deckard issueshttps://gitlab.nic.cz/knot/deckard/-/issues2018-12-04T08:24:32+01:00https://gitlab.nic.cz/knot/deckard/-/issues/36Possible `rplint` improvements2018-12-04T08:24:32+01:00Štěpán BalážikPossible `rplint` improvements* [ ] detect IP addresses in A/AAAA/config without corresponding RANGE
* [ ] find a way to selectively turn off checks for some RPLs
* [ ] detect files without `CHECK_ANSWER`
* [ ] detect _orphan_ `RANGE`s (not being pointed to by an...* [ ] detect IP addresses in A/AAAA/config without corresponding RANGE
* [ ] find a way to selectively turn off checks for some RPLs
* [ ] detect files without `CHECK_ANSWER`
* [ ] detect _orphan_ `RANGE`s (not being pointed to by any NS record)
* [ ] detect `ENTRY` in `RANGE` or `STEP CHECK_ANSWER` without a `MATCH` rule
* [ ] detect `ENTRY` in `RANGE` without `copy_id`
* [ ] detect more than one record in `SECTION QUESTION` (use `matchpart.check_question` for that)
* [ ] #27
* [ ] `ADJUST do_not_answer` should not be combined with other `ADJUST` parameters
* [ ] `STEP REPLY` should be flagged as non-portable (to different DNS implementations)
I will happily accept further suggestions. :top:Štěpán BalážikŠtěpán Balážikhttps://gitlab.nic.cz/knot/deckard/-/issues/5write sanity checker for tests ("rpllint")2018-10-30T17:18:38+01:00Petr Špačekwrite sanity checker for tests ("rpllint")There is many ways how to write a test which actually does not testing anything but reports OK. Sanity checker would help a lot. Ideas what can be checked:
- [x] STEP QUERY should not have MATCH rule
- `iter_lame_aaaa.rpl` has MATCH ...There is many ways how to write a test which actually does not testing anything but reports OK. Sanity checker would help a lot. Ideas what can be checked:
- [x] STEP QUERY should not have MATCH rule
- `iter_lame_aaaa.rpl` has MATCH TCP in QUERY steps
- [x] STEP CHECK_ANSWER should have MATCH rule
- [x] STEP CHECK_ANSWER: non-empty sections in ENTRY should be listed in MATCH rule
- [x] STEP CHECK_ANSWER: if ENTRY specifies REPLY with a `rcode` than `rcode` should be present in MATCH rule
- [x] STEP CHECK_ANSWER: if ENTRY specifies REPLY some flags than they should be present in MATCH rule
- [ ] ENTRY should have ADJUST copy_id
- [x] ENTRY MATCH without qname & qtype should have ADJUST copy_query
- [x] ENTRY definitions with AUTHORITY section containing NS records: consider using subdomain MATCH rule
- [x] RANGE with multiple entries contains an ENTRY with too broad MATCH rule which masks entries defined later
- [x] trust-anchor option contains domain without trailing period (allows to detect typos like `100 IN DS abcdef` vs. `. 100 IN DS abcded`)
- [x] tests with RRSIG records or AD flag present somewhere should have `trust-anchor` present in test configuration
- [x] tests with RRSIG records present somewhere should have `val-override-date` or `val-override-timestamp` present in test configuration to make it deterministic
- [x] two overlapping RANGEs should not have the same IP in their addresses
- [x] ENTRY should not have two RCODEs in REPLY
Some of these checks might not be applicable in all cases. Particular check can be overriden by comment on the offending line.Štěpán BalážikŠtěpán Balážikhttps://gitlab.nic.cz/knot/deckard/-/issues/26Normali[zs]e the spelling of qname-minimi[zs]ation throughout the code and docs2018-10-30T17:16:03+01:00Štěpán BalážikNormali[zs]e the spelling of qname-minimi[zs]ation throughout the code and docsWe use both spellings interchangeably in docs but not in code.
Unbound uses “minimisation” only.
RFCs regarding this feature use “minimisation” only.
I think we should obey.We use both spellings interchangeably in docs but not in code.
Unbound uses “minimisation” only.
RFCs regarding this feature use “minimisation” only.
