diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 07:24:22 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 07:24:22 +0000 |
commit | 45d6379135504814ab723b57f0eb8be23393a51d (patch) | |
tree | d4f2ec4acca824a8446387a758b0ce4238a4dffa /lib/dns/tests | |
parent | Initial commit. (diff) | |
download | bind9-45d6379135504814ab723b57f0eb8be23393a51d.tar.xz bind9-45d6379135504814ab723b57f0eb8be23393a51d.zip |
Adding upstream version 1:9.16.44.upstream/1%9.16.44upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/dns/tests')
119 files changed, 27108 insertions, 0 deletions
diff --git a/lib/dns/tests/Kdh.+002+18602.key b/lib/dns/tests/Kdh.+002+18602.key new file mode 100644 index 0000000..09b4cf5 --- /dev/null +++ b/lib/dns/tests/Kdh.+002+18602.key @@ -0,0 +1 @@ +dh. IN KEY 0 2 2 AAEBAAAAYIHI/wjtOagNga9GILSoS02IVelgLilPE/TfhtvShsiDAXqb IfxQcj2JkuOnNLs5ttb2WZXWl5/jsSjIxHMwMF2XY4gwt/lwHBf/vgYH r7aIxnKXov1jk9rymTLHGKIOtg== diff --git a/lib/dns/tests/Krsa.+008+29238.key b/lib/dns/tests/Krsa.+008+29238.key new file mode 100644 index 0000000..8a09067 --- /dev/null +++ b/lib/dns/tests/Krsa.+008+29238.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 29235, for rsa. +; Created: 20160819191802 (Fri Aug 19 21:18:02 2016) +; Publish: 20160819191802 (Fri Aug 19 21:18:02 2016) +; Activate: 20160819191802 (Fri Aug 19 21:18:02 2016) +rsa. IN DNSKEY 256 3 8 AwEAAdLT1R3qiqCqll3Xzh2qFMvehQ9FODsPftw5U4UjB3QwnJ/3+dph 9kZBBeaJagUBVYzoArk6XNydpp3HhSCFDcIiepL6r8XAifW3SqI1KCne OD38kSCl/Qm9P0+3CFWokGVubsSQ+3dpQZxqx5bzOXthbuzAr6X+gDUE LAyHtCQNmJ+4ktdCoj3DNYW0z/xLvrcB2Lns7H+/qWnGPL4f3hr7Vbak Oeay+4J4KGdY2LFxJUVts6QrgAA8gz4mV9YIJFP+C4B3b/Z7qgqZRxmT 0pic+fJC5+sq0l8KwavPn0n+HqVuJNvppVKMdTbsmmuk69RFGMjbFkP7 tnCiqC9Zi6s= diff --git a/lib/dns/tests/Kyuafile b/lib/dns/tests/Kyuafile new file mode 100644 index 0000000..53b4686 --- /dev/null +++ b/lib/dns/tests/Kyuafile @@ -0,0 +1,45 @@ +-- Copyright (C) Internet Systems Consortium, Inc. ("ISC") +-- +-- SPDX-License-Identifier: MPL-2.0 +-- +-- This Source Code Form is subject to the terms of the Mozilla Public +-- License, v. 2.0. If a copy of the MPL was not distributed with this +-- file, you can obtain one at https://mozilla.org/MPL/2.0/. +-- +-- See the COPYRIGHT file distributed with this work for additional +-- information regarding copyright ownership. + +syntax(2) +test_suite('bind9') + +tap_test_program{name='acl_test'} +tap_test_program{name='db_test'} +tap_test_program{name='dbdiff_test'} +tap_test_program{name='dbiterator_test'} +tap_test_program{name='dbversion_test'} +tap_test_program{name='dh_test'} +tap_test_program{name='dispatch_test'} +tap_test_program{name='dnstap_test'} +tap_test_program{name='dst_test'} +tap_test_program{name='geoip_test'} +tap_test_program{name='keytable_test'} +tap_test_program{name='master_test'} +tap_test_program{name='name_test'} +tap_test_program{name='nsec3_test'} +tap_test_program{name='peer_test'} +tap_test_program{name='private_test'} +tap_test_program{name='rbt_serialize_test', is_exclusive=true} +tap_test_program{name='rbt_test'} +tap_test_program{name='rbtdb_test'} +tap_test_program{name='rdata_test'} +tap_test_program{name='rdataset_test'} +tap_test_program{name='rdatasetstats_test'} +tap_test_program{name='resolver_test'} +tap_test_program{name='result_test'} +tap_test_program{name='rsa_test'} +tap_test_program{name='sigs_test'} +tap_test_program{name='time_test'} +tap_test_program{name='tsig_test'} +tap_test_program{name='update_test'} +tap_test_program{name='zonemgr_test'} +tap_test_program{name='zt_test'} diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in new file mode 100644 index 0000000..90c1371 --- /dev/null +++ b/lib/dns/tests/Makefile.in @@ -0,0 +1,287 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +srcdir = @srcdir@ +VPATH = @srcdir@ +top_srcdir = @top_srcdir@ + +VERSION=@BIND9_VERSION@ + +@BIND9_MAKE_INCLUDES@ + +CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \ + ${FSTRM_CFLAGS} ${OPENSSL_CFLAGS} \ + ${PROTOBUF_C_CFLAGS} ${MAXMINDDB_CFLAGS} @CMOCKA_CFLAGS@ +CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\"" + +ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@ +ISCDEPLIBS = ../../isc/libisc.@A@ +DNSLIBS = ../libdns.@A@ @NO_LIBTOOL_DNSLIBS@ +DNSDEPLIBS = ../libdns.@A@ + +LIBS = @LIBS@ @CMOCKA_LIBS@ + +OBJS = dnstest.@O@ +SRCS = acl_test.c \ + db_test.c \ + dbdiff_test.c \ + dbiterator_test.c \ + dh_test.c \ + dispatch_test.c \ + dnstap_test.c \ + dst_test.c \ + dnstest.c \ + geoip_test.c \ + keytable_test.c \ + master_test.c \ + name_test.c \ + nsec3_test.c \ + nsec3param_test.c \ + peer_test.c \ + private_test.c \ + rbt_test.c \ + rbt_serialize_test.c \ + rbtdb_test.c \ + rdata_test.c \ + rdataset_test.c \ + rdatasetstats_test.c \ + resolver_test.c \ + result_test.c \ + rsa_test.c \ + sigs_test.c \ + time_test.c \ + tsig_test.c \ + update_test.c \ + zonemgr_test.c \ + zt_test.c + +SUBDIRS = +TARGETS = acl_test@EXEEXT@ \ + db_test@EXEEXT@ \ + dbdiff_test@EXEEXT@ \ + dbiterator_test@EXEEXT@ \ + dbversion_test@EXEEXT@ \ + dh_test@EXEEXT@ \ + dispatch_test@EXEEXT@ \ + dnstap_test@EXEEXT@ \ + dst_test@EXEEXT@ \ + geoip_test@EXEEXT@ \ + keytable_test@EXEEXT@ \ + master_test@EXEEXT@ \ + name_test@EXEEXT@ \ + nsec3_test@EXEEXT@ \ + nsec3param_test@EXEEXT@ \ + peer_test@EXEEXT@ \ + private_test@EXEEXT@ \ + rbt_test@EXEEXT@ \ + rbt_serialize_test@EXEEXT@ \ + rbtdb_test@EXEEXT@ \ + rdata_test@EXEEXT@ \ + rdataset_test@EXEEXT@ \ + rdatasetstats_test@EXEEXT@ \ + resolver_test@EXEEXT@ \ + result_test@EXEEXT@ \ + rsa_test@EXEEXT@ \ + sigs_test@EXEEXT@ \ + time_test@EXEEXT@ \ + tsig_test@EXEEXT@ \ + update_test@EXEEXT@ \ + zonemgr_test@EXEEXT@ \ + zt_test@EXEEXT@ + +@BIND9_MAKE_RULES@ + +LD_WRAP_TESTS=@LD_WRAP_TESTS@ + +acl_test@EXEEXT@: acl_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ acl_test.@O@ dnstest.@O@ ${DNSLIBS} \ + ${ISCLIBS} ${LIBS} + +db_test@EXEEXT@: db_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ db_test.@O@ dnstest.@O@ ${DNSLIBS} \ + ${ISCLIBS} ${LIBS} + +dbdiff_test@EXEEXT@: dbdiff_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ dbdiff_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +dbiterator_test@EXEEXT@: dbiterator_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ dbiterator_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +dbversion_test@EXEEXT@: dbversion_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ dbversion_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +dh_test@EXEEXT@: dh_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ dh_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +dispatch_test@EXEEXT@: dispatch_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ dispatch_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +dnstap_test@EXEEXT@: dnstap_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ dnstap_test.