From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 24 Mar 2023 17:08:14 +0000 (+0100)
Subject: dnsdist: Check both h2o and nghttp2 in the DoH regression tests
X-Git-Tag: rec-5.0.0-alpha1~19^2~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d2c3ef4bc03fb07c459f3aa858dc1f602e960a38;p=thirdparty%2Fpdns.git

dnsdist: Check both h2o and nghttp2 in the DoH regression tests
---

diff --git a/regression-tests.dnsdist/test_DOH.py b/regression-tests.dnsdist/test_DOH.py
index d4d6606faf..ae6aac46a4 100644
--- a/regression-tests.dnsdist/test_DOH.py
+++ b/regression-tests.dnsdist/test_DOH.py
@@ -12,8 +12,7 @@ from dnsdisttests import pickAvailablePort
 import pycurl
 from io import BytesIO
 
-class TestDOH(DNSDistDOHTest):
-
+class DOHTests(object):
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
     _serverName = 'tls.tests.dnsdist.org'
@@ -23,11 +22,7 @@ class TestDOH(DNSDistDOHTest):
     _customResponseHeader2 = 'user-agent: derp'
     _dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
     _config_template = """
-    newServer{address="127.0.0.1:%s"}
-
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/", "/coffee", "/PowerDNS", "/PowerDNS2", "/PowerDNS-999" }, {customResponseHeaders={["access-control-allow-origin"]="*",["user-agent"]="derp",["UPPERCASE"]="VaLuE"}, keepIncomingHeaders=true})
-    dohFE = getDOHFrontend(0)
-    dohFE:setResponsesMap({newDOHResponseMapEntry('^/coffee$', 418, 'C0FFEE', {['FoO']='bar'})})
+    newServer{address="127.0.0.1:%d"}
 
     addAction("drop.doh.tests.powerdns.com.", DropAction())
     addAction("refused.doh.tests.powerdns.com.", RCodeAction(DNSRCode.REFUSED))
@@ -56,8 +51,13 @@ class TestDOH(DNSDistDOHTest):
       return DNSAction.None
     end
     addAction("http-lua.doh.tests.powerdns.com.", LuaAction(dohHandler))
+
+    addDOHLocal("127.0.0.1:%d", "%s", "%s", { "/", "/coffee", "/PowerDNS", "/PowerDNS2", "/PowerDNS-999" }, {customResponseHeaders={["access-control-allow-origin"]="*",["user-agent"]="derp",["UPPERCASE"]="VaLuE"}, keepIncomingHeaders=true, library='%s'})
+    dohFE = getDOHFrontend(0)
+    dohFE:setResponsesMap({newDOHResponseMapEntry('^/coffee$', 418, 'C0FFEE', {['FoO']='bar'})})
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_serverName', '_dohServerPort']
+    _config_params = ['_testServerPort', '_serverName', '_dohServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
+    _verboseMode = True
 
     def testDOHSimple(self):
         """
@@ -522,8 +522,13 @@ class TestDOH(DNSDistDOHTest):
         self.assertIn('foo: bar', headers)
         self.assertNotIn(self._customResponseHeader2, headers)
 
-class TestDOHSubPaths(DNSDistDOHTest):
+class TestDoHNGHTTP2(DOHTests, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
 
+class TestDoHH2O(DOHTests, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHSubPathsTests(object):
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
     _serverName = 'tls.tests.dnsdist.org'
@@ -535,9 +540,9 @@ class TestDOHSubPaths(DNSDistDOHTest):
 
     addAction(AllRule(), SpoofAction("3.4.5.6"))
 
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/PowerDNS" }, {exactPathMatching=false})
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/PowerDNS" }, {exactPathMatching=false, library='%s'})
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
 
     def testSubPath(self):
         """
@@ -580,7 +585,13 @@ class TestDOHSubPaths(DNSDistDOHTest):
         (_, receivedResponse) = self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL + 'PowerDNS/something', caFile=self._caCert, query=query, response=None, useQueue=False)
         self.assertEqual(receivedResponse, expectedResponse)
 
-class TestDOHAddingECS(DNSDistDOHTest):
+class TestDoHSubPathsNGHTTP2(DOHSubPathsTests, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDoHSubPathsH2O(DOHSubPathsTests, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHAddingECSTests(object):
 
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
@@ -590,10 +601,10 @@ class TestDOHAddingECS(DNSDistDOHTest):
     _dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
     _config_template = """
     newServer{address="127.0.0.1:%s", useClientSubnet=true}
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" })
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {library='%s'})
     setECSOverride(true)
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
 
     def testDOHSimple(self):
         """
@@ -675,19 +686,21 @@ class TestDOHAddingECS(DNSDistDOHTest):
         self.checkQueryEDNSWithECS(expectedQuery, receivedQuery)
         self.checkResponseEDNSWithECS(response, receivedResponse)
 