I think we should obey.Štěpán BalážikŠtěpán Balážikhttps://gitlab.nic.cz/knot/deckard/-/issues/27rplint: fine-tune AUTHORITY NS checks2018-08-23T13:17:57+02:00Petr Špačekrplint: fine-tune AUTHORITY NS checksWondering out loud:
- checks for presence of NS record in AUTHORITY section makes sense only in `RANGE`
- presence of NS record in AUTHORITY section in `RANGE` should not lead to warning if ANSWER section is non-empty (e.g. Unbound can s...Wondering out loud:
- checks for presence of NS record in AUTHORITY section makes sense only in `RANGE`
- presence of NS record in AUTHORITY section in `RANGE` should not lead to warning if ANSWER section is non-empty (e.g. Unbound can stuff something into AUTHORITY along with normal reply and we want to have ability to simulate that)Štěpán BalážikŠtěpán Balážikhttps://gitlab.nic.cz/knot/deckard/-/issues/34rplint: improve error message about overlaps2018-07-27T19:15:07+02:00Petr Špačekrplint: improve error message about overlapsCurrent rplint version prints error message like this:
```
line 6438 RANGE has common IPs with some previous overlapping RANGE
```
This is hard to debug for user. Please print line numbers of other overlaping RANGEs.Current rplint version prints error message like this:
```
line 6438 RANGE has common IPs with some previous overlapping RANGE
```
This is hard to debug for user. Please print line numbers of other overlaping RANGEs.https://gitlab.nic.cz/knot/deckard/-/issues/24sets/knotd/master/iter_ns.rpl: parse_failed2017-12-15T13:59:19+01:00Corentin Henrysets/knotd/master/iter_ns.rpl: parse_failedHi,
I just cloned deckard, created a python3 virtual environment, installed the package, and ran `make` to have the dependencies installed. I have `knot` installed so I first tried to run the tests for `knotd`, but I hit an error that I...Hi,
I just cloned deckard, created a python3 virtual environment, installed the package, and ran `make` to have the dependencies installed. I have `knot` installed so I first tried to run the tests for `knotd`, but I hit an error that I don't really understand:
```
(env) ~/r/deckard ❯❯❯ ./knotd_master_run.sh
INFO: Tests require Knot compiled with ./configure --enable-recvmmsg=no
make: Entering directory '/home/corentih/rust/deckard'
make[1]: Entering directory '/home/corentih/rust/deckard/contrib/libswrap/obj'
make[2]: Entering directory '/home/corentih/rust/deckard/contrib/libswrap/obj'
make[3]: Entering directory '/home/corentih/rust/deckard/contrib/libswrap/obj'
make[3]: Leaving directory '/home/corentih/rust/deckard/contrib/libswrap/obj'
[100%] Built target socket_wrapper
make[2]: Leaving directory '/home/corentih/rust/deckard/contrib/libswrap/obj'
make[1]: Leaving directory '/home/corentih/rust/deckard/contrib/libswrap/obj'
loadpath: /home/corentih/rust/deckard/pydnstest
confpath: /home/corentih/rust/deckard/sets/knotd/master/iter_ns.rpl
[ FAIL ] sets/knotd/master/iter_ns.rpl
/augeas/files/home/corentih/rust/deckard/sets/knotd/master/iter_ns.rpl/error: parse_failed
Traceback (most recent call last):
File "/home/corentih/rust/deckard/pydnstest/test.py", line 25, in run
test_callback(name, args, config)
File "/home/corentih/rust/deckard/deckard.py", line 293, in process_file
case, cfg_text = scenario.parse_file(os.path.realpath(path))
File "/home/corentih/rust/deckard/pydnstest/scenario.py", line 1032, in parse_file
confpath=path, lens='Deckard', loadpath=os.path.dirname(__file__))
File "/home/corentih/rust/deckard/pydnstest/augwrap.py", line 78, in __init__
raise RuntimeError(err_msg)
RuntimeError: /augeas/files/home/corentih/rust/deckard/sets/knotd/master/iter_ns.rpl/error: parse_failed
make: *** [Makefile:50: sets/knotd/master/iter_ns.out] Error 1
make: Leaving directory '/home/corentih/rust/deckard'
```
Fwiw here is my current python environments:
```
(env) ~/r/deckard ❯❯❯ pip freeze
cffi==1.11.2
deckard==3.0
dnspython==1.15.0
Jinja2==2.10
MarkupSafe==1.0
pycparser==2.18
python-augeas==1.0.3
PyYAML==3.12
```
Do you have any idea what's wrong with my setup?https://gitlab.nic.cz/knot/deckard/-/issues/11Test for unknown opcode2017-11-27T14:23:19+01:00Petr ŠpačekTest for unknown opcodeA new test needs to verify that resolver which receives [unassigned OPCODE](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-5) will return [RCODE = NOTIMP](https://www.iana.org/assignments/dns-paramete...A new test needs to verify that resolver which receives [unassigned OPCODE](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-5) will return [RCODE = NOTIMP](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6).
Good candidate for testing `OPCODE` might be value 1 formerly used for `IQuery` which is formally deprecated and nobody is implementing it anyway.
