Compare revisions

Tomas Krizek · Tomas Krizek · Štěpán Balážik · Vladimír Čunát · Vladimír Čunát · Tomas Krizek
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -61,7 +61,7 @@ test:comparative:kresd:
  <<: *privileged_test
  script:
    # test kresd binary
-    - git clone --recurse-submodules -j8 --depth=1 https://gitlab.labs.nic.cz/knot/knot-resolver.git /tmp/kresd-local-build
+    - git clone --recurse-submodules -j8 --depth=1 https://gitlab.nic.cz/knot/knot-resolver.git /tmp/kresd-local-build
    - pushd /tmp/kresd-local-build
    - git log -1
    - meson build_local --default-library=static --prefix=/tmp/.local
@@ -85,7 +85,7 @@ test:comparative:kresd:
 test:latest:kresd:
  <<: *privileged_test
  script:
-    - git clone --recurse-submodules -j8 --depth=1 https://gitlab.labs.nic.cz/knot/knot-resolver.git kresd-local-build
+    - git clone --recurse-submodules -j8 --depth=1 https://gitlab.nic.cz/knot/knot-resolver.git kresd-local-build
    - pushd kresd-local-build
    - git log -1
    - meson build_local --default-library=static --prefix="$PWD/../.local"

--- a/README.rst
+++ b/README.rst
@@ -69,9 +69,9 @@ The original test case format is described in the `header file replay.h <http://
 Contacting us
 -------------

-Please report problems to our GitLab: https://gitlab.labs.nic.cz/knot/deckard/issues
+Please report problems to our GitLab: https://gitlab.nic.cz/knot/deckard/issues

-If you have any comments feel free to send e-mail to knot-dns@labs.nic.cz! Do not get confused by the name, we are happy if you want to use Deckard with any software.
+If you have any comments feel free to send e-mail to knot-resolver@labs.nic.cz! Do not get confused by the name, we are happy if you want to use Deckard with any software.

 Happy testing.

@@ -79,7 +79,7 @@ Happy testing.
 .. _`augeas`: http://augeas.net/
 .. _`CSR`: http://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature-in-el-capitan-really
 .. _`Jinja2`: http://jinja.pocoo.org/
-.. _`Knot DNS Resolver`: https://gitlab.labs.nic.cz/knot/resolver/blob/master/README.md
+.. _`Knot Resolver`: https://gitlab.nic.cz/knot/resolver/blob/master/README.md
 .. _`NLnet Labs`: https://www.nlnetlabs.nl/
 .. _`PowerDNS Recursor`: https://doc.powerdns.com/md/recursor/
 .. _`PyYAML`: http://pyyaml.org/

--- a/ci/junit-compare.py
+++ b/ci/junit-compare.py
@@ -25,7 +25,8 @@ def parse_junit_xml(filename):

 new = sys.argv[1]
 old = sys.argv[2]
-modified_tests = [line.strip() for line in open(sys.argv[3]).readlines()]
+with open(sys.argv[3]) as f:
+    modified_tests = [line.strip() for line in f.readlines()]

 test_diffs = parse_junit_xml(old) ^ parse_junit_xml(new)
 errorneous_rpls = [diff[1] for diff in test_diffs

--- a/configs/named.yaml
+++ b/configs/named.yaml
+programs:
+- name: named
+  binary: named
+  additional:
+    - -g
+    - -d
+    - "99"
+    - -c
+    - named.conf
+  templates:
+    - template/named.j2
+    - template/hints_zone.j2
+  configs:
+    - named.conf
+    - hints.zone
--- a/deckard.py
+++ b/deckard.py
@@ -33,10 +33,8 @@ def setup_internal_addresses(context):


 def write_timestamp_file(path, tst):
-    time_file = open(path, 'w')
-    time_file.write(datetime.fromtimestamp(tst).strftime('@%Y-%m-%d %H:%M:%S'))
-    time_file.flush()
-    time_file.close()
+    with open(path, 'w') as time_file:
+        time_file.write(datetime.fromtimestamp(tst).strftime('@%Y-%m-%d %H:%M:%S'))


