add new EDE 22 system tests

This re-do a previously existing EDE 22 system test as well as add
another one making sure the timed out flow detection works also on UDP
when the resolver is contacting the authoritative server. (the existing
test was using TCP to contact the authoritative servers).

(cherry picked from commit 7cb8a028feb294f1c8bec04a03d582980a6a019b)

diff --git a/bin/tests/system/resolver/ans2/ans.pl b/bin/tests/system/resolver/ans2/ans.pl
index b17fd6ec2e1a54b92c9424bbf65ed521694a4cce..079a7d987940176c637447a4c97b35aade9f516f 100644 (file)
--- a/bin/tests/system/resolver/ans2/ans.pl
+++ b/bin/tests/system/resolver/ans2/ans.pl
@@ -110,9 +110,14 @@ for (;;) {
        } elsif ($qname eq "net" && $qtype eq "NS") {
                $packet->header->aa(1);
                $packet->push("answer", new Net::DNS::RR("net 300 NS a.root-servers.nil."));
+       } elsif ($qname eq "noresponse.exampleudp.net") {
+               next;
        } elsif ($qname =~ /example\.net/) {
                $packet->push("authority", new Net::DNS::RR("example.net 300 NS ns.example.net"));
                $packet->push("additional", new Net::DNS::RR("ns.example.net 300 A 10.53.0.3"));
+       } elsif ($qname =~ /exampleudp\.net/) {
+               $packet->push("authority", new Net::DNS::RR("exampleudp.net 300 NS ns.exampleudp.net"));
+               $packet->push("additional", new Net::DNS::RR("ns.exampleudp.net 300 A 10.53.0.2"));
        } elsif ($qname =~ /lame\.example\.org/) {
                $packet->header->ad(0);
                $packet->header->aa(0);

diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 026fd60c9f964f125e837734b1aece3e7f4ce9b8..2cb143fd5531ce98f5c4d1da5ad506a23434ceea 100755 (executable)
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -50,6 +50,7 @@ echo_i "checking no response handling with a shorter than resolver-query-timeout
 ret=0
 dig_with_opts +tcp +tries=1 +timeout=3 noresponse.example.net @10.53.0.1 a >dig.out.ns1.test${n} && ret=1
 grep -F "no servers could be reached" dig.out.ns1.test${n} >/dev/null || ret=1
+grep -F "EDE: 22 (No Reachable Authority)" dig.out.ns1.test${n} >/dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
@@ -66,6 +67,19 @@ grep -F "EDE: 22 (No Reachable Authority)" dig.out.ns1.test${n} >/dev/null || re
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+# 'resolver-query-timeout' is set to 5 seconds in ns1, so named should
+# interrupt the non-responsive query and send a SERVFAIL answer before dig's
+# own timeout fires, which is set to 7 seconds. This time, exampleudp.net is
+# contacted using UDP transport by the resolver.
+n=$((n + 1))
+echo_i "checking no response handling with a longer than resolver-query-timeout timeout (UDP recursion) ($n)"
+ret=0
+dig_with_opts +tcp +tries=1 +timeout=7 noresponse.exampleudp.net @10.53.0.1 a >dig.out.ns1.test${n} || ret=1
+grep -F "status: SERVFAIL" dig.out.ns1.test${n} >/dev/null || ret=1
+grep -F "EDE: 22 (No Reachable Authority)" dig.out.ns1.test${n} >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 n=$((n + 1))
 echo_i "checking handling of bogus referrals ($n)"
 # If the server has the "INSIST(!external)" bug, this query will kill it.