Skip to content
Snippets Groups Projects
Commit 07286156 authored by Jan Kadlec's avatar Jan Kadlec
Browse files

tests-extra: Added missing DNSSEC test scenarios

parent 2ac0f26c
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 366 additions and 0 deletions
tests-extra/tests/dnssec/add_remove/data/example.zone 0 → 100644
+ 28
0
View file @ 07286156
; This zone comes from RFC-4035
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1081539377 3600 300 3600000 3600
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN MX 1 xx.example.
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ns1.b.example. 3600 IN A 192.0.2.7
ns2.b.example. 3600 IN A 192.0.2.8
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
*.a.example. 3600 IN A 192.0.2.11
ai.example. 3600 IN A 192.0.2.9
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN AAAA 2001:db8::f00:baa9
b.example. 3600 IN NS ns1.b.example.
b.example. 3600 IN NS ns2.b.example.
ns1.example. 3600 IN A 192.0.2.1
ns2.example. 3600 IN A 192.0.2.2
*.w.example. 3600 IN MX 1 ai.example.
x.y.w.example. 3600 IN MX 1 xx.example.
xx.example. 3600 IN A 192.0.2.10
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN AAAA 2001:db8::f00:baaa
x.w.example. 3600 IN MX 1 xx.example.
*.to-apex.example. 3600 IN CNAME example. ; Wildcard expansion leading to apex
*.to-nxdomain.example. 3600 IN CNAME nxdomain.example. ; Wildcard expansion leading to nonexistent name
tests-extra/tests/dnssec/add_remove/data/example.zone.1 0 → 100644
+ 29
0
View file @ 07286156
; This zone comes from RFC-4035
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1081539380 3600 300 3600000 3600
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN MX 1 xx.example.
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ns1.b.example. 3600 IN A 192.0.2.7
ns2.b.example. 3600 IN A 192.0.2.8
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
*.a.example. 3600 IN A 192.0.2.11
ai.example. 3600 IN A 192.0.2.9
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN AAAA 2001:db8::f00:baa9
b.example. 3600 IN NS ns1.b.example.
b.example. 3600 IN NS ns2.b.example.
ns1.example. 3600 IN A 192.0.2.1
ns2.example. 3600 IN A 192.0.2.2
*.w.example. 3600 IN MX 1 ai.example.
x.y.w.example. 3600 IN MX 1 xx.example.
xx.example. 3600 IN A 192.0.2.10
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN AAAA 2001:db8::f00:baaa
x.w.example. 3600 IN MX 1 xx.example.
*.to-apex.example. 3600 IN CNAME example. ; Wildcard expansion leading to apex
*.to-nxdomain.example. 3600 IN CNAME nxdomain.example. ; Wildcard expansion leading to nonexistent name
new-node IN A 1.2.3.4 ; added new node
tests-extra/tests/dnssec/add_remove/data/example.zone.2 0 → 100644
+ 30
0
View file @ 07286156
; This zone comes from RFC-4035
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1081539385 3600 300 3600000 3600
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN MX 1 xx.example.
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ns1.b.example. 3600 IN A 192.0.2.7
ns2.b.example. 3600 IN A 192.0.2.8
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
*.a.example. 3600 IN A 192.0.2.11
ai.example. 3600 IN A 192.0.2.9
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN AAAA 2001:db8::f00:baa9
b.example. 3600 IN NS ns1.b.example.
b.example. 3600 IN NS ns2.b.example.
ns1.example. 3600 IN A 192.0.2.1
ns2.example. 3600 IN A 192.0.2.2
*.w.example. 3600 IN MX 1 ai.example.
x.y.w.example. 3600 IN MX 1 xx.example.
xx.example. 3600 IN A 192.0.2.10
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN AAAA 2001:db8::f00:baaa
x.w.example. 3600 IN MX 1 xx.example.