-class TestDOHOverHTTP(DNSDistDOHTest):
+class TestDoHAddingECSNGHTTP2(DOHAddingECSTests, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDoHAddingECSH2O(DOHAddingECSTests, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
 
+class DOHOverHTTP(object):
     _dohServerPort = pickAvailablePort()
     _serverName = 'tls.tests.dnsdist.org'
     _dohBaseURL = ("http://%s:%d/dns-query" % (_serverName, _dohServerPort))
     _config_template = """
     newServer{address="127.0.0.1:%s"}
-    addDOHLocal("127.0.0.1:%s")
+    addDOHLocal("127.0.0.1:%s", nil, nil, '/dns-query', {library='%s'})
     """
-    _config_params = ['_testServerPort', '_dohServerPort']
-    _checkConfigExpectedOutput = b"""No certificate provided for DoH endpoint 127.0.0.1:%d, running in DNS over HTTP mode instead of DNS over HTTPS
-Configuration 'configs/dnsdist_TestDOHOverHTTP.conf' OK!
-""" % (_dohServerPort)
+    _config_params = ['_testServerPort', '_dohServerPort', '_dohLibrary']
 
     def testDOHSimple(self):
         """
@@ -740,7 +753,19 @@ Configuration 'configs/dnsdist_TestDOHOverHTTP.conf' OK!
         self.assertEqual(response, receivedResponse)
         self.checkResponseNoEDNS(response, receivedResponse)
 
-class TestDOHWithCache(DNSDistDOHTest):
+class TestDOHOverHTTPNGHTTP2(DOHOverHTTP, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+    _checkConfigExpectedOutput = b"""No certificate provided for DoH endpoint 127.0.0.1:%d, running in DNS over HTTP mode instead of DNS over HTTPS
+Configuration 'configs/dnsdist_TestDOHOverHTTPNGHTTP2.conf' OK!
+""" % (DOHOverHTTP._dohServerPort)
+
+class TestDOHOverHTTPH2O(DOHOverHTTP, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+    _checkConfigExpectedOutput = b"""No certificate provided for DoH endpoint 127.0.0.1:%d, running in DNS over HTTP mode instead of DNS over HTTPS
+Configuration 'configs/dnsdist_TestDOHOverHTTPH2O.conf' OK!
+""" % (DOHOverHTTP._dohServerPort)
+
+class DOHWithCache(object):
 
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
@@ -751,12 +776,12 @@ class TestDOHWithCache(DNSDistDOHTest):
     _config_template = """
     newServer{address="127.0.0.1:%s"}
 
-    addDOHLocal("127.0.0.1:%s", "%s", "%s")
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", '/dns-query', {library='%s'})
 
     pc = newPacketCache(100, {maxTTL=86400, minTTL=1})
     getPool(""):setCache(pc)
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
 
     def testDOHCacheLargeAnswer(self):
         """
@@ -949,7 +974,14 @@ class TestDOHWithCache(DNSDistDOHTest):
         (_, receivedResponse) = self.sendUDPQuery(expectedQuery, response=None, useQueue=False)
         self.assertEqual(response, receivedResponse)
 
-class TestDOHWithoutCacheControl(DNSDistDOHTest):
+class TestDOHWithCacheNGHTTP2(DOHWithCache, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+    _verboseMode = True
+
+class TestDOHWithCacheH2O(DOHWithCache, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHWithoutCacheControl(object):
 
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
@@ -960,9 +992,9 @@ class TestDOHWithoutCacheControl(DNSDistDOHTest):
     _config_template = """
     newServer{address="127.0.0.1:%s"}
 
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {sendCacheControlHeaders=false})
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {sendCacheControlHeaders=false, library='%s'})
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
 
     def testDOHSimple(self):
         """
@@ -990,8 +1022,13 @@ class TestDOHWithoutCacheControl(DNSDistDOHTest):
         self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
         self.assertEqual(response, receivedResponse)
 
-class TestDOHFFI(DNSDistDOHTest):
+class TestDOHWithoutCacheControlNGHTTP2(DOHWithoutCacheControl, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
 
+class TestDOHWithoutCacheControlH2O(DOHWithoutCacheControl, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHFFI(object):
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
     _serverName = 'tls.tests.dnsdist.org'
@@ -1003,7 +1040,7 @@ class TestDOHFFI(DNSDistDOHTest):
     _config_template = """
     newServer{address="127.0.0.1:%s"}
 
