From: Otto Date: Mon, 11 Oct 2021 10:11:15 +0000 (+0200) Subject: Add a few tests for the PacketCache TTLs: X-Git-Tag: dnsdist-1.7.0-alpha2~19^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=628fcdb9a218be3fc411baec4ff63175ed842f16;p=thirdparty%2Fpdns.git Add a few tests for the PacketCache TTLs: - ordinary records case - NXDomain and NoData cases - ServFail case The "no answer and no auth records" is not possible to generate using an Auth Zone afaik. --- diff --git a/regression-tests.recursor-dnssec/test_PacketCache.py b/regression-tests.recursor-dnssec/test_PacketCache.py index e2be43a2df..aaaa0700f0 100644 --- a/regression-tests.recursor-dnssec/test_PacketCache.py +++ b/regression-tests.recursor-dnssec/test_PacketCache.py @@ -3,6 +3,7 @@ import cookiesoption import dns import os import requests +import subprocess from recursortests import RecursorTest @@ -19,7 +20,8 @@ class PacketCacheRecursorTest(RecursorTest): _wsPassword = 'secretpassword' _apiKey = 'secretapikey' _config_template = """ - packetcache-ttl=60 + packetcache-ttl=10 + packetcache-servfail-ttl=5 auth-zones=example=configs/%s/example.zone webserver=yes webserver-port=%d @@ -39,6 +41,7 @@ b 3600 IN A 192.0.2.42 c 3600 IN A 192.0.2.42 d 3600 IN A 192.0.2.42 e 3600 IN A 192.0.2.42 +f 3600 IN CNAME f ; CNAME loop: dirty trick to get a ServFail in an authzone """.format(soa=cls._SOA)) super(PacketCacheRecursorTest, cls).generateRecursorConfig(confdir) @@ -136,3 +139,37 @@ e 3600 IN A 192.0.2.42 self.assertRcodeEqual(res, dns.rcode.NOERROR) self.assertRRsetInAnswer(res, expected) self.checkPacketCacheMetrics(6, 4) + + # NXDomain should get default packetcache TTL (10) + query = dns.message.make_query('nxdomain.example.', 'A', want_dnssec=True) + res = self.sendUDPQuery(query) + self.assertRcodeEqual(res, dns.rcode.NXDOMAIN) + self.checkPacketCacheMetrics(6, 5) + + # NoData should get default packetcache TTL (10) + query = dns.message.make_query('a.example.', 'AAAA', want_dnssec=True) + res = self.sendUDPQuery(query) + self.assertRcodeEqual(res, dns.rcode.NOERROR) + self.checkPacketCacheMetrics(6, 6) + + # ServFail should get ServFail TTL (5) + query = dns.message.make_query('f.example.', 'A', want_dnssec=True) + res = self.sendUDPQuery(query) + self.assertRcodeEqual(res, dns.rcode.SERVFAIL) + self.checkPacketCacheMetrics(6, 7) + + # We peek into the cache to check TTLs and allow TTLs te be one lower than inserted since the clock might have ticked + rec_controlCmd = [os.environ['RECCONTROL'], + '--config-dir=%s' % 'configs/' + self._confdir, + 'dump-cache', '-'] + try: + ret = subprocess.check_output(rec_controlCmd, stderr=subprocess.STDOUT) + self.assertTrue((b"a.example. 10 A ; tag 0 udp\n" in ret) or (b"a.example. 9 A ; tag 0 udp\n" in ret)) + self.assertTrue((b"nxdomain.example. 10 A ; tag 0 udp\n" in ret) or (b"nxdomain.example. 9 A ; tag 0 udp\n" in ret)) + self.assertTrue((b"a.example. 10 AAAA ; tag 0 udp\n" in ret) or (b"a.example. 9 AAAA ; tag 0 udp\n" in ret)) + self.assertTrue((b"f.example. 5 A ; tag 0 udp\n" in ret) or (b"f.example. 4 A ; tag 0 udp\n" in ret)) + + except subprocess.CalledProcessError as e: + print(e.output) + raise +