*.to-apex.example. 3600 IN CNAME example. ; Wildcard expansion leading to apex
*.to-nxdomain.example. 3600 IN CNAME nxdomain.example. ; Wildcard expansion leading to nonexistent name
new-node IN A 1.2.3.4 ; added new node
new-node IN A 1.2.3.5 ; added new RR
tests-extra/tests/dnssec/add_remove/data/example.zone.3 0 → 100644
+ 31
0
View file @ 07286156
; This zone comes from RFC-4035
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1081539390 3600 300 3600000 3600
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN MX 1 xx.example.
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ns1.b.example. 3600 IN A 192.0.2.7
ns2.b.example. 3600 IN A 192.0.2.8
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
*.a.example. 3600 IN A 192.0.2.11
ai.example. 3600 IN A 192.0.2.9
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN AAAA 2001:db8::f00:baa9
b.example. 3600 IN NS ns1.b.example.
b.example. 3600 IN NS ns2.b.example.
ns1.example. 3600 IN A 192.0.2.1
ns2.example. 3600 IN A 192.0.2.2
*.w.example. 3600 IN MX 1 ai.example.
x.y.w.example. 3600 IN MX 1 xx.example.
xx.example. 3600 IN A 192.0.2.10
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN AAAA 2001:db8::f00:baaa
x.w.example. 3600 IN MX 1 xx.example.
*.to-apex.example. 3600 IN CNAME example. ; Wildcard expansion leading to apex
*.to-nxdomain.example. 3600 IN CNAME nxdomain.example. ; Wildcard expansion leading to nonexistent name
new-node IN A 1.2.3.4 ; added new node
new-node IN A 1.2.3.5 ; added new RR
new-node IN TXT "test" ; added new RR type
tests-extra/tests/dnssec/add_remove/data/example.zone.4 0 → 100644
+ 32
0
View file @ 07286156
; This zone comes from RFC-4035
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1081539395 3600 300 3600000 3600
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN MX 1 xx.example.
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ns1.b.example. 3600 IN A 192.0.2.7
ns2.b.example. 3600 IN A 192.0.2.8
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
*.a.example. 3600 IN A 192.0.2.11
ai.example. 3600 IN A 192.0.2.9
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN AAAA 2001:db8::f00:baa9
b.example. 3600 IN NS ns1.b.example.
b.example. 3600 IN NS ns2.b.example.
ns1.example. 3600 IN A 192.0.2.1
ns2.example. 3600 IN A 192.0.2.2
*.w.example. 3600 IN MX 1 ai.example.
x.y.w.example. 3600 IN MX 1 xx.example.
xx.example. 3600 IN A 192.0.2.10
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN AAAA 2001:db8::f00:baaa
x.w.example. 3600 IN MX 1 xx.example.
*.to-apex.example. 3600 IN CNAME example. ; Wildcard expansion leading to apex
*.to-nxdomain.example. 3600 IN CNAME nxdomain.example. ; Wildcard expansion leading to nonexistent name
new-node IN A 1.2.3.4 ; added new node
new-node IN A 1.2.3.5 ; added new RR
new-node IN TXT "test" ; added new RR type
below.cut.a IN A 1.2.3.4 ; added new glue
tests-extra/tests/dnssec/add_remove/data/example.zone.5 0 → 100644
+ 34
0
View file @ 07286156
; This zone comes from RFC-4035
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1081539400 3600 300 3600000 3600
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN MX 1 xx.example.
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ns1.b.example. 3600 IN A 192.0.2.7
ns2.b.example. 3600 IN A 192.0.2.8
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
*.a.example. 3600 IN A 192.0.2.11
ai.example. 3600 IN A 192.0.2.9
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN AAAA 2001:db8::f00:baa9
b.example. 3600 IN NS ns1.b.example.
b.example. 3600 IN NS ns2.b.example.
ns1.example. 3600 IN A 192.0.2.1
ns2.example. 3600 IN A 192.0.2.2
*.w.example. 3600 IN MX 1 ai.example.
x.y.w.example. 3600 IN MX 1 xx.example.
xx.example. 3600 IN A 192.0.2.10
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN AAAA 2001:db8::f00:baaa
x.w.example. 3600 IN MX 1 xx.example.
