add a max-age test to doth system test

use curl, when available, to query for names that do and do not
exist; dump the response headers and check for the expected
max-age value.

diff --git a/bin/tests/system/doth/README.curl b/bin/tests/system/doth/README.curl
new file mode 100644 (file)
index 0000000..1e0c57d
--- /dev/null
+++ b/bin/tests/system/doth/README.curl
@@ -0,0 +1,25 @@
+DoH query values that can be passed on the command line for testing
+with curl can be obtained by encoding binary DNS messages into
+base64url, with trailing '='s removed.
+
+For example:
+
+$ perl bin/tests/system/fromhex.pl << EOF | base64url
+    # Transaction ID
+    0001
+    # Standard query
+    0000
+    # Questions: 1, Additional: 0
+    0001 0000 0000 0000
+    # QNAME: example
+    07 6578616d706c65 00
+    # Type: SOA
+    0006
+    Class: IN
+    0001
+EOF
+
+This produces the string "AAEAAAABAAAAAAAAB2V4YW1wbGUAAAbFrMonAAE=". With
+the trailing '=' removed, this can then be passed to curl:
+
+curl "https://<server>/dns-query?dns=AAEAAAABAAAAAAAAB2V4YW1wbGUAAAbFrMonAAE"

diff --git a/bin/tests/system/doth/clean.sh b/bin/tests/system/doth/clean.sh
index 3f86885245674a354f1768348ab97a26b50f7cb3..bd6739e94e11fc481bcc4a81aa15e6a6b79a506c 100644 (file)
--- a/bin/tests/system/doth/clean.sh
+++ b/bin/tests/system/doth/clean.sh
@@ -19,3 +19,4 @@ rm -f ./*/named.run
 rm -f ./*/named.run.prev
 rm -f ./dig.out.*
 rm -f ./*/example.db
+rm -rf ./headers.*

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index 00ef08c7715e061dc43999d92e490b38c99071c7..4b7527e13b570a4eef0f1c239549c03e0c808327 100644 (file)
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -443,5 +443,40 @@ fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+# check whether we can use curl for sending test queries.
+if [ -x "${CURL}" ] ; then
+       CURL_VERSION="$(curl --version | cut -d ' ' -f 2 | head -n 1)"
+       CURL_MAJOR="$(echo "$CURL_VERSION" | cut -d '.' -f 1)"
+       CURL_MINOR="$(echo "$CURL_VERSION" | cut -d '.' -f 2)"
+
+       if [ "$CURL_MAJOR" -ge 7 ] &&  [ "$CURL_MINOR" -ge 49 ]; then
+               testcurl=1
+       else
+               echo_i "The available version of CURL is too old (it should be >= 7.49)"
+       fi
+fi
+
+# Note: see README.curl for information on how to generate curl
+# queries.
+if [ -n "$testcurl" ]; then
+       n=$((n + 1))
+       echo_i "checking max-age for positive answer ($n)"
+       ret=0
+       # use curl to query for 'example/SOA'
+       $CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAAB2V4YW1wbGUAAAYAAQ" > /dev/null 2>&1
+       grep "cache-control: max-age=86400" headers.$n > /dev/null || ret=1
+       if [ $ret != 0 ]; then echo_i "failed"; fi
+       status=$((status + ret))
+
+       n=$((n + 1))
+       echo_i "checking max-age for negative answer ($n)"
+       ret=0
+       # use curl to query for 'fake.example/TXT'
+       $CURL -kD headers.$n "https://10.53.0.1:${HTTPSPORT}/dns-query?dns=AAEAAAABAAAAAAAABGZha2UHZXhhbXBsZQAAEAAB" > /dev/null 2>&1
+       grep "cache-control: max-age=3600" headers.$n > /dev/null || ret=1
+       if [ $ret != 0 ]; then echo_i "failed"; fi
+       status=$((status + ret))
+fi
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

diff --git a/util/copyrights b/util/copyrights
index 36a154d7601cce9d1b31de802ef718ad55571498..52a0e01dab4a0b77426916a5b7eda9618ab1984e 100644 (file)
--- a/util/copyrights
+++ b/util/copyrights
@@ -273,6 +273,7 @@
 ./bin/tests/system/dnstap/setup.sh             SH      2018,2019,2020,2021
 ./bin/tests/system/dnstap/tests.sh             SH      2015,2016,2017,2018,2019,2020,2021
 ./bin/tests/system/dnstap/ydump.py             PYTHON  2016,2017,2018,2019,2020,2021
+./bin/tests/system/doth/README.curl            X       2021
 ./bin/tests/system/doth/clean.sh               SH      2020,2021
 ./bin/tests/system/doth/example.axfr.good      X       2021
 ./bin/tests/system/doth/ns2/cert.pem           X       2021