | setLWResult(res, 0, true, false, true); | |
4329 | addDNSKEY(keys, auth, 300, res->d_records); | |
4330 | addRRSIG(keys, res->d_records, auth, 300); | |
4331 | return 1; | |
4332 | } | |
4333 | else if (domain == target) { | |
4334 | if (isRootServer(ip)) { | |
4335 | setLWResult(res, 0, false, false, true); | |
4336 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4337 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4338 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4339 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4340 | return 1; | |
4341 | } | |
4342 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4343 | setLWResult(res, 0, false, false, true); | |
4344 | addRecordToLW(res, auth, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4345 | addDS(auth, 300, res->d_records, keys); | |
4346 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4347 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4348 | return 1; | |
4349 | } | |
4350 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4351 | setLWResult(res, RCode::NXDomain, true, false, true); | |
4352 | addRecordToLW(res, DNSName("powerdns.com."), QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4353 | addRRSIG(keys, res->d_records, auth, 300); | |
4354 | addNSECRecordToLW(DNSName("nw.powerdns.com."), DNSName("ny.powerdns.com."), { QType::RRSIG, QType::NSEC }, 600, res->d_records); | |
4355 | addRRSIG(keys, res->d_records, auth, 300); | |
4356 | return 1; | |
4357 | } | |
4358 | } | |
4359 | ||
4360 | return 0; | |
4361 | }); | |
4362 | ||
4363 | vector<DNSRecord> ret; | |
4364 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4365 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
4366 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4367 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4368 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4369 | ||
4370 | /* again, to test the cache */ | |
4371 | ret.clear(); | |
4372 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4373 | BOOST_CHECK_EQUAL(res, RCode::NXDomain); | |
4374 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4375 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4376 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4377 | } | |
4378 | ||
2b984251 RG |
4379 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard) { |
4380 | std::unique_ptr<SyncRes> sr; | |
4381 | initSR(sr, true); | |
4382 | ||
4383 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4384 | ||
4385 | primeHints(); | |
4386 | const DNSName target("www.powerdns.com."); | |
4387 | testkeysset_t keys; | |
4388 | ||
4389 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4390 | luaconfsCopy.dsAnchors.clear(); | |
4391 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4392 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4393 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4394 | ||
4395 | g_luaconfs.setState(luaconfsCopy); | |
4396 | ||
4397 | size_t queriesCount = 0; | |
4398 | ||
4399 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4400 | queriesCount++; | |
4401 | ||
4402 | if (type == QType::DS) { | |
a53e8fe3 | 4403 | return 0; |
2b984251 RG |
4404 | } |
4405 | else if (type == QType::DNSKEY) { | |
4406 | setLWResult(res, 0, true, false, true); | |
4407 | addDNSKEY(keys, domain, 300, res->d_records); | |
4408 | addRRSIG(keys, res->d_records, domain, 300); | |
4409 | return 1; | |
4410 | } | |
4411 | else if (domain == target) { | |
4412 | if (isRootServer(ip)) { | |
4413 | setLWResult(res, 0, false, false, true); | |
4414 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4415 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4416 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4417 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4418 | return 1; | |
4419 | } | |
4420 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4421 | setLWResult(res, 0, false, false, true); | |
4422 | addRecordToLW(res, "powerdns.com.", QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4423 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
4424 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4425 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4426 | return 1; | |
4427 | } | |
4428 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4429 | setLWResult(res, 0, true, false, true); | |
4430 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
4431 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300, false, boost::none, DNSName("*.powerdns.com")); | |
4432 | addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("wwz.powerdns.com."), { QType::A, QType::NSEC, QType::RRSIG }, 600, res->d_records); | |
4433 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300); | |
4434 | return 1; | |
4435 | } | |
4436 | } | |
4437 | ||
4438 | return 0; | |
4439 | }); | |
4440 | ||
4441 | vector<DNSRecord> ret; | |
4442 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4443 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4444 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4445 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4446 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4447 | ||
4448 | /* again, to test the cache */ | |
4449 | ret.clear(); | |
4450 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4451 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4452 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4453 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4454 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
4455 | } | |
4456 | ||
a53e8fe3 RG |
4457 | BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_secure) { |
4458 | std::unique_ptr<SyncRes> sr; | |
4459 | initSR(sr, true); | |
4460 | ||
4461 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4462 | ||
4463 | primeHints(); | |
4464 | const DNSName target("www.powerdns.com."); | |
4465 | testkeysset_t keys; | |
4466 | ||
4467 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4468 | luaconfsCopy.dsAnchors.clear(); | |
4469 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4470 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4471 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4472 | ||
4473 | g_luaconfs.setState(luaconfsCopy); | |
4474 | ||
4475 | size_t queriesCount = 0; | |
4476 | size_t dsQueriesCount = 0; | |
4477 | ||
4478 | sr->setAsyncCallback([target,&queriesCount,&dsQueriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4479 | queriesCount++; | |
4480 | ||
4481 | if (type == QType::DS) { | |
4482 | DNSName auth(domain); | |
4483 | auth.chopOff(); | |
4484 | dsQueriesCount++; | |
4485 | ||
4486 | setLWResult(res, 0, true, false, true); | |
4487 | addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER); | |
4488 | addRRSIG(keys, res->d_records, auth, 300); | |
4489 | return 1; | |
4490 | } | |
4491 | else if (type == QType::DNSKEY) { | |
4492 | setLWResult(res, 0, true, false, true); | |
4493 | addDNSKEY(keys, domain, 300, res->d_records); | |
4494 | addRRSIG(keys, res->d_records, domain, 300); | |
4495 | return 1; | |
4496 | } | |
4497 | else if (domain == target) { | |
4498 | if (isRootServer(ip)) { | |
4499 | setLWResult(res, 0, false, false, true); | |
4500 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4501 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4502 | /* No DS on referral, and no denial of the DS either */ | |
4503 | return 1; | |
4504 | } | |
4505 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
4506 | setLWResult(res, 0, false, false, true); | |
4507 | addRecordToLW(res, "powerdns.com.", QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4508 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4509 | /* No DS on referral, and no denial of the DS either */ | |
4510 | return 1; | |
4511 | } | |
4512 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4513 | setLWResult(res, 0, true, false, true); | |
4514 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
4515 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300, false, boost::none, DNSName("*.powerdns.com")); | |
4516 | addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("wwz.powerdns.com."), { QType::A, QType::NSEC, QType::RRSIG }, 600, res->d_records); | |
4517 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300); | |
4518 | return 1; | |
4519 | } | |
4520 | } | |
4521 | ||
4522 | return 0; | |
4523 | }); | |
4524 | ||
4525 | vector<DNSRecord> ret; | |
4526 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4527 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4528 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4529 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4530 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
4531 | BOOST_CHECK_EQUAL(dsQueriesCount, 2); | |
4532 | ||
4533 | /* again, to test the cache */ | |
4534 | ret.clear(); | |
4535 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4536 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4537 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
4538 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
4539 | BOOST_CHECK_EQUAL(queriesCount, 8); | |
4540 | BOOST_CHECK_EQUAL(dsQueriesCount, 2); | |
4541 | } | |
4542 | ||
4543 | BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_insecure) { | |
4544 | std::unique_ptr<SyncRes> sr; | |
a69867f2 | 4545 | initSR(sr, true, true); |
a53e8fe3 RG |
4546 | |
4547 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4548 | ||
4549 | primeHints(); | |
4550 | const DNSName target("www.powerdns.com."); | |
4551 | testkeysset_t keys; | |
4552 | ||
4553 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4554 | luaconfsCopy.dsAnchors.clear(); | |
4555 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4556 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4557 | ||
4558 | g_luaconfs.setState(luaconfsCopy); | |
4559 | ||
4560 | size_t queriesCount = 0; | |
4561 | size_t dsQueriesCount = 0; | |
4562 | ||
4563 | sr->setAsyncCallback([target,&queriesCount,&dsQueriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4564 | queriesCount++; | |
4565 | ||
4566 | if (type == QType::DS) { | |
4567 | DNSName auth(domain); | |
4568 | auth.chopOff(); | |
4569 | dsQueriesCount++; | |
4570 | ||
4571 | setLWResult(res, 0, true, false, true); | |
4572 | if (domain == DNSName("com.")) { | |
4573 | addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER); | |
4574 | } | |
4575 | else { | |
4576 | addNSECRecordToLW(domain, DNSName("powerdnt.com."), { QType::NS }, 600, res->d_records); | |
4577 | } | |
4578 | addRRSIG(keys, res->d_records, auth, 300); | |
4579 | return 1; | |
4580 | } | |
4581 | else if (type == QType::DNSKEY) { | |