*.to-apex.example. 3600 IN CNAME example. ; Wildcard expansion leading to apex
*.to-nxdomain.example. 3600 IN CNAME nxdomain.example. ; Wildcard expansion leading to nonexistent name
new-node IN A 1.2.3.4 ; added new node
new-node IN A 1.2.3.5 ; added new RR
new-node IN TXT "test" ; added new RR type
below.cut.a IN A 1.2.3.4 ; added new glue
b IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B ; added new secure delegation
non.terminal IN A 1.2.3.4 ; added authoritative non-terminal node
tests-extra/tests/dnssec/add_remove/data/example.zone.6 0 → 100644
+ 36
0
View file @ 07286156
; This zone comes from RFC-4035
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1081539405 3600 300 3600000 3600
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN MX 1 xx.example.
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ns1.b.example. 3600 IN A 192.0.2.7
ns2.b.example. 3600 IN A 192.0.2.8
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
*.a.example. 3600 IN A 192.0.2.11
ai.example. 3600 IN A 192.0.2.9
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN AAAA 2001:db8::f00:baa9
b.example. 3600 IN NS ns1.b.example.
b.example. 3600 IN NS ns2.b.example.
ns1.example. 3600 IN A 192.0.2.1
ns2.example. 3600 IN A 192.0.2.2
*.w.example. 3600 IN MX 1 ai.example.
x.y.w.example. 3600 IN MX 1 xx.example.
xx.example. 3600 IN A 192.0.2.10
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN AAAA 2001:db8::f00:baaa
x.w.example. 3600 IN MX 1 xx.example.
*.to-apex.example. 3600 IN CNAME example. ; Wildcard expansion leading to apex
*.to-nxdomain.example. 3600 IN CNAME nxdomain.example. ; Wildcard expansion leading to nonexistent name
new-node IN A 1.2.3.4 ; added new node
new-node IN A 1.2.3.5 ; added new RR
new-node IN TXT "test" ; added new RR type
below.cut.a IN A 1.2.3.4 ; added new glue
b IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B ; added new secure delegation
non.terminal IN A 1.2.3.4 ; added authoritative non-terminal node
very.long.non.terminal IN A 1.3.3.7 ; added extra authoritative non-terminal node
tests-extra/tests/dnssec/add_remove/data/example.zone.7 0 → 100644
+ 38
0
View file @ 07286156
; This zone comes from RFC-4035
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1081539410 3600 300 3600000 3600
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN MX 1 xx.example.
ns1.a.example. 3600 IN A 192.0.2.5
ns2.a.example. 3600 IN A 192.0.2.6
ns1.b.example. 3600 IN A 192.0.2.7
ns2.b.example. 3600 IN A 192.0.2.8
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B
*.a.example. 3600 IN A 192.0.2.11
ai.example. 3600 IN A 192.0.2.9
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN AAAA 2001:db8::f00:baa9
b.example. 3600 IN NS ns1.b.example.
b.example. 3600 IN NS ns2.b.example.
ns1.example. 3600 IN A 192.0.2.1
ns2.example. 3600 IN A 192.0.2.2
*.w.example. 3600 IN MX 1 ai.example.
x.y.w.example. 3600 IN MX 1 xx.example.
xx.example. 3600 IN A 192.0.2.10
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN AAAA 2001:db8::f00:baaa
x.w.example. 3600 IN MX 1 xx.example.
