From: Aram Sargsyan Date: Wed, 13 Sep 2023 13:17:38 +0000 (+0000) Subject: Check zone transfer transports in the statistics channel X-Git-Tag: v9.19.18~69^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e92d1eeafca6e5a75299bff6a90ce37848409e85;p=thirdparty%2Fbind9.git Check zone transfer transports in the statistics channel Add two more secondary zones to ns3 to be transferred from ns1, using its IPv6 address for which the 'tcp-only' is set to 'yes'. Check the statistics channel's incoming zone transfers information to confirm that the expected transports were used for each of the SOA query cases (UDP, TCP, TLS), and also for zone transfers (TCP, TLS). --- diff --git a/bin/tests/system/statschannel/clean.sh b/bin/tests/system/statschannel/clean.sh index d1c381e6299..1ff2586850d 100644 --- a/bin/tests/system/statschannel/clean.sh +++ b/bin/tests/system/statschannel/clean.sh @@ -32,5 +32,5 @@ rm -f traffic traffic.out.* traffic.json.* traffic.xml.* rm -f xml.*mem json.*mem rm -f xml.*stats json.*stats rm -f zones zones.out.* zones.json.* zones.xml.* zones.expect.* -rm -f xfrins xfrins.json.* xfrins.xml.* +rm -f xfrins xfrins.* rm -rf ./__pycache__ diff --git a/bin/tests/system/statschannel/ns1/example-tcp.db b/bin/tests/system/statschannel/ns1/example-tcp.db new file mode 100644 index 00000000000..77b2bbfeb87 --- /dev/null +++ b/bin/tests/system/statschannel/ns1/example-tcp.db @@ -0,0 +1,49 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +example-tcp IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +example-tcp. NS ns2.example-tcp. +ns2.example-tcp. A 10.53.0.2 + +$ORIGIN example-tcp. +a A 10.0.0.1 + MX 10 mail.example-tcp. +short TXT "short text" +long TXT ( + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + ) + +mail A 10.0.0.2 diff --git a/bin/tests/system/statschannel/ns1/example-tls.db b/bin/tests/system/statschannel/ns1/example-tls.db new file mode 100644 index 00000000000..24c47eb54e5 --- /dev/null +++ b/bin/tests/system/statschannel/ns1/example-tls.db @@ -0,0 +1,49 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN . +$TTL 300 ; 5 minutes +example-tls IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) +example-tls. NS ns2.example-tls. +ns2.example-tls. A 10.53.0.2 + +$ORIGIN example-tls. +a A 10.0.0.1 + MX 10 mail.example-tls. +short TXT "short text" +long TXT ( + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + "longlonglonglonglonglonglonglonglonglong" + ) + +mail A 10.0.0.2 diff --git a/bin/tests/system/statschannel/ns1/named.conf.in b/bin/tests/system/statschannel/ns1/named.conf.in index 52e8a7339f4..5bdfdf0cb64 100644 --- a/bin/tests/system/statschannel/ns1/named.conf.in +++ b/bin/tests/system/statschannel/ns1/named.conf.in @@ -13,12 +13,17 @@ options { query-source address 10.53.0.1; + query-source-v6 address fd92:7065:b8e:ffff::1; notify-source 10.53.0.1; + notify-source-v6 fd92:7065:b8e:ffff::1; transfer-source 10.53.0.1; + transfer-source-v6 fd92:7065:b8e:ffff::1; port @PORT@; + tls-port @TLSPORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; - listen-on-v6 { none; }; + listen-on-v6 { fd92:7065:b8e:ffff::1; }; + listen-on-v6 tls ephemeral { fd92:7065:b8e:ffff::1; }; recursion no; dnssec-validation no; notify explicit; @@ -41,8 +46,24 @@ server 10.53.0.3 { transfer-format one-answer; }; +server fd92:7065:b8e:ffff::3 { + transfer-format one-answer; +}; + zone "example" { type primary; file "example.db"; allow-transfer { any; }; }; + +zone "example-tcp" { + type primary; + file "example-tcp.db"; + allow-transfer { any; }; +}; + +zone "example-tls" { + type primary; + file "example-tls.db"; + allow-transfer { any; }; +}; diff --git a/bin/tests/system/statschannel/ns3/named.conf.in b/bin/tests/system/statschannel/ns3/named.conf.in index cf3fc0935b4..4fa2adeb40f 100644 --- a/bin/tests/system/statschannel/ns3/named.conf.in +++ b/bin/tests/system/statschannel/ns3/named.conf.in @@ -13,9 +13,13 @@ options { query-source address 10.53.0.3; + query-source-v6 fd92:7065:b8e:ffff::3; notify-source 10.53.0.3; + notify-source-v6 fd92:7065:b8e:ffff::3; transfer-source 10.53.0.3; + transfer-source-v6 fd92:7065:b8e:ffff::3; port @PORT@; + tls-port @TLSPORT@; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; @@ -37,8 +41,24 @@ controls { inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; +server fd92:7065:b8e:ffff::1 { + tcp-only