4582 | setLWResult(res, 0, true, false, true); | |
4583 | addDNSKEY(keys, domain, 300, res->d_records); | |
4584 | addRRSIG(keys, res->d_records, domain, 300); | |
4585 | return 1; | |
4586 | } | |
a69867f2 | 4587 | else { |
a53e8fe3 RG |
4588 | if (isRootServer(ip)) { |
4589 | setLWResult(res, 0, false, false, true); | |
4590 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4591 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4592 | /* No DS on referral, and no denial of the DS either */ | |
4593 | return 1; | |
4594 | } | |
4595 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
4596 | if (domain == DNSName("com.")) { |
4597 | setLWResult(res, 0, true, false, true); | |
4598 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
4599 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4600 | } | |
4601 | else { | |
4602 | setLWResult(res, 0, false, false, true); | |
4603 | addRecordToLW(res, "powerdns.com.", QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4604 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4605 | /* No DS on referral, and no denial of the DS either */ | |
4606 | } | |
a53e8fe3 RG |
4607 | return 1; |
4608 | } | |
4609 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4610 | setLWResult(res, 0, true, false, true); | |
4611 | addRecordToLW(res, domain, QType::A, "192.0.2.42"); | |
4612 | return 1; | |
4613 | } | |
4614 | } | |
4615 | ||
4616 | return 0; | |
4617 | }); | |
4618 | ||
4619 | vector<DNSRecord> ret; | |
4620 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4621 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4622 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4623 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4624 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
4625 | BOOST_CHECK_EQUAL(dsQueriesCount, 2); | |
4626 | ||
4627 | /* again, to test the cache */ | |
4628 | ret.clear(); | |
4629 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4630 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4631 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4632 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4633 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
4634 | BOOST_CHECK_EQUAL(dsQueriesCount, 2); | |
4635 | } | |
4636 | ||
b7f378d1 RG |
4637 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_no_nsec) { |
4638 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4639 | initSR(sr, true); |
b7f378d1 RG |
4640 | |
4641 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4642 | ||
4643 | primeHints(); | |
4644 | const DNSName target("powerdns.com."); | |
4645 | testkeysset_t keys; | |
4646 | ||
4647 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4648 | luaconfsCopy.dsAnchors.clear(); | |
4649 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4650 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4651 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4652 | ||
4653 | g_luaconfs.setState(luaconfsCopy); | |
4654 | ||
4655 | size_t queriesCount = 0; | |
4656 | ||
4657 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4658 | queriesCount++; | |
4659 | ||
4660 | if (type == QType::DS) { | |
a53e8fe3 | 4661 | return 0; |
b7f378d1 RG |
4662 | } |
4663 | else if (type == QType::DNSKEY) { | |
4664 | setLWResult(res, 0, true, false, true); | |
4665 | addDNSKEY(keys, domain, 300, res->d_records); | |
4666 | addRRSIG(keys, res->d_records, domain, 300); | |
4667 | return 1; | |
4668 | } | |
a69867f2 | 4669 | else { |
b7f378d1 RG |
4670 | if (isRootServer(ip)) { |
4671 | setLWResult(res, 0, false, false, true); | |
4672 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4673 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4674 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4675 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4676 | return 1; | |
4677 | } | |
4678 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
4679 | if (domain == DNSName("com.")) { |
4680 | setLWResult(res, 0, true, false, true); | |
4681 | addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com."); | |
4682 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4683 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4684 | } | |
4685 | else { | |
4686 | setLWResult(res, 0, false, false, true); | |
4687 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4688 | addDS(domain, 300, res->d_records, keys); | |
4689 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4690 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4691 | } | |
b7f378d1 RG |
4692 | return 1; |
4693 | } | |
4694 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4695 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
4696 | if (type == QType::NS) { |
4697 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
4698 | addRRSIG(keys, res->d_records, domain, 300); | |
4699 | } | |
4700 | else { | |
4701 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4702 | addRRSIG(keys, res->d_records, domain, 300); | |
4703 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS, QType::DNSKEY }, 600, res->d_records); | |
4704 | /* NO RRSIG for the NSEC record! */ | |
4705 | } | |
b7f378d1 RG |
4706 | return 1; |
4707 | } | |
4708 | } | |
4709 | ||
4710 | return 0; | |
4711 | }); | |
4712 | ||
4713 | /* NSEC record without the corresponding RRSIG in a secure zone, should be Bogus! */ | |
4714 | vector<DNSRecord> ret; | |
4715 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4716 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4717 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
4718 | BOOST_CHECK_EQUAL(ret.size(), 3); | |
a69867f2 | 4719 | BOOST_CHECK_EQUAL(queriesCount, 8); |
b7f378d1 RG |
4720 | |
4721 | /* again, to test the cache */ | |
4722 | ret.clear(); | |
4723 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4724 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4725 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
4726 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 4727 | BOOST_CHECK_EQUAL(queriesCount, 8); |
b7f378d1 RG |
4728 | } |
4729 | ||
4730 | BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_unsigned_nsec) { | |
4731 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4732 | initSR(sr, true); |
b7f378d1 RG |
4733 | |
4734 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4735 | ||
4736 | primeHints(); | |
4737 | const DNSName target("powerdns.com."); | |
4738 | testkeysset_t keys; | |
4739 | ||
4740 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4741 | luaconfsCopy.dsAnchors.clear(); | |
4742 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4743 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4744 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4745 | ||
4746 | g_luaconfs.setState(luaconfsCopy); | |
4747 | ||
4748 | size_t queriesCount = 0; | |
4749 | ||
4750 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4751 | queriesCount++; | |
4752 | ||
4753 | if (type == QType::DS) { | |
a53e8fe3 | 4754 | return 0; |
b7f378d1 RG |
4755 | } |
4756 | else if (type == QType::DNSKEY) { | |
4757 | setLWResult(res, 0, true, false, true); | |
4758 | addDNSKEY(keys, domain, 300, res->d_records); | |
4759 | addRRSIG(keys, res->d_records, domain, 300); | |
4760 | return 1; | |
4761 | } | |
a69867f2 | 4762 | else { |
b7f378d1 RG |
4763 | if (isRootServer(ip)) { |
4764 | setLWResult(res, 0, false, false, true); | |
4765 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4766 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4767 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4768 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4769 | return 1; | |
4770 | } | |
4771 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
4772 | if (domain == DNSName("com.")) { |
4773 | setLWResult(res, 0, true, false, true); | |
4774 | addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com."); | |
4775 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4776 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4777 | } | |
4778 | else { | |
4779 | setLWResult(res, 0, false, false, true); | |
4780 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4781 | addDS(domain, 300, res->d_records, keys); | |
4782 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4783 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4784 | } | |
b7f378d1 RG |
4785 | return 1; |
4786 | } | |
4787 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4788 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
4789 | if (type == QType::NS) { |
4790 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
4791 | addRRSIG(keys, res->d_records, domain, 300); | |
4792 | } | |
4793 | else { | |
4794 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4795 | addRRSIG(keys, res->d_records, domain, 300); | |
b7f378d1 | 4796 | |
a69867f2 RG |
4797 | /* NO NSEC record! */ |
4798 | } | |
b7f378d1 RG |
4799 | return 1; |
4800 | } | |
4801 | } | |
4802 | ||
4803 | return 0; | |
4804 | }); | |
4805 | ||
4806 | /* no NSEC record in a secure zone, should be Bogus! */ | |
4807 | vector<DNSRecord> ret; | |
4808 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4809 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4810 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
4811 | BOOST_CHECK_EQUAL(ret.size(), 2); | |
a69867f2 | 4812 | BOOST_CHECK_EQUAL(queriesCount, 8); |
b7f378d1 RG |
4813 | |
4814 | /* again, to test the cache */ | |
4815 | ret.clear(); | |
4816 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4817 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4818 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
4819 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
a69867f2 | 4820 | BOOST_CHECK_EQUAL(queriesCount, 8); |
b7f378d1 RG |
4821 | } |
4822 | ||
4823 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure) { | |
4824 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 4825 | initSR(sr, true); |
b7f378d1 RG |
4826 | |
4827 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4828 | ||
4829 | primeHints(); | |
4830 | const DNSName target("powerdns.com."); | |
4831 | const ComboAddress targetAddr("192.0.2.42"); | |
4832 | testkeysset_t keys; | |
4833 | ||
4834 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4835 | luaconfsCopy.dsAnchors.clear(); | |
4836 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4837 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4838 | ||
4839 | g_luaconfs.setState(luaconfsCopy); | |
4840 | ||
4841 | size_t queriesCount = 0; | |
4842 | ||
4843 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4844 | queriesCount++; | |
4845 | ||
4846 | if (type == QType::DS) { | |
a53e8fe3 | 4847 | if (domain == target) { |