@O@ dnstest.@O@ \ + ${FSTRM_LIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS} + +dst_test@EXEEXT@: dst_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ dst_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +geoip_test@EXEEXT@: geoip_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ geoip_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${MAXMINDDB_LIBS} ${ISCLIBS} ${LIBS} + +keytable_test@EXEEXT@: keytable_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ keytable_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +master_test@EXEEXT@: master_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + test -d testdata || mkdir testdata + test -d testdata/master || mkdir testdata/master + ${PERL} ${srcdir}/mkraw.pl < ${srcdir}/testdata/master/master12.data.in \ + > testdata/master/master12.data + ${PERL} ${srcdir}/mkraw.pl < ${srcdir}/testdata/master/master13.data.in \ + > testdata/master/master13.data + ${PERL} ${srcdir}/mkraw.pl < ${srcdir}/testdata/master/master14.data.in \ + > testdata/master/master14.data + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ master_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +name_test@EXEEXT@: name_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ name_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +nsec3_test@EXEEXT@: nsec3_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ nsec3_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +nsec3param_test@EXEEXT@: nsec3param_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ nsec3param_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +peer_test@EXEEXT@: peer_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ peer_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +private_test@EXEEXT@: private_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ private_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +rbt_serialize_test@EXEEXT@: rbt_serialize_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ rbt_serialize_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +rbt_test@EXEEXT@: rbt_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ rbt_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +rbtdb_test@EXEEXT@: rbtdb_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ rbtdb_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +rdata_test@EXEEXT@: rdata_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ rdata_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +rdataset_test@EXEEXT@: rdataset_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ rdataset_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +rdatasetstats_test@EXEEXT@: rdatasetstats_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ rdatasetstats_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +resolver_test@EXEEXT@: resolver_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ resolver_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +result_test@EXEEXT@: result_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ result_test.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +rsa_test@EXEEXT@: rsa_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ rsa_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +sigs_test@EXEEXT@: sigs_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ sigs_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +time_test@EXEEXT@: time_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ time_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +WRAP_OPTIONS = \ + -Wl,--wrap=isc__mem_put \ + -Wl,--wrap=isc__mem_get \ + -Wl,--wrap=isc_mem_attach \ + -Wl,--wrap=isc_mem_detach \ + -Wl,--wrap=isc__mem_putanddetach + +tsig_test@EXEEXT@: tsig_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ tsig_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +update_test@EXEEXT@: update_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ update_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +zonemgr_test@EXEEXT@: zonemgr_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ zonemgr_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +zt_test@EXEEXT@: zt_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \ + ${LDFLAGS} -o $@ zt_test.@O@ dnstest.@O@ \ + ${DNSLIBS} ${ISCLIBS} ${LIBS} + +unit:: + sh ${top_builddir}/unit/unittest.sh + +clean distclean:: + rm -f ${TARGETS} + rm -f atf.out + rm -f testdata/master/master12.data testdata/master/master13.data \ + testdata/master/master14.data + rm -f zone.bin diff --git a/lib/dns/tests/acl_test.c b/lib/dns/tests/acl_test.c new file mode 100644 index 0000000..21941a2 --- /dev/null +++ b/lib/dns/tests/acl_test.c @@ -0,0 +1,158 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/print.h> +#include <isc/string.h> +#include <isc/util.h> + +#include <dns/acl.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +#define BUFLEN 255 +#define BIGBUFLEN (70 * 1024) +#define TEST_ORIGIN "test" + +/* test that dns_acl_isinsecure works */ +static void +dns_acl_isinsecure_test(void **state) { + isc_result_t result; + dns_acl_t *any = NULL; + dns_acl_t *none = NULL; + dns_acl_t *notnone = NULL; + dns_acl_t *notany = NULL; +#if defined(HAVE_GEOIP2) + dns_acl_t *geoip = NULL; + dns_acl_t *notgeoip = NULL; + dns_aclelement_t *de; +#endif /* HAVE_GEOIP2 */ + + UNUSED(state); + + result = dns_acl_any(dt_mctx, &any); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_acl_none(dt_mctx, &none); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_acl_create(dt_mctx, 1, ¬none); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_acl_create(dt_mctx, 1, ¬any); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_acl_merge(notnone, none, false); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_acl_merge(notany, any, false); + assert_int_equal(result, ISC_R_SUCCESS); + +#if defined(HAVE_GEOIP2) + result = dns_acl_create(dt_mctx, 1, &geoip); + assert_int_equal(result, ISC_R_SUCCESS); + + de = geoip->elements; + assert_non_null(de); + strlcpy(de->geoip_elem.as_string, "AU", + sizeof(de->geoip_elem.as_string)); + de->geoip_elem.subtype = dns_geoip_country_code; + de->type = dns_aclelementtype_geoip; + de->negative = false; + assert_true(geoip->length < geoip->alloc); + dns_acl_node_count(geoip)++; + de->node_num = dns_acl_node_count(geoip); + geoip->length++; + + result = dns_acl_create(dt_mctx, 1, ¬geoip); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_acl_merge(notgeoip, geoip, false); + assert_int_equal(result, ISC_R_SUCCESS); +#endif /* HAVE_GEOIP2 */ + + assert_true(dns_acl_isinsecure(any)); /* any; */ + assert_false(dns_acl_isinsecure(none)); /* none; */ + assert_false(dns_acl_isinsecure(notany)); /* !any; */ + assert_false(dns_acl_isinsecure(notnone)); /* !none; */ + +#if defined(HAVE_GEOIP2) + assert_true(dns_acl_isinsecure(geoip)); /* geoip; */ + assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */ +#endif /* HAVE_GEOIP2 */ + + dns_acl_detach(&any); + dns_acl_detach(&none); + dns_acl_detach(¬any); + dns_acl_detach(¬none); +#if defined(HAVE_GEOIP2) + dns_acl_detach(&geoip); + dns_acl_detach(¬geoip); +#endif /* HAVE_GEOIP2 */ +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(dns_acl_isinsecure_test, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/comparekeys/Kexample-d.+008+53461.key b/lib/dns/tests/comparekeys/Kexample-d.+008+53461.key new file mode 100644 index 0000000..5c43165 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-d.+008+53461.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 53461, for example-d. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example-d. IN DNSKEY 256 3 8 AwEAAaKYSOPDzZvfue5sU71xPCJKJpB5kZGl4vTp3OI8W+nN1YFtmVe2 2gM666AEutDAEB7cLkyoKCOH0+4Lh1ucPr6OmdWkHfk7uZv58eH0kOAV tNz2xhEF/YHSD7cnBEU9g0knGwpWuzSJKRhGhNoaVus9g1MaAn8efptz HIduIwgAeXV3BDCUpY6HbpwjDxOGCzCUYDRgcex37kYuCyW0PvlO5FQ0 DT0LpjcgBmIBpXol7sYpmKdOKJrm4x2lwGntr4K+bCdNYI2PRPJjPqAf jlvIvJylGUaqFJasw7PSMQIkgcQ4OQXVrhE8uGLdYvP1cusLuROIjdYp Pdqc5K9lCQE= diff --git a/lib/dns/tests/comparekeys/Kexample-d.+008+53461.private b/lib/dns/tests/comparekeys/Kexample-d.+008+53461.private new file mode 100644 index 0000000..a693428 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-d.+008+53461.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ== +PublicExponent: AQAB +PrivateExponent: AhR3VvVoV6OGOjiiNUt728hidEMoX4PJWtHNWqinyRek5tSnqgaXeKC3NuU0mUIjDvBps9oH4lK3yNa5fBr/nodwP4wNyTd3obR/z6JcLersxJjHi4nYX2ju8vjdsBSIulNudqlrsPhLJe0+Tff3FRfClSQmQ/JtakHo4lIx8zxiOJY8aWFeHGdWJDkAf6NStt3eVYyOyAwISfv3muaGPZKShiIOfLyTvqFqzwYFgdTWmvFqTdwgjIMc5XAwqw73WP2BPCN+fdCiMtrw0fCrhWzw/gfMJBHdOPH0diUZysAJhM0vdVKQzEi/g3YOo00fahZiPzaxNtZnLNj2mA54YQ== +Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE= +Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E= +Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE= +Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE= +Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample-e.+008+53973.key b/lib/dns/tests/comparekeys/Kexample-e.+008+53973.key new file mode 100644 index 0000000..a4b0d03 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-e.+008+53973.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 53973, for example-e. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example-e. IN DNSKEY 256 3 8 BQEAAAABophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2Z V7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ 4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+ m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7k VDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+ oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN 1ik92pzkr2UJAQ== diff --git a/lib/dns/tests/comparekeys/Kexample-e.+008+53973.private b/lib/dns/tests/comparekeys/Kexample-e.+008+53973.private new file mode 100644 index 0000000..765ca1a --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-e.+008+53973.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ== +PublicExponent: AQAAAAE= +PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ== +Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE= +Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E= +Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE= +Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE= +Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample-n.+008+37464.key b/lib/dns/tests/comparekeys/Kexample-n.+008+37464.key new file mode 100644 index 0000000..da2e16a --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-n.+008+37464.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 37464, for example-n. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example-n. IN DNSKEY 256 3 8 AwEAAbxHOF8G0xw9ekCodhL8KivuZ3o0jmGlycLiXBjBN8c5R5fjLjUh D0gy3IDbDC+kLaPhHGF/MwrSEjrgSowxZ8nrxDzsq5ZdpeUsYaNrbQEY /mqf35T/9/Ulm4v06x58v/NTugWd05Xq04aAyfm7EViyGFzmVOVfPnll h9xQtvWEWoRWPseFw+dY5/nc/+xB/IsQMihoH2rO+cek/lsP3R9DsHCG RbQ/ks/+rrp6/O+QJZyZrzsONl7mlMDXNy3Pz9J4qMW2W6Mz702LN324 7/9UsetDGGbuZfrCLMpKWXzdsJm36DOk4aMooS9111plfXaXQgQNcL5G 021utpTau+8= diff --git a/lib/dns/tests/comparekeys/Kexample-n.+008+37464.private b/lib/dns/tests/comparekeys/Kexample-n.+008+37464.private new file mode 100644 index 0000000..65689a2 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-n.+008+37464.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: vEc4XwbTHD16QKh2EvwqK+5nejSOYaXJwuJcGME3xzlHl+MuNSEPSDLcgNsML6Qto+EcYX8zCtISOuBKjDFnyevEPOyrll2l5Sxho2ttARj+ap/flP/39SWbi/TrHny/81O6BZ3TlerThoDJ+bsRWLIYXOZU5V8+eWWH3FC29YRahFY+x4XD51jn+dz/7EH8ixAyKGgfas75x6T+Ww/dH0OwcIZFtD+Sz/6uunr875AlnJmvOw42XuaUwNc3Lc/P0nioxbZbozPvTYs3fbjv/1Sx60MYZu5l+sIsykpZfN2wmbfoM6ThoyihL3XXWmV9dpdCBA1wvkbTbW62lNq77w== +PublicExponent: AQAB +PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ== +Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE= +Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E= +Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE= +Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE= +Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample-p.+008+53461.key b/lib/dns/tests/comparekeys/Kexample-p.+008+53461.key new file mode 100644 index 0000000..20ffcfd --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-p.+008+53461.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 53461, for example-p. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example-p. IN DNSKEY 256 3 8 AwEAAaKYSOPDzZvfue5sU71xPCJKJpB5kZGl4vTp3OI8W+nN1YFtmVe2 2gM666AEutDAEB7cLkyoKCOH0+4Lh1ucPr6OmdWkHfk7uZv58eH0kOAV tNz2xhEF/YHSD7cnBEU9g0knGwpWuzSJKRhGhNoaVus9g1MaAn8efptz HIduIwgAeXV3BDCUpY6HbpwjDxOGCzCUYDRgcex37kYuCyW0PvlO5FQ0 DT0LpjcgBmIBpXol7sYpmKdOKJrm4x2lwGntr4K+bCdNYI2PRPJjPqAf jlvIvJylGUaqFJasw7PSMQIkgcQ4OQXVrhE8uGLdYvP1cusLuROIjdYp Pdqc5K9lCQE= diff --git a/lib/dns/tests/comparekeys/Kexample-p.