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {customResponseHeaders={["access-control-allow-origin"]="*",["user-agent"]="derp",["UPPERCASE"]="VaLuE"}, keepIncomingHeaders=true})
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {customResponseHeaders={["access-control-allow-origin"]="*",["user-agent"]="derp",["UPPERCASE"]="VaLuE"}, keepIncomingHeaders=true, library='%s'})
 
     local ffi = require("ffi")
 
@@ -1036,7 +1073,7 @@ class TestDOHFFI(DNSDistDOHTest):
     end
     addAction("http-lua-ffi.doh.tests.powerdns.com.", LuaFFIAction(dohHandler))
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_serverName', '_dohServerPort']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary', '_serverName', '_dohServerPort']
 
     def testHTTPLuaFFIResponse(self):
         """
@@ -1052,8 +1089,13 @@ class TestDOHFFI(DNSDistDOHTest):
         self.assertEqual(self._rcode, 200)
         self.assertTrue('content-type: text/plain' in self._response_headers.decode())
 
-class TestDOHForwardedFor(DNSDistDOHTest):
+class TestDOHFFINGHTTP2(DOHFFI, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDOHFFIH2O(DOHFFI, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
 
+class DOHForwardedFor(object):
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
     _serverName = 'tls.tests.dnsdist.org'
@@ -1064,12 +1106,12 @@ class TestDOHForwardedFor(DNSDistDOHTest):
     newServer{address="127.0.0.1:%s"}
 
     setACL('192.0.2.1/32')
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {trustForwardedForHeader=true})
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {trustForwardedForHeader=true, library='%s'})
     -- Set a maximum number of TCP connections per client, to exercise
     -- that code along with X-Forwarded-For support
     setMaxTCPConnectionsPerClient(2)
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
 
     def testDOHAllowedForwarded(self):
         """
@@ -1118,7 +1160,13 @@ class TestDOHForwardedFor(DNSDistDOHTest):
         self.assertEqual(self._rcode, 403)
         self.assertEqual(receivedResponse, b'DoH query not allowed because of ACL')
 
-class TestDOHForwardedForNoTrusted(DNSDistDOHTest):
+class TestDOHForwardedForNGHTTP2(DOHForwardedFor, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDOHForwardedForH2O(DOHForwardedFor, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHForwardedForNoTrusted(object):
 
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
@@ -1130,9 +1178,9 @@ class TestDOHForwardedForNoTrusted(DNSDistDOHTest):
     newServer{address="127.0.0.1:%s"}
 
     setACL('192.0.2.1/32')
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {earlyACLDrop=true})
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {earlyACLDrop=true, library='%s'})
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
 
     def testDOHForwardedUntrusted(self):
         """
@@ -1161,7 +1209,13 @@ class TestDOHForwardedForNoTrusted(DNSDistDOHTest):
 
         self.assertTrue(dropped)
 
-class TestDOHFrontendLimits(DNSDistDOHTest):
+class TestDOHForwardedForNoTrustedNGHTTP2(DOHForwardedForNoTrusted, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDOHForwardedForNoTrustedH2O(DOHForwardedForNoTrusted, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHFrontendLimits(object):
 
     # this test suite uses a different responder port
     # because it uses a different health check configuration
@@ -1174,14 +1228,13 @@ class TestDOHFrontendLimits(DNSDistDOHTest):
     _caCert = 'ca.pem'
     _dohServerPort = pickAvailablePort()
     _dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
-
     _skipListeningOnCL = True
     _maxTCPConnsPerDOHFrontend = 5
     _config_template = """
     newServer{address="127.0.0.1:%s"}
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, { maxConcurrentTCPConnections=%d })
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, { maxConcurrentTCPConnections=%d, library='%s' })
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_maxTCPConnsPerDOHFrontend']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_maxTCPConnsPerDOHFrontend', '_dohLibrary']
     _alternateListeningAddr = '127.0.0.1'
     _alternateListeningPort = _dohServerPort
 
@@ -1195,7 +1248,10 @@ class TestDOHFrontendLimits(DNSDistDOHTest):
 
         for idx in range(self._maxTCPConnsPerDOHFrontend + 1):
             try:
-                conns.append(self.openTLSConnection(self._dohServerPort, self._serverName, self._caCert, alpn=['h2']))
+                alpn = []
+                if self._dohLibrary != 'h2o':
+                    alpn.append('h2')
+                conns.append(self.openTLSConnection(self._dohServerPort, self._serverName, self._caCert, alpn=alpn))
             except:
                 conns.append(None)
 
@@ -1228,7 +1284,13 @@ class TestDOHFrontendLimits(DNSDistDOHTest):
         self.assertEqual(count, self._maxTCPConnsPerDOHFrontend)
         self.assertEqual(failed, 1)
 