*.to-apex.example. 3600 IN CNAME example. ; Wildcard expansion leading to apex
*.to-nxdomain.example. 3600 IN CNAME nxdomain.example. ; Wildcard expansion leading to nonexistent name
new-node IN A 1.2.3.4 ; added new node
new-node IN A 1.2.3.5 ; added new RR
new-node IN TXT "test" ; added new RR type
below.cut.a IN A 1.2.3.4 ; added new glue
b IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B ; added new secure delegation
non.terminal IN A 1.2.3.4 ; added authoritative non-terminal node
very.long.non.terminal IN A 1.3.3.7 ; added extra authoritative non-terminal node
a.example. 3600 IN DS 57854 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B ; added two new DSs
a.example. 3600 IN DS 57856 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B ; tests sorting
tests-extra/tests/dnssec/add_remove/test.py 0 → 100644
+ 70
0
View file @ 07286156
#!/usr/bin/env python3
'''Test for DNSSEC additions and removals'''
from dnstest.utils import *
from dnstest.test import Test
CHANGE_COUNT = 7
def update_zone(master, slave, zone, changes, change_serial=False, serials=None):
for i in changes:
serial = master.zone_wait(zone)
master.update_zonefile(zone, version=i)
if change_serial:
# update zone serial to one given in the 'serials' list
master.zones[zone[0].name].zfile.update_serial(serials[i])
else:
serials.append(serial)
master.reload()
t.sleep(1)
master.flush()
t.sleep(1)
master.zone_verify(zone)
slave.reload()
slave.zone_wait(zone, serial)
t.xfr_diff(master, slave, zone)
def do_steps(master, slave, zone):
# add records
serials = []
update_zone(master, slave, zone, range(1, CHANGE_COUNT + 1), change_serial=False, serials=serials)
# remove added records, in descending order
rev = list(range(1, CHANGE_COUNT + 1))
rev.reverse()
# increase serials so that server accepts them
map(lambda x: x + 1000, serials)
update_zone(master, slave, zone, rev[1:], change_serial=True, serials=serials)
t = Test()
# Create NSEC and NSEC3 servers
nsec_master = t.server("knot")
nsec3_master = t.server("knot")
nsec_slave = t.server("bind")
nsec3_slave = t.server("bind")
zone = t.zone("example.", storage=".")
t.link(zone, nsec_master, nsec_slave)
t.link(zone, nsec3_master, nsec3_slave)
# Enable autosigning
nsec_master.dnssec_enable = True
nsec_master.gen_key(zone, ksk=True, alg="RSASHA256")
nsec_master.gen_key(zone, alg="RSASHA256")
nsec3_master.dnssec_enable = True
nsec3_master.enable_nsec3(zone)
nsec3_master.gen_key(zone, ksk=True, alg="RSASHA256")
nsec3_master.gen_key(zone, alg="RSASHA256")
t.start()
check_log("============ testing NSEC changes ===============")
do_steps(nsec_master, nsec_slave, zone)
check_log("============ testing NSEC3 changes ==============")
do_steps(nsec3_master, nsec3_slave, zone)
t.end()
tests-extra/tests/dnssec/properly_signed/test.py 0 → 100644
+ 38
0
View file @ 07286156
#!/usr/bin/env python3
'''Test for properly signed NSEC/NSEC3 zone '''
from dnstest.utils import *
from dnstest.test import Test
t = Test()
master = t.server("knot")
nsec_zone = t.zone_rnd(1, dnssec=True, nsec3=False)
nsec3_zone = t.zone_rnd(1, dnssec=True, nsec3=True)
t.link(nsec_zone, master)
t.link(nsec3_zone, master)
t.start()
check_log("Load signed zones")
# Get zone serial.
old_nsec_serial = master.zone_wait(nsec_zone)
old_nsec3_serial = master.zone_wait(nsec3_zone)
# Enable autosigning.
master.dnssec_enable = True
master.use_gen_keys()
master.gen_confile()
check_log("Add keys for zones")
master.reload()
t.sleep(3)
new_nsec_serial = master.zone_wait(nsec_zone)
new_nsec3_serial = master.zone_wait(nsec3_zone)
compare(old_nsec_serial, new_nsec_serial, "Server did needless NSEC signing operation")
compare(old_nsec3_serial, new_nsec3_serial, "Server did needless NSEC3 signing operation")
t.stop()
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment