From: TCY16 Date: Fri, 8 Oct 2021 13:55:40 +0000 (+0200) Subject: add more tests X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b825bb668d2509baecd567d9ce1f0b32d8e477c0;p=thirdparty%2Funbound.git add more tests --- diff --git a/testdata/ede.tdir/ede.conf b/testdata/ede.tdir/ede.conf index eb07ba4c2..b8739071b 100644 --- a/testdata/ede.tdir/ede.conf +++ b/testdata/ede.tdir/ede.conf @@ -13,9 +13,14 @@ server: module-config: "respip validator iterator" + access-control: 127.0.0.2/32 refuse + local-zone: hopsa.kidee. always_refuse local-data: "hopsa.kidee. TXT hela hola" + localzone: nlnetlabs.nl transparant + local-data: "hopsa.nlnetlabs.nl. TXT hela hola" + local-zone: uva.nl. always_null local-zone: example.com redirect diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test index aeec9b20a..fc5a781ee 100644 --- a/testdata/ede.tdir/ede.test +++ b/testdata/ede.tdir/ede.test @@ -7,12 +7,13 @@ . ../common.sh get_random_port 2 UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) +UNBOUND_PORT2=$(($RND_PORT + 1)) echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "UNBOUND_PORT=2=$UNBOUND_PORT2" >> .tpkg.var.test # rewrite config file with created ports sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < ede.conf > ub.conf +sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < ede-auth.conf > ub2.conf # start unbound in the background PRE="../.." @@ -20,6 +21,11 @@ $PRE/unbound -d -c ub.conf > unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +# start "authoritative unbound" in the background +$PRE/unbound -d -c ub.conf > unbound.log 2>&1 & +UNBOUND_PID2=$! +echo "UNBOUND_PID2=$UNBOUND_PID2" >> .tpkg.var.test + # query with bad edns keepalive dig @127.0.0.1 -p $UNBOUND_PORT +tcp +ednsopt=11:010203 > keepalive.txt @@ -72,9 +78,9 @@ then fi # RPZ always_refuse -dig @127.0.0.1 -p $UNBOUND_PORT hopsa.kidee. A > always_refuse_forged.txt +dig @127.0.0.1 -p $UNBOUND_PORT hopsa.kidee. A > always_refuse.txt -if ! grep -q "OPT=15: 00 04" always_refuse_forged.txt +if ! grep -q "OPT=15: 00 04" always_refuse.txt then echo "local-zone always_null must have EDE blocked code" exit 1 @@ -92,5 +98,30 @@ then exit 1 fi +# local data forged answer +dig @127.0.0.1 -p $UNBOUND_PORT hopsa.nlnetlabs.nl TXT + +# ACL refused, EDE prohibited +dig @127.0.0.1 -b 127.0.0.2 example.com > refused.txt + +if ! grep -q "OPT=15: 00 12" refused.txt +then + echo "ACL refused does not give EDE prohibited" + exit 1 +fi + + + +# DNSSEC indeterminate + +# ZONE KEY TOEVOEGEN AAN UNBOUND +# SIGNEN MET LDNS SIGNER +# MAKE ZONE RECORD WITH EXPIRED AND NOT INCEPTED RECORD +# zone aanmaken met auth-zone op een tweede unbound + + + + # teardown -kill_pid $UNBOUND_PID \ No newline at end of file +kill_pid $UNBOUND_PID +kill_pid $UNBOUND_PID2 \ No newline at end of file