From: Kees Monshouwer Date: Wed, 3 Jul 2013 20:31:55 +0000 (+0200) Subject: add nsd support to start-test-stop X-Git-Tag: rec-3.6.0-rc1~458^2~10 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5552c9ca5dbbc506fc24b2a7b1807182c72538a1;p=thirdparty%2Fpdns.git add nsd support to start-test-stop --- diff --git a/regression-tests/example.com b/regression-tests/example.com index 4e18d38490..31e7343bb0 100644 --- a/regression-tests/example.com +++ b/regression-tests/example.com @@ -20183,5 +20183,5 @@ host-19999 IN A 192.168.1.31 ; double IN A 192.168.5.1 -host-0 IN EUI48 00-50-56-9b-00-e7 -host-1 IN EUI64 00-50-56-9b-00-e7-7e-57 +;host-0 IN EUI48 00-50-56-9b-00-e7 +;host-1 IN EUI64 00-50-56-9b-00-e7-7e-57 diff --git a/regression-tests/secure-delegated.dnssec-parent.com.key b/regression-tests/secure-delegated.dnssec-parent.com.key index 0a98e66d14..cc0a6d8f88 100644 --- a/regression-tests/secure-delegated.dnssec-parent.com.key +++ b/regression-tests/secure-delegated.dnssec-parent.com.key @@ -1,11 +1 @@ -Private-key-format: v1.2 -Algorithm: 8 (RSASHA256) -Modulus: l31HtJZYaoDXagbsuz6HdvT8gDIyP8+qf9m4pYz852nFP9yfbHAsOGR2ao/+lSoDO/IU/J3iROquYt9uiEHADv7TukFVrip/+PGUeK90w1QPvYf51RioGWaEILqXd4b7wVmLa2R3CfyRShr2TIsy2sRoWc53+hRBuY28gOn7xVa/VxKdEnxRcp1cuXSyam8LuHUrYBSILmgYhhBMJhbBhEzXAJtv6rV9sUJ2Rsjs5Bb+Hs+PfR4uki7PRsmPi90pddkcrxyVJ1MwAWbqtCw0MjTDtB0KBoOZOfdvpMXZQmLh4OeHu4NtKlR3WYjldY3DgLpatSZ5sUt+KvLq+p2Ihw== -PublicExponent: AQAB -PrivateExponent: DZWxeXNGCH73Uk2+qufnk/ZSMljOAsTnoEFw+n+TKllk094/+aRxgrkXmWTCSrQSyCxkT2cFJHL7Imiw680hoPafHAPB4DV1dmiLjOsHCIEgTDnGYKKuaGC2Fo1FCfXz25nhE8dVmXKpwMB8N87/x3h3dx45yhZI8o/QSKsy5bZGqLISiYqiAlOs0Gqxdqt6t+r7akxeVcs8xitMtKgvf5bmgulJZQlqT5aL32yzTZud7Miy71vmlPGwWlWwzZxW7o2sVIWRptimGPflpmV/SRdD16SlLBUkvzUctchkT95kqXDqdgBchl2ff/UKyg5GuUeuwrAA0lwlOoPthvMfcQ== -Prime1: 8qckzuOEAmauNtQBDShkOPjE8mH7f84K47TcDNb6Ye6X+xNyeqJQ/ceFuSWUOQJogIjAmfCRQxh7TiP/31EsW4fbr8K2bKq/mUR3xBKU7O2o2aR2hDUv/WiVKHusPgpNwYJouK5NJKw4lM9/1cis/DwINi007wJZ8wkYTyjVIuk= -Prime2: n9JwmtfuLc/3X+nqkY2e6LqmA+GTXTk4+8epTCk3+8GClj07PWdI3iHkUH5EkfqOwYWQ0pyWaxylYNBIs8m7+cFbx94ShB42l2h45zISZEviVuuxSj1tiLk25WrTu4dq30xZcFtHVeu9+efLsl3FWG2q9B7B3YSa4LK5+wvRye8= -Exponent1: tF19RLNlCovcbzDC307owFhZvHkMgoFbIsrqzjh1wJmjKqPX8kP4w8qtIWRHeuDJYNFFqKdismbeMMUdipdBy39+0nR/OOLqrDhydbICNOKrIavX1IncdBZq2L6k1zC9f1s6EByvhtTk8egS84vI2WyeBfcwY4Bx7+8QvLZzRxE= -Exponent2: kr24UCPEd2HEQtdWXTAH4K1HMrcSA/0/OcXXxqrt0QSarvEnjDhh6jp6FAHrWZERM9Q75XSKk2wo2BxFNHYcVrPXXkqi+5V2EEyG/de2lUorVh1vmbeO84MDSV9tanhqgv3p/MSCWfxqYKMYHvwD7y46UYxP+eEAByFyq3Ltuxc= -Coefficient: C/xjNwvVWlrWX/NCxT80eW09sWsqvxUlwsMlGK4irzRVSBz2u+/0qkNHoWAjaHlllHAjJAmkKoHgRdl7blxn2C5EOuCtTQJvKO0xcyZgtaCyJpKOwHE3kKv+TIErBPHYxPk0exkyEf4s9REhKlYdV8p92AZWLVwGOMRfAPNuryY= - +secure-delegated.dnssec-parent.com. IN DNSKEY 257 3 8 AwEAAZd9R7SWWGqA12oG7Ls+h3b0/IAyMj/Pqn/ZuKWM/OdpxT/cn2xwLDhkdmqP/pUqAzvyFPyd4kTqrmLfbohBwA7+07pBVa4qf/jxlHivdMNUD72H+dUYqBlmhCC6l3eG+8FZi2tkdwn8kUoa9kyLMtrEaFnOd/oUQbmNvIDp+8VWv1cSnRJ8UXKdXLl0smpvC7h1K2AUiC5oGIYQTCYWwYRM1wCbb+q1fbFCdkbI7OQW/h7Pj30eLpIuz0bJj4vdKXXZHK8clSdTMAFm6rQsNDI0w7QdCgaDmTn3b6TF2UJi4eDnh7uDbSpUd1mI5XWNw4C6WrUmebFLfiry6vqdiIc= diff --git a/regression-tests/secure-delegated.dnssec-parent.com.private b/regression-tests/secure-delegated.dnssec-parent.com.private new file mode 100644 index 0000000000..0a98e66d14 --- /dev/null +++ b/regression-tests/secure-delegated.dnssec-parent.com.private @@ -0,0 +1,11 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: l31HtJZYaoDXagbsuz6HdvT8gDIyP8+qf9m4pYz852nFP9yfbHAsOGR2ao/+lSoDO/IU/J3iROquYt9uiEHADv7TukFVrip/+PGUeK90w1QPvYf51RioGWaEILqXd4b7wVmLa2R3CfyRShr2TIsy2sRoWc53+hRBuY28gOn7xVa/VxKdEnxRcp1cuXSyam8LuHUrYBSILmgYhhBMJhbBhEzXAJtv6rV9sUJ2Rsjs5Bb+Hs+PfR4uki7PRsmPi90pddkcrxyVJ1MwAWbqtCw0MjTDtB0KBoOZOfdvpMXZQmLh4OeHu4NtKlR3WYjldY3DgLpatSZ5sUt+KvLq+p2Ihw== +PublicExponent: AQAB +PrivateExponent: DZWxeXNGCH73Uk2+qufnk/ZSMljOAsTnoEFw+n+TKllk094/+aRxgrkXmWTCSrQSyCxkT2cFJHL7Imiw680hoPafHAPB4DV1dmiLjOsHCIEgTDnGYKKuaGC2Fo1FCfXz25nhE8dVmXKpwMB8N87/x3h3dx45yhZI8o/QSKsy5bZGqLISiYqiAlOs0Gqxdqt6t+r7akxeVcs8xitMtKgvf5bmgulJZQlqT5aL32yzTZud7Miy71vmlPGwWlWwzZxW7o2sVIWRptimGPflpmV/SRdD16SlLBUkvzUctchkT95kqXDqdgBchl2ff/UKyg5GuUeuwrAA0lwlOoPthvMfcQ== +Prime1: 8qckzuOEAmauNtQBDShkOPjE8mH7f84K47TcDNb6Ye6X+xNyeqJQ/ceFuSWUOQJogIjAmfCRQxh7TiP/31EsW4fbr8K2bKq/mUR3xBKU7O2o2aR2hDUv/WiVKHusPgpNwYJouK5NJKw4lM9/1cis/DwINi007wJZ8wkYTyjVIuk= +Prime2: n9JwmtfuLc/3X+nqkY2e6LqmA+GTXTk4+8epTCk3+8GClj07PWdI3iHkUH5EkfqOwYWQ0pyWaxylYNBIs8m7+cFbx94ShB42l2h45zISZEviVuuxSj1tiLk25WrTu4dq30xZcFtHVeu9+efLsl3FWG2q9B7B3YSa4LK5+wvRye8= +Exponent1: tF19RLNlCovcbzDC307owFhZvHkMgoFbIsrqzjh1wJmjKqPX8kP4w8qtIWRHeuDJYNFFqKdismbeMMUdipdBy39+0nR/OOLqrDhydbICNOKrIavX1IncdBZq2L6k1zC9f1s6EByvhtTk8egS84vI2WyeBfcwY4Bx7+8QvLZzRxE= +Exponent2: kr24UCPEd2HEQtdWXTAH4K1HMrcSA/0/OcXXxqrt0QSarvEnjDhh6jp6FAHrWZERM9Q75XSKk2wo2BxFNHYcVrPXXkqi+5V2EEyG/de2lUorVh1vmbeO84MDSV9tanhqgv3p/MSCWfxqYKMYHvwD7y46UYxP+eEAByFyq3Ltuxc= +Coefficient: C/xjNwvVWlrWX/NCxT80eW09sWsqvxUlwsMlGK4irzRVSBz2u+/0qkNHoWAjaHlllHAjJAmkKoHgRdl7blxn2C5EOuCtTQJvKO0xcyZgtaCyJpKOwHE3kKv+TIErBPHYxPk0exkyEf4s9REhKlYdV8p92AZWLVwGOMRfAPNuryY= + diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop index 84564bd3b7..755e7c2a9a 100755 --- a/regression-tests/start-test-stop +++ b/regression-tests/start-test-stop @@ -3,11 +3,70 @@ PDNS=${PDNS:-../pdns/pdns_server} PDNS2=${PDNS2:-../pdns/pdns_server} +cleanlongtxt () +{ + sed -e 's/"A very .*"/"shorter"/' < test.com > test.com.shorttxt +} + +tonsd () +{ + cat > nsd.conf << __EOF__ +server: + ip-address: 127.0.0.1@$port + database: ./nsd.db + zonesdir: . + username: "" +__EOF__ + + cleanlongtxt + rm -f K* + for zone in $(grep zone named.conf | cut -f2 -d\") + do + if [ ! "${zone: 0:16}" = "secure-delegated" ] + then + ksk=$(ldns-keygen -r /dev/urandom -a RSASHA256 -k $zone) + else + ksk="secure-delegated.dnssec-parent.com" + fi + zsk=$(ldns-keygen -r /dev/urandom -a RSASHA256 $zone) + if [ $zone = test.com ] + then + zonefile=test.com.shorttxt + else + zonefile=${zone} + fi + + case $1 in + nsec) + ldns-signzone -f ${zone}.signed ${zonefile} $ksk $zsk + ;; + nsec3) + ldns-signzone -n -a 1 -s abcd -t 1 -f ${zone}.signed ${zonefile} $ksk $zsk + ;; + nsec3-optout) + ldns-signzone -n -p -a 1 -s abcd -t 1 -f ${zone}.signed ${zonefile} $ksk $zsk + ;; + unsigned) + cp ${zonefile} ${zone}.signed + ;; + *) + echo 'tonsd called with wrong param' + exit 1 + esac + echo "" >> nsd.conf + echo "zone:" >> nsd.conf + echo " name: \"${zone}\"" >> nsd.conf + echo " zonefile: \"${zone}.signed\"" >> nsd.conf + echo " provide-xfr: 0.0.0.0/0 NOKEY" >> nsd.conf + echo " provide-xfr: ::0/0 NOKEY" >> nsd.conf + done + nsdc -c nsd.conf rebuild +} + tosql () { make -C ../pdns/backends/bind zone2sql > /dev/null ../pdns/backends/bind/zone2sql --transactions --$1 --named-conf=./named.conf - } bindwait () @@ -45,7 +104,7 @@ securezone () fi if [ "${zone: 0:16}" = "secure-delegated" ] then - ../pdns/pdnssec --config-dir=. $configname import-zone-key $zone $zone.key ksk 2>&1 + ../pdns/pdnssec --config-dir=. $configname import-zone-key $zone $zone.private ksk 2>&1 ../pdns/pdnssec --config-dir=. $configname add-zone-key $zone 1024 zsk 2>&1 keyid=`../pdns/pdnssec --config-dir=. $configname show-zone $zone | grep ZSK | cut -d' ' -f3` ../pdns/pdnssec --config-dir=. $configname activate-zone-key $zone $keyid 2>&1 @@ -106,6 +165,7 @@ then Usage: ./start-test-stop [] [wait|nowait] [] [] context is one of: +ext-nsd ext-nsd-nsec ext-nsd-nsec3 bind bind-dnssec bind-dnssec-nsec3 bind-dnssec-nsec3-optout bind-dnssec-nsec3-narrow gmysql-nodnssec gmysql gmysql-nsec3 gmysql-nsec3-optout gmysql-nsec3-narrow gpgsql-nodnssec gpgsql gpgsql-nsec3 @@ -118,8 +178,8 @@ remotebackend-pipe-dnssec remotebackend-unix-dnssec remotebackend-http-dnssec #remotebackend-pipe-nsec3 remotebackend-unix-nsec3 remotebackend-http-nsec3 #remotebackend-pipe-nsec3-narrow remotebackend-unix-nsec3-narrow remotebackend-http-nsec3-narrow -* Add -presigned to any gmysql test (except narrow) to - test presigned operation +add -presigned to any ext-nsd bind, gmysql or gsqlite3 test (except narrow) +to test presigned operation * Add 'wait' (literally) after the context to not kill pdns_server immediately after testing. 'nowait' will kill it. @@ -163,6 +223,32 @@ fi case $context in + ext-nsd | ext-nsd-nsec | ext-nsd-nsec3 | ext-nsd-nsec3-optout) + case $context in + ext-nsd) + tonsd unsigned + extracontexts="extnsd" + skipreasons=nodnssec + ;; + ext-nsd-nsec) + tonsd nsec + extracontexts="extnsd dnssec" + ;; + ext-nsd-nsec3) + tonsd nsec3 + extracontexts="extnsd dnssec nsec3" + skipreasons="nsec3" + ;; + ext-nsd-nsec3-optout) + tonsd nsec3-optout + extracontexts="extnsd dnssec nsec3 nsec3-optout" + skipreasons="optout" + ;; + esac + nsd -c nsd.conf -P pdns.pid -d & + sleep 5 + ;; + bind) $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=./named.conf \ @@ -661,7 +747,7 @@ export optout if [ $presigned = yes ] then skipreasons="$skipreasons presigned nodyndns" - if [ ${context:0:6} = gmysql ] + if [ ${context:0:6} = gmysql ] | [ ${context:0:7} = ext-nsd ] then context=${context}-presigned [ -z "$GMYSQL2DB" ] && GMYSQL2DB=pdnstest2 @@ -818,13 +904,14 @@ then read l fi kill $(cat pdns*.pid) -rm pdns*.pid +rm pdns*.pid || true if [ -s "./failed_tests" ] then + set +x for t in `cat failed_tests` do - echo $t + echo -e "\n\n$t" cat $t/diff done exit 1