yes; +}; + zone "example" { type secondary; file "example.db"; primaries { 10.53.0.1; }; }; + +zone "example-tcp" { + type secondary; + file "example-tcp.db"; + primaries { fd92:7065:b8e:ffff::1; }; +}; + +zone "example-tls" { + type secondary; + file "example-tls.db"; + primaries { fd92:7065:b8e:ffff::1 tls ephemeral; }; +}; diff --git a/bin/tests/system/statschannel/tests.sh b/bin/tests/system/statschannel/tests.sh index 6772ac8d1a6..5f965b5c0fb 100644 --- a/bin/tests/system/statschannel/tests.sh +++ b/bin/tests/system/statschannel/tests.sh @@ -98,7 +98,7 @@ getxfrins() { *) return 1 ;; esac file=`$PERL fetch.pl -s 10.53.0.3 -p ${EXTRAPORT1} $path` - cp $file $file.$1.$3 + cp $file $file.$1.$2 result=$? return $result } @@ -701,26 +701,55 @@ i=0 # Restart ns1 with '-T transferslowly' to see the xfrins information in ns3's statschannel while it's ongoing stop_server ns1 start_server --noclean --restart --port ${PORT} ns1 -- "-D statschannel-ns1 $NS_PARAMS -T transferslowly" -# Request a retransfer of the "example" zone +# Request a retransfer of the secondary zones nextpart ns3/named.run > /dev/null $RNDCCMD 10.53.0.3 retransfer example | sed "s/^/ns3 /" | cat_i +$RNDCCMD 10.53.0.3 retransfer example-tcp | sed "s/^/ns3 /" | cat_i +$RNDCCMD 10.53.0.3 retransfer example-tls | sed "s/^/ns3 /" | cat_i wait_for_log_fast 200 "zone example/IN: Transfer started" ns3/named.run || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) -# We have now less than one second to catch the zone transfer in process +_wait_for_transfers() { + getxfrins xml x$n || return 1 + getxfrins json j$n || return 1 + # XML is encoded in one line, use sed to separate each transfer + count=$(sed 's/\(Initial SOA\|First Data\|Receiving AXFR Data\)') + if [ $count != 3 ]; then return 1; fi + count=$(grep -c '"state":"\(Initial SOA\|First Data\|Receiving AXFR Data\)"' xfrins.json.j$n) + if [ $count != 3 ]; then return 1; fi +} + +# We have now less than one second to catch the zone transfers in progress echo_i "Checking zone transfer information in the statistics channel ($n)" ret=0 -i=0 -getxfrins xml example x$n || ret=1 -getxfrins json example j$n || ret=1 -grep -F 'Initial SOA' xfrins.xml.x$n >/dev/null || ret=1 -grep -F '"state":"Initial SOA"' xfrins.json.j$n >/dev/null || ret=1 +retry_quiet_fast 200 _wait_for_transfers || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) n=$((n + 1)) +if [ $PERL_JSON ]; then + echo_i "Checking zone transfer transports ($n)" + ret=0 + cp xfrins.json.j$((n - 1)) xfrins.json.j$n + $PERL xfrins-json.pl xfrins.json.j$n example > xfrins.example.format$n + echo "soatransport: UDP" > xfrins.example.expect$n + echo "transport: TCP" >> xfrins.example.expect$n + cmp xfrins.example.format$n xfrins.example.expect$n || ret=1 + $PERL xfrins-json.pl xfrins.json.j$n example-tcp > xfrins.example-tcp.format$n + echo "soatransport: TCP" > xfrins.example-tcp.expect$n + echo "transport: TCP" >> xfrins.example-tcp.expect$n + cmp xfrins.example-tcp.format$n xfrins.example-tcp.expect$n || ret=1 + $PERL xfrins-json.pl xfrins.json.j$n example-tls > xfrins.example-tls.format$n + echo "soatransport: TLS" > xfrins.example-tls.expect$n + echo "transport: TLS" >> xfrins.example-tls.expect$n + cmp xfrins.example-tls.format$n xfrins.example-tls.expect$n || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) + n=$((n + 1)) +fi + echo_i "Wait for slow zone transfer to complete ($n)" ret=0 wait_for_log 20 "zone example/IN: zone transfer finished: success" ns3/named.run || ret=1 diff --git a/bin/tests/system/statschannel/xfrins-json.pl b/bin/tests/system/statschannel/xfrins-json.pl new file mode 100644 index 00000000000..912a5cb4c92 --- /dev/null +++ b/bin/tests/system/statschannel/xfrins-json.pl @@ -0,0 +1,34 @@ +#!/usr/bin/perl + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# zones-json.pl: +# Parses the JSON version of the dnssec sign stats for the +# "dnssec" zone in the default view into a normalized format. + +use JSON; + +my $file = $ARGV[0]; +my $zone = $ARGV[1]; +open(INPUT, "<$file"); +my $text = do{local$/;}; +close(INPUT); + +my $ref = decode_json($text); +my $xfrins = $ref->{views}->{_default}->{xfrins}; + +for my $xfrin (@$xfrins) { + if ($xfrin->{name} eq $zone) { + print "soatransport: " . $xfrin->{"soatransport"} . "\n"; + print "transport: " . $xfrin->{"transport"} . "\n"; + } +}