From: Aram Sargsyan Date: Thu, 10 Apr 2025 18:32:53 +0000 (+0000) Subject: Test 'stale-answer-client-timeout 0' with a delegation X-Git-Tag: v9.21.8~15^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=441b7d53f4c023f891f7404130b191bb575501c2;p=thirdparty%2Fbind9.git Test 'stale-answer-client-timeout 0' with a delegation Add a new test which gets an answer for a delegated zone, then checks whether the 'stale-answer-client-timeout 0' mode (i.e. the 'stalefirst' mode) works for it. --- diff --git a/bin/tests/system/serve-stale/ans2/ans.pl b/bin/tests/system/serve-stale/ans2/ans.pl index fed26967fe9..6fac57c1394 100644 --- a/bin/tests/system/serve-stale/ans2/ans.pl +++ b/bin/tests/system/serve-stale/ans2/ans.pl @@ -44,11 +44,14 @@ my $udpsock = IO::Socket::INET->new(LocalAddr => "$localaddr", LocalPort => $localport, Proto => "udp", Reuse => 1) or die "$!"; # -# Delegation +# Delegations # my $SOA = "example 300 IN SOA . . 0 0 0 0 300"; my $NS = "example 300 IN NS ns.example"; my $A = "ns.example 300 IN A $localaddr"; +my $ssSOA = "delegated.serve.stale 300 IN SOA . . 0 0 0 0 300"; +my $ssNS = "delegated.serve.stale 300 IN NS ns.delegated.serve.stale"; +my $ssA = "ns.delegated.serve.stale 300 IN A $localaddr"; # # Slow delegation @@ -66,6 +69,7 @@ my $TXT = "data.example 2 IN TXT \"A text record with a 2 second ttl\""; my $LONGTXT = "longttl.example 600 IN TXT \"A text record with a 600 second ttl\""; my $CAA = "othertype.example 2 IN CAA 0 issue \"ca1.example.net\""; my $negSOA = "example 2 IN SOA . . 0 0 0 0 300"; +my $ssnegSOA = "delegated.serve.stale 2 IN SOA . . 0 0 0 0 300"; my $CNAME = "cname.example 7 IN CNAME target.example"; my $TARGET = "target.example 9 IN A $localaddr"; my $SHORTCNAME = "shortttl.cname.example 1 IN CNAME longttl.target.example"; @@ -223,6 +227,38 @@ sub reply_handler { push @auth, $rr; } $rcode = "NOERROR"; + } elsif ($qname eq "ns.delegated.serve.stale" ) { + if ($qtype eq "A") { + my $rr = new Net::DNS::RR($ssA); + push @ans, $rr; + } else { + my $rr = new Net::DNS::RR($ssSOA); + push @auth, $rr; + } + $rcode = "NOERROR"; + } elsif ($qname eq "delegated.serve.stale") { + if ($qtype eq "NS") { + my $rr = new Net::DNS::RR($ssNS); + push @auth, $rr; + $rr = new Net::DNS::RR($ssA); + push @add, $rr; + } elsif ($qtype eq "SOA") { + my $rr = new Net::DNS::RR($ssSOA); + push @ans, $rr; + } else { + my $rr = new Net::DNS::RR($ssSOA); + push @auth, $rr; + } + $rcode = "NOERROR"; + } elsif ($qname eq "www.delegated.serve.stale") { + if ($qtype eq "A") { + my $rr = new Net::DNS::RR("www.delegated.serve.stale 2 IN A 10.53.0.99"); + push @ans, $rr; + } else { + my $rr = new Net::DNS::RR($ssnegSOA); + push @auth, $rr; + } + $rcode = "NOERROR"; } elsif ($qname eq "ns.slow" ) { if ($qtype eq "A") { my $rr = new Net::DNS::RR($slowA); diff --git a/bin/tests/system/serve-stale/ns3/named9.conf.in b/bin/tests/system/serve-stale/ns3/named9.conf.in new file mode 100644 index 00000000000..cb097135192 --- /dev/null +++ b/bin/tests/system/serve-stale/ns3/named9.conf.in @@ -0,0 +1,49 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion yes; + dnssec-validation no; + stale-answer-enable yes; + stale-cache-enable yes; + stale-answer-ttl 3; + stale-answer-client-timeout 0; +}; + +zone "." { + type secondary; + primaries { 10.53.0.1; }; + file "root.bk"; +}; + +zone "serve.stale" IN { + type primary; + notify no; + file "serve.stale.db"; +}; diff --git a/bin/tests/system/serve-stale/ns3/serve.stale.db b/bin/tests/system/serve-stale/ns3/serve.stale.db index 704f4510129..09a696563df 100644 --- a/bin/tests/system/serve-stale/ns3/serve.stale.db +++ b/bin/tests/system/serve-stale/ns3/serve.stale.db @@ -16,3 +16,6 @@ ns.serve.stale. IN A 10.53.0.6 $ORIGIN serve.stale. test IN NS nss1.example.nxd. test IN NS nss2.example.nxd. + +delegated IN NS ns2.delegated.serve.stale. +ns2.delegated IN A 10.53.0.2 diff --git a/bin/tests/system/serve-stale/tests.sh b/bin/tests/system/serve-stale/tests.sh index 714adab7d78..73aa288d3a2 100755 --- a/bin/tests/system/serve-stale/tests.sh +++ b/bin/tests/system/serve-stale/tests.sh @@ -2507,5 +2507,33 @@ grep "2001:aaaa" dig.out.2.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) +n=$((n + 1)) +echo_i "check serve-stale (stale-answer-client-timeout 0) with a delegation ($n)" +ret=0 +# configure ns3 with stale-answer-client-timeout 0 and a delegated zone +copy_setports ns3/named9.conf.in ns3/named.conf +rndc_reload ns3 10.53.0.3 +# flush cache, enable ans2 responses, make sure serve-stale is on +$RNDCCMD 10.53.0.3 flush >rndc.out.test$n.1 2>&1 || ret=1 +$DIG -p ${PORT} @10.53.0.2 txt enable >/dev/null || ret=1 +$RNDCCMD 10.53.0.3 serve-stale on >rndc.out.test$n.2 2>&1 || ret=1 +# prime the cache with the A response +$DIG -p ${PORT} @10.53.0.3 www.delegated.serve.stale >dig.out.1.test$n || ret=1 +grep -F "status: NOERROR" dig.out.1.test$n >/dev/null || ret=1 +grep -F "10.53.0.99" dig.out.1.test$n >/dev/null || ret=1 +# disable responses from the auth server +$DIG -p ${PORT} @10.53.0.2 txt disable >/dev/null || ret=1 +# wait two seconds for the previous answer to become stale +sleep 2 +# resend the query; we should immediately get a stale answer +$DIG -p ${PORT} @10.53.0.3 www.delegated.serve.stale >dig.out.2.test$n || ret=1 +grep -F "status: NOERROR" dig.out.2.test$n >/dev/null || ret=1 +grep -F "EDE: 3 (Stale Answer): (stale data prioritized over lookup)" dig.out.2.test$n >/dev/null || ret=1 +grep -F "10.53.0.99" dig.out.2.test$n >/dev/null || ret=1 +# re-enable responses +$DIG -p ${PORT} @10.53.0.2 txt enable >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1