b7f378d1 | 4848 | setLWResult(res, 0, false, false, true); |
895449a5 | 4849 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); |
b7f378d1 RG |
4850 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); |
4851 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4852 | return 1; | |
4853 | } | |
4854 | } | |
4855 | else if (type == QType::DNSKEY) { | |
4856 | if (domain == g_rootdnsname || domain == DNSName("com.")) { | |
4857 | setLWResult(res, 0, true, false, true); | |
4858 | addDNSKEY(keys, domain, 300, res->d_records); | |
4859 | addRRSIG(keys, res->d_records, domain, 300); | |
4860 | return 1; | |
4861 | } | |
4862 | else { | |
4863 | setLWResult(res, 0, false, false, true); | |
895449a5 | 4864 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); |
b7f378d1 RG |
4865 | return 1; |
4866 | } | |
4867 | } | |
a69867f2 | 4868 | else { |
b7f378d1 RG |
4869 | if (isRootServer(ip)) { |
4870 | setLWResult(res, 0, false, false, true); | |
4871 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4872 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4873 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4874 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4875 | return 1; | |
4876 | } | |
4877 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
4878 | if (domain == DNSName("com.")) { |
4879 | setLWResult(res, 0, true, false, true); | |
4880 | addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com."); | |
4881 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4882 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4883 | } | |
4884 | else { | |
4885 | setLWResult(res, 0, false, false, true); | |
4886 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4887 | /* no DS */ | |
4888 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); | |
4889 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4890 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
4891 | } | |
b7f378d1 RG |
4892 | return 1; |
4893 | } | |
4894 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
4895 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
4896 | if (type == QType::NS) { |
4897 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
4898 | } | |
4899 | else { | |
4900 | addRecordToLW(res, domain, QType::A, targetAddr.toString()); | |
4901 | } | |
b7f378d1 RG |
4902 | return 1; |
4903 | } | |
4904 | } | |
4905 | ||
4906 | return 0; | |
4907 | }); | |
4908 | ||
4909 | vector<DNSRecord> ret; | |
4910 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4911 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4912 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4913 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4914 | BOOST_CHECK(ret[0].d_type == QType::A); | |
a69867f2 RG |
4915 | /* 4 NS: com at ., com at com, powerdns.com at com, powerdns.com at powerdns.com |
4916 | 4 DNSKEY: ., com (not for powerdns.com because DS denial in referral) | |
4917 | 1 query for A */ | |
4918 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
b7f378d1 RG |
4919 | |
4920 | /* again, to test the cache */ | |
4921 | ret.clear(); | |
4922 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
4923 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
4924 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
4925 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
4926 | BOOST_CHECK(ret[0].d_type == QType::A); | |
a69867f2 | 4927 | BOOST_CHECK_EQUAL(queriesCount, 7); |
b7f378d1 RG |
4928 | } |
4929 | ||
70b3fe7a RG |
4930 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_skipped_cut) { |
4931 | std::unique_ptr<SyncRes> sr; | |
a69867f2 | 4932 | initSR(sr, true); |
70b3fe7a RG |
4933 | |
4934 | g_dnssecmode = DNSSECMode::ValidateAll; | |
4935 | ||
4936 | primeHints(); | |
4937 | const DNSName target("www.sub.powerdns.com."); | |
4938 | const ComboAddress targetAddr("192.0.2.42"); | |
4939 | testkeysset_t keys; | |
4940 | ||
4941 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
4942 | luaconfsCopy.dsAnchors.clear(); | |
4943 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
4944 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4945 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
4946 | ||
4947 | g_luaconfs.setState(luaconfsCopy); | |
4948 | ||
4949 | size_t queriesCount = 0; | |
4950 | ||
4951 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
4952 | queriesCount++; | |
4953 | ||
4954 | if (type == QType::DS) { | |
4955 | if (domain == DNSName("sub.powerdns.com.")) { | |
4956 | setLWResult(res, 0, false, false, true); | |
4957 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4958 | addRRSIG(keys, res->d_records, DNSName("powerdns.com."), 300); | |
4959 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); | |
4960 | addRRSIG(keys, res->d_records, DNSName("powerdns.com."), 300); | |
4961 | return 1; | |
4962 | } | |
4963 | else if (domain == DNSName("www.sub.powerdns.com.")) { | |
4964 | setLWResult(res, 0, false, false, true); | |
4965 | addRecordToLW(res, DNSName("sub.powerdns.com."), QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4966 | return 1; | |
4967 | } | |
4968 | } | |
4969 | else if (type == QType::DNSKEY) { | |
a69867f2 | 4970 | if (domain == g_rootdnsname || domain == DNSName("com.") || domain == DNSName("powerdns.com.")) { |
70b3fe7a RG |
4971 | setLWResult(res, 0, true, false, true); |
4972 | addDNSKEY(keys, domain, 300, res->d_records); | |
4973 | addRRSIG(keys, res->d_records, domain, 300); | |
4974 | return 1; | |
4975 | } | |
4976 | else { | |
4977 | setLWResult(res, 0, false, false, true); | |
4978 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
4979 | return 1; | |
4980 | } | |
4981 | } | |
88cb0fe0 | 4982 | else { |
70b3fe7a RG |
4983 | if (isRootServer(ip)) { |
4984 | setLWResult(res, 0, false, false, true); | |
4985 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
4986 | addDS(DNSName("com."), 300, res->d_records, keys); | |
4987 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
4988 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4989 | return 1; | |
4990 | } | |
4991 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
4992 | if (domain == DNSName("com.")) { |
4993 | setLWResult(res, 0, true, false, true); | |
4994 | addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com."); | |
4995 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
4996 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
4997 | } | |
4998 | else { | |
4999 | setLWResult(res, 0, false, false, true); | |
5000 | addRecordToLW(res, DNSName("powerdns.com."), QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5001 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
5002 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5003 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5004 | } | |
70b3fe7a RG |
5005 | return 1; |
5006 | } | |
5007 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5008 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
5009 | if (type == QType::NS) { |
5010 | if (domain == DNSName("www.sub.powerdns.com.")) { | |
5011 | addRecordToLW(res, DNSName("sub.powerdns.com"), QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5012 | } | |
5013 | else if (domain == DNSName("sub.powerdns.com.")) { | |
5014 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5015 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300); | |
5016 | addNSECRecordToLW(domain, DNSName("tub.powerdns.com."), { QType::NS }, 600, res->d_records); | |
5017 | addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300); | |
5018 | } | |
5019 | else if (domain == DNSName("powerdns.com.")) { | |
5020 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5021 | addRRSIG(keys, res->d_records, DNSName("powerdns.com."), 300); | |
5022 | } | |
5023 | } else { | |
5024 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
5025 | } | |
70b3fe7a RG |
5026 | return 1; |
5027 | } | |
5028 | } | |
5029 | ||
5030 | return 0; | |
5031 | }); | |
5032 | ||
5033 | vector<DNSRecord> ret; | |
5034 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5035 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5036 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5037 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
5038 | BOOST_CHECK(ret[0].d_type == QType::A); | |
a69867f2 | 5039 | BOOST_CHECK_EQUAL(queriesCount, 11); |
70b3fe7a RG |
5040 | |
5041 | /* again, to test the cache */ | |
5042 | ret.clear(); | |
5043 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5044 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5045 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5046 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
5047 | BOOST_CHECK(ret[0].d_type == QType::A); | |
a69867f2 | 5048 | BOOST_CHECK_EQUAL(queriesCount, 11); |
70b3fe7a RG |
5049 | } |
5050 | ||
5051 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_ta_skipped_cut) { | |
5052 | std::unique_ptr<SyncRes> sr; | |
a69867f2 | 5053 | initSR(sr, true); |
70b3fe7a RG |
5054 | |
5055 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5056 | ||
5057 | primeHints(); | |
5058 | const DNSName target("www.sub.powerdns.com."); | |
5059 | const ComboAddress targetAddr("192.0.2.42"); | |
5060 | testkeysset_t keys; | |
5061 | ||
5062 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5063 | luaconfsCopy.dsAnchors.clear(); | |
5064 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5065 | /* No key material for .com */ | |
5066 | /* But TA for sub.powerdns.com. */ | |
5067 | generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5068 | luaconfsCopy.dsAnchors[DNSName("sub.powerdns.com.")].insert(keys[DNSName("sub.powerdns.com.")].second); | |
5069 | g_luaconfs.setState(luaconfsCopy); | |
5070 | ||
5071 | size_t queriesCount = 0; | |
5072 | ||
5073 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5074 | queriesCount++; | |
5075 | ||
5076 | if (type == QType::DS) { | |
88cb0fe0 RG |
5077 | if (domain == DNSName("www.sub.powerdns.com")) { |
5078 | setLWResult(res, 0, false, false, true); | |
5079 | addRecordToLW(res, DNSName("sub.powerdns.com"), QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5080 | addRRSIG(keys, res->d_records, DNSName("sub.powerdns.com"), 300); | |
5081 | addNSECRecordToLW(DNSName("www.sub.powerdns.com"), DNSName("vww.sub.powerdns.com."), { QType::A }, 600, res->d_records); | |
5082 | addRRSIG(keys, res->d_records, DNSName("sub.powerdns.com"), 300); | |
5083 | } | |
5084 | else { | |
5085 | setLWResult(res, 0, false, false, true); | |
5086 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5087 | } | |
70b3fe7a RG |
5088 | return 1; |
5089 | } | |
5090 | else if (type == QType::DNSKEY) { | |
5091 | if (domain == g_rootdnsname || domain == DNSName("sub.powerdns.com.")) { | |
5092 | setLWResult(res, 0, true, false, true); | |
5093 | addDNSKEY(keys, domain, 300, res->d_records); | |
5094 | addRRSIG(keys, res->d_records, domain, 300); | |
5095 | return 1; | |
5096 | } | |
5097 | } | |
88cb0fe0 | 5098 | else { |
70b3fe7a RG |
5099 | if (isRootServer(ip)) { |
5100 | setLWResult(res, 0, false, false, true); | |
5101 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5102 | /* no DS */ | |
5103 | addNSECRecordToLW(DNSName("com."), DNSName("dom."), { QType::NS }, 600, res->d_records); | |
5104 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5105 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5106 | return 1; | |
5107 | } | |
5108 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
88cb0fe0 RG |
5109 | if (domain == DNSName("com.")) { |
5110 | setLWResult(res, 0, true, false, true); | |
5111 | addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com."); | |
5112 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5113 | } | |
5114 | else if (domain == DNSName("powerdns.com.")) { | |
5115 | setLWResult(res, 0, false, false, true); | |
5116 | addRecordToLW(res, DNSName("powerdns.com."), QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5117 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5118 | } | |
70b3fe7a RG |
5119 | return 1; |
5120 | } | |
5121 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5122 | setLWResult(res, 0, true, false, true); | |
88cb0fe0 RG |
5123 | if (type == QType::NS) { |
5124 | if (domain == DNSName("www.sub.powerdns.com.")) { | |
5125 | addRecordToLW(res, DNSName("sub.powerdns.com"), QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5126 | addRRSIG(keys, res->d_records, DNSName("sub.powerdns.com"), 300); | |
5127 | addNSECRecordToLW(DNSName("www.sub.powerdns.com"), DNSName("vww.sub.powerdns.com."), { QType::A }, 600, res->d_records); | |
5128 | addRRSIG(keys, res->d_records, DNSName("sub.powerdns.com"), 300); | |
5129 | } | |
5130 | else if (domain == DNSName("sub.powerdns.com.")) { | |
5131 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5132 | addRRSIG(keys, res->d_records, DNSName("sub.powerdns.com."), 300); | |
5133 | } | |
5134 | else if (domain == DNSName("powerdns.com.")) { | |
5135 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5136 | } | |
5137 | } | |
5138 | else if (domain == DNSName("www.sub.powerdns.com.")) { | |
5139 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
5140 | addRRSIG(keys, res->d_records, DNSName("sub.powerdns.com."), 300); | |
5141 | } | |
70b3fe7a RG |
5142 | return 1; |
5143 | } | |
5144 | } | |
5145 | ||
5146 | return 0; | |
5147 | }); | |
5148 | ||
5149 | vector<DNSRecord> ret; | |
5150 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5151 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5152 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
88cb0fe0 | 5153 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
70b3fe7a | 5154 | BOOST_CHECK(ret[0].d_type == QType::A); |
a69867f2 | 5155 | BOOST_CHECK_EQUAL(queriesCount, 9); |
70b3fe7a RG |
5156 | |
5157 | /* again, to test the cache */ | |
5158 | ret.clear(); | |
5159 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5160 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5161 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
88cb0fe0 | 5162 | BOOST_REQUIRE_EQUAL(ret.size(), 2); |
70b3fe7a | 5163 | BOOST_CHECK(ret[0].d_type == QType::A); |
a69867f2 | 5164 | BOOST_CHECK_EQUAL(queriesCount, 9); |
70b3fe7a RG |
5165 | } |
5166 | ||
b7f378d1 RG |
5167 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nodata) { |
5168 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 5169 | initSR(sr, true); |
b7f378d1 RG |
5170 | |
5171 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5172 | ||
5173 | primeHints(); | |
5174 | const DNSName target("powerdns.com."); | |
5175 | testkeysset_t keys; | |
5176 | ||
5177 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5178 | luaconfsCopy.dsAnchors.clear(); | |
5179 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5180 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5181 | ||
5182 | g_luaconfs.setState(luaconfsCopy); | |
5183 | ||
5184 | size_t queriesCount = 0; | |
5185 | ||
5186 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5187 | queriesCount++; | |
5188 | ||
5189 | if (type == QType::DS) { | |
a53e8fe3 | 5190 | if (domain == target) { |
b7f378d1 | 5191 | setLWResult(res, 0, false, false, true); |
895449a5 | 5192 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); |
b7f378d1 RG |
5193 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); |
5194 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5195 | return 1; | |
5196 | } | |
5197 | } | |
5198 | else if (type == QType::DNSKEY) { | |
5199 | if (domain == g_rootdnsname || domain == DNSName("com.")) { | |
5200 | setLWResult(res, 0, true, false, true); | |
5201 | addDNSKEY(keys, domain, 300, res->d_records); | |
5202 | addRRSIG(keys, res->d_records, domain, 300); | |
5203 | return 1; | |
5204 | } | |
5205 | else { | |
5206 | setLWResult(res, 0, false, false, true); | |
895449a5 | 5207 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); |
b7f378d1 RG |
5208 | return 1; |
5209 | } | |
5210 | } | |
a69867f2 | 5211 | else { |
b7f378d1 RG |
5212 | if (isRootServer(ip)) { |
5213 | setLWResult(res, 0, false, false, true); | |
5214 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5215 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5216 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5217 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5218 | return 1; | |
5219 | } | |
5220 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
5221 | if (domain == DNSName("com.")) { |
5222 | setLWResult(res, 0, true, false, true); | |
5223 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
5224 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5225 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5226 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5227 | } | |
5228 | else { | |
5229 | setLWResult(res, 0, false, false, true); | |
5230 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5231 | /* no DS */ | |
5232 | addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records); | |
5233 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5234 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5235 | } | |
b7f378d1 RG |
5236 | return 1; |
5237 | } | |
5238 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
a69867f2 RG |
5239 | if (type == QType::NS) { |
5240 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5241 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5242 | } | |
5243 | else { | |
5244 | setLWResult(res, 0, true, false, true); | |
5245 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5246 | } | |
b7f378d1 RG |
5247 | return 1; |
5248 | } | |
5249 | } | |
5250 | ||
5251 | return 0; | |
5252 | }); | |
5253 | ||
5254 | vector<DNSRecord> ret; | |
5255 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5256 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5257 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5258 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
a69867f2 RG |
5259 | /* 4 NS (com from root, com from com, powerdns.com from com, |
5260 | powerdns.com from powerdns.com) | |
5261 | 2 DNSKEY (. and com., none for powerdns.com because no DS) | |
5262 | 1 query for A | |
5263 | */ | |
5264 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
b7f378d1 RG |
5265 | |
5266 | /* again, to test the cache */ | |
5267 | ret.clear(); | |
5268 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5269 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5270 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5271 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
a69867f2 | 5272 | BOOST_CHECK_EQUAL(queriesCount, 7); |
b7f378d1 RG |
5273 | } |
5274 | ||
895449a5 | 5275 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname) { |
b7f378d1 | 5276 | std::unique_ptr<SyncRes> sr; |
860d5e8e | 5277 | initSR(sr, true); |
b7f378d1 RG |
5278 | |
5279 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5280 | ||
895449a5 RG |
5281 | primeHints(); |
5282 | const DNSName target("powerdns.com."); | |
5283 | const DNSName targetCName("power-dns.com."); | |
5284 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5285 | testkeysset_t keys; | |
5286 | ||
5287 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5288 | luaconfsCopy.dsAnchors.clear(); | |
5289 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5290 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5291 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5292 | g_luaconfs.setState(luaconfsCopy); | |
5293 | ||
5294 | size_t queriesCount = 0; | |
5295 | ||
5296 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5297 | queriesCount++; | |
5298 | ||
5299 | if (type == QType::DS) { | |
a53e8fe3 | 5300 | if (domain == target) { |
895449a5 RG |
5301 | setLWResult(res, 0, false, false, true); |
5302 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5303 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5304 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5305 | return 1; | |
5306 | } | |
5307 | } | |
5308 | else if (type == QType::DNSKEY) { | |
5309 | if (domain == g_rootdnsname || domain == DNSName("com.") || domain == DNSName("powerdns.com.")) { | |
5310 | setLWResult(res, 0, true, false, true); | |
5311 | addDNSKEY(keys, domain, 300, res->d_records); | |
5312 | addRRSIG(keys, res->d_records, domain, 300); | |
5313 | return 1; | |
5314 | } | |
5315 | else { | |
5316 | setLWResult(res, 0, false, false, true); | |
5317 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5318 | return 1; | |
5319 | } | |
5320 | } | |
5321 | else { | |
5322 | if (isRootServer(ip)) { | |
5323 | setLWResult(res, 0, false, false, true); | |
5324 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5325 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5326 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5327 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5328 | return 1; | |
5329 | } | |
5330 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
5331 | setLWResult(res, 0, false, false, true); | |
a69867f2 RG |
5332 | if (domain == DNSName("com.")) { |
5333 | setLWResult(res, 0, true, false, true); | |
5334 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
5335 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5336 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5337 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
895449a5 | 5338 | } |
a69867f2 RG |
5339 | else { |
