+2 September 2009: Wouter
+ - TRAFFIC keyword for testbound. Simplifies test generation.
+ ${range lower val upper} to check probe timeout values.
+ - test with 5011-prepublish rollover and revocation.
+ - fix revocation of RR for autotrust, stray exclamation mark.
+
1 September 2009: Wouter
- testbound variable arithmetic.
- autotrust probe time is randomised.
case repevt_autotrust_check: return "CHECK_AUTOTRUST";
case repevt_error: return "ERROR";
case repevt_assign: return "ASSIGN";
+ case repevt_traffic: return "TRAFFIC";
default: return "UNKNOWN";
}
}
expanded = macro_process(runtime->vars, runtime, p->str);
if(!expanded)
fatal_exit("could not expand macro line %d", lineno);
- if(verbosity >= VERB_ALGO && strcmp(p->str, expanded) != 0)
+ if(verbosity >= 7 && strcmp(p->str, expanded) != 0)
log_info("expanded '%s' to '%s'", p->str, expanded);
if(strcmp(expanded, line) != 0) {
log_err("mismatch in file %s, line %d", name, lineno);
moment_assign(runtime, runtime->now);
advance_moment(runtime);
break;
+ case repevt_traffic:
+ advance_moment(runtime);
+ break;
default:
fatal_exit("testbound: unknown event type %d",
runtime->now->evt_type);
{
struct entry* entry = NULL;
struct fake_pending* pending = NULL;
- int max_rounds = 50;
+ int max_rounds = 5000;
int rounds = 0;
runtime->now = runtime->scenario->mom_first;
log_info("testbound: entering fake runloop");
read_file_content(in, lineno, mom);
} else if(parse_keyword(&remain, "ERROR")) {
mom->evt_type = repevt_error;
+ } else if(parse_keyword(&remain, "TRAFFIC")) {
+ mom->evt_type = repevt_traffic;
} else if(parse_keyword(&remain, "ASSIGN")) {
mom->evt_type = repevt_assign;
read_assign_step(remain, mom);
/** do macro arithmetic on two numbers and operand */
static char*
-do_macro_arith(char* at, size_t remain, char** arithstart)
+do_macro_arith(char* orig, size_t remain, char** arithstart)
{
double x, y, result;
char operator;
int skip;
char buf[32];
+ char* at;
/* not yet done? we want number operand number expanded first. */
if(!*arithstart) {
/* remember start pos of expr, skip the first number */
+ at = orig;
*arithstart = at;
while(*at && (isdigit((int)*at) || *at == '.'))
at++;
return at;
}
/* move back to start */
- remain += (size_t)(at - *arithstart);
+ remain += (size_t)(orig - *arithstart);
at = *arithstart;
/* parse operands */
if(sscanf(at, " %lf %c %lf%n", &x, &operator, &y, &skip) != 3) {
- log_err("cannot parse arithmetic: %s", at);
- return NULL;
+ *arithstart = NULL;
+ return do_macro_arith(orig, remain, arithstart);
+ }
+ if(isdigit((int)operator)) {
+ *arithstart = orig;
+ return at+skip; /* do nothing, but setup for later number */
}
/* calculate result */
return at;
}
+/** Do range macro on expanded buffer */
+static char*
+do_macro_range(char* buf)
+{
+ double x, y, z;
+ if(sscanf(buf, " %lf %lf %lf", &x, &y, &z) != 3) {
+ log_err("range func requires 3 args: %s", buf);
+ return NULL;
+ }
+ if(x <= y && y <= z) {
+ char res[1024];
+ snprintf(res, sizeof(res), "%.24g", y);
+ return strdup(res);
+ }
+ fatal_exit("value %.24g not in range [%.24g, %.24g]", y, x, z);
+ return NULL;
+}
+
static char*
macro_expand(rbtree_t* store, struct replay_runtime* runtime, char** text)
{
strncmp(buf, "ctime\t", 6) == 0) {
at += 6;
dofunc = 1;
+ } else if(strncmp(buf, "range ", 6) == 0 ||
+ strncmp(buf, "range\t", 6) == 0) {
+ at += 6;
+ dofunc = 1;
}
/* actual macro text expansion */
/* post process functions, buf has the argument(s) */
if(strncmp(buf, "ctime", 5) == 0) {
return do_macro_ctime(buf+6);
+ } else if(strncmp(buf, "range", 5) == 0) {
+ return do_macro_range(buf+6);
}
}
return strdup(buf);
log_assert( v && strcmp(v, "108") == 0);
free(v);
+ v = macro_process(store, NULL, "${1 2 33 2 1}");
+ log_assert( v && strcmp(v, "1 2 33 2 1") == 0);
+ free(v);
+
+ v = macro_process(store, NULL, "${123 3 + 5}");
+ log_assert( v && strcmp(v, "123 8") == 0);
+ free(v);
+
+ v = macro_process(store, NULL, "${123 glug 3 + 5}");
+ log_assert( v && strcmp(v, "123 glug 8") == 0);
+ free(v);
+
macro_store_delete(store);
}
* o TIME_PASSES ELAPSE [seconds] - increase 'now' time counter, can be
* a floating point number.
