From: Michal Nowak Date: Thu, 7 Mar 2024 13:58:38 +0000 (+0100) Subject: Rewrite glue system test to pytest X-Git-Tag: v9.19.23~25^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9950f6d651770d3ddd25873b5614f3d440797fec;p=thirdparty%2Fbind9.git Rewrite glue system test to pytest Limit dnspython to version 2.0.0+ (https://github.com/rthalley/dnspython/pull/503), otherwise the test fails with: E AttributeError: module 'dns.edns' has no attribute 'OptionType' --- diff --git a/bin/tests/system/glue/clean.sh b/bin/tests/system/glue/clean.sh index 3c5fac95447..92036f2bba5 100644 --- a/bin/tests/system/glue/clean.sh +++ b/bin/tests/system/glue/clean.sh @@ -18,7 +18,6 @@ rm -f */named.conf rm -f */named.memstats rm -f */named.run -rm -f dig.out rm -f ns*/K* rm -f ns*/dsset-* rm -f ns*/managed-keys.bind* diff --git a/bin/tests/system/glue/fi.good b/bin/tests/system/glue/fi.good deleted file mode 100644 index a08bc7af49f..00000000000 --- a/bin/tests/system/glue/fi.good +++ /dev/null @@ -1,27 +0,0 @@ - -; <<>> DiG 9.0 <<>> +norec @10.53.0.1 -p 5300 foo.bar.fi. A -;; global options: printcmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58772 -;; flags: qr ad; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7 - -;; QUESTION SECTION: -;foo.bar.fi. IN A - -;; AUTHORITY SECTION: -fi. 172800 IN NS NS.EU.NET. -fi. 172800 IN NS NS.TELE.fi. -fi. 172800 IN NS PRIFI.EUNET.fi. -fi. 172800 IN NS NS.UU.NET. -fi. 172800 IN NS T.NS.VERIO.NET. -fi. 172800 IN NS HYDRA.HELSINKI.fi. - -;; ADDITIONAL SECTION: -NS.TELE.fi. 172800 IN A 193.210.19.19 -NS.TELE.fi. 172800 IN A 193.210.18.18 -PRIFI.EUNET.fi. 172800 IN A 193.66.1.146 -NS.UU.NET. 172800 IN A 137.39.1.3 -T.NS.VERIO.NET. 172800 IN A 192.67.14.16 -HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29 -NS.EU.NET. 172800 IN A 192.16.202.11 - diff --git a/bin/tests/system/glue/noglue.good b/bin/tests/system/glue/noglue.good deleted file mode 100644 index 22eca7bede4..00000000000 --- a/bin/tests/system/glue/noglue.good +++ /dev/null @@ -1,14 +0,0 @@ - -; <<>> DiG 9.0 <<>> @10.53.0.1 -p 5300 example.net a -;; global options: printcmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29409 -;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 - -;; QUESTION SECTION: -;example.net. IN A - -;; AUTHORITY SECTION: -example.net. 300 IN NS ns2.example. -example.net. 300 IN NS ns1.example. - diff --git a/bin/tests/system/glue/tests.sh b/bin/tests/system/glue/tests.sh deleted file mode 100644 index 4c04b7e0a58..00000000000 --- a/bin/tests/system/glue/tests.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/sh - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -set -e - -. ../conf.sh - -dig_with_opts() { - "$DIG" +norec -p "${PORT}" "$@" -} - -status=0 -n=0 - -n=$((n + 1)) -echo_i "testing that a ccTLD referral gets a full glue set from the root zone ($n)" -ret=0 -dig_with_opts @10.53.0.1 foo.bar.fi. A >dig.out.$n || ret=1 -digcomp --lc fi.good dig.out.$n || ret=1 -if [ "$ret" -ne 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -n=$((n + 1)) -echo_i "testing that we don't find out-of-zone glue ($n)" -ret=0 -dig_with_opts @10.53.0.1 example.net. A >dig.out.$n || ret=1 -digcomp noglue.good dig.out.$n || ret=1 -if [ "$ret" -ne 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -n=$((n + 1)) -echo_i "testing truncation for unsigned referrals close to UDP packet size limit (A glue) ($n)" -ret=0 -dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-a.tc-test-unsigned. >dig.out.$n || ret=1 -grep -q "flags:[^;]* tc" dig.out.$n || ret=1 -if [ "$ret" -ne 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -n=$((n + 1)) -echo_i "testing truncation for unsigned referrals close to UDP packet size limit (AAAA glue) ($n)" -ret=0 -dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-aaaa.tc-test-unsigned. >dig.out.$n || ret=1 -grep -q "flags:[^;]* tc" dig.out.$n || ret=1 -if [ "$ret" -ne 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -n=$((n + 1)) -echo_i "testing truncation for unsigned referrals close to UDP packet size limit (A+AAAA glue) ($n)" -ret=0 -dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-both.tc-test-unsigned. >dig.out.$n || ret=1 -grep -q "flags:[^;]* tc" dig.out.$n || ret=1 -if [ "$ret" -ne 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -n=$((n + 1)) -echo_i "testing truncation for signed referrals close to UDP packet size limit (A glue) ($n)" -ret=0 -dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-a.tc-test-signed. >dig.out.$n || ret=1 -grep -q "flags:[^;]* tc" dig.out.