From: Kees Monshouwer Date: Sun, 6 Jun 2021 11:01:12 +0000 (+0200) Subject: auth: fix the nobackend tests X-Git-Tag: auth-4.5.0-beta1~2^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10470%2Fhead;p=thirdparty%2Fpdns.git auth: fix the nobackend tests --- diff --git a/docs/backends/tinydns.rst b/docs/backends/tinydns.rst index 4117baff5b..3dc5df6979 100644 --- a/docs/backends/tinydns.rst +++ b/docs/backends/tinydns.rst @@ -7,7 +7,7 @@ TinyDNS Backend - Superslave: No - Autoserial: No - DNSSEC: No -* Zone caching: Yes +- Zone caching: Yes - Multiple Instances: Yes - Module name: tinydns - Launch: ``tinydns`` diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index f91b80c4fb..afc9b0b685 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -187,7 +187,7 @@ void declareArguments() ::arg().set("default-soa-edit","Default SOA-EDIT value")=""; ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")=""; ::arg().set("dnssec-key-cache-ttl","Seconds to cache DNSSEC keys from the database")="30"; - ::arg().set("domain-metadata-cache-ttl", "Seconds to cache zone metadata from the database") = "0"; + ::arg().set("domain-metadata-cache-ttl", "Seconds to cache zone metadata from the database") = ""; ::arg().set("zone-metadata-cache-ttl", "Seconds to cache zone metadata from the database") = "60"; ::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")=""; diff --git a/pdns/receiver.cc b/pdns/receiver.cc index 4d9c5a3f2f..965108fba2 100644 --- a/pdns/receiver.cc +++ b/pdns/receiver.cc @@ -432,7 +432,7 @@ int main(int argc, char **argv) if (::arg().mustDo("slave-renotify")) ::arg().set("secondary-do-renotify")="yes"; if (::arg().mustDo("superslave")) ::arg().set("autosecondary")="yes"; if (::arg().mustDo("allow-unsigned-supermaster")) ::arg().set("allow-unsigned-autoprimary")="yes"; - if (::arg().asNum("domain-metadata-cache-ttl")) + if (!::arg().isEmpty("domain-metadata-cache-ttl")) ::arg().set("zone-metadata-cache-ttl") = ::arg()["domain-metadata-cache-ttl"]; // this mirroring back is on purpose, so that config dumps reflect the actual setting on both names @@ -441,8 +441,7 @@ int main(int argc, char **argv) if (::arg().mustDo("secondary-do-renotify")) ::arg().set("slave-renotify")="yes"; if (::arg().mustDo("autosecondary")) ::arg().set("superslave")="yes"; if (::arg().mustDo("allow-unsigned-autoprimary")) ::arg().set("allow-unsigned-supermaster")="yes"; - if (::arg().asNum("zone-metadata-cache-ttl")) - ::arg().set("domain-metadata-cache-ttl") = ::arg()["zone-metadata-cache-ttl"]; + ::arg().set("domain-metadata-cache-ttl") = ::arg()["zone-metadata-cache-ttl"]; g_log.setLoglevel((Logger::Urgency)(::arg().asNum("loglevel"))); g_log.disableSyslog(::arg().mustDo("disable-syslog")); diff --git a/regression-tests.nobackend/counters/command b/regression-tests.nobackend/counters/command index 7caa30973c..7f77e457fe 100755 --- a/regression-tests.nobackend/counters/command +++ b/regression-tests.nobackend/counters/command @@ -10,7 +10,7 @@ rm -f pdns*.pid $PDNS --daemon=no --local-address=127.0.0.1,::1 \ --local-port=$port --socket-dir=./ --no-shuffle --launch=random --no-config \ - --module-dir=../regression-tests/modules & + --module-dir=../regression-tests/modules --zone-cache-refresh-interval=0 & sleep 2 diff --git a/regression-tests.nobackend/counters/expected_result b/regression-tests.nobackend/counters/expected_result index 69b6391106..6ae3c5e88a 100644 --- a/regression-tests.nobackend/counters/expected_result +++ b/regression-tests.nobackend/counters/expected_result @@ -17,7 +17,7 @@ open-tcp-connections=0 overload-drops=0 packetcache-size=7 qsize-q=0 -query-cache-size=12 +query-cache-size=10 rd-queries=0 recursing-answers=0 recursing-questions=0 @@ -66,3 +66,4 @@ udp6-answers=2 udp6-queries=2 unauth-packets=1 xfr-queue=0 +zone-cache-size=0 diff --git a/regression-tests.nobackend/distributor/command b/regression-tests.nobackend/distributor/command index e5a2ab1863..c96f3770b6 100755 --- a/regression-tests.nobackend/distributor/command +++ b/regression-tests.nobackend/distributor/command @@ -14,7 +14,7 @@ $PDNS --daemon=no --local-address=127.0.0.1,::1 \ --module-dir=../regression-tests/modules --pipe-command=$(pwd)/distributor/slow.pl \ --pipe-abi-version=5 \ --overload-queue-length=10 --log-dns-queries --loglevel=9 \ - --pipe-timeout=1500 & + --pipe-timeout=1500 --zone-cache-refresh-interval=0 & sleep 2 diff --git a/regression-tests.nobackend/negcache-tests-dotted-cname/command b/regression-tests.nobackend/negcache-tests-dotted-cname/command index 4c7b0fc52d..d168e2a177 100755 --- a/regression-tests.nobackend/negcache-tests-dotted-cname/command +++ b/regression-tests.nobackend/negcache-tests-dotted-cname/command @@ -10,7 +10,8 @@ rm -f pdns*.pid PYTHONUNBUFFERED=1 $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind,pipe --bind-config=negcache-tests-dotted-cname/named.conf \ --pipe-command=negcache-tests-dotted-cname/pipe.py \ - --cache-ttl=60 --no-config --module-dir=../regression-tests/modules & + --cache-ttl=60 --no-config --module-dir=../regression-tests/modules \ + --zone-cache-refresh-interval=0 & sleep 3 diff --git a/regression-tests.nobackend/rectify-axfr/command b/regression-tests.nobackend/rectify-axfr/command index e3360c2ba7..906ab00fd2 100755 --- a/regression-tests.nobackend/rectify-axfr/command +++ b/regression-tests.nobackend/rectify-axfr/command @@ -32,7 +32,7 @@ echo ANALYZE\; | sqlite3 pdns.sqlite3 for zone in $(grep 'zone ' named.conf | cut -f2 -d\") do - $PDNSUTIL $ARGS set-nsec3 $zone "1 1 1 abcd" >&2 + $PDNSUTIL $ARGS set-nsec3 $zone "1 0 1 abcd" >&2 $PDNSUTIL $ARGS add-zone-key $zone rsasha256 1024 zsk active >&2 done diff --git a/regression-tests.nobackend/rectify-axfr/expected_result b/regression-tests.nobackend/rectify-axfr/expected_result index 04e2d37ccd..d3c512a4fd 100644 --- a/regression-tests.nobackend/rectify-axfr/expected_result +++ b/regression-tests.nobackend/rectify-axfr/expected_result @@ -62,10 +62,7 @@ OK RETVAL: 0 --- ldns-verify-zone -V2 dnssec-parent.com -Error: there is no NSEC(3) for ent.auth-ent.dnssec-parent.com. -Error: there is no NSEC(3) for ent.ent.auth-ent.dnssec-parent.com. -There were errors in the zone -RETVAL: 11 +RETVAL: 0 --- validns dnssec-parent.com RETVAL: 0 @@ -89,11 +86,6 @@ RETVAL: 0 zone verified. RETVAL: 0 ---- named-checkzone delegated.dnssec-parent.com -zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) -OK -RETVAL: 0 - --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com RETVAL: 0 diff --git a/regression-tests.nobackend/supermaster-signed/command b/regression-tests.nobackend/supermaster-signed/command index 151c179e76..30be471ef1 100755 --- a/regression-tests.nobackend/supermaster-signed/command +++ b/regression-tests.nobackend/supermaster-signed/command @@ -92,7 +92,7 @@ start_slave() { slaveport=53 - $RUNWRAPPER $PDNS2 --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \ + $RUNWRAPPER $PDNS --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \ --config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 \ --slave --retrieval-threads=4 --slave=yes --superslave=yes --query-local-address=127.0.0.2 \ --slave-cycle-interval=300 --allow-unsigned-notify=no --allow-unsigned-supermaster=no & diff --git a/regression-tests.nobackend/supermaster-unsigned/command b/regression-tests.nobackend/supermaster-unsigned/command index 6108a75754..22935a93f6 100755 --- a/regression-tests.nobackend/supermaster-unsigned/command +++ b/regression-tests.nobackend/supermaster-unsigned/command @@ -84,7 +84,7 @@ start_slave() { slaveport=53 - $RUNWRAPPER $PDNS2 --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \ + $RUNWRAPPER $PDNS --daemon=no --local-port=$slaveport --config-dir=. --module-dir=../regression-tests/modules \ --config-name=gsqlite3-slave --socket-dir=./ --no-shuffle --local-address=127.0.0.2 \ --slave --retrieval-threads=4 --slave=yes --superslave=yes --query-local-address=127.0.0.2 \ --slave-cycle-interval=300 --dname-processing & diff --git a/regression-tests/tests/verify-dnssec-zone/command b/regression-tests/tests/verify-dnssec-zone/command index 81e9fc564e..e9e6ba60e9 100755 --- a/regression-tests/tests/verify-dnssec-zone/command +++ b/regression-tests/tests/verify-dnssec-zone/command @@ -5,7 +5,8 @@ do drill -p $port axfr $zone @$nameserver | ldns-read-zone -z -u CDS -u CDNSKEY > $TFILE for validator in "ldns-verify-zone -V2" validns jdnssec-verifyzone named-checkzone do - if [ "$validator" = "validns" ] && [ "$zone" = "." ] + if [[ ( "$validator" = "validns" && "$zone" = "." ) || \ + ( "$validator" = "named-checkzone" && "$zone" = "delegated.dnssec-parent.com" ) ]]; then continue fi diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result b/regression-tests/tests/verify-dnssec-zone/expected_result index 539d1ef570..f1766aeef0 100644 --- a/regression-tests/tests/verify-dnssec-zone/expected_result +++ b/regression-tests/tests/verify-dnssec-zone/expected_result @@ -86,11 +86,6 @@ RETVAL: 0 zone verified. RETVAL: 0 ---- named-checkzone delegated.dnssec-parent.com -zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) -OK -RETVAL: 0 - --- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com RETVAL: 0 diff --git a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout b/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout deleted file mode 100644 index 539d1ef570..0000000000 --- a/regression-tests/tests/verify-dnssec-zone/expected_result.nsec3-optout +++ /dev/null @@ -1,183 +0,0 @@ ---- ldns-verify-zone -V2 test.com -RETVAL: 0 - ---- validns test.com -RETVAL: 0 - ---- jdnssec-verifyzone test.com -zone verified. -RETVAL: 0 - ---- named-checkzone test.com -zone test.com/IN: test.com/MX 'smtp-servers.test.com' has no address records (A or AAAA) -zone test.com/IN: sub.test.test.com/NS 'ns-test.example.net.test.com' has no address records (A or AAAA) -zone test.com/IN: loaded serial 2005092501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 test.dyndns -RETVAL: 0 - ---- validns test.dyndns -RETVAL: 0 - ---- jdnssec-verifyzone test.dyndns -zone verified. -RETVAL: 0 - ---- named-checkzone test.dyndns -zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 sub.test.dyndns -RETVAL: 0 - ---- validns sub.test.dyndns -RETVAL: 0 - ---- jdnssec-verifyzone sub.test.dyndns -zone verified. -RETVAL: 0 - ---- named-checkzone sub.test.dyndns -zone sub.test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 wtest.com -RETVAL: 0 - ---- validns wtest.com -RETVAL: 0 - ---- jdnssec-verifyzone wtest.com -zone verified. -RETVAL: 0 - ---- named-checkzone wtest.com -zone wtest.com/IN: wtest.com/MX 'smtp-servers.wtest.com' is a CNAME (illegal) -zone wtest.com/IN: loaded serial 2005092501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 dnssec-parent.com -RETVAL: 0 - ---- validns dnssec-parent.com -RETVAL: 0 - ---- jdnssec-verifyzone dnssec-parent.com -zone verified. -RETVAL: 0 - ---- named-checkzone dnssec-parent.com -zone dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 delegated.dnssec-parent.com -RETVAL: 0 - ---- validns delegated.dnssec-parent.com -RETVAL: 0 - ---- jdnssec-verifyzone delegated.dnssec-parent.com -zone verified. -RETVAL: 0 - ---- named-checkzone delegated.dnssec-parent.com -zone delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 secure-delegated.dnssec-parent.com -RETVAL: 0 - ---- validns secure-delegated.dnssec-parent.com -RETVAL: 0 - ---- jdnssec-verifyzone secure-delegated.dnssec-parent.com -zone verified. -RETVAL: 0 - ---- named-checkzone secure-delegated.dnssec-parent.com -zone secure-delegated.dnssec-parent.com/IN: loaded serial 2005092501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 minimal.com -RETVAL: 0 - ---- validns minimal.com -RETVAL: 0 - ---- jdnssec-verifyzone minimal.com -zone verified. -RETVAL: 0 - ---- named-checkzone minimal.com -zone minimal.com/IN: loaded serial 2000081501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 tsig.com -RETVAL: 0 - ---- validns tsig.com -RETVAL: 0 - ---- jdnssec-verifyzone tsig.com -zone verified. -RETVAL: 0 - ---- named-checkzone tsig.com -zone tsig.com/IN: loaded serial 2000081501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 stest.com -RETVAL: 0 - ---- validns stest.com -RETVAL: 0 - ---- jdnssec-verifyzone stest.com -zone verified. -RETVAL: 0 - ---- named-checkzone stest.com -zone stest.com/IN: loaded serial 2000081501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 cdnskey-cds-test.com -RETVAL: 0 - ---- validns cdnskey-cds-test.com -RETVAL: 0 - ---- jdnssec-verifyzone cdnskey-cds-test.com -zone verified. -RETVAL: 0 - ---- named-checkzone cdnskey-cds-test.com -zone cdnskey-cds-test.com/IN: loaded serial 2005092501 (DNSSEC signed) -OK -RETVAL: 0 - ---- ldns-verify-zone -V2 2.0.192.in-addr.arpa -RETVAL: 0 - ---- validns 2.0.192.in-addr.arpa -RETVAL: 0 - ---- jdnssec-verifyzone 2.0.192.in-addr.arpa -zone verified. -RETVAL: 0 - ---- named-checkzone 2.0.192.in-addr.arpa -zone 2.0.192.in-addr.arpa/IN: loaded serial 2000081501 (DNSSEC signed) -OK -RETVAL: 0 -