* TIME_PASSES EVAL [macro] - expanded for seconds to move time.
+ * o TRAFFIC - like CHECK_ANSWER, causes traffic to flow.
+ * actually the traffic flows before this step is taken.
+ * the step waits for traffic to stop.
* o CHECK_AUTOTRUST [id] - followed by FILE_BEGIN [to match] FILE_END.
* The file contents is macro expanded before match.
* o ERROR
* ${..} is macro expanded from its expression. Text substitution.
* o $var replaced with its value. var is identifier [azAZ09_]*
* o number is that number.
+ * o ${variables and arithmetic }
* o +, -, / and *. Note, evaluated left-to-right. Use ${} for brackets.
- * o ${time} is the current time.
- * o ${ctime value} is the text ctime(value), i.e. Fri 3 Aug 2009, ...
- * must have one space after 'ctime'.
- * o ${timeout} is the time until next timeout in the comm_timer list.
+ * So again, no precedence rules, so 2+3*4 === ${2+3}*4 === 20.
+ * Do 2+${3*4} to get 24.
+ * o ${function params}
+ * o ${time} is the current time for the simulated unbound.
+ * o ${ctime value} is the text ctime(value), Fri 3 Aug 2009, ...
+ * o ${timeout} is the time until next timeout in comm_timer list.
+ * o ${range lower value upper} checks if lower<=value<=upper
+ * returns value if check succeeds.
*
* ; Example file
* SCENARIO_BEGIN Example scenario
/** an error happens to outbound query */
repevt_error,
/** assignment to a variable */
- repevt_assign
+ repevt_assign,
+ /** cause traffic to flow */
+ repevt_traffic
}
/** variable with what is to happen this moment */
evt_type;
--- /dev/null
+example.com. 3600 IN DS 16486 5 1 9adff86d0a468b5989a686df8076269b3a31ba54 ; xokit-zevek-tydyg-kydoh-nydap-kicet-zybil-konon-ruvef-covuh-gyxex
--- /dev/null
+example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b}
--- /dev/null
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: qz9wCEIVe8FSBNI1kK9CnSkvHV1j7utdHSEfj/cRSBaayZthSkjWoPTGHAoP+hgYTACbb3V/JYn1zShXFcMQrw==
+PublicExponent: AQAB
+PrivateExponent: lT++xpPB4ZAFicojgSweZJbmRzODy1E6YA7kUTbFywrrClEi6vjb88AshqZsPuDnI4iOZ2Cy56qN9SZTD2WokQ==
+Prime1: 29ChQQp9Dd7jH8L+QxEowJGOxwo2WD8rLOjvdz7FBos=
+Prime2: x3AbQo22FBaEbB1Z6rM31WsLNhNNgHvD2G1gpXD2Ru0=
+Exponent1: Sj0eGQ9nyOV8I+ABa7lB4DfI1uRWElvTQymwpr9mX50=
+Exponent2: ZnWUu6NcKIPM8lI98JK0G4OL1fMivOBYpCbFIRmgnJ0=
+Coefficient: N2jmFfQh8jhGIlrUvOlJFdDnAFNxEy/C5gXRJpNHHBM=
--- /dev/null
+example.com. 3600 IN DS 60946 5 1 f48a5c8c1eceb7df2d68d1ad29151a77d5650505 ; xutam-pulim-seles-votit-zorek-mygep-tipyc-hakol-luhik-hecib-hoxax
--- /dev/null
+example.com. 3600 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