 def setup_faketime(context):
@@ -115,20 +113,21 @@ def run_daemon(program_config):
    name = program_config['DAEMON_NAME']
    proc = None
    program_config['log'] = os.path.join(program_config["WORKING_DIR"], 'server.log')
-    daemon_log_file = open(program_config['log'], 'w')
    program_config['args'] = (
        shlex.split(os.environ.get('DECKARD_WRAPPER', ''))
        + [program_config['binary']]
        + program_config['additional']
    )
    logging.getLogger('deckard.daemon.%s.argv' % name).debug('%s', program_config['args'])
-    try:
-        proc = subprocess.Popen(program_config['args'], stdout=daemon_log_file,
-                                stderr=subprocess.STDOUT, cwd=program_config['WORKING_DIR'])
-    except subprocess.CalledProcessError:
-        logger = logging.getLogger('deckard.daemon_log.%s' % name)
-        logger.exception("Can't start '%s'", program_config['args'])
-        raise
+    with open(program_config['log'], 'w') as daemon_log_file:
+        try:
+            # pylint: disable=consider-using-with
+            proc = subprocess.Popen(program_config['args'], stdout=daemon_log_file,
+                                    stderr=subprocess.STDOUT, cwd=program_config['WORKING_DIR'])
+        except subprocess.CalledProcessError:
+            logger = logging.getLogger('deckard.daemon_log.%s' % name)
+            logger.exception("Can't start '%s'", program_config['args'])
+            raise
    return proc



--- a/deckard_pytest.py
+++ b/deckard_pytest.py
@@ -59,6 +59,7 @@ class TCPDump:
    def __enter__(self):
        cmd = self.DUMPCAP_CMD.copy()
        cmd.append(self.config["pcap"])
+        # pylint: disable=consider-using-with
        self.tcpdump = subprocess.Popen(cmd, stderr=subprocess.PIPE, stdout=subprocess.PIPE)

    def __exit__(self, _, exc_value, __):

--- a/doc/scenario_guide.rst
+++ b/doc/scenario_guide.rst
@@ -258,7 +258,7 @@ raw_id        query id will be copied into the first two bytes of RAW answer
 do_not_answer no response will be sent at all
 ============= ===========================================================================================

-.. [copy_id_bug] https://gitlab.labs.nic.cz/knot/deckard/issues/9
+.. [copy_id_bug] https://gitlab.nic.cz/knot/deckard/issues/9


 .. _`entry flags`:

--- a/doc/user_guide.rst
+++ b/doc/user_guide.rst
@@ -19,7 +19,7 @@ Let's start with the easiest case:

 First run
 ---------
-Easiest way to run Deckard is using one of the prepared Shell scripts in Deckard repository (``{kresd,unbound,pdns}_run.sh`` for Knot Resolver, Unbound and PowerDNS Recursor respectively).
+Easiest way to run Deckard is using one of the prepared Shell scripts in Deckard repository (``{kresd,named,pdns,unbound}_run.sh`` for Knot Resolver, BIND, PowerDNS, and Unbound Recursor respectively).

 Deckard uses `pytest` to generate and run the tests as well as collect the results.
 Output is therefore generated by `pytest` as well (``.`` for passed test, ``F`` for failed test and ``s`` for skipped test) and will look something like this:

--- a/mypy.ini
+++ b/mypy.ini
+[mypy]
+[mypy-yaml.*]
+ignore_missing_imports = True
--- a/named_run.sh
+++ b/named_run.sh
+#!/bin/bash
+set -o errexit -o nounset
+named -V | grep --quiet -- '--without-jemalloc' || echo 'WARNING: Make sure BIND is compiled without jemalloc library; for 9.17+ use ./configure --without-jemalloc'
+MINOR="$(named -v | cut -d . -f 2)"
+if [[ "$MINOR" -le "13" ]]
+then
+	echo 'WARNING: For BIND <= 9.13.2 manually remove qname-minimization option from named.conf template referenced in configs/named.yaml (usually template/named.j2)'
+fi
+
+RUNDIR="$(dirname "$0")"
+cd "$RUNDIR" && ./run.sh --config configs/named.yaml "$@"
--- a/networking.py
+++ b/networking.py
@@ -2,9 +2,11 @@ import errno
 from ipaddress import IPv4Network, IPv6Network, ip_address
 from socket import AF_INET, AF_INET6

+# pylint: disable=no-name-in-module,import-error
 from pyroute2 import IPRoute
 from pyroute2.netlink.rtnl import ndmsg
 from pyroute2.netlink.exceptions import NetlinkError
+# pylint: enable=no-name-in-module,import-error


 class InterfaceManager:

--- a/pylintrc
+++ b/pylintrc
@@ -14,6 +14,7 @@ disable=
    global-statement,
    no-else-return,
    bad-continuation,
+    duplicate-code,


 [SIMILARITIES]

--- a/rplint.py
+++ b/rplint.py
@@ -28,10 +28,11 @@ class RplintError(ValueError):

 def get_line_number(file: str, char_number: int) -> int:
    pos = 0
-    for number, line in enumerate(open(file)):
-        pos += len(line)
-        if pos >= char_number:
-            return number + 2
+    with open(file) as f:
+        for number, line in enumerate(f):
+            pos += len(line)
+            if pos >= char_number:
+                return number + 2
    return 0



--- a/sets/resolver/iter_cname_qnamecopy.rpl
+++ b/sets/resolver/iter_cname_qnamecopy.rpl
@@ -14,7 +14,7 @@ RANGE_BEGIN 0 100
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 . IN NS
 SECTION ANSWER
@@ -55,7 +55,7 @@ RANGE_BEGIN 0 100
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 com. IN NS
 SECTION ANSWER
@@ -67,7 +67,7 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 net. IN NS
 SECTION ANSWER
@@ -81,7 +81,7 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 gtld-servers.net. IN NS
 SECTION ANSWER
@@ -102,7 +102,7 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 a.gtld-servers.net.	IN 	A
 SECTION ANSWER
@@ -113,7 +113,7 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 a.gtld-servers.net.	IN 	AAAA
 SECTION ANSWER
@@ -124,7 +124,7 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 root-servers.net. IN NS
 SECTION ANSWER
@@ -146,7 +146,7 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 k.root-servers.net.	IN 	A
 SECTION ANSWER
@@ -157,7 +157,7 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 k.root-servers.net.	IN 	AAAA
 SECTION AUTHORITY
@@ -197,7 +197,7 @@ RANGE_BEGIN 0 100
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 example.com. IN NS
 SECTION ANSWER
@@ -209,17 +209,17 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qname qtype
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 ns.example.com.		IN 	A
-SECTION ADDITIONAL
+SECTION ANSWER
 ns.example.com.		IN 	A	1.2.3.4
 ENTRY_END

 ENTRY_BEGIN
 MATCH opcode qname qtype
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 ns.example.com.		IN 	AAAA
 SECTION ADDITIONAL
@@ -258,7 +258,7 @@ ENTRY_END
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
-REPLY QR NOERROR
+REPLY QR AA NOERROR
 SECTION QUESTION
 next.com. IN NS
 SECTION ANSWER
@@ -266,6 +266,29 @@ next.com.	IN NS	ns.next.com.
 SECTION ADDITIONAL
 ns.next.com.		IN 	A	1.2.3.5
 ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.next.com. IN A
+SECTION ANSWER
+ns.next.com.		IN 	A	1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.next.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+next.com. 	IN SOA next.com. next.com. 2007090400 28800 7200 604800 18000
+SECTION ADDITIONAL
+ENTRY_END
+
 RANGE_END

 STEP 1 QUERY

--- a/sets/resolver/val_dname_bogus.rpl
+++ b/sets/resolver/val_dname_bogus.rpl
@@ -4,7 +4,7 @@ do-ip6: no
 trust-anchor: ".	IN	DS	37471 5 1 da74e4e0fe4067c2afd1d4a3cceb852a3c0d4401"
 stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
 val-override-date: "20170301000000"
-domain-insecure: net.
+query-minimization: off # missing net. NS proof for NODATA, so we'd need to resign everything
 CONFIG_END

 SCENARIO_BEGIN Test DNAME validation
@@ -12,28 +12,6 @@ SCENARIO_BEGIN Test DNAME validation
 ; all the data are on the "root servers"
 RANGE_BEGIN 0 10000000
 	ADDRESS 193.0.14.129
-
-ENTRY_BEGIN
-MATCH qname qtype
-ADJUST copy_id copy_query
-REPLY QR AA NOERROR
-SECTION QUESTION
-net. IN NS
-SECTION ANSWER
-net. 3600 IN NS K.ROOT-SERVERS.NET.
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH qname qtype
-ADJUST copy_id copy_query
-REPLY QR AA NOERROR
-SECTION QUESTION
-root-servers.net. IN NS
-SECTION AUTHORITY
-.       86400   IN      SOA     . . 2017021500 1800 900 604800 86400
-.       86400   IN      RRSIG   SOA 5 0 86400 20170315140518 20170215140518 37471 . drrv7SjrOkuNwlILiziPxHTuIKs/tO2WcVEdipA/LNkt0h09zuWbr3Rk5gtEDTSECbZEXYTa4YaeJs3ODmikzVaJd5EVLsDdGnV3mZ/w7WYHA0Uc1GH5HZm1uQwA4DlwY5e5Ry80pIhInZ1Lqiz1ut9yWbHzODdcUOdpE+XiPzYCKR1hRWi099dIQtDhZYottvQNXXmsJDY41PwvWaxqbXGYgiQCX3cN/W5PM0hs7xMxAjanKh32PXKcHSfTeko87BvERMZnibc2O8efl7S62Zp68Q4guMfe4P++ue22PctjwfeR5nDi31c3+USi63ujrKSDGujaIsIMyIHNFm1/zQ==
-ENTRY_END
-
 ENTRY_BEGIN
 MATCH qname qtype opcode
 ADJUST copy_id