+008+53461.private b/lib/dns/tests/comparekeys/Kexample-p.+008+53461.private new file mode 100644 index 0000000..063c925 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-p.+008+53461.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ== +PublicExponent: AQAB +PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ== +Prime1: 5YpfVjEtL1owW9gSFbIMx65POr+fiktxirgy1bc5fSsVqUgG6zhbaN/VpWcNZG0Zg5xd6S7C8V3djGlnJN8wZIyjIh7+Z3WWjqbOD9oY7rC1fR+W0OvbCmZiEzOpRJ5qoMOh1MzkkanhMy0/ICpaa8eQ9zEb80oTIQpFgoLn7K0= +Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E= +Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE= +Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE= +Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample-private.+002+65316.key b/lib/dns/tests/comparekeys/Kexample-private.+002+65316.key new file mode 100644 index 0000000..7cc002d --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-private.+002+65316.key @@ -0,0 +1 @@ +example-private. IN KEY 512 3 2 AAECAAAAgKVXnUOFKMvLvwO/VdY9bq+eOPBxrRWsDpcL9FJ9+hklVvii pcLOIhiKLeHI/u9vM2nhd8+opIW92+j2pB185MRgSrINQcC+XpI/xiDG HwE78bQ+2Ykb/memG+ctkVyrFGHtaJLCUGWrUHy1jbtvYeaKeS92jR/2 4oryt3N851u5 diff --git a/lib/dns/tests/comparekeys/Kexample-private.+002+65316.private b/lib/dns/tests/comparekeys/Kexample-private.+002+65316.private new file mode 100644 index 0000000..1f00fa9 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-private.+002+65316.private @@ -0,0 +1,9 @@ +Private-key-format: v1.3 +Algorithm: 2 (DH) +Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5lOB//////////8= +Generator(g): Ag== +Private_value(x): dLr0sfk/P1V0DfQ7Ke3IIaSM8nHjtrBRlMcQXRMVrLhbbKeCodvpSRtI0Nwtt38Df8dbGGtP676my2Ht2UHyL7rO0+ASv98NCysL0Xp6q2a7fn67iGFUBTg3jzXC89FYv4sYNeVLDGrKC3EjtGkalzgDVuzEC8CqRkWKeys3ufc= +Public_value(y): pVedQ4Uoy8u/A79V1j1ur5448HGtFawOlwv0Un36GSVW+KKlws4iGIot4cj+728zaeF3z6ikhb3b6PakHXzkxGBKsg1BwL5ekj/GIMYfATvxtD7ZiRv+Z6Yb5y2RXKsUYe1oksJQZatQfLWNu29h5op5L3aNH/biivK3c3znW7k= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample-q.+008+53461.key b/lib/dns/tests/comparekeys/Kexample-q.+008+53461.key new file mode 100644 index 0000000..5d4a0e7 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-q.+008+53461.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 53461, for example-q. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example-q. IN DNSKEY 256 3 8 AwEAAaKYSOPDzZvfue5sU71xPCJKJpB5kZGl4vTp3OI8W+nN1YFtmVe2 2gM666AEutDAEB7cLkyoKCOH0+4Lh1ucPr6OmdWkHfk7uZv58eH0kOAV tNz2xhEF/YHSD7cnBEU9g0knGwpWuzSJKRhGhNoaVus9g1MaAn8efptz HIduIwgAeXV3BDCUpY6HbpwjDxOGCzCUYDRgcex37kYuCyW0PvlO5FQ0 DT0LpjcgBmIBpXol7sYpmKdOKJrm4x2lwGntr4K+bCdNYI2PRPJjPqAf jlvIvJylGUaqFJasw7PSMQIkgcQ4OQXVrhE8uGLdYvP1cusLuROIjdYp Pdqc5K9lCQE= diff --git a/lib/dns/tests/comparekeys/Kexample-q.+008+53461.private b/lib/dns/tests/comparekeys/Kexample-q.+008+53461.private new file mode 100644 index 0000000..6b2e563 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample-q.+008+53461.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ== +PublicExponent: AQAB +PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ== +Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE= +Prime2: 0fs3ncL5/2qzq2dmPXLYcOfc1EGSuESO0VpREP8EpTkyPKeVw5LaF9TgZRqPWlRf2T0LPoZ766xLAn090u0pLQ5fWM96NMas7kS+rxtRssat6MiQo3YfoU3ysk3xuPzrMBHyn/N42CjSG+bJEToHR7V16KsCT6dBIPkI3tj/Yos= +Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE= +Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE= +Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample.+002+65316.key b/lib/dns/tests/comparekeys/Kexample.+002+65316.key new file mode 100644 index 0000000..c2f4703 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample.+002+65316.key @@ -0,0 +1 @@ +example. IN KEY 512 3 2 AAECAAAAgKVXnUOFKMvLvwO/VdY9bq+eOPBxrRWsDpcL9FJ9+hklVvii pcLOIhiKLeHI/u9vM2nhd8+opIW92+j2pB185MRgSrINQcC+XpI/xiDG HwE78bQ+2Ykb/memG+ctkVyrFGHtaJLCUGWrUHy1jbtvYeaKeS92jR/2 4oryt3N851u5 diff --git a/lib/dns/tests/comparekeys/Kexample.+002+65316.private b/lib/dns/tests/comparekeys/Kexample.+002+65316.private new file mode 100644 index 0000000..e872834 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample.+002+65316.private @@ -0,0 +1,9 @@ +Private-key-format: v1.3 +Algorithm: 2 (DH) +Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5lOB//////////8= +Generator(g): Ag== +Private_value(x): bUMVaaSCAPT0NK7AkIa0JA1SSw83x8WxS+iePECQwr4xDDMnevNHWK1nIofUM2qNbpDe2KvFIt9tu+1UgZgOTLoQFipePtHKOjoRX6XsGNzKmL8WZOlw/QJw0D5RIn7l7tvmBCeNHINl9IWVgMLTi+wgzrJxSeGe406q23Jn4Uc= +Public_value(y): pVedQ4Uoy8u/A79V1j1ur5448HGtFawOlwv0Un36GSVW+KKlws4iGIot4cj+728zaeF3z6ikhb3b6PakHXzkxGBKsg1BwL5ekj/GIMYfATvxtD7ZiRv+Z6Yb5y2RXKsUYe1oksJQZatQfLWNu29h5op5L3aNH/biivK3c3znW7k= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample.+008+53461.key b/lib/dns/tests/comparekeys/Kexample.+008+53461.key new file mode 100644 index 0000000..33c8188 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample.+008+53461.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 53461, for example. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example. IN DNSKEY 256 3 8 AwEAAaKYSOPDzZvfue5sU71xPCJKJpB5kZGl4vTp3OI8W+nN1YFtmVe2 2gM666AEutDAEB7cLkyoKCOH0+4Lh1ucPr6OmdWkHfk7uZv58eH0kOAV tNz2xhEF/YHSD7cnBEU9g0knGwpWuzSJKRhGhNoaVus9g1MaAn8efptz HIduIwgAeXV3BDCUpY6HbpwjDxOGCzCUYDRgcex37kYuCyW0PvlO5FQ0 DT0LpjcgBmIBpXol7sYpmKdOKJrm4x2lwGntr4K+bCdNYI2PRPJjPqAf jlvIvJylGUaqFJasw7PSMQIkgcQ4OQXVrhE8uGLdYvP1cusLuROIjdYp Pdqc5K9lCQE= diff --git a/lib/dns/tests/comparekeys/Kexample.+008+53461.private b/lib/dns/tests/comparekeys/Kexample.+008+53461.private new file mode 100644 index 0000000..dd4d9a4 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample.+008+53461.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ== +PublicExponent: AQAB +PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ== +Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE= +Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E= +Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE= +Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE= +Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample.+013+19786.key b/lib/dns/tests/comparekeys/Kexample.+013+19786.key new file mode 100644 index 0000000..ccfcc97 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample.+013+19786.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 19786, for example. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example. IN DNSKEY 256 3 13 S35Z1XtGlnnU7BBahMJwAZXXff+JupyIDssNfJyrugLKq5R10TJ5tU3W r3VuP6aJNs6+uL2cMPVTVT1vr1Aqwg== diff --git a/lib/dns/tests/comparekeys/Kexample.+013+19786.private b/lib/dns/tests/comparekeys/Kexample.+013+19786.private new file mode 100644 index 0000000..0d72cf1 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample.+013+19786.private @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: ZYcYhR5f98vI1+BFGKLIrarZrqxJM4mRy9tvwntdYoo= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample.+015+63663.key b/lib/dns/tests/comparekeys/Kexample.+015+63663.key new file mode 100644 index 0000000..92db9fb --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample.+015+63663.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 63663, for example. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example. IN DNSKEY 256 3 15 ZLlkI5q8XDkP3D7Zxdbmuqh4yp90mbvdcNT0xSGLDtI= diff --git a/lib/dns/tests/comparekeys/Kexample.+015+63663.private b/lib/dns/tests/comparekeys/Kexample.+015+63663.private new file mode 100644 index 0000000..c2c48f3 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample.+015+63663.private @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 15 (ED25519) +PrivateKey: rGYsnf8nPlg7kg7qRcIXYShPsTiMHTeWJInNrW9GwSQ= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample2.+002+19823.key b/lib/dns/tests/comparekeys/Kexample2.+002+19823.key new file mode 100644 index 0000000..9d521f7 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample2.+002+19823.key @@ -0,0 +1 @@ +example2. IN KEY 512 3 2 AAECAAAAgCxVfxiyTe8C83ou8KXSu9WmzGwCYWB2NkdS87Kz0PgTuBay JkDDAEeR6CIYClA6PXBp2GXUPHoYWag9zVOVU85PYu0KRZF69EN0IVsA OCtgikOcr5yD4esSMwTTPk/OQ8qW/yGf1DvdpXuiu3P/wSpzVGL8tHFQ 2XURydYytol0 diff --git a/lib/dns/tests/comparekeys/Kexample2.+002+19823.private b/lib/dns/tests/comparekeys/Kexample2.+002+19823.private new file mode 100644 index 0000000..f6722f6 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample2.+002+19823.private @@ -0,0 +1,9 @@ +Private-key-format: v1.3 +Algorithm: 2 (DH) +Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5lOB//////////8= +Generator(g): Ag== +Private_value(x): W0EpuIMltmMuZAKcCmRe/Ix9WsHPU/GLfqbjHKCjgYdRFzwqHyVp6z+uf8EgmHBD1bbBjwfcnRse8xfqqmt/wZIRdDzjRq/oZdKtJHqFZSO+MQZ5DKrdojKU7UEl/j44heJzVO0qFkrPvWglRt+780LP0awkfetecXDxvJT+HIw= +Public_value(y): LFV/GLJN7wLzei7wpdK71abMbAJhYHY2R1LzsrPQ+BO4FrImQMMAR5HoIhgKUDo9cGnYZdQ8ehhZqD3NU5VTzk9i7QpFkXr0Q3QhWwA4K2CKQ5yvnIPh6xIzBNM+T85Dypb/IZ/UO92le6K7c//BKnNUYvy0cVDZdRHJ1jK2iXQ= +Created: 20211027221355 +Publish: 20211027221355 +Activate: 20211027221355 diff --git a/lib/dns/tests/comparekeys/Kexample2.+008+37993.key b/lib/dns/tests/comparekeys/Kexample2.+008+37993.key new file mode 100644 index 0000000..c0e09a1 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample2.+008+37993.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 37993, for example2. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example2. IN DNSKEY 256 3 8 AwEAAaSRhPf0XhYR52Kpi0RZJgEnpidvuz2Ywdyh8k5CKwal9nM15PNc 4ZoPEVGO+ize53hq0iUkVlBhAfhQE31Fhf4zU544fezBEaz33hiajEzL ZITux9N83WfoYSNnyufvSGzNcpNM6LHKdDwMr1kr9tTgNeuiTAlPv5z9 BNtfv2B25moVm1DoxMCd8WH0jYC452a2lGM+Fbd45o02OO7V8balPwJh MM2bbeWg5G+tbvCAot93KxtavyOMKV4siv3ZH639J0dIb10L8nNrN0Ge UjkX8yU3fgeWB4Oldtzx0SHxG75NWjRLnpVzBq5GeacLc4RsN+S+nhYW 4Wv2A066w70= diff --git a/lib/dns/tests/comparekeys/Kexample2.+008+37993.private b/lib/dns/tests/comparekeys/Kexample2.+008+37993.private new file mode 100644 index 0000000..887ad2b --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample2.+008+37993.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: pJGE9/ReFhHnYqmLRFkmASemJ2+7PZjB3KHyTkIrBqX2czXk81zhmg8RUY76LN7neGrSJSRWUGEB+FATfUWF/jNTnjh97MERrPfeGJqMTMtkhO7H03zdZ+hhI2fK5+9IbM1yk0zoscp0PAyvWSv21OA166JMCU+/nP0E21+/YHbmahWbUOjEwJ3xYfSNgLjnZraUYz4Vt3jmjTY47tXxtqU/AmEwzZtt5aDkb61u8ICi33crG1q/I4wpXiyK/dkfrf0nR0hvXQvyc2s3QZ5SORfzJTd+B5YHg6V23PHRIfEbvk1aNEuelXMGrkZ5pwtzhGw35L6eFhbha/YDTrrDvQ== +PublicExponent: AQAB +PrivateExponent: O/HFvYwFuYRMBGQ9lmfisAkBPNw2F/nMo9FZsafohENvwgefngX3J2bVqB+sgSuwpOxEH8NcrWqojQqeDsOES1Pm4XsyY0rwZVDkVZH2CQMNWl6f6ylQfMjomTz1bAZ9GyS612zsVdapADaeqJybDG+fNHWpvLqP0V9YpY/65efTvrA3Qu+XpDvLaJ34yjkeEGUgysNP3KkDTeJTY/ksKi6ODtdzbKpufjZS8b6BL97XcFcNGiwu/gNPCvtmm/H+tXaNYyijG7bNGPOpHFhlMCT13o8XLrR/OGty6VY6PpjaEnvlZUZnWHUwn/JmNoZRJoXAAEerk3nS+tOhRmcrAQ== +Prime1: 2W8JHYaTn7XefxxwaDZWFrVtHnnd0vUZvBBNA1PJeRfDr+yPxyWcgYx1OBxKkJsYGiob0i992W2HXuz2KS81yBCtH/uLK1Y+mkjgme4MWZupZ0RsKA1TkgIrJs174Dv3P/yqc+/R4eiwUGt10493MS1PJFF0CmisDzgjai/JLIM= +Prime2: wcIKikgzOsq2A2Hl7qPCeA3oKTc66eFVNvB/KH91/hNFKNm0kAvhHrNe9rSoU+JywCNbX/Fs7X6SuHHJaRs+KpSBadnqfwEIngCq2Y00nT3sbETx4VNbXFD6MPPo3MWDi61/TCyrtBujutavo5ghj2oVzNGqMT3UyhaVNrJp2r8= +Exponent1: GsEO3hMxFvXJ6toU+r202hZ41scoBE0kXX+j+kTVBZFnAr6Y8mguWcJuqfjRM/nhfVaxFavCUH6pqYR+xZKJi5SBuO26shpqmZFeEZK48k21Cn/gzwzUu6KIrL2cAHtgcP8l+h4INUPsbfjLBr0gbWyl0FI1dRJsGXNO6EH4/wE= +Exponent2: WrgcsUQ+4E8bS5ghzUtVeVqhkfKvHeSIPpH6J58OQukI36iXNz6op/Q6CW7qxWPocHfdh52Fb+lsjvmP4SuFPvCLa2FBvzdfroMHe5b2xIzCzqq1Sdf6lc3AZv080WmVPuf8C1F7D3hFf+yXDhTj2b9E98JPWoDlyb0rHhIJKAc= +Coefficient: aVDpGheH0UJ8aWPRIRHyjMTCIPB8zmhfwugpV11Z/OXNb2uaNRcnVKujs1mlSydoIfFQSuFf3iPs7ytaJUfcQJ+k1QAtssJC1HXF14t0p5o99QxuQLgmNtPHD7m2aeAyFJoycF24UmDnFmOPSNm1fnJs9LrBPFZFdTBGhl8plEo= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample2.+013+16384.key b/lib/dns/tests/comparekeys/Kexample2.+013+16384.key new file mode 100644 index 0000000..b6351ad --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample2.+013+16384.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 16384, for example2. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example2. IN DNSKEY 256 3 13 p+ohRFVh6wmdAhbU/cF2FYoE/i49FxnvKwif0Co0D7RhBui4AMFOsFYu 9AIqEBaCGurjGYl7WDYRrjRMRjWW1g== diff --git a/lib/dns/tests/comparekeys/Kexample2.+013+16384.private b/lib/dns/tests/comparekeys/Kexample2.+013+16384.private new file mode 100644 index 0000000..74a371c --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample2.+013+16384.private @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: ZNsU73iCEeC837TA59nT/QDtd3oYsrYDWy8jfazZQkA= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample2.+015+37529.key b/lib/dns/tests/comparekeys/Kexample2.+015+37529.key new file mode 100644 index 0000000..9a8cf77 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample2.+015+37529.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 37529, for example2. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example2. IN DNSKEY 256 3 15 zyiLjDymEPN90rwi/y0mWXLnUm0Nq7T9Kc8VoubF2Io= diff --git a/lib/dns/tests/comparekeys/Kexample2.+015+37529.private b/lib/dns/tests/comparekeys/Kexample2.+015+37529.private new file mode 100644 index 0000000..aa70804 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample2.+015+37529.private @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 15 (ED25519) +PrivateKey: pUR2VLqbi4XtBNImbVDRHrjugMMmaXmy6noV0/jy/rA= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/comparekeys/Kexample3.+002+17187.key b/lib/dns/tests/comparekeys/Kexample3.+002+17187.key new file mode 100644 index 0000000..0260293 --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample3.+002+17187.key @@ -0,0 +1 @@ +example3. IN KEY 512 3 2 AIDzVP5SeKpxZmlbok6AbdFT5aCVAg3AnQln24CKoc0IXRyTdnhmIEWw VatzRrUY0V6SSwwe3740yk46/TdSvVmZkakw52yn3M661ra5L8kouAK4 rpyM6uulsS0dyjyRzomHJg2zwOukzHBVINFheKsJ25MvdPpp9E64IVji jp/x3wABBQCAFb1Je3cKpt/4gS+KRx9hxFOF5c64ytC9tf0hp2hP4OiP YCu8o5C3qh+PexZAx58m6cSaFlzf3DZ3GGsvamDj5H8YpvP4FeRVva9V jH4VeU4/VtbdNweDUHwAguGJ77MXw+bruHhpbsFVSxHrnNg99WHghaRy YzfFzphJHKBxACo= diff --git a/lib/dns/tests/comparekeys/Kexample3.+002+17187.private b/lib/dns/tests/comparekeys/Kexample3.+002+17187.private new file mode 100644 index 0000000..47ef4bc --- /dev/null +++ b/lib/dns/tests/comparekeys/Kexample3.+002+17187.private @@ -0,0 +1,9 @@ +Private-key-format: v1.3 +Algorithm: 2 (DH) +Prime(p): 81T+UniqcWZpW6JOgG3RU+WglQINwJ0JZ9uAiqHNCF0ck3Z4ZiBFsFWrc0a1GNFekksMHt++NMpOOv03Ur1ZmZGpMOdsp9zOuta2uS/JKLgCuK6cjOrrpbEtHco8kc6JhyYNs8DrpMxwVSDRYXirCduTL3T6afROuCFY4o6f8d8= +Generator(g): BQ== +Private_value(x): ccA7JRCvjAE1ASWTtObkvO5k58oKdJ+bzcd/H3cOQsPAhItUc8Pfca2ILWYzDfs+nl+WKLfODQ9cRUabp4SUh0GKPnqJVM1UgDXwme/98NEtVFhs2VawT40wHLkcdPN9jACH11l28u1qsDVb7MRj2UXGC/oszRwQ7s3rN1UlHO8= +Public_value(y): Fb1Je3cKpt/4gS+KRx9hxFOF5c64ytC9tf0hp2hP4OiPYCu8o5C3qh+PexZAx58m6cSaFlzf3DZ3GGsvamDj5H8YpvP4FeRVva9VjH4VeU4/VtbdNweDUHwAguGJ77MXw+bruHhpbsFVSxHrnNg99WHghaRyYzfFzphJHKBxACo= +Created: 20211027221447 +Publish: 20211027221447 +Activate: 20211027221447 diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c new file mode 100644 index 0000000..5b7ba64 --- /dev/null +++ b/lib/dns/tests/db_test.c @@ -0,0 +1,428 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <dns/db.h> +#include <dns/dbiterator.h> +#include <dns/journal.h> +#include <dns/name.h> +#include <dns/rdatalist.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +#define BUFLEN 255 +#define BIGBUFLEN (64 * 1024) +#define TEST_ORIGIN "test" + +/* + * Individual unit tests + */ + +/* test multiple calls to dns_db_getoriginnode */ +static void +getoriginnode_test(void **state) { + dns_db_t *db = NULL; + dns_dbnode_t *node = NULL; + isc_mem_t *mctx = NULL; + isc_result_t result; + + UNUSED(state); + + isc_mem_create(&mctx); + + result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_getoriginnode(db, &node); + assert_int_equal(result, ISC_R_SUCCESS); + dns_db_detachnode(db, &node); + + result = dns_db_getoriginnode(db, &node); + assert_int_equal(result, ISC_R_SUCCESS); + dns_db_detachnode(db, &node); + + dns_db_detach(&db); + isc_mem_detach(&mctx); +} + +/* test getservestalettl and setservestalettl */ +static void +getsetservestalettl_test(void **state) { + dns_db_t *db = NULL; + isc_mem_t *mctx = NULL; + isc_result_t result; + dns_ttl_t ttl; + + UNUSED(state); + + isc_mem_create(&mctx); + + result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_cache, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + + ttl = 5000; + result = dns_db_getservestalettl(db, &ttl); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(ttl, 0); + + ttl = 6 * 3600; + result = dns_db_setservestalettl(db, ttl); + assert_int_equal(result, ISC_R_SUCCESS); + + ttl = 5000; + result = dns_db_getservestalettl(db, &ttl); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(ttl, 6 * 3600); + + dns_db_detach(&db); + isc_mem_detach(&mctx); +} + +/* check DNS_DBFIND_STALEOK works */ +static void +dns_dbfind_staleok_test(void **state) { + dns_db_t *db = NULL; + dns_dbnode_t *node = NULL; + dns_fixedname_t example_fixed; + dns_fixedname_t found_fixed; + dns_name_t *example; + dns_name_t *found; + dns_rdatalist_t rdatalist; + dns_rdataset_t rdataset; + int count; + int pass; + isc_mem_t *mctx = NULL; + isc_result_t result; + unsigned char data[] = { 0x0a, 0x00, 0x00, 0x01 }; + + UNUSED(state); + + isc_mem_create(&mctx); + + result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_cache, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + + example = dns_fixedname_initname(&example_fixed); + found = dns_fixedname_initname(&found_fixed); + + result = dns_name_fromstring(example, "example", 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Pass 0: default; no stale processing permitted. + * Pass 1: stale processing for 1 second. + * Pass 2: stale turned off after being on. + */ + for (pass = 0; pass < 3; pass++) { + dns_rdata_t rdata = DNS_RDATA_INIT; + + /* 10.0.0.1 */ + rdata.data = data; + rdata.length = 4; + rdata.rdclass = dns_rdataclass_in; + rdata.type = dns_rdatatype_a; + + dns_rdatalist_init(&rdatalist); + rdatalist.ttl = 2; + rdatalist.type = dns_rdatatype_a; + rdatalist.rdclass = dns_rdataclass_in; + ISC_LIST_APPEND(rdatalist.rdata, &rdata, link); + + switch (pass) { + case 0: + /* default: stale processing off */ + break; + case 1: + /* turn on stale processing */ + result = dns_db_setservestalettl(db, 1); + assert_int_equal(result, ISC_R_SUCCESS); + break; + case 2: + /* turn off stale processing */ + result = dns_db_setservestalettl(db, 0); + assert_int_equal(result, ISC_R_SUCCESS); + break; + } + + dns_rdataset_init(&rdataset); + result = dns_rdatalist_tordataset(&rdatalist, &rdataset); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_findnode(db, example, true, &node); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_addrdataset(db, node, NULL, 0, &rdataset, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_db_detachnode(db, &node); + dns_rdataset_disassociate(&rdataset); + + result = dns_db_find(db, example, NULL, dns_rdatatype_a, 0, 0, + &node, found, &rdataset, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * May loop for up to 2 seconds performing non stale lookups. + */ + count = 0; + do { + count++; + assert_in_range(count, 1, 21); /* loop sanity */ + assert_int_equal(rdataset.attributes & + DNS_RDATASETATTR_STALE, + 