From: Colin Vidal Date: Fri, 30 Jan 2026 14:48:18 +0000 (+0100) Subject: system test for the ADB fetch loop detection X-Git-Tag: v9.21.19~29^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f8788310b125de12e6ea447337345b609d0e3ba;p=thirdparty%2Fbind9.git system test for the ADB fetch loop detection Add a system test which implement the scenario described in the previous commit "relaxes fetch loop detection". --- diff --git a/bin/tests/system/expiredglue/ns1/named.conf.j2 b/bin/tests/system/expiredglue/ns1/named.conf.j2 new file mode 100644 index 00000000000..5ad42a185a9 --- /dev/null +++ b/bin/tests/system/expiredglue/ns1/named.conf.j2 @@ -0,0 +1,39 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + recursion no; + dnssec-validation no; +}; + +view "default" { + zone "." { + type primary; + file "root.db"; + }; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; diff --git a/bin/tests/system/expiredglue/ns1/root.db b/bin/tests/system/expiredglue/ns1/root.db new file mode 100644 index 00000000000..41c97bf4451 --- /dev/null +++ b/bin/tests/system/expiredglue/ns1/root.db @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +. IN SOA marka.isc.org. a.root.servers.nil. ( + 2010 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +. NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 + +tld. NS ns.tld. +ns.tld. A 10.53.0.2 diff --git a/bin/tests/system/expiredglue/ns2/named.conf.j2 b/bin/tests/system/expiredglue/ns2/named.conf.j2 new file mode 100644 index 00000000000..8851c3728d8 --- /dev/null +++ b/bin/tests/system/expiredglue/ns2/named.conf.j2 @@ -0,0 +1,37 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + recursion no; + dnssec-validation no; +}; + +zone "tld." { + type primary; + file "tld.db"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; diff --git a/bin/tests/system/expiredglue/ns2/tld.db b/bin/tests/system/expiredglue/ns2/tld.db new file mode 100644 index 00000000000..d0f06ce30b4 --- /dev/null +++ b/bin/tests/system/expiredglue/ns2/tld.db @@ -0,0 +1,28 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +tld. IN SOA marka.isc.org. ns.tld. ( + 2010 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +tld. NS ns.tld. +ns.tld. A 10.53.0.2 + +example.tld. NS ns.dnshoster.tld. +missing.tld. NS ns.missing.tld. +dnshoster.tld. NS ns.dnshoster.tld. + +; Delegation's glue has a TTL of 300 on parent-side +ns.dnshoster.tld. A 10.53.0.3 diff --git a/bin/tests/system/expiredglue/ns3/dnshoster.tld.db b/bin/tests/system/expiredglue/ns3/dnshoster.tld.db new file mode 100644 index 00000000000..37c58627364 --- /dev/null +++ b/bin/tests/system/expiredglue/ns3/dnshoster.tld.db @@ -0,0 +1,24 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +dnshoster.tld. IN SOA marka.isc.org. ns.dnshoster.tld. ( + 2010 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) + +; The TTL of the delegation's glue child-side is 2 seconds. +dnshoster.tld. NS ns.dnshoster.tld. +ns.dnshoster.tld. 2 A 10.53.0.3 +a.dnshoster.tld. 2 A 10.53.0.10 diff --git a/bin/tests/system/expiredglue/ns3/example.tld.db b/bin/tests/system/expiredglue/ns3/example.tld.db new file mode 100644 index 00000000000..4d49cae8be7 --- /dev/null +++ b/bin/tests/system/expiredglue/ns3/example.tld.db @@ -0,0 +1,22 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 +example.tld. IN SOA marka.isc.org. ns.dnshoster.tld. ( + 2010 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) + +example.tld. NS ns.dnshoster.tld. +a.example.tld. 2 A 10.53.0.10 diff --git a/bin/tests/system/expiredglue/ns3/named.conf.j2 b/bin/tests/system/expiredglue/ns3/named.conf.j2 new file mode 100644 index 00000000000..91d86edb150 --- /dev/null +++ b/bin/tests/system/expiredglue/ns3/named.conf.j2 @@ -0,0 +1,42 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + recursion no; + dnssec-validation no; +}; + +zone "dnshoster.tld." { + type primary; + file "dnshoster.tld.db"; +}; + +zone "example.tld." { + type primary; + file "example.tld.db"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; diff --git a/bin/tests/system/expiredglue/ns4/named.args b/bin/tests/system/expiredglue/ns4/named.args new file mode 100644 index 00000000000..6d2c4141df9 --- /dev/null +++ b/bin/tests/system/expiredglue/ns4/named.args @@ -0,0 +1 @@ +-D expiredglue-ns4 -m record -c named.conf -d 99 -g -4 -T adbentrywindow=0 -T adbcachemin=1 -T maxcachesize=2097152 diff --git a/bin/tests/system/expiredglue/ns4/named.conf.j2 b/bin/tests/system/expiredglue/ns4/named.conf.j2 new file mode 100644 index 00000000000..7dfe5deacc8 --- /dev/null +++ b/bin/tests/system/expiredglue/ns4/named.conf.j2 @@ -0,0 +1,37 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + recursion yes; + dnssec-validation no; +}; + +zone "." { + type hint; + file "root.hint"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm @DEFAULT_HMAC@; +}; + +controls { + inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; diff --git a/bin/tests/system/expiredglue/ns4/root.hint b/bin/tests/system/expiredglue/ns4/root.hint new file mode 100644 index 00000000000..d7d0e1fabac --- /dev/null +++ b/bin/tests/system/expiredglue/ns4/root.hint @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 999999 +. IN NS a.root-servers.nil. +a.root-servers.nil. IN A 10.53.0.1 diff --git a/bin/tests/system/expiredglue/tests_expiredglue.py b/bin/tests/system/expiredglue/tests_expiredglue.py new file mode 100644 index 00000000000..a7f3c3d137c --- /dev/null +++ b/bin/tests/system/expiredglue/tests_expiredglue.py @@ -0,0 +1,55 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import time + +import isctest + + +def test_expiredglue(ns4): + msg1 = isctest.query.create("a.example.tld.", "A") + res1 = isctest.query.udp(msg1, ns4.ip) + isctest.check.noerror(res1) + isctest.check.rr_count_eq(res1.answer, 1) + + msg2 = isctest.query.create("a.dnshoster.tld.", "A") + res2 = isctest.query.udp(msg2, ns4.ip) + isctest.check.rr_count_eq(res2.answer, 1) + + msg3 = isctest.query.create("ns.dnshoster.tld.", "A") + res3 = isctest.query.udp(msg3, ns4.ip) + isctest.check.rr_count_eq(res3.answer, 1) + + time.sleep(3) + + # Even if the glue is expired but the delegation is not, named + # is able to "recover" by looking up the hints again and does + # not bails out with a fetch loop detection. + res1_2 = isctest.query.udp(msg1, ns4.ip) + isctest.check.same_data(res1_2, res1) + + time.sleep(3) + res2_2 = isctest.query.udp(msg2, ns4.ip) + isctest.check.same_data(res2_2, res2) + + time.sleep(3) + res3_2 = isctest.query.udp(msg3, ns4.ip) + isctest.check.same_data(res3_2, res3) + + +def test_loopdetected(ns4): + msg = isctest.query.create("a.missing.tld.", "A") + with ns4.watch_log_from_here() as watcher: + res = isctest.query.udp(msg, ns4.ip) + + # However, this is a valid fetch loop, and named detects it. + watcher.wait_for_line("loop detected resolving 'ns.missing.tld/A'") + isctest.check.servfail(res)