--- /dev/null
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 6JpSJQilYx9jPkvSx8lNlae430jIFfh6b1WOyipBOw4PUcNCk1vhu68mjuk3ZoELE1Lt7Q4vx7aZUHoItn7x6Q==
+PublicExponent: AQAB
+PrivateExponent: Y21D28y8VYifNYvXx8rGvUf6gIdt7+ZM/7ZE2SoCxCjHkHQqWh9k1l5xEjCDZ7YOyFyQAbowMhEsr6C+11UvOQ==
+Prime1: /4r1mlWLh3x1afMpWPxIfeNFsRHeyujk7GBuCZ0MlkM=
+Prime2: 6QTa08YMv3JQrdEe8n+zZvMDkOhS/1wltFBn+mt9cmM=
+Exponent1: 4AWFDBiEanEsSYaXL+By+JF+Lh3Zb4696Y8byCe6uhs=
+Exponent2: p7bo0bgggMMEsrZrcdrcA2Mx0+CDrGxkbu3YiPNI7UU=
+Coefficient: ahJU2OH7E2Q1yhzja925x7g4r289nD/GGIHz47e0ysk=
; set date/time to Aug 24 09:46:40 (2009).
STEP 5 TIME_PASSES ELAPSE 1251100000
STEP 6 ASSIGN t0 = ${time}
-STEP 7 ASSIGN probe = ${timeout}
+; get probe time and check it. 4800 is about 10% less than 5400. And more than
+; the 3600 that a failure timeout would have.
+STEP 7 ASSIGN probe = ${range 4800 ${timeout} 5400}
; the auto probing should have been done now.
; wait and see if autotrust probes (the unchanged) domain again.
STEP 40 TIME_PASSES EVAL ${$probe}
-; do something to make time pass so that processing is performed.
-STEP 50 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-. IN NS
-ENTRY_END
-
-STEP 60 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. 3600 IN NS k.root-servers.net.
-SECTION ADDITIONAL
-k.root-servers.net. 3600 IN A 193.0.14.129
-ENTRY_END
+STEP 50 TRAFFIC
-STEP 65 ASSIGN probe2 = ${timeout}
+STEP 65 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
STEP 70 CHECK_AUTOTRUST example.com
FILE_BEGIN
--- /dev/null
+; config options
+server:
+ target-fetch-policy: "0 0 0 0 0"
+ log-time-ascii: yes
+stub-zone:
+ name: "."
+ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+; initial content (say from dig example.com DNSKEY > example.com.key)
+AUTOTRUST_FILE example.com
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
+example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+AUTOTRUST_END
+CONFIG_END
+
+SCENARIO_BEGIN Test autotrust with prepublish rollover
+
+; K-ROOT
+RANGE_BEGIN 0 100
+ ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id copy_query
+REPLY QR AA
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS k.root-servers.net.
+SECTION ADDITIONAL
+k.root-servers.net IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+ ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com. KSK 55582
+RANGE_BEGIN 0 10
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. 3600 IN A 10.20.30.40
+www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
+SECTION AUTHORITY
+example.com. 3600 IN NS ns.example.com.