$n || ret=1 -if [ "$ret" -ne 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -n=$((n + 1)) -echo_i "testing truncation for signed referrals close to UDP packet size limit (AAAA glue) ($n)" -ret=0 -dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-aaaa.tc-test-signed. >dig.out.$n || ret=1 -grep -q "flags:[^;]* tc" dig.out.$n || ret=1 -if [ "$ret" -ne 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -n=$((n + 1)) -echo_i "testing truncation for signed referrals close to UDP packet size limit (A+AAAA glue) ($n)" -ret=0 -dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-both.tc-test-signed. >dig.out.$n || ret=1 -grep -q "flags:[^;]* tc" dig.out.$n || ret=1 -if [ "$ret" -ne 0 ]; then echo_i "failed"; fi -status=$((status + ret)) - -echo_i "exit status: $status" -[ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/glue/tests_glue.py b/bin/tests/system/glue/tests_glue.py new file mode 100644 index 00000000000..9d9a8e4a522 --- /dev/null +++ b/bin/tests/system/glue/tests_glue.py @@ -0,0 +1,104 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import dns.message + +import isctest + +import pytest + +pytest.importorskip("dns", minversion="2.0.0") + + +def test_glue_full_glue_set(): + """test that a ccTLD referral gets a full glue set from the root zone""" + msg = dns.message.make_query("foo.bar.fi", "A") + msg.flags &= ~dns.flags.RD + res = isctest.query.udp(msg, "10.53.0.1") + + answer = """;ANSWER +;AUTHORITY +fi. 172800 IN NS HYDRA.HELSINKI.fi. +fi. 172800 IN NS NS.EU.NET. +fi. 172800 IN NS NS.UU.NET. +fi. 172800 IN NS NS.TELE.fi. +fi. 172800 IN NS T.NS.VERIO.NET. +fi. 172800 IN NS PRIFI.EUNET.fi. +;ADDITIONAL +NS.TELE.fi. 172800 IN A 193.210.18.18 +NS.TELE.fi. 172800 IN A 193.210.19.19 +PRIFI.EUNET.fi. 172800 IN A 193.66.1.146 +HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29 +NS.EU.NET. 172800 IN A 192.16.202.11 +T.NS.VERIO.NET. 172800 IN A 192.67.14.16 +NS.UU.NET. 172800 IN A 137.39.1.3 +""" + expected_answer = dns.message.from_text(answer) + + isctest.check.noerror(res) + isctest.check.rrsets_equal(res.answer, expected_answer.answer) + isctest.check.rrsets_equal(res.authority, expected_answer.authority) + isctest.check.rrsets_equal(res.additional, expected_answer.additional) + + +def test_glue_no_glue_set(): + """test that out-of-zone glue is not found""" + msg = dns.message.make_query("example.net.", "A") + msg.flags &= ~dns.flags.RD + res = isctest.query.udp(msg, "10.53.0.1") + + answer = """;ANSWER +;AUTHORITY +example.net. 300 IN NS ns2.example. +example.net. 300 IN NS ns1.example. +;ADDITIONAL +""" + expected_answer = dns.message.from_text(answer) + + isctest.check.noerror(res) + isctest.check.rrsets_equal(res.answer, expected_answer.answer) + isctest.check.rrsets_equal(res.authority, expected_answer.authority) + isctest.check.rrsets_equal(res.additional, expected_answer.additional) + + +@pytest.mark.parametrize( + "qname,dnssec", + [ + # test truncation for unsigned referrals close to UDP packet size limit (A glue) + ("foo.subdomain-a.tc-test-unsigned.", False), + # test truncation for unsigned referrals close to UDP packet size limit (AAAA glue) + ("foo.subdomain-aaaa.tc-test-unsigned.", False), + # test truncation for unsigned referrals close to UDP packet size limit (A+AAAA glue) + ("foo.subdomain-both.tc-test-unsigned.", False), + # test truncation for signed referrals close to UDP packet size limit (A glue) + ("foo.subdomain-a.tc-test-signed.", True), + # test truncation for signed referrals close to UDP packet size limit (AAAA glue) + ("foo.subdomain-aaaa.tc-test-signed.", True), + # test truncation for signed referrals close to UDP packet size limit (A+AAAA glue) + ("foo.subdomain-both.tc-test-signed.", True), + ], +) +def test_glue_truncation(qname, dnssec): + msg = dns.message.make_query(qname, "A") + msg.flags &= ~dns.flags.RD + if dnssec: + msg.use_edns( + payload=512, + # Zones used in this test were created with dig in mind that, unlike dnspython, + # by default, sets a cookie. Given that the message size must be close to the + # truncation limit, we also need to set a cookie here. + options=[dns.edns.GenericOption(dns.edns.OptionType.COOKIE, b"0xda13cc")], + ) + msg.want_dnssec(wanted=True) + res = isctest.query.udp(msg, "10.53.0.1") + + isctest.check.noerror(res) + assert res.flags & dns.flags.TC diff --git a/bin/tests/system/glue/tests_sh_glue.py b/bin/tests/system/glue/tests_sh_glue.py deleted file mode 100644 index 4f3ff04afc4..00000000000 --- a/bin/tests/system/glue/tests_sh_glue.py +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - - -def test_glue(run_tests_sh): - run_tests_sh()