--- a/sets/resolver/zone.rpz
+++ b/sets/resolver/zone.rpz
-$TTL 30
-@        SOA nonexistent.nodomain.none. dummy.nodomain.none. 1 12h 15m 3w 2h
-         NS  nonexistant.nodomain.none.
-
-example.cz CNAME .
-*.example.cz CNAME *.
-nic.cz CNAME rpz-drop.
-*.nic.cz CNAME rpz-tcp-only.
-example.com CNAME rpz-passthru.
-	
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@ setup(
    author='CZ.NIC',
    author_email='knot-dns-users@lists.nic.cz',
    license='BSD',
-    url='https://gitlab.labs.nic.cz/knot/deckard',
+    url='https://gitlab.nic.cz/knot/deckard',
    packages=['pydnstest'],
    python_requires='>=3.5',
    install_requires=[

--- a/template/kresd.j2
+++ b/template/kresd.j2
@@ -9,8 +9,7 @@ net.bufsize(4096)

 modules = {'stats', 'policy', 'hints'}

-- extra verbose logging for all operations
-verbose(true)
+-- trace logging for all requests
 policy.add(policy.all(policy.DEBUG_ALWAYS))

 -- test. domain is used by some tests, allow it

--- a/template/named.j2
+++ b/template/named.j2
+options {
+	querylog yes;
+
+{% if ':' in SELF_ADDR %}
+	listen-on-v6 { {{SELF_ADDR}}; };
+	query-source-v6 address {{SELF_ADDR}};
+{% else %}
+	listen-on { {{SELF_ADDR}}; };
+	query-source address {{SELF_ADDR}};
+{% endif %}
+
+	edns-udp-size 4096;
+	max-cache-size 2097152;
+
+{% if QMIN == "false" %}
+qname-minimization off;
+{% else %}
+qname-minimization strict;
+{% endif %}
+
+	// Disable RFC8145 signaling, scenario doesn't provide expected ansers
+	trust-anchor-telemetry no;
+
+{% if not TRUST_ANCHOR_FILES %}
+	dnssec-validation no;
+{% else %}
+unsupported as of yet
+-- make sure that value specified at compile-time does not break tests
+{% for TAF in TRUST_ANCHOR_FILES %}
+trust_anchors.add_file('{{TAF}}')
+{% endfor %}
+{% endif %}
+
+{% if NEGATIVE_TRUST_ANCHORS %}
+unsupported as of yet
+validate-except {
+{% for DI in NEGATIVE_TRUST_ANCHORS %}
+{{DI}}
+{% endfor %}
+};
+{% endif %}
+
+};
+
+
+{% if FORWARD_ADDR %}
+zone "." {
+	type forward;
+	forward only;
+	forwarders { {{FORWARD_ADDR}}; };
+};
+{% endif %}
+
+zone "." {
+	type hint;
+	file "hints.zone";
+};
+
+
+{% if DO_NOT_QUERY_LOCALHOST == "false" %}
+{% endif %}
+
+{% if HARDEN_GLUE == "true" %}
+{% endif %}
+
+
+{% if DO_IP6 == "true" %}
+{% else %}
+server ::/0 {
+	bogus true;
+};
+{% endif %}
+
+{% if DO_IP4 == "true" %}
+{% else %}
+server 0.0.0.0/0 {
+	bogus true;
+};
+{% endif %}
+
+{% if FEATURES.min_ttl is defined %}
+min-cache-ttl {FEATURES.min_ttl}};
+min-ncache-ttl {FEATURES.min_ttl}};
+{% endif %}
+
+{% if FEATURES.max_ttl is defined %}
+max-cache-ttl {{FEATURES.max_ttl}};
+{% endif %}
+
+{% if FEATURES.dns64_prefix is defined %}
+// dns64.config('{{FEATURES.dns64_prefix}}')
+{% endif %}
+
+{% if FEATURES.static_hint_name is defined %}
+static hint unsupported
+{% endif %}
+
+logging {
+	category resolver {
+		stderr;
+	};
+	channel stderr {
+		stderr;
+		severity debug 10;
+	};
+};
No results found