-class TestProtocols(DNSDistDOHTest):
+class TestDOHFrontendLimitsNGHTTP2(DOHFrontendLimits, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDOHFrontendLimitsH2O(DOHFrontendLimits, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class Protocols(object):
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
     _serverName = 'tls.tests.dnsdist.org'
@@ -1247,9 +1309,9 @@ class TestProtocols(DNSDistDOHTest):
 
     addAction("protocols.doh.tests.powerdns.com.", LuaAction(checkDOH))
     newServer{address="127.0.0.1:%s"}
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" })
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {library='%s'})
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
 
     def testProtocolDOH(self):
         """
@@ -1269,7 +1331,13 @@ class TestProtocols(DNSDistDOHTest):
         self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
         self.assertEqual(response, receivedResponse)
 
-class TestDOHWithPKCS12Cert(DNSDistDOHTest):
+class TestProtocolsNGHTTP2(Protocols, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestProtocolsH2O(Protocols, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHWithPKCS12Cert(object):
     _serverCert = 'server.p12'
     _pkcs12Password = 'passw0rd'
     _serverName = 'tls.tests.dnsdist.org'
@@ -1279,11 +1347,11 @@ class TestDOHWithPKCS12Cert(DNSDistDOHTest):
     _config_template = """
     newServer{address="127.0.0.1:%s"}
     cert=newTLSCertificate("%s", {password="%s"})
-    addDOHLocal("127.0.0.1:%s", cert, "", { "/" })
+    addDOHLocal("127.0.0.1:%s", cert, "", { "/" }, {library='%s'})
     """
-    _config_params = ['_testServerPort', '_serverCert', '_pkcs12Password', '_dohServerPort']
+    _config_params = ['_testServerPort', '_serverCert', '_pkcs12Password', '_dohServerPort', '_dohLibrary']
 
-    def testProtocolDOH(self):
+    def testPKCS12DOH(self):
         """
         DoH: Test Simple DOH Query with a password protected PKCS12 file configured
         """
@@ -1306,7 +1374,13 @@ class TestDOHWithPKCS12Cert(DNSDistDOHTest):
         receivedQuery.id = expectedQuery.id
         self.assertEqual(expectedQuery, receivedQuery)
 
-class TestDOHForwardedToTCPOnly(DNSDistDOHTest):
+class TestDOHWithPKCS12CertNGHTTP2(DOHWithPKCS12Cert, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDOHWithPKCS12CertH2O(DOHWithPKCS12Cert, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHForwardedToTCPOnly(object):
     _serverKey = 'server.key'
     _serverCert = 'server.chain'
     _serverName = 'tls.tests.dnsdist.org'
@@ -1315,9 +1389,9 @@ class TestDOHForwardedToTCPOnly(DNSDistDOHTest):
     _dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
     _config_template = """
     newServer{address="127.0.0.1:%s", tcpOnly=true}
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" })
+    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {library='%s'})
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
 
     def testDOHTCPOnly(self):
         """
@@ -1341,7 +1415,13 @@ class TestDOHForwardedToTCPOnly(DNSDistDOHTest):
         self.assertEqual(receivedQuery, query)
         self.assertEqual(receivedResponse, response)
 
-class TestDOHLimits(DNSDistDOHTest):
+class TestDOHForwardedToTCPOnlyNGHTTP2(DOHForwardedToTCPOnly, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDOHForwardedToTCPOnlyH2O(DOHForwardedToTCPOnly, DNSDistDOHTest):
+    _dohLibrary = 'h2o'
+
+class DOHLimits(object):
     _serverName = 'tls.tests.dnsdist.org'
     _caCert = 'ca.pem'
     _dohServerPort = pickAvailablePort()
@@ -1350,11 +1430,11 @@ class TestDOHLimits(DNSDistDOHTest):
     _serverCert = 'server.chain'
     _maxTCPConnsPerClient = 3
     _config_template = """
-    newServer{address="127.0.0.1:%s"}
-    addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" })
-    setMaxTCPConnectionsPerClient(%s)
+    newServer{address="127.0.0.1:%d"}
+    addDOHLocal("127.0.0.1:%d", "%s", "%s", { "/" }, {library='%s'})
+    setMaxTCPConnectionsPerClient(%d)
     """
-    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_maxTCPConnsPerClient']
+    _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary', '_maxTCPConnsPerClient']
 
     def testConnsPerClient(self):
         """
@@ -1394,3 +1474,9 @@ class TestDOHLimits(DNSDistDOHTest):
 
         self.assertEqual(count, self._maxTCPConnsPerClient)
         self.assertEqual(failed, 1)
+
+class TestDOHLimitsNGHTTP2(DOHLimits, DNSDistDOHTest):
+    _dohLibrary = 'nghttp2'
+
+class TestDOHLimitsH2O(DOHLimits, DNSDistDOHTest):
+    _dohLibrary = 'h2o'