initial commit

.gitignore

+*.pyc

.gitmodules

+[submodule "contrib/libfaketime"]
+	path = contrib/libfaketime
+	url = https://github.com/wolfcw/libfaketime.git

Makefile

+DAEMON ?= $(abspath kresd)
+TEMPLATE ?= kresd.j2
+TESTS ?= sets/resolver
+LIBEXT := .so
+PLATFORM := $(shell uname -s)
+ifeq ($(PLATFORM),Darwin)
+	LIBEXT := .dylib
+endif
+
+# Dependencies
+include platform.mk
+$(eval $(call find_lib,socket_wrapper))
+libcwrap := $(strip $(socket_wrapper_LIBS))
+libfaketime_DIR := contrib/libfaketime
+libfaketime := $(abspath $(libfaketime_DIR))/src/libfaketime$(LIBEXT).1
+
+# Platform-specific targets
+ifeq ($(PLATFORM),Darwin)
+	libfaketime := $(abspath $(libfaketime_DIR))/src/libfaketime.1$(LIBEXT)
+	preload_syms := DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES="$(libfaketime):$(libcwrap)"
+else
+	preload_syms := LD_PRELOAD="$(libfaketime):$(libcwrap)"
+endif
+
+# Targets
+ifeq ($(HAS_socket_wrapper), yes)
+all: depend
+	$(preload_syms) ./deckard.py $(TESTS) $(DAEMON) $(TEMPLATE) config
+depend: $(libfaketime) $(libcwrap)
+else
+$(error missing required socket_wrapper)
+endif
+
+# Synchronize submodules
+$(libfaketime_DIR):
+	@git submodule init
+$(libfaketime_DIR)/Makefile: $(libfaketime_DIR)
+	@git submodule update
+$(libfaketime): $(libfaketime_DIR)/Makefile
+	@CFLAGS="-O2 -g" $(MAKE) -C $(libfaketime_DIR)
+
+.PHONY: depend all

README.rst

+DNS software test harness
+=========================
+
+The tests depend on cwrap's `socket_wrapper`_, libfaketime_ and Python.
+The libfaketime is included in ``contrib/libfaketime`` as it depends on rather latest version of it,
+it is automatically synchronised with ``make``.
+
+Execute the tests by:
+
+.. code-block:: bash
+
+	$ make DAEMON=/usr/local/bin/kresd
+
+.. todo:: Writing tests.
+
+.. _cmocka: https://cmocka.org/
+.. _`socket_wrapper`: https://cwrap.org/socket_wrapper.html
+.. _libfaketime: https://cwrap.org/socket_wrapper.html

libfaketime @ 18f5ec06

+Subproject commit 18f5ec0671705bac190787a8612fc2a58b1be1d1

kresd.j2

+net.listen('{{SELF_ADDR}}',53)
+cache.size = 1*MB
+modules = {'stats', 'policy', 'hints'}
+hints.root({['k.root-servers.net'] = '{{ROOT_ADDR}}'})
+option('NO_MINIMIZE', {{NO_MINIMIZE}})
+option('ALLOW_LOCAL', true)
+validate.trust_anchor_add('{{TRUST_ANCHOR}}')
+verbose(true)
+
+-- Self-checks on globals
+assert(help() ~= nil)
+assert(worker.id ~= nil)
+-- Self-checks on facilities
+assert(cache.count() == 0)
+assert(cache.stats() ~= nil)
+assert(cache.backends() ~= nil)
+assert(worker.stats() ~= nil)
+assert(net.interfaces() ~= nil)
+-- Self-checks on loaded stuff
+assert(net.list()['{{SELF_ADDR}}'])
+assert(#modules.list() > 0)
+-- Self-check timers
+ev = event.recurrent(1 * sec, function (ev) return 1 end)
+event.cancel(ev)
+ev = event.after(0, function (ev) return 1 end)

platform.mk

+# Evaluate library
+define have_lib
+ifeq ($$(strip $$($(1)_LIBS)),)
+	HAS_$(1) := no
+else
+	HAS_$(1) := yes
+endif
+endef
+
+# Find library (pkg-config)
+define find_lib
+	$(call find_alt,$(1),$(1),$(2))
+endef
+
+# Find library alternative (pkg-config)
+define find_alt
+	ifeq ($$(strip $$($(1)_LIBS)),)
+		ifneq ($(strip $(3)),)
+			$(1)_VER := $(shell pkg-config --atleast-version=$(3) $(2) && echo $(3))
+		endif
+		ifeq ($(strip $(3)),$$($(1)_VER))
+			$(1)_CFLAGS := $(shell pkg-config --cflags $(2) --silence-errors)
+			$(1)_LIBS := $(shell pkg-config --libs $(2)  --silence-errors)
+		endif
+	endif
+	$(call have_lib,$(1),$(3))
+endef

pydnstest/requirements.txt

+dnspython==1.11

pydnstest/test.py

+#!/usr/bin/env python
+
+class Test:
+    """ Small library to imitate CMocka output. """
+
+    def __init__(self):
+        self.tests = []
+
+    def add(self, name, test, *args):
+        """ Add named test to set. """
+        self.tests.append((name, test, args))
+
+    def run(self):
+        """ Run planned tests. """
+        planned = len(self.tests)
+        passed = 0
+        if planned == 0:
+            return
+
+        print('[==========] Running %d test(s).' % planned)
+        for name, test_callback, args in self.tests:
+            print('[ RUN      ] %s' % name)
+            try:
+                test_callback(*args)
+                passed += 1
+                print('[       OK ] %s' % name)
+            except Exception as e:
+                print('[     FAIL ] %s (%s)' % (name, str(e)))
+
+        # Clear test set
+        self.tests = []
+        print('[==========] %d test(s) run.' % planned)
+        if passed == planned:
+            print('[  PASSED  ] %d test(s).' % passed)
+            return 0
+        else:
+            print('[  FAILED  ] %d test(s).' % (planned - passed))
+            return 1

sets/resolver/LICENSE

+Copyright (c) 2007, NLnet Labs. All rights reserved.
+
+This software is open source.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+Neither the name of the NLNET LABS nor the names of its contributors may
+be used to endorse or promote products derived from this software without
+specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

sets/resolver/iter_cname_badauth.rpl

+; config options
+	target-fetch-policy: "3 2 1 0 0"
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test iterator with NS sending CNAME answer and authority of CNAME target.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+ingdirect.com.au. IN A
+SECTION AUTHORITY
+ingdirect.com.au.	IN NS	l4.nstld.com.
+SECTION ADDITIONAL
+l4.nstld.com. IN A 209.112.114.33
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+l4.nstld.com.	IN	A
+SECTION ANSWER
+l4.nstld.com.	IN 	A	209.112.114.33
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+l4.nstld.com.	IN	AAAA
+SECTION AUTHORITY
+. SOA bla bla 1 2 3 4 5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+clb.ingdirect.com.au. IN A
+SECTION AUTHORITY
+clb.ingdirect.com.au.	IN NS	ncfphywebgtm01-c.ingdirect.com.au.
+SECTION ADDITIONAL
+ncfphywebgtm01-c.ingdirect.com.au. IN A 203.92.27.132
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ncfphywebgtm01-c.ingdirect.com.au.	IN	AAAA
+SECTION AUTHORITY
+. SOA bla bla 1 2 3 4 5
+ENTRY_END
+
+RANGE_END
+
+; l4.nstld.com.
+RANGE_BEGIN 0 100
+	ADDRESS 209.112.114.33
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+www.ingdirect.com.au. IN A
+SECTION ANSWER
+www.ingdirect.com.au. IN CNAME www.clb.ingdirect.com.au.
+SECTION AUTHORITY
+clb.ingdirect.com.au. IN NS ncfphywebgtm01-c.ingdirect.com.au.
+SECTION ADDITIONAL
+ncfphywebgtm01-c.ingdirect.com.au. IN A 203.92.27.132
+ENTRY_END
+
+RANGE_END
+
+; ncfphywebgtm01-c.ingdirect.com.au.
+RANGE_BEGIN 0 100
+	ADDRESS 203.92.27.132
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.clb.ingdirect.com.au. IN A
+SECTION ANSWER
+www.clb.ingdirect.com.au. IN A 203.31.183.134
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR REFUSED
+SECTION QUESTION
+www.ingdirect.com.au. IN A
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.ingdirect.com.au. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.ingdirect.com.au. IN A
+SECTION ANSWER
+www.ingdirect.com.au. IN CNAME www.clb.ingdirect.com.au.
+www.clb.ingdirect.com.au. IN A 203.31.183.134
+ENTRY_END
+
+SCENARIO_END

sets/resolver/iter_cname_cache.rpl

+; config options
+	target-fetch-policy: "0 0 0 0 0"
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test iterative resolve with cached cname for nameserver
+; example.com NS ns.example.com   en ns2.example.com
+; ns.example.com CNAME ns.bla.nl
+; ns.bla.nl A ....
+; dan timeout van A record uit cache - refetch.
+; ns2.example.com timeed niet uit ; maar geeft altijd servfail.
+
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+a.gtld-servers.net.	IN 	AAAA
+SECTION ANSWER
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+nl. IN A
+SECTION AUTHORITY
+nl.	IN NS	ns2.nic.nl.
+SECTION ADDITIONAL
+ns2.nic.nl.	IN 	A	192.1.1.2
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.  ".com"
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+example.com.	IN NS	ns2.example.com.
+SECTION ADDITIONAL
+;;; but really a CNAME in child server
+ns.example.com.  1 IN A 1.2.3.4
+ns2.example.com.  IN A 1.2.3.5
+ns2.example.com.  IN AAAA 2002::5
+ENTRY_END
+
+; lame answers back to root for .nl (.com server not authoritative for .nl)
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+nl. IN A
+SECTION AUTHORITY
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+RANGE_END
+
+; ns2.nic.nl  ".nl"
+RANGE_BEGIN 0 100
+	ADDRESS 192.1.1.2
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+bla.nl. IN A
+SECTION AUTHORITY
+bla.nl.	IN NS ns.bla.nl.
+SECTION ADDITIONAL
+ns.bla.nl. IN A 1.2.3.6
+ENTRY_END
+
+RANGE_END
+
+; ns.bla.nl  "bla..nl"
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.6
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ns.bla.nl. IN A
+SECTION ANSWER
+ns.bla.nl. IN A 1.2.3.6
+SECTION AUTHORITY
+bla.nl.	IN NS ns.bla.nl.
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ns.bla.nl. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+bla.nl. IN SOA bla.nl. bla.nl. 1 2 3 4 5
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ns.bla.nl. IN MX
+SECTION ANSWER
+ns.bla.nl. IN MX 10 bla.nl.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ENTRY_END
+RANGE_END
+
+; ns.example.com "example.com"
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN MX
+SECTION ANSWER
+ns.example.com IN CNAME ns.bla.nl.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+ENTRY_END
+RANGE_END
+
+; ns2.example.com "example.com"
+; bad failing server
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode 
+ADJUST copy_id copy_query
+REPLY QR SERVFAIL
+SECTION QUESTION
+ns.example.com. IN MX
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; ns2.example.com "example.com"
+; bad failing server
+RANGE_BEGIN 0 100
+	ADDRESS 2002::5
+ENTRY_BEGIN
+MATCH opcode 
+ADJUST copy_id copy_query
+REPLY QR SERVFAIL
+SECTION QUESTION
+ns.example.com. IN MX
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; get cname in cache.  use MX query 
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+ns.example.com. IN MX
+ENTRY_END
+
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+ns.example.com. IN MX
+SECTION ANSWER
+ns.example.com. IN CNAME ns.bla.nl
+ns.bla.nl. IN MX  10 bla.nl.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; get seconds to pass to timeout the A record
+STEP 15 TIME_PASSES ELAPSE 5
+
+; get into trouble getting cname for nameserver.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+; there may still be pending ns.bla.nl AAAA queries ; get rid of them like this
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+ns.bla.nl. IN AAAA
+ENTRY_END
+
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+ns.bla.nl. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+bla.nl. IN SOA bla.nl. bla.nl. 1 2 3 4 5
+;SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END

sets/resolver/iter_cname_double.rpl

+; config options
+	target-fetch-policy: "0 0 0 0 0"
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test double cname in reply.