+example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com. 3600 IN A 1.2.3.4
+ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 1
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
+; ZSK 1
+example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
+ENTRY_END
+RANGE_END
+
+; ns.example.com. KSK 55582 and 60946
+RANGE_BEGIN 11 40
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 1
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
+; KSK 2
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
+; ZSK 1
+example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899}
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 55582 example.com. CoMon+lWPAsUvgfpCTDPx8Zn8dQpky3lu2O6T+oJ2Mat9a/u1YwGhSQHGPn7ZNG/4vKM97tx84sSlUGz3geD1w== ;{id = 55582}
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091024111500 20090921111500 60946 example.com. o+Cbs7DcYPYlSLd4hi3vkSVQpXGnKgKSi9MpHGfu1Uahv5190U2DUOxP1du/HOYbf+IHYL8zLbMZjVEG5wgnTg== ;{id = 60946}
+ENTRY_END
+RANGE_END
+
+; ns.example.com. KSK 55582 and 60946 (signatures updated)
+RANGE_BEGIN 41 50
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 1
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
+; KSK 2
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
+; ZSK 1
+example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899}
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 55582 example.com. v/HJbdpeVMpbhwYXrT1EDGpAFMvEgdKQII1cAbP6o8KHYNKDh8TIJ25/pXe3daEXfej6/Z5kpqJ79okPKUoi1Q== ;{id = 55582}
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091124111500 20091018111500 60946 example.com. HgXol1hdvbomOM1CFRW8qsHd3D0qOnN72EeMHTcpxIBBiuNLKZn4n1M14Voxj3vo0eAMNuG/y7EjQkxKvSsaDA== ;{id = 60946}
+ENTRY_END
+RANGE_END
+
+; ns.example.com. KSK 55582-REVOKED and 60946
+RANGE_BEGIN 51 60
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 1
+example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
+; KSK 2
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
+; ZSK 1
+example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 30899 example.com. qLKZUJEi3ajSJ4/b7xl0BwhzW6JtjsojpZ+2nUx1PvaeQVoTmyWxjxc2tAmJGcBPqMqzeY470xvyMDvGTOiQCQ== ;{id = 30899}
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 55710 example.com. EW2YB+2yNX9LTNDPVwkcGnRTTx38pOiwBaixdwxmDgqWKXLDLM6Kd2Xv9tveS39RnSZ5H1inRXE55q+rL6Re3g== ;{id = 55710}
+; wrong keytag:
+;example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 55582 example.com. nH/6HauVJI4GGz78UoK/38cOOrEqsYZP0jFzfCC3OyIlclVTjAFvjVPlVMGK7sA5Nw1v20YtFTQkXZgbrRuInQ== ;{id = 55582}
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20091224111500 20091118111500 60946 example.com. xKSBZr4vOsEUKlVoNb6SOV69DM7xFOJI4gPFKq5Tv4APIMJ/9G3odoDmNcLCVyYGzhoDik5hciJnZio6UHgzAA== ;{id = 60946}
+ENTRY_END
+RANGE_END
+
+; ns.example.com. KSK 60946
+RANGE_BEGIN 61 70
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 2
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
+; ZSK 1
+example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20101224111500 20101118111500 30899 example.com. TfFGz1kDtkn3ixbKMJvQDZ0uGw/eW+inIiPqQVPQtO2WiocKrnYnzwv/AqwnFvEar70dF15/zffNIF+ipOS5/g== ;{id = 30899}
+example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20101224111500 20101118111500 60946 example.com. X0Ci//w0czN/J5RvypHGqp56n1tLdapi92ODAqjM7QpZXbSHaJ7wfPG1PZzvdxHUZUVyf8uy2stjg/XoLGHMWA== ;{id = 60946}
+ENTRY_END
+RANGE_END
+
+; set date/time to Aug 24 09:46:40 (2009).
+STEP 5 TIME_PASSES ELAPSE 1251100000
+STEP 6 TRAFFIC ; the initial probe
+STEP 7 ASSIGN t0 = ${time}
+STEP 8 ASSIGN probe0 = ${range 4800 ${timeout} 5400}
+
+; the auto probing should have been done now.
+STEP 10 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t0} ;;${ctime $t0}
+;;last_success: ${$t0} ;;${ctime $t0}
+;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; key prepublished. First poll. 30 days later
+STEP 11 TIME_PASSES EVAL ${30*24*3600}
+STEP 12 TRAFFIC
+STEP 13 ASSIGN t1 = ${time}
+STEP 14 ASSIGN probe1 = ${range 4800 ${timeout} 5400}
+STEP 15 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t1} ;;${ctime $t1}
+;;last_success: ${$t1} ;;${ctime $t1}
+;;next_probe_time: ${$t1 + $probe1} ;;${ctime $t1 + $probe1}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1}
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; Second poll. 10 days later
+STEP 21 TIME_PASSES EVAL ${10*24*3600}
+STEP 22 TRAFFIC
+STEP 23 ASSIGN t2 = ${time}
+STEP 24 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
+STEP 25 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t2} ;;${ctime $t2}
+;;last_success: ${$t2} ;;${ctime $t2}
+;;next_probe_time: ${$t2 + $probe2} ;;${ctime $t2 + $probe2}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=2 ;;lastchange=${$t1} ;;${ctime $t1}
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; Third poll. 10 days later
+STEP 31 TIME_PASSES EVAL ${10*24*3600}
+STEP 32 TRAFFIC
+STEP 33 ASSIGN t3 = ${time}
+STEP 34 ASSIGN probe3 = ${range 4800 ${timeout} 5400}
+STEP 35 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t3} ;;${ctime $t3}
+;;last_success: ${$t3} ;;${ctime $t3}
+;;next_probe_time: ${$t3 + $probe3} ;;${ctime $t3 + $probe3}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=3 ;;lastchange=${$t1} ;;${ctime $t1}
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; 11 days later, hold down has lapsed.
+STEP 41 TIME_PASSES EVAL ${11*24*3600}
+STEP 42 TRAFFIC
+STEP 43 ASSIGN t4 = ${time}
+STEP 44 ASSIGN probe4 = ${range 4800 ${timeout} 5400}
+STEP 45 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t4} ;;${ctime $t4}
+;;last_success: ${$t4} ;;${ctime $t4}
+;;next_probe_time: ${$t4 + $probe4} ;;${ctime $t4 + $probe4}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; 30 days later, the old key is revoked
+STEP 51 TIME_PASSES EVAL ${30*24*3600}
+STEP 52 TRAFFIC
+STEP 53 ASSIGN t5 = ${time}
+STEP 54 ASSIGN probe5 = ${range 4800 ${timeout} 5400}
+STEP 55 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t5} ;;${ctime $t5}
+;;last_success: ${$t5} ;;${ctime $t5}
+;;next_probe_time: ${$t5 + $probe5} ;;${ctime $t5 + $probe5}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
+example.com. 10800 IN DNSKEY 385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t5} ;;${ctime $t5}
+FILE_END
+
+; 370 days later, the old key is removed from storage
+STEP 61 TIME_PASSES EVAL ${370*24*3600}
+STEP 62 TRAFFIC
+STEP 63 ASSIGN t6 = ${time}
+STEP 64 ASSIGN probe6 = ${range 4800 ${timeout} 5400}
+STEP 65 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t6} ;;${ctime $t6}
+;;last_success: ${$t6} ;;${ctime $t6}
+;;next_probe_time: ${$t6 + $probe6} ;;${ctime $t6 + $probe6}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com. 10800 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
+FILE_END
+
+
+SCENARIO_END
int keytag = (int)ldns_calc_keytag(ta->rr);
char msg[MAXSYSLOGMSGLEN];
vsnprintf(msg, sizeof(msg), format, args);
- verbose(level, "autotrust %s key %d %s", str?str:"??",
- keytag, msg);
+ verbose(level, "%s key %d %s", str?str:"??", keytag, msg);
free(str);
}
va_end(args);
struct ub_packed_rrset_key* dnskey_rrset, size_t i)
{
enum sec_status sec;
+ verbose(VERB_ALGO, "seen REVOKE flag, check self-signed, rr %d", i);
sec = dnskey_verify_rrset(env, ve, dnskey_rrset, dnskey_rrset, i);
return (sec == sec_status_secure);
}
ldns_rdf* rdf;
uint16_t flags;
log_assert(ta && ta->rr);
- if(!ldns_rr_get_type(ta->rr) != LDNS_RR_TYPE_DNSKEY)
+ if(ldns_rr_get_type(ta->rr) != LDNS_RR_TYPE_DNSKEY)
return;
rdf = ldns_rr_dnskey_flags(ta->rr);
flags = ldns_read_uint16(ldns_rdf_data(rdf));
projects / thirdparty / unbound.git / commitdiff