5340 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5341 | if (domain == DNSName("powerdns.com.")) { | |
5342 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
5343 | } | |
5344 | else if (domain == targetCName) { | |
5345 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5346 | } | |
5347 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5348 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
895449a5 | 5349 | } |
a69867f2 | 5350 | |
895449a5 RG |
5351 | return 1; |
5352 | } | |
5353 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5354 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
5355 | |
5356 | if (type == QType::NS) { | |
5357 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5358 | if (domain == DNSName("powerdns.com.")) { | |
5359 | addRRSIG(keys, res->d_records, domain, 300); | |
5360 | } | |
5361 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5362 | if (domain == DNSName("powerdns.com.")) { | |
5363 | addRRSIG(keys, res->d_records, domain, 300); | |
5364 | } | |
895449a5 | 5365 | } |
a69867f2 RG |
5366 | else { |
5367 | if (domain == DNSName("powerdns.com.")) { | |
5368 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5369 | addRRSIG(keys, res->d_records, domain, 300); | |
5370 | } | |
5371 | else if (domain == targetCName) { | |
5372 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5373 | } | |
895449a5 | 5374 | } |
a69867f2 | 5375 | |
895449a5 RG |
5376 | return 1; |
5377 | } | |
5378 | } | |
5379 | ||
5380 | return 0; | |
5381 | }); | |
5382 | ||
5383 | vector<DNSRecord> ret; | |
5384 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5385 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5386 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5387 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 5388 | BOOST_CHECK_EQUAL(queriesCount, 11); |
895449a5 RG |
5389 | |
5390 | /* again, to test the cache */ | |
5391 | ret.clear(); | |
5392 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5393 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5394 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5395 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 5396 | BOOST_CHECK_EQUAL(queriesCount, 11); |
895449a5 RG |
5397 | } |
5398 | ||
3d5ebf10 RG |
5399 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_secure_cname) { |
5400 | std::unique_ptr<SyncRes> sr; | |
5401 | initSR(sr, true); | |
5402 | ||
5403 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5404 | ||
5405 | primeHints(); | |
5406 | const DNSName target("power-dns.com."); | |
5407 | const DNSName targetCName("powerdns.com."); | |
5408 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5409 | testkeysset_t keys; | |
5410 | ||
5411 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5412 | luaconfsCopy.dsAnchors.clear(); | |
5413 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5414 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5415 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5416 | g_luaconfs.setState(luaconfsCopy); | |
5417 | ||
5418 | size_t queriesCount = 0; | |
5419 | ||
5420 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5421 | queriesCount++; | |
5422 | ||
5423 | if (type == QType::DS) { | |
a53e8fe3 | 5424 | if (domain == DNSName("power-dns.com.")) { |
3d5ebf10 RG |
5425 | setLWResult(res, 0, false, false, true); |
5426 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5427 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5428 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5429 | return 1; | |
5430 | } | |
5431 | } | |
5432 | else if (type == QType::DNSKEY) { | |
5433 | if (domain == g_rootdnsname || domain == DNSName("com.") || domain == DNSName("powerdns.com.")) { | |
5434 | setLWResult(res, 0, true, false, true); | |
5435 | addDNSKEY(keys, domain, 300, res->d_records); | |
5436 | addRRSIG(keys, res->d_records, domain, 300); | |
5437 | return 1; | |
5438 | } | |
5439 | else { | |
5440 | setLWResult(res, 0, false, false, true); | |
5441 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5442 | return 1; | |
5443 | } | |
5444 | } | |
5445 | else { | |
5446 | if (isRootServer(ip)) { | |
5447 | setLWResult(res, 0, false, false, true); | |
5448 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5449 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5450 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5451 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5452 | return 1; | |
5453 | } | |
5454 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
5455 | if (domain == DNSName("com.")) { |
5456 | setLWResult(res, 0, true, false, true); | |
5457 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
5458 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5459 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5460 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
3d5ebf10 | 5461 | } |
a69867f2 RG |
5462 | else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) { |
5463 | setLWResult(res, 0, false, false, true); | |
5464 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5465 | if (domain == targetCName) { | |
5466 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
5467 | } | |
5468 | else if (domain == target) { | |
5469 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5470 | } | |
5471 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5472 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
3d5ebf10 | 5473 | } |
3d5ebf10 RG |
5474 | return 1; |
5475 | } | |
5476 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5477 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
5478 | if (type == QType::NS) { |
5479 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5480 | if (domain == DNSName("powerdns.com.")) { | |
5481 | addRRSIG(keys, res->d_records, domain, 300); | |
5482 | } | |
5483 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5484 | if (domain == DNSName("powerdns.com.")) { | |
5485 | addRRSIG(keys, res->d_records, domain, 300); | |
5486 | } | |
3d5ebf10 | 5487 | } |
a69867f2 RG |
5488 | else { |
5489 | if (domain == target) { | |
5490 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5491 | } | |
5492 | else if (domain == targetCName) { | |
5493 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5494 | addRRSIG(keys, res->d_records, domain, 300); | |
5495 | } | |
3d5ebf10 RG |
5496 | } |
5497 | return 1; | |
5498 | } | |
5499 | } | |
5500 | ||
5501 | return 0; | |
5502 | }); | |
5503 | ||
5504 | vector<DNSRecord> ret; | |
5505 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5506 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5507 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5508 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 5509 | BOOST_CHECK_EQUAL(queriesCount, 11); |
3d5ebf10 RG |
5510 | |
5511 | /* again, to test the cache */ | |
5512 | ret.clear(); | |
5513 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5514 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5515 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
5516 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 5517 | BOOST_CHECK_EQUAL(queriesCount, 11); |
3d5ebf10 RG |
5518 | } |
5519 | ||
5520 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_secure_cname) { | |
5521 | std::unique_ptr<SyncRes> sr; | |
5522 | initSR(sr, true); | |
5523 | ||
5524 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5525 | ||
5526 | primeHints(); | |
5527 | const DNSName target("power-dns.com."); | |
5528 | const DNSName targetCName("powerdns.com."); | |
5529 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5530 | testkeysset_t keys; | |
5531 | ||
5532 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5533 | luaconfsCopy.dsAnchors.clear(); | |
5534 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5535 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5536 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5537 | generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5538 | g_luaconfs.setState(luaconfsCopy); | |
5539 | ||
5540 | size_t queriesCount = 0; | |
5541 | ||
5542 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5543 | queriesCount++; | |
5544 | ||
5545 | if (type == QType::DS) { | |
a53e8fe3 | 5546 | return 0; |
3d5ebf10 RG |
5547 | } |
5548 | else if (type == QType::DNSKEY) { | |
5549 | setLWResult(res, 0, true, false, true); | |
5550 | addDNSKEY(keys, domain, 300, res->d_records); | |
5551 | addRRSIG(keys, res->d_records, domain, 300); | |
5552 | return 1; | |
5553 | } | |
5554 | else { | |
5555 | if (isRootServer(ip)) { | |
5556 | setLWResult(res, 0, false, false, true); | |
5557 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5558 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5559 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5560 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5561 | return 1; | |
5562 | } | |
5563 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
5564 | if (domain == DNSName("com.")) { |
5565 | setLWResult(res, 0, true, false, true); | |
5566 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
5567 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5568 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5569 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5570 | } | |
5571 | else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) { | |
5572 | setLWResult(res, 0, false, false, true); | |
5573 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5574 | addDS(DNSName(domain), 300, res->d_records, keys); | |
5575 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5576 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5577 | } | |
3d5ebf10 RG |
5578 | return 1; |
5579 | } | |
5580 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5581 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
5582 | if (type == QType::NS) { |
5583 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5584 | addRRSIG(keys, res->d_records, domain, 300); | |
5585 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
3d5ebf10 RG |
5586 | addRRSIG(keys, res->d_records, domain, 300); |
5587 | } | |
a69867f2 RG |
5588 | else { |
5589 | if (domain == target) { | |
5590 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5591 | /* No RRSIG, leading to bogus */ | |
5592 | } | |
5593 | else if (domain == targetCName) { | |
5594 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5595 | addRRSIG(keys, res->d_records, domain, 300); | |
5596 | } | |
5597 | } | |
3d5ebf10 RG |
5598 | return 1; |
5599 | } | |
5600 | } | |
5601 | ||
5602 | return 0; | |
5603 | }); | |
5604 | ||
5605 | vector<DNSRecord> ret; | |