Blocked by knot-resolver#225https://gitlab.nic.cz/knot/deckard/-/issues/13Tests for DNS forwarding2017-10-12T16:35:32+02:00Petr ŠpačekTests for DNS forwardingThere are almost no tests for DNS in forwarding mode. First step is to define what should be covered.There are almost no tests for DNS in forwarding mode. First step is to define what should be covered.https://gitlab.nic.cz/knot/deckard/-/issues/20add ability for optional RRs in aswers2017-09-21T13:42:44+02:00Vladimír Čunátvladimir.cunat@nic.czadd ability for optional RRs in aswersSome resolvers add records into authority or additional that aren't needed, e.g. NS records. Knot-resolver usually tries to minimize answers, but for tests to be more widely applicable, we would need to express that some records might o...Some resolvers add records into authority or additional that aren't needed, e.g. NS records. Knot-resolver usually tries to minimize answers, but for tests to be more widely applicable, we would need to express that some records might optionally be in the checked answer.https://gitlab.nic.cz/knot/deckard/-/issues/19finish val_minimal_badrrsigsigner test2017-08-23T16:03:45+02:00Petr Špačekfinish val_minimal_badrrsigsigner testIt still does not work on kresd dc74dabdbd74d150ebbb1b08fa44fe7b147d26e6.
[val_minimal_badrrsigsigner.rpl](/uploads/dee304d6f2a79c501b83655f6dc7247c/val_minimal_badrrsigsigner.rpl)It still does not work on kresd dc74dabdbd74d150ebbb1b08fa44fe7b147d26e6.
[val_minimal_badrrsigsigner.rpl](/uploads/dee304d6f2a79c501b83655f6dc7247c/val_minimal_badrrsigsigner.rpl)https://gitlab.nic.cz/knot/deckard/-/issues/18resynchronize test suites between testbound and Deckard2017-08-14T10:32:55+02:00Petr Špačekresynchronize test suites between testbound and DeckardDeckard initially imported tests from testbound. We might want to check again what can be imported this time and go though differences again. This time we should take more notes about the process!
See https://unbound.nlnetlabs.nl/piperm...Deckard initially imported tests from testbound. We might want to check again what can be imported this time and go though differences again. This time we should take more notes about the process!
See https://unbound.nlnetlabs.nl/pipermail/unbound-users/2017-March/004699.html for further details about this plan.Ivana KrumlovaIvana Krumlovahttps://gitlab.nic.cz/knot/deckard/-/issues/7Tests for DNS Cookies2017-07-19T18:42:38+02:00Karel SlanýTests for DNS Cookieshttps://gitlab.nic.cz/knot/deckard/-/issues/2VERBOSE=1 mangles long server logs2017-07-17T16:35:46+02:00Petr ŠpačekVERBOSE=1 mangles long server logsSometimes, the environment variable `VERBOSE=1` causes Deckard to print traceback.
It looks like this:
~~~
[54750][resl] => querying: '194.0.12.1' score: 1530 zone cut: 'cz.' m12n: 'RHyBar.CZ.' type: 'RRSIG' proto: 'udp'[ FAIL ] s...Sometimes, the environment variable `VERBOSE=1` causes Deckard to print traceback.
It looks like this:
~~~
[54750][resl] => querying: '194.0.12.1' score: 1530 zone cut: 'cz.' m12n: 'RHyBar.CZ.' type: 'RRSIG' proto: 'udp'[ FAIL ] sets/resolver/world_cz_rhybar.rpl ([Errno 11] Resource temporarily unavailable)
Traceback (most recent call last):
File "/home/pspacek/pkg/deckard/git/pydnstest/test.py", line 24, in run
test_callback(*args)
File "/home/pspacek/pkg/deckard/git/deckard.py", line 259, in play_object
print(open('%s/server.log' % TMPDIR).read())
IOError: [Errno 11] Resource temporarily unavailable
[ RANGE 0-100 ] set(['192.33.4.12', '2001:500:2d::d', '2001:dc3::35', '192.36.148.17', '2001:500:12::d0d', '192.203.230.10', '199.7.83.42', '198.97.190.53', '2001:500:a8::e', '2001:500:9f::42', '192.58.128.30', '2001:500:2f::f', '193.0.14.129', '202.12.27.33', '2001:500:2::c', '192.5.5.241', '2001:7fe::53', '198.41.0.4', '2001:7fd::1', '199.7.91.13', '192.112.36.4', '2001:500:84::b', '192.228.79.201', '2001:503:c27::2:30', '2001:500:1::53', '2001:503:ba3e::2:30']) received: 3 sent: 3
[ RANGE 0-100 ] set(['194.0.13.1', '2001:678:11::1', '2001:678:10::1', '194.0.12.1', '193.29.206.1', '2001:678:f::1', '194.0.14.1', '2001:678:1::1']) received: 91 sent: 6
~~~
This happens only if the server's output is long enough, e.g. in test `sets/resolver/world_cz_rhybar.rpl` from deckard@0b25a1c090d301355ffe658ceb25155aa8e657ce.https://gitlab.nic.cz/knot/deckard/-/issues/8test prefetch features2017-04-27T12:57:20+02:00Petr Špačektest prefetch featuresUnbound and kresd support the same prefetch feature. We might be able to find constants such that the test will work for both resolvers.Unbound and kresd support the same prefetch feature. We might be able to find constants such that the test will work for both resolvers.