rm -f */named.conf
rm -f */named.memstats
rm -f */named.run
-rm -f dig.out
rm -f ns*/K*
rm -f ns*/dsset-*
rm -f ns*/managed-keys.bind*
+++ /dev/null
-
-; <<>> DiG 9.0 <<>> +norec @10.53.0.1 -p 5300 foo.bar.fi. A
-;; global options: printcmd
-;; Got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58772
-;; flags: qr ad; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 7
-
-;; QUESTION SECTION:
-;foo.bar.fi. IN A
-
-;; AUTHORITY SECTION:
-fi. 172800 IN NS NS.EU.NET.
-fi. 172800 IN NS NS.TELE.fi.
-fi. 172800 IN NS PRIFI.EUNET.fi.
-fi. 172800 IN NS NS.UU.NET.
-fi. 172800 IN NS T.NS.VERIO.NET.
-fi. 172800 IN NS HYDRA.HELSINKI.fi.
-
-;; ADDITIONAL SECTION:
-NS.TELE.fi. 172800 IN A 193.210.19.19
-NS.TELE.fi. 172800 IN A 193.210.18.18
-PRIFI.EUNET.fi. 172800 IN A 193.66.1.146
-NS.UU.NET. 172800 IN A 137.39.1.3
-T.NS.VERIO.NET. 172800 IN A 192.67.14.16
-HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29
-NS.EU.NET. 172800 IN A 192.16.202.11
-
+++ /dev/null
-
-; <<>> DiG 9.0 <<>> @10.53.0.1 -p 5300 example.net a
-;; global options: printcmd
-;; Got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29409
-;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
-
-;; QUESTION SECTION:
-;example.net. IN A
-
-;; AUTHORITY SECTION:
-example.net. 300 IN NS ns2.example.
-example.net. 300 IN NS ns1.example.
-
+++ /dev/null
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-. ../conf.sh
-
-dig_with_opts() {
- "$DIG" +norec -p "${PORT}" "$@"
-}
-
-status=0
-n=0
-
-n=$((n + 1))
-echo_i "testing that a ccTLD referral gets a full glue set from the root zone ($n)"
-ret=0
-dig_with_opts @10.53.0.1 foo.bar.fi. A >dig.out.$n || ret=1
-digcomp --lc fi.good dig.out.$n || ret=1
-if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "testing that we don't find out-of-zone glue ($n)"
-ret=0
-dig_with_opts @10.53.0.1 example.net. A >dig.out.$n || ret=1
-digcomp noglue.good dig.out.$n || ret=1
-if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "testing truncation for unsigned referrals close to UDP packet size limit (A glue) ($n)"
-ret=0
-dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-a.tc-test-unsigned. >dig.out.$n || ret=1
-grep -q "flags:[^;]* tc" dig.out.$n || ret=1
-if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "testing truncation for unsigned referrals close to UDP packet size limit (AAAA glue) ($n)"
-ret=0
-dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-aaaa.tc-test-unsigned. >dig.out.$n || ret=1
-grep -q "flags:[^;]* tc" dig.out.$n || ret=1
-if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "testing truncation for unsigned referrals close to UDP packet size limit (A+AAAA glue) ($n)"
-ret=0
-dig_with_opts @10.53.0.1 +ignore +noedns foo.subdomain-both.tc-test-unsigned. >dig.out.$n || ret=1
-grep -q "flags:[^;]* tc" dig.out.$n || ret=1
-if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "testing truncation for signed referrals close to UDP packet size limit (A glue) ($n)"
-ret=0
-dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-a.tc-test-signed. >dig.out.$n || ret=1
-grep -q "flags:[^;]* tc" dig.out.$n || ret=1
-if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "testing truncation for signed referrals close to UDP packet size limit (AAAA glue) ($n)"
-ret=0
-dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-aaaa.tc-test-signed. >dig.out.$n || ret=1
-grep -q "flags:[^;]* tc" dig.out.$n || ret=1
-if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "testing truncation for signed referrals close to UDP packet size limit (A+AAAA glue) ($n)"
-ret=0
-dig_with_opts @10.53.0.1 +ignore +dnssec +bufsize=512 foo.subdomain-both.tc-test-signed. >dig.out.$n || ret=1
-grep -q "flags:[^;]* tc" dig.out.$n || ret=1
-if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-echo_i "exit status: $status"
-[ $status -eq 0 ] || exit 1
--- /dev/null
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import dns.message
+
+import isctest
+
+import pytest
+
+pytest.importorskip("dns", minversion="2.0.0")
+
+
+def test_glue_full_glue_set():
+ """test that a ccTLD referral gets a full glue set from the root zone"""
+ msg = dns.message.make_query("foo.bar.fi", "A")
+ msg.flags &= ~dns.flags.RD
+ res = isctest.query.udp(msg, "10.53.0.1")
+
+ answer = """;ANSWER
+;AUTHORITY
+fi. 172800 IN NS HYDRA.HELSINKI.fi.