5606 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5607 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5608 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5609 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 5610 | BOOST_CHECK_EQUAL(queriesCount, 12); |
3d5ebf10 RG |
5611 | |
5612 | /* again, to test the cache */ | |
5613 | ret.clear(); | |
5614 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5615 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5616 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5617 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 5618 | BOOST_CHECK_EQUAL(queriesCount, 12); |
3d5ebf10 RG |
5619 | } |
5620 | ||
5621 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_bogus_cname) { | |
5622 | std::unique_ptr<SyncRes> sr; | |
5623 | initSR(sr, true); | |
5624 | ||
5625 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5626 | ||
5627 | primeHints(); | |
5628 | const DNSName target("power-dns.com."); | |
5629 | const DNSName targetCName("powerdns.com."); | |
5630 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5631 | testkeysset_t keys; | |
5632 | ||
5633 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5634 | luaconfsCopy.dsAnchors.clear(); | |
5635 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5636 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5637 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5638 | generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5639 | g_luaconfs.setState(luaconfsCopy); | |
5640 | ||
5641 | size_t queriesCount = 0; | |
5642 | ||
5643 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5644 | queriesCount++; | |
5645 | ||
5646 | if (type == QType::DS) { | |
a53e8fe3 | 5647 | return 0; |
3d5ebf10 RG |
5648 | } |
5649 | else if (type == QType::DNSKEY) { | |
5650 | setLWResult(res, 0, true, false, true); | |
5651 | addDNSKEY(keys, domain, 300, res->d_records); | |
5652 | addRRSIG(keys, res->d_records, domain, 300); | |
5653 | return 1; | |
5654 | } | |
5655 | else { | |
5656 | if (isRootServer(ip)) { | |
5657 | setLWResult(res, 0, false, false, true); | |
5658 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5659 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5660 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5661 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5662 | return 1; | |
5663 | } | |
5664 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
5665 | if (domain == DNSName("com.")) { |
5666 | setLWResult(res, 0, true, false, true); | |
5667 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
5668 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5669 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5670 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5671 | } | |
5672 | else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) { | |
5673 | setLWResult(res, 0, false, false, true); | |
5674 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5675 | addDS(DNSName(domain), 300, res->d_records, keys); | |
5676 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5677 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5678 | } | |
3d5ebf10 RG |
5679 | return 1; |
5680 | } | |
5681 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5682 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
5683 | if (type == QType::NS) { |
5684 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5685 | addRRSIG(keys, res->d_records, domain, 300); | |
5686 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
3d5ebf10 RG |
5687 | addRRSIG(keys, res->d_records, domain, 300); |
5688 | } | |
a69867f2 RG |
5689 | else { |
5690 | if (domain == target) { | |
5691 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5692 | addRRSIG(keys, res->d_records, domain, 300); | |
5693 | } | |
5694 | else if (domain == targetCName) { | |
5695 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5696 | /* No RRSIG, leading to bogus */ | |
5697 | } | |
3d5ebf10 RG |
5698 | } |
5699 | return 1; | |
5700 | } | |
5701 | } | |
5702 | ||
5703 | return 0; | |
5704 | }); | |
5705 | ||
5706 | vector<DNSRecord> ret; | |
5707 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5708 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5709 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5710 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 5711 | BOOST_CHECK_EQUAL(queriesCount, 12); |
3d5ebf10 RG |
5712 | |
5713 | /* again, to test the cache */ | |
5714 | ret.clear(); | |
5715 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5716 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5717 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5718 | BOOST_REQUIRE_EQUAL(ret.size(), 3); | |
a69867f2 | 5719 | BOOST_CHECK_EQUAL(queriesCount, 12); |
3d5ebf10 RG |
5720 | } |
5721 | ||
5722 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_secure_cname) { | |
5723 | std::unique_ptr<SyncRes> sr; | |
5724 | initSR(sr, true); | |
5725 | ||
5726 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5727 | ||
5728 | primeHints(); | |
5729 | const DNSName target("power-dns.com."); | |
5730 | const DNSName targetCName("powerdns.com."); | |
5731 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5732 | testkeysset_t keys; | |
5733 | ||
5734 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5735 | luaconfsCopy.dsAnchors.clear(); | |
5736 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5737 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5738 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5739 | generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5740 | g_luaconfs.setState(luaconfsCopy); | |
5741 | ||
5742 | size_t queriesCount = 0; | |
5743 | ||
5744 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5745 | queriesCount++; | |
5746 | ||
5747 | if (type == QType::DS) { | |
a53e8fe3 | 5748 | return 0; |
3d5ebf10 RG |
5749 | } |
5750 | else if (type == QType::DNSKEY) { | |
5751 | setLWResult(res, 0, true, false, true); | |
5752 | addDNSKEY(keys, domain, 300, res->d_records); | |
5753 | addRRSIG(keys, res->d_records, domain, 300); | |
5754 | return 1; | |
5755 | } | |
5756 | else { | |
5757 | if (isRootServer(ip)) { | |
5758 | setLWResult(res, 0, false, false, true); | |
5759 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5760 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5761 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5762 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5763 | return 1; | |
5764 | } | |
5765 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
a69867f2 RG |
5766 | if (domain == DNSName("com.")) { |
5767 | setLWResult(res, 0, true, false, true); | |
5768 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
5769 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5770 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5771 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5772 | } | |
5773 | else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) { | |
5774 | setLWResult(res, 0, false, false, true); | |
5775 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5776 | addDS(DNSName(domain), 300, res->d_records, keys); | |
5777 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5778 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5779 | } | |
3d5ebf10 RG |
5780 | return 1; |
5781 | } | |
5782 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5783 | setLWResult(res, 0, true, false, true); | |
a69867f2 RG |
5784 | if (type == QType::NS) { |
5785 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
3d5ebf10 | 5786 | addRRSIG(keys, res->d_records, domain, 300); |
a69867f2 | 5787 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); |
3d5ebf10 RG |
5788 | addRRSIG(keys, res->d_records, domain, 300); |
5789 | } | |
a69867f2 RG |
5790 | else { |
5791 | if (domain == target) { | |
5792 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5793 | addRRSIG(keys, res->d_records, domain, 300); | |
5794 | } | |
5795 | else if (domain == targetCName) { | |
5796 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5797 | addRRSIG(keys, res->d_records, domain, 300); | |
5798 | } | |
5799 | } | |
3d5ebf10 RG |
5800 | return 1; |
5801 | } | |
5802 | } | |
5803 | ||
5804 | return 0; | |
5805 | }); | |
5806 | ||
5807 | vector<DNSRecord> ret; | |
5808 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5809 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5810 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
5811 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
a69867f2 | 5812 | BOOST_CHECK_EQUAL(queriesCount, 12); |
3d5ebf10 RG |
5813 | |
5814 | /* again, to test the cache */ | |
5815 | ret.clear(); | |
5816 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5817 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5818 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
5819 | BOOST_REQUIRE_EQUAL(ret.size(), 4); | |
a69867f2 | 5820 | BOOST_CHECK_EQUAL(queriesCount, 12); |
3d5ebf10 RG |
5821 | } |
5822 | ||
5823 | BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_insecure_cname) { | |
5824 | std::unique_ptr<SyncRes> sr; | |
a69867f2 | 5825 | initSR(sr, true); |
3d5ebf10 RG |
5826 | |
5827 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5828 | ||
5829 | primeHints(); | |
5830 | const DNSName target("powerdns.com."); | |
5831 | const DNSName targetCName("power-dns.com."); | |
5832 | const ComboAddress targetCNameAddr("192.0.2.42"); | |
5833 | testkeysset_t keys; | |
5834 | ||
5835 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5836 | luaconfsCopy.dsAnchors.clear(); | |
5837 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5838 | generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5839 | generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5840 | generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5841 | g_luaconfs.setState(luaconfsCopy); | |
5842 | ||
5843 | size_t queriesCount = 0; | |
5844 | ||
5845 | sr->setAsyncCallback([target,targetCName,targetCNameAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5846 | queriesCount++; | |
5847 | ||
5848 | if (type == QType::DS) { | |
a53e8fe3 | 5849 | if (domain == DNSName("power-dns.com.")) { |
3d5ebf10 RG |
5850 | setLWResult(res, 0, false, false, true); |
5851 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5852 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5853 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5854 | return 1; | |
5855 | } | |
5856 | } | |
5857 | else if (type == QType::DNSKEY) { | |
5858 | if (domain == g_rootdnsname || domain == DNSName("com.") || domain == DNSName("powerdns.com.")) { | |
5859 | setLWResult(res, 0, true, false, true); | |
5860 | addDNSKEY(keys, domain, 300, res->d_records); | |