+fi. 172800 IN NS NS.EU.NET.
+fi. 172800 IN NS NS.UU.NET.
+fi. 172800 IN NS NS.TELE.fi.
+fi. 172800 IN NS T.NS.VERIO.NET.
+fi. 172800 IN NS PRIFI.EUNET.fi.
+;ADDITIONAL
+NS.TELE.fi. 172800 IN A 193.210.18.18
+NS.TELE.fi. 172800 IN A 193.210.19.19
+PRIFI.EUNET.fi. 172800 IN A 193.66.1.146
+HYDRA.HELSINKI.fi. 172800 IN A 128.214.4.29
+NS.EU.NET. 172800 IN A 192.16.202.11
+T.NS.VERIO.NET. 172800 IN A 192.67.14.16
+NS.UU.NET. 172800 IN A 137.39.1.3
+"""
+ expected_answer = dns.message.from_text(answer)
+
+ isctest.check.noerror(res)
+ isctest.check.rrsets_equal(res.answer, expected_answer.answer)
+ isctest.check.rrsets_equal(res.authority, expected_answer.authority)
+ isctest.check.rrsets_equal(res.additional, expected_answer.additional)
+
+
+def test_glue_no_glue_set():
+ """test that out-of-zone glue is not found"""
+ msg = dns.message.make_query("example.net.", "A")
+ msg.flags &= ~dns.flags.RD
+ res = isctest.query.udp(msg, "10.53.0.1")
+
+ answer = """;ANSWER
+;AUTHORITY
+example.net. 300 IN NS ns2.example.
+example.net. 300 IN NS ns1.example.
+;ADDITIONAL
+"""
+ expected_answer = dns.message.from_text(answer)
+
+ isctest.check.noerror(res)
+ isctest.check.rrsets_equal(res.answer, expected_answer.answer)
+ isctest.check.rrsets_equal(res.authority, expected_answer.authority)
+ isctest.check.rrsets_equal(res.additional, expected_answer.additional)
+
+
+@pytest.mark.parametrize(
+ "qname,dnssec",
+ [
+ # test truncation for unsigned referrals close to UDP packet size limit (A glue)
+ ("foo.subdomain-a.tc-test-unsigned.", False),
+ # test truncation for unsigned referrals close to UDP packet size limit (AAAA glue)
+ ("foo.subdomain-aaaa.tc-test-unsigned.", False),
+ # test truncation for unsigned referrals close to UDP packet size limit (A+AAAA glue)
+ ("foo.subdomain-both.tc-test-unsigned.", False),
+ # test truncation for signed referrals close to UDP packet size limit (A glue)
+ ("foo.subdomain-a.tc-test-signed.", True),
+ # test truncation for signed referrals close to UDP packet size limit (AAAA glue)
+ ("foo.subdomain-aaaa.tc-test-signed.", True),
+ # test truncation for signed referrals close to UDP packet size limit (A+AAAA glue)
+ ("foo.subdomain-both.tc-test-signed.", True),
+ ],
+)
+def test_glue_truncation(qname, dnssec):
+ msg = dns.message.make_query(qname, "A")
+ msg.flags &= ~dns.flags.RD
+ if dnssec:
+ msg.use_edns(
+ payload=512,
+ # Zones used in this test were created with dig in mind that, unlike dnspython,
+ # by default, sets a cookie. Given that the message size must be close to the
+ # truncation limit, we also need to set a cookie here.
+ options=[dns.edns.GenericOption(dns.edns.OptionType.COOKIE, b"0xda13cc")],
+ )
+ msg.want_dnssec(wanted=True)
+ res = isctest.query.udp(msg, "10.53.0.1")
+
+ isctest.check.noerror(res)
+ assert res.flags & dns.flags.TC
+++ /dev/null
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-
-def test_glue(run_tests_sh):
- run_tests_sh()
projects / thirdparty / bind9.git / commitdiff