5861 | addRRSIG(keys, res->d_records, domain, 300); | |
5862 | return 1; | |
5863 | } | |
5864 | else { | |
5865 | setLWResult(res, 0, false, false, true); | |
5866 | addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5867 | return 1; | |
5868 | } | |
5869 | } | |
5870 | else { | |
5871 | if (isRootServer(ip)) { | |
5872 | setLWResult(res, 0, false, false, true); | |
5873 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5874 | addDS(DNSName("com."), 300, res->d_records, keys); | |
5875 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5876 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5877 | return 1; | |
5878 | } | |
5879 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
88cb0fe0 RG |
5880 | if (domain == DNSName("com.")) { |
5881 | setLWResult(res, 0, true, false, true); | |
a69867f2 | 5882 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); |
88cb0fe0 RG |
5883 | addRRSIG(keys, res->d_records, DNSName("com."), 300); |
5884 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5885 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
3d5ebf10 | 5886 | } |
88cb0fe0 RG |
5887 | else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) { |
5888 | setLWResult(res, 0, false, false, true); | |
5889 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5890 | if (domain == DNSName("powerdns.com.")) { | |
5891 | addDS(DNSName("powerdns.com."), 300, res->d_records, keys); | |
5892 | } | |
5893 | else if (domain == targetCName) { | |
5894 | addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records); | |
5895 | } | |
5896 | addRRSIG(keys, res->d_records, DNSName("com."), 300); | |
5897 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
3d5ebf10 | 5898 | } |
3d5ebf10 RG |
5899 | return 1; |
5900 | } | |
5901 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
5902 | setLWResult(res, 0, true, false, true); | |
88cb0fe0 RG |
5903 | if (type == QType::NS) { |
5904 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
5905 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
3d5ebf10 | 5906 | } |
88cb0fe0 RG |
5907 | else { |
5908 | if (domain == DNSName("powerdns.com.")) { | |
5909 | addRecordToLW(res, domain, QType::CNAME, targetCName.toString()); | |
5910 | /* No RRSIG -> Bogus */ | |
5911 | } | |
5912 | else if (domain == targetCName) { | |
5913 | addRecordToLW(res, domain, QType::A, targetCNameAddr.toString()); | |
5914 | } | |
3d5ebf10 RG |
5915 | } |
5916 | return 1; | |
5917 | } | |
5918 | } | |
5919 | ||
5920 | return 0; | |
5921 | }); | |
5922 | ||
5923 | vector<DNSRecord> ret; | |
5924 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5925 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5926 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5927 | /* no RRSIG to show */ | |
5928 | BOOST_CHECK_EQUAL(ret.size(), 2); | |
a69867f2 | 5929 | BOOST_CHECK_EQUAL(queriesCount, 10); |
3d5ebf10 RG |
5930 | |
5931 | /* again, to test the cache */ | |
5932 | ret.clear(); | |
5933 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
5934 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
5935 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
5936 | BOOST_CHECK_EQUAL(ret.size(), 2); | |
a69867f2 | 5937 | BOOST_CHECK_EQUAL(queriesCount, 10); |
3d5ebf10 RG |
5938 | } |
5939 | ||
895449a5 RG |
5940 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta) { |
5941 | std::unique_ptr<SyncRes> sr; | |
5942 | initSR(sr, true); | |
5943 | ||
5944 | g_dnssecmode = DNSSECMode::ValidateAll; | |
5945 | ||
5946 | primeHints(); | |
5947 | const DNSName target("powerdns.com."); | |
5948 | const ComboAddress targetAddr("192.0.2.42"); | |
5949 | testkeysset_t keys; | |
5950 | ||
5951 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
5952 | luaconfsCopy.dsAnchors.clear(); | |
5953 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
5954 | /* No key material for .com */ | |
5955 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
5956 | luaconfsCopy.dsAnchors[target].insert(keys[target].second); | |
5957 | g_luaconfs.setState(luaconfsCopy); | |
5958 | ||
5959 | size_t queriesCount = 0; | |
5960 | ||
5961 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
5962 | queriesCount++; | |
5963 | ||
a53e8fe3 | 5964 | if (type == QType::DNSKEY) { |
895449a5 RG |
5965 | if (domain == g_rootdnsname || domain == DNSName("powerdns.com.")) { |
5966 | setLWResult(res, 0, true, false, true); | |
5967 | addDNSKEY(keys, domain, 300, res->d_records); | |
5968 | addRRSIG(keys, res->d_records, domain, 300); | |
5969 | return 1; | |
5970 | } | |
5971 | else if (domain == DNSName("com.")) { | |
5972 | setLWResult(res, 0, false, false, true); | |
5973 | addRecordToLW(res, domain, QType::SOA, ". yop. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
5974 | return 1; | |
5975 | } | |
5976 | } | |
88cb0fe0 | 5977 | else { |
895449a5 RG |
5978 | if (isRootServer(ip)) { |
5979 | setLWResult(res, 0, false, false, true); | |
5980 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5981 | addNSECRecordToLW(DNSName("com."), DNSName("com."), { QType::NS }, 600, res->d_records); | |
5982 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
5983 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5984 | return 1; | |
5985 | } | |
5986 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
88cb0fe0 RG |
5987 | if (target == domain) { |
5988 | setLWResult(res, 0, false, false, true); | |
5989 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
5990 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
5991 | } | |
5992 | else if (domain == DNSName("com.")) { | |
5993 | setLWResult(res, 0, true, false, true); | |
5994 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
5995 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
5996 | } | |
895449a5 RG |
5997 | return 1; |
5998 | } | |
5999 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
6000 | setLWResult(res, 0, true, false, true); | |
88cb0fe0 RG |
6001 | if (type == QType::NS) { |
6002 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
6003 | } | |
6004 | else { | |
6005 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
6006 | } | |
895449a5 RG |
6007 | addRRSIG(keys, res->d_records, domain, 300); |
6008 | return 1; | |
6009 | } | |
6010 | } | |
6011 | ||
6012 | return 0; | |
6013 | }); | |
6014 | ||
6015 | vector<DNSRecord> ret; | |
6016 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
6017 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
6018 | /* should be insecure but we have a TA for powerdns.com. */ | |
6019 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
6020 | /* We got a RRSIG */ | |
6021 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
6022 | BOOST_CHECK(ret[0].d_type == QType::A); | |
88cb0fe0 RG |
6023 | /* - NS com. (at . and com.) |
6024 | - NS powerdns.com (com. and powerdns.com.) | |
6025 | - DNSKEY (. and powerdns.com.) | |
6026 | - A powerdns.com | |
6027 | */ | |
6028 | BOOST_CHECK_EQUAL(queriesCount, 7); | |
895449a5 RG |
6029 | |
6030 | /* again, to test the cache */ | |
6031 | ret.clear(); | |
6032 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
6033 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
6034 | BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); | |
6035 | BOOST_REQUIRE_EQUAL(ret.size(), 2); | |
6036 | BOOST_CHECK(ret[0].d_type == QType::A); | |
88cb0fe0 | 6037 | BOOST_CHECK_EQUAL(queriesCount, 7); |
895449a5 RG |
6038 | } |
6039 | ||
6040 | BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta_norrsig) { | |
6041 | std::unique_ptr<SyncRes> sr; | |
6042 | initSR(sr, true); | |
6043 | ||
6044 | g_dnssecmode = DNSSECMode::ValidateAll; | |
6045 | ||
6046 | primeHints(); | |
6047 | const DNSName target("powerdns.com."); | |
6048 | const ComboAddress targetAddr("192.0.2.42"); | |
6049 | testkeysset_t keys; | |
6050 | ||
6051 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
6052 | luaconfsCopy.dsAnchors.clear(); | |
6053 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
6054 | /* No key material for .com */ | |
6055 | generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
6056 | luaconfsCopy.dsAnchors[target].insert(keys[target].second); | |
6057 | g_luaconfs.setState(luaconfsCopy); | |
6058 | ||
6059 | size_t queriesCount = 0; | |
6060 | ||
6061 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
6062 | queriesCount++; | |
6063 | ||
a53e8fe3 | 6064 | if (type == QType::DNSKEY) { |
895449a5 RG |
6065 | if (domain == g_rootdnsname || domain == DNSName("powerdns.com.")) { |
6066 | setLWResult(res, 0, true, false, true); | |
6067 | addDNSKEY(keys, domain, 300, res->d_records); | |
6068 | addRRSIG(keys, res->d_records, domain, 300); | |
6069 | return 1; | |
6070 | } | |
6071 | else if (domain == DNSName("com.")) { | |
6072 | setLWResult(res, 0, false, false, true); | |
6073 | addRecordToLW(res, domain, QType::SOA, ". yop. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
6074 | return 1; | |
6075 | } | |
6076 | } | |
70b3fe7a RG |
6077 | else { |
6078 | if (target.isPartOf(domain) && isRootServer(ip)) { | |
895449a5 RG |
6079 | setLWResult(res, 0, false, false, true); |
6080 | addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); | |
6081 | addNSECRecordToLW(DNSName("com."), DNSName("com."), { QType::NS }, 600, res->d_records); | |
6082 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
6083 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
6084 | return 1; | |
6085 | } | |
6086 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
70b3fe7a RG |
6087 | if (target == domain) { |
6088 | setLWResult(res, 0, false, false, true); | |
6089 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600); | |
6090 | addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
6091 | } | |
6092 | else if (domain == DNSName("com.")) { | |
6093 | setLWResult(res, 0, true, false, true); | |
6094 | addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com."); | |
88cb0fe0 | 6095 | addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); |
70b3fe7a | 6096 | } |
895449a5 RG |
6097 | return 1; |
6098 | } | |
70b3fe7a | 6099 | else if (domain == target && ip == ComboAddress("192.0.2.2:53")) { |
895449a5 | 6100 | setLWResult(res, 0, true, false, true); |
70b3fe7a RG |
6101 | if (type == QType::NS) { |
6102 | addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com."); | |
6103 | } | |
6104 | else { | |
6105 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
6106 | } | |
895449a5 RG |
6107 | /* No RRSIG in a now (thanks to TA) Secure zone -> Bogus*/ |
6108 | return 1; | |
6109 | } | |
6110 | } | |
6111 | ||
6112 | return 0; | |
6113 | }); | |
6114 | ||
6115 | vector<DNSRecord> ret; | |
6116 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
6117 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
6118 | /* should be insecure but we have a TA for powerdns.com., but no RRSIG so Bogus */ | |
6119 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
6120 | /* No RRSIG */ | |
6121 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
6122 | BOOST_CHECK(ret[0].d_type == QType::A); | |
88cb0fe0 RG |
6123 | /* - NS com. (at . and com.) |
6124 | - NS powerdns.com (com. and powerdns.com.) | |
6125 | - DNSKEY (.) | |
6126 | - A powerdns.com (no DNSKEY because no RRSIG) | |
6127 | */ | |
6128 | BOOST_CHECK_EQUAL(queriesCount, 6); | |
895449a5 RG |
6129 | |
6130 | /* again, to test the cache */ | |
6131 | ret.clear(); | |
6132 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
6133 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
6134 | BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); | |
6135 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
6136 | BOOST_CHECK(ret[0].d_type == QType::A); | |
88cb0fe0 | 6137 | BOOST_CHECK_EQUAL(queriesCount, 6); |
895449a5 RG |
6138 | } |
6139 | ||
6140 | #if 0 | |
6141 | BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_hidden_cut) { | |
6142 | std::unique_ptr<SyncRes> sr; | |
860d5e8e | 6143 | initSR(sr, true, true); |
895449a5 RG |
6144 | |
6145 | g_dnssecLOG = true; | |
6146 | g_dnssecmode = DNSSECMode::ValidateAll; | |
6147 | ||
6148 | primeHints(); | |
6149 | const DNSName target("gov.nl.ca."); | |
6150 | const ComboAddress targetAddr("192.0.2.42"); | |
6151 | testkeysset_t keys; | |
6152 | ||
6153 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
6154 | luaconfsCopy.dsAnchors.clear(); | |
6155 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
6156 | generateKeyMaterial(DNSName("ca."), DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys); | |
6157 | ||
6158 | g_luaconfs.setState(luaconfsCopy); | |
6159 | ||
6160 | size_t queriesCount = 0; | |
6161 | ||
6162 | sr->setAsyncCallback([target,targetAddr,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
6163 | queriesCount++; | |
6164 | ||
6165 | if (type == QType::DS) { | |
6166 | if (domain == g_rootdnsname || domain == DNSName("ca.")) { | |
6167 | setLWResult(res, 0, false, false, true); | |
a53e8fe3 | 6168 | addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER); |
895449a5 RG |
6169 | addRRSIG(keys, res->d_records, domain, 300); |
6170 | return 1; | |
6171 | } | |
6172 | else { | |
6173 | setLWResult(res, 0, false, false, true); | |
6174 | addRecordToLW(res, DNSName("ca."), QType::SOA, "jbq01.prd.cira.ca. admin-dns.cira.ca. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
6175 | addNSECRecordToLW(DNSName("nl.ca."), DNSName("nm.ca."), { QType::NS }, 600, res->d_records); | |
6176 | addRRSIG(keys, res->d_records, DNSName("ca."), 300); | |
6177 | return 1; | |
6178 | } | |
6179 | } | |
6180 | else if (type == QType::DNSKEY) { | |
6181 | if (domain == g_rootdnsname || domain == DNSName("ca.")) { | |
6182 | setLWResult(res, 0, true, false, true); | |
6183 | addDNSKEY(keys, domain, 300, res->d_records); | |
6184 | addRRSIG(keys, res->d_records, domain, 300); | |
6185 | return 1; | |
6186 | } | |
6187 | else { | |
6188 | setLWResult(res, 0, false, false, true); | |
6189 | addRecordToLW(res, domain, QType::SOA, "jbq01.prd.cira.ca. admin-dns.cira.ca. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); | |
6190 | return 1; | |
6191 | } | |
6192 | } | |
6193 | else if (domain == target) { | |
6194 | if (isRootServer(ip)) { | |
6195 | setLWResult(res, 0, false, false, true); | |
6196 | addRecordToLW(res, "ca.", QType::NS, "c.ca-servers.ca.", DNSResourceRecord::AUTHORITY, 3600); | |
6197 | addDS(DNSName("ca."), 300, res->d_records, keys); | |
6198 | addRRSIG(keys, res->d_records, DNSName("."), 300); | |
6199 | addRecordToLW(res, "c.ca-servers.ca.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); | |
6200 | return 1; | |
6201 | } | |
6202 | else if (ip == ComboAddress("192.0.2.1:53")) { | |
6203 | setLWResult(res, 0, false, false, true); | |
6204 | addRecordToLW(res, domain, QType::NS, "ns.gov.nl.ca.", DNSResourceRecord::AUTHORITY, 3600); | |
860d5e8e RG |
6205 | /* denial of DS FOR nl.ca while sending a referral for gov.nl.ca !! */ |
6206 | addNSECRecordToLW(DNSName("nl.ca"), DNSName("nm.ca."), { QType::NS }, 600, res->d_records); | |
895449a5 RG |
6207 | addRRSIG(keys, res->d_records, DNSName("ca."), 300); |
6208 | addRecordToLW(res, "ns.gov.nl.ca.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600); | |
6209 | return 1; | |
6210 | } | |
6211 | else if (ip == ComboAddress("192.0.2.2:53")) { | |
6212 | setLWResult(res, 0, true, false, true); | |
6213 | addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600); | |
6214 | return 1; | |
6215 | } | |
6216 | } | |
6217 | ||
6218 | return 0; | |
6219 | }); | |
6220 | ||
6221 | vector<DNSRecord> ret; | |
6222 | int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
6223 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
6224 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
6225 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
6226 | BOOST_CHECK(ret[0].d_type == QType::A); | |
6227 | /* only 5 because no DNSKEY query for powerdns.com (insecure) */ | |
6228 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
6229 | ||
6230 | /* again, to test the cache */ | |
6231 | ret.clear(); | |
6232 | res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); | |
6233 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
6234 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
6235 | BOOST_REQUIRE_EQUAL(ret.size(), 1); | |
6236 | BOOST_CHECK(ret[0].d_type == QType::A); | |
6237 | BOOST_CHECK_EQUAL(queriesCount, 5); | |
6238 | } | |
6239 | #endif /* 0 */ | |
6240 | ||
6241 | BOOST_AUTO_TEST_CASE(test_dnssec_nta) { | |
6242 | std::unique_ptr<SyncRes> sr; | |
6243 | initSR(sr, true); | |
6244 | ||
6245 | g_dnssecmode = DNSSECMode::ValidateAll; | |
6246 | ||
b7f378d1 RG |
6247 | primeHints(); |
6248 | const DNSName target("."); | |
6249 | testkeysset_t keys; | |
6250 | ||
6251 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
6252 | luaconfsCopy.dsAnchors.clear(); | |
6253 | generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors); | |
6254 | /* Add a NTA for "." */ | |
6255 | luaconfsCopy.negAnchors[g_rootdnsname] = "NTA for Root"; | |
6256 | g_luaconfs.setState(luaconfsCopy); | |
6257 | ||
6258 | size_t queriesCount = 0; | |
6259 | ||
6260 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
6261 | queriesCount++; | |
6262 | ||
6263 | if (domain == target && type == QType::NS) { | |
6264 | ||
6265 | setLWResult(res, 0, true, false, true); | |
6266 | char addr[] = "a.root-servers.net."; | |
6267 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
6268 | addr[0] = idx; | |
8455425c RG |
6269 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); |
6270 | } | |
6271 | ||
6272 | addRRSIG(keys, res->d_records, domain, 300); | |
6273 | ||
6274 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
6275 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
6276 | ||
6277 | return 1; | |
6278 | } else if (domain == target && type == QType::DNSKEY) { | |
6279 | ||
6280 | setLWResult(res, 0, true, false, true); | |
6281 | ||
6282 | /* No DNSKEY */ | |
6283 | ||
6284 | return 1; | |
6285 | } | |
6286 | ||
6287 | return 0; | |
6288 | }); | |
6289 | ||
6290 | vector<DNSRecord> ret; | |
6291 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
6292 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
6293 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
8455425c RG |
6294 | /* 13 NS + 1 RRSIG */ |
6295 | BOOST_REQUIRE_EQUAL(ret.size(), 14); | |
6296 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
6297 | |
6298 | /* again, to test the cache */ | |
6299 | ret.clear(); | |
6300 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
6301 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 6302 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); |
b7f378d1 RG |
6303 | BOOST_REQUIRE_EQUAL(ret.size(), 14); |
6304 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
6305 | } |
6306 | ||
6307 | BOOST_AUTO_TEST_CASE(test_dnssec_no_ta) { | |
6308 | std::unique_ptr<SyncRes> sr; | |
895449a5 | 6309 | initSR(sr, true); |
8455425c RG |
6310 | |
6311 | g_dnssecmode = DNSSECMode::ValidateAll; | |
6312 | ||
6313 | primeHints(); | |
6314 | const DNSName target("."); | |
b7f378d1 | 6315 | testkeysset_t keys; |
8455425c RG |
6316 | |
6317 | /* Remove the root DS */ | |
6318 | auto luaconfsCopy = g_luaconfs.getCopy(); | |
6319 | luaconfsCopy.dsAnchors.clear(); | |
6320 | g_luaconfs.setState(luaconfsCopy); | |
6321 | ||
6322 | size_t queriesCount = 0; | |
6323 | ||
6324 | sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res) { | |
6325 | queriesCount++; | |
6326 | ||
6327 | if (domain == target && type == QType::NS) { | |
6328 | ||
6329 | setLWResult(res, 0, true, false, true); | |
6330 | char addr[] = "a.root-servers.net."; | |
6331 | for (char idx = 'a'; idx <= 'm'; idx++) { | |
6332 | addr[0] = idx; | |
6333 | addRecordToLW(res, domain, QType::NS, std::string(addr), DNSResourceRecord::ANSWER, 3600); | |
6334 | } | |
6335 | ||
6336 | addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); | |
6337 | addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); | |
6338 | ||
6339 | return 1; | |
6340 | } | |
6341 | ||
6342 | return 0; | |
6343 | }); | |
6344 | ||
6345 | vector<DNSRecord> ret; | |
6346 | int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
b7f378d1 RG |
6347 | BOOST_CHECK_EQUAL(res, RCode::NoError); |
6348 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); | |
8455425c RG |
6349 | /* 13 NS + 0 RRSIG */ |
6350 | BOOST_REQUIRE_EQUAL(ret.size(), 13); | |
6351 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
b7f378d1 RG |
6352 | |
6353 | /* again, to test the cache */ | |
6354 | ret.clear(); | |
6355 | res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); | |
6356 | BOOST_CHECK_EQUAL(res, RCode::NoError); | |
8455425c | 6357 | BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); |
b7f378d1 RG |
6358 | BOOST_REQUIRE_EQUAL(ret.size(), 13); |
6359 | BOOST_CHECK_EQUAL(queriesCount, 1); | |
8455425c RG |
6360 | } |
6361 | ||
d6e797b8 RG |
6362 | /* |
6363 | // cerr<<"asyncresolve called to ask "<<ip.toStringWithPort()<<" about "<<domain.toString()<<" / "<<QType(type).getName()<<" over "<<(doTCP ? "TCP" : "UDP")<<" (rd: "<<sendRDQuery<<", EDNS0 level: "<<EDNS0Level<<")"<<endl; | |
6364 | ||
648bcbd1 | 6365 | - check out of band support |
d6e797b8 | 6366 | |
648bcbd1 | 6367 | - check preoutquery |
d6e797b8 | 6368 | |
30ee601a RG |
6369 | */ |
6370 | ||
6371 | BOOST_AUTO_TEST_SUITE_END() |