0); + assert_true(rdataset.ttl > 0); + dns_db_detachnode(db, &node); + dns_rdataset_disassociate(&rdataset); + + usleep(100000); /* 100 ms */ + + result = dns_db_find(db, example, NULL, dns_rdatatype_a, + 0, 0, &node, found, &rdataset, + NULL); + } while (result == ISC_R_SUCCESS); + + assert_int_equal(result, ISC_R_NOTFOUND); + + /* + * Check whether we can get stale data. + */ + result = dns_db_find(db, example, NULL, dns_rdatatype_a, + DNS_DBFIND_STALEOK, 0, &node, found, + &rdataset, NULL); + switch (pass) { + case 0: + assert_int_equal(result, ISC_R_NOTFOUND); + break; + case 1: + /* + * Should loop for 1 second with stale lookups then + * stop. + */ + count = 0; + do { + count++; + assert_in_range(count, 0, 49); /* loop sanity */ + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(rdataset.attributes & + DNS_RDATASETATTR_STALE, + DNS_RDATASETATTR_STALE); + dns_db_detachnode(db, &node); + dns_rdataset_disassociate(&rdataset); + + usleep(100000); /* 100 ms */ + + result = dns_db_find( + db, example, NULL, dns_rdatatype_a, + DNS_DBFIND_STALEOK, 0, &node, found, + &rdataset, NULL); + } while (result == ISC_R_SUCCESS); + /* + * usleep(100000) can be slightly less than 10ms so + * allow the count to reach 11. + */ + assert_in_range(count, 1, 11); + assert_int_equal(result, ISC_R_NOTFOUND); + break; + case 2: + assert_int_equal(result, ISC_R_NOTFOUND); + break; + } + } + + dns_db_detach(&db); + isc_mem_detach(&mctx); +} + +/* database class */ +static void +class_test(void **state) { + isc_result_t result; + dns_db_t *db = NULL; + + UNUSED(state); + + result = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_zone, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_load(db, "testdata/db/data.db", dns_masterformat_text, + 0); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_int_equal(dns_db_class(db), dns_rdataclass_in); + + dns_db_detach(&db); +} + +/* database type */ +static void +dbtype_test(void **state) { + isc_result_t result; + dns_db_t *db = NULL; + + UNUSED(state); + + /* DB has zone semantics */ + result = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_zone, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_db_load(db, "testdata/db/data.db", dns_masterformat_text, + 0); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(dns_db_iszone(db)); + assert_false(dns_db_iscache(db)); + dns_db_detach(&db); + + /* DB has cache semantics */ + result = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_cache, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_db_load(db, "testdata/db/data.db", dns_masterformat_text, + 0); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(dns_db_iscache(db)); + assert_false(dns_db_iszone(db)); + dns_db_detach(&db); +} + +/* database versions */ +static void +version_test(void **state) { + isc_result_t result; + dns_fixedname_t fname, ffound; + dns_name_t *name, *foundname; + dns_db_t *db = NULL; + dns_dbversion_t *ver = NULL, *new = NULL; + dns_dbnode_t *node = NULL; + dns_rdataset_t rdataset; + + UNUSED(state); + + result = dns_test_loaddb(&db, dns_dbtype_zone, "test.test", + "testdata/db/data.db"); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Open current version for reading */ + dns_db_currentversion(db, &ver); + dns_test_namefromstring("b.test.test", &fname); + name = dns_fixedname_name(&fname); + foundname = dns_fixedname_initname(&ffound); + dns_rdataset_init(&rdataset); + result = dns_db_find(db, name, ver, dns_rdatatype_a, 0, 0, &node, + foundname, &rdataset, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + dns_rdataset_disassociate(&rdataset); + dns_db_detachnode(db, &node); + dns_db_closeversion(db, &ver, false); + + /* Open new version for writing */ + dns_db_currentversion(db, &ver); + dns_test_namefromstring("b.test.test", &fname); + name = dns_fixedname_name(&fname); + foundname = dns_fixedname_initname(&ffound); + dns_rdataset_init(&rdataset); + result = dns_db_find(db, name, ver, dns_rdatatype_a, 0, 0, &node, + foundname, &rdataset, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_newversion(db, &new); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Delete the rdataset from the new version */ + result = dns_db_deleterdataset(db, node, new, dns_rdatatype_a, 0); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_rdataset_disassociate(&rdataset); + dns_db_detachnode(db, &node); + + /* This should fail now */ + result = dns_db_find(db, name, new, dns_rdatatype_a, 0, 0, &node, + foundname, &rdataset, NULL); + assert_int_equal(result, DNS_R_NXDOMAIN); + + dns_db_closeversion(db, &new, true); + + /* But this should still succeed */ + result = dns_db_find(db, name, ver, dns_rdatatype_a, 0, 0, &node, + foundname, &rdataset, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + dns_rdataset_disassociate(&rdataset); + dns_db_detachnode(db, &node); + dns_db_closeversion(db, &ver, false); + + dns_db_detach(&db); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test(getoriginnode_test), + cmocka_unit_test(getsetservestalettl_test), + cmocka_unit_test(dns_dbfind_staleok_test), + cmocka_unit_test_setup_teardown(class_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(dbtype_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(version_test, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/dbdiff_test.c b/lib/dns/tests/dbdiff_test.c new file mode 100644 index 0000000..05bb761 --- /dev/null +++ b/lib/dns/tests/dbdiff_test.c @@ -0,0 +1,185 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/util.h> + +#include <dns/db.h> +#include <dns/dbiterator.h> +#include <dns/journal.h> +#include <dns/name.h> + +#include "dnstest.h" + +#define BUFLEN 255 +#define BIGBUFLEN (64 * 1024) +#define TEST_ORIGIN "test" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static void +test_create(const char *oldfile, dns_db_t **old, const char *newfile, + dns_db_t **newdb) { + isc_result_t result; + + result = dns_test_loaddb(old, dns_dbtype_zone, TEST_ORIGIN, oldfile); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_test_loaddb(newdb, dns_dbtype_zone, TEST_ORIGIN, newfile); + assert_int_equal(result, ISC_R_SUCCESS); +} + +/* dns_db_diffx of identical content */ +static void +diffx_same(void **state) { + dns_db_t *newdb = NULL, *olddb = NULL; + isc_result_t result; + dns_diff_t diff; + + UNUSED(state); + + test_create("testdata/diff/zone1.data", &olddb, + "testdata/diff/zone1.data", &newdb); + + dns_diff_init(dt_mctx, &diff); + + result = dns_db_diffx(&diff, newdb, NULL, olddb, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_true(ISC_LIST_EMPTY(diff.tuples)); + + dns_diff_clear(&diff); + dns_db_detach(&newdb); + dns_db_detach(&olddb); +} + +/* dns_db_diffx of zone with record added */ +static void +diffx_add(void **state) { + dns_db_t *newdb = NULL, *olddb = NULL; + dns_difftuple_t *tuple; + isc_result_t result; + dns_diff_t diff; + int count = 0; + + UNUSED(state); + + test_create("testdata/diff/zone1.data", &olddb, + "testdata/diff/zone2.data", &newdb); + + dns_diff_init(dt_mctx, &diff); + + result = dns_db_diffx(&diff, newdb, NULL, olddb, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_false(ISC_LIST_EMPTY(diff.tuples)); + for (tuple = ISC_LIST_HEAD(diff.tuples); tuple != NULL; + tuple = ISC_LIST_NEXT(tuple, link)) + { + assert_int_equal(tuple->op, DNS_DIFFOP_ADD); + count++; + } + assert_int_equal(count, 1); + + dns_diff_clear(&diff); + dns_db_detach(&newdb); + dns_db_detach(&olddb); +} + +/* dns_db_diffx of zone with record removed */ +static void +diffx_remove(void **state) { + dns_db_t *newdb = NULL, *olddb = NULL; + dns_difftuple_t *tuple; + isc_result_t result; + dns_diff_t diff; + int count = 0; + + UNUSED(state); + + test_create("testdata/diff/zone1.data", &olddb, + "testdata/diff/zone3.data", &newdb); + + dns_diff_init(dt_mctx, &diff); + + result = dns_db_diffx(&diff, newdb, NULL, olddb, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_false(ISC_LIST_EMPTY(diff.tuples)); + for (tuple = ISC_LIST_HEAD(diff.tuples); tuple != NULL; + tuple = ISC_LIST_NEXT(tuple, link)) + { + assert_int_equal(tuple->op, DNS_DIFFOP_DEL); + count++; + } + assert_int_equal(count, 1); + + dns_diff_clear(&diff); + dns_db_detach(&newdb); + dns_db_detach(&olddb); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(diffx_same, _setup, _teardown), + cmocka_unit_test_setup_teardown(diffx_add, _setup, _teardown), + cmocka_unit_test_setup_teardown(diffx_remove, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/dbiterator_test.c b/lib/dns/tests/dbiterator_test.c new file mode 100644 index 0000000..2182672 --- /dev/null +++ b/lib/dns/tests/dbiterator_test.c @@ -0,0 +1,394 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/util.h> + +#include <dns/db.h> +#include <dns/dbiterator.h> +#include <dns/name.h> + +#include "dnstest.h" + +#define BUFLEN 255 +#define BIGBUFLEN (64 * 1024) +#define TEST_ORIGIN "test" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static isc_result_t +make_name(const char *src, dns_name_t *name) { + isc_buffer_t b; + isc_buffer_constinit(&b, src, strlen(src)); + isc_buffer_add(&b, strlen(src)); + return (dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); +} + +/* create: make sure we can create a dbiterator */ +static void +test_create(const char *filename) { + isc_result_t result; + dns_db_t *db = NULL; + dns_dbiterator_t *iter = NULL; + + result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_createiterator(db, 0, &iter); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_dbiterator_destroy(&iter); + dns_db_detach(&db); +} + +static void +create(void **state) { + UNUSED(state); + + test_create("testdata/dbiterator/zone1.data"); +} + +static void +create_nsec3(void **state) { + UNUSED(state); + + test_create("testdata/dbiterator/zone2.data"); +} + +/* walk: walk a database */ +static void +test_walk(const char *filename, int nodes) { + isc_result_t result; + dns_db_t *db = NULL; + dns_dbiterator_t *iter = NULL; + dns_dbnode_t *node = NULL; + dns_name_t *name; + dns_fixedname_t f; + int i = 0; + + name = dns_fixedname_initname(&f); + + result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_createiterator(db, 0, &iter); + assert_int_equal(result, ISC_R_SUCCESS); + + for (result = dns_dbiterator_first(iter); result == ISC_R_SUCCESS; + result = dns_dbiterator_next(iter)) + { + result = dns_dbiterator_current(iter, &node, name); + if (result == DNS_R_NEWORIGIN) { + result = ISC_R_SUCCESS; + } + assert_int_equal(result, ISC_R_SUCCESS); + dns_db_detachnode(db, &node); + i++; + } + + assert_int_equal(i, nodes); + + dns_dbiterator_destroy(&iter); + dns_db_detach(&db); +} + +static void +walk(void **state) { + UNUSED(state); + + test_walk("testdata/dbiterator/zone1.data", 12); +} + +static void +walk_nsec3(void **state) { + UNUSED(state); + + test_walk("testdata/dbiterator/zone2.data", 33); +} + +/* reverse: walk database backwards */ +static void +test_reverse(const char *filename) { + isc_result_t result; + dns_db_t *db = NULL; + dns_dbiterator_t *iter = NULL; + dns_dbnode_t *node = NULL; + dns_name_t *name; + dns_fixedname_t f; + int i = 0; + + name = dns_fixedname_initname(&f); + + result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_createiterator(db, 0, &iter); + assert_int_equal(result, ISC_R_SUCCESS); + + for (result = dns_dbiterator_last(iter); result == ISC_R_SUCCESS; + result = dns_dbiterator_prev(iter)) + { + result = dns_dbiterator_current(iter, &node, name); + if (result == DNS_R_NEWORIGIN) { + result = ISC_R_SUCCESS; + } + assert_int_equal(result, ISC_R_SUCCESS); + dns_db_detachnode(db, &node); + i++; + } + + assert_int_equal(i, 12); + + dns_dbiterator_destroy(&iter); + dns_db_detach(&db); +} + +static void +reverse(void **state) { + UNUSED(state); + + test_reverse("testdata/dbiterator/zone1.data"); +} + +static void +reverse_nsec3(void **state) { + UNUSED(state); + + test_reverse("testdata/dbiterator/zone2.data"); +} + +/* seek: walk database starting at a particular node */ +static void +test_seek_node(const char *filename, int nodes) { + isc_result_t result; + dns_db_t *db = NULL; + dns_dbiterator_t *iter = NULL; + dns_dbnode_t *node = NULL; + dns_name_t *name, *seekname; + dns_fixedname_t f1, f2; + int i = 0; + + name = dns_fixedname_initname(&f1); + seekname = dns_fixedname_initname(&f2); + + result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_createiterator(db, 0, &iter); + assert_int_equal(result, ISC_R_SUCCESS); + + result = make_name("c." TEST_ORIGIN, seekname); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_dbiterator_seek(iter, seekname); + assert_int_equal(result, ISC_R_SUCCESS); + + while (result == ISC_R_SUCCESS) { + result = dns_dbiterator_current(iter, &node, name); + if (result == DNS_R_NEWORIGIN) { + result = ISC_R_SUCCESS; + } + assert_int_equal(result, ISC_R_SUCCESS); + dns_db_detachnode(db, &node); + result = dns_dbiterator_next(iter); + i++; + } + + assert_int_equal(i, nodes); + + dns_dbiterator_destroy(&iter); + dns_db_detach(&db); +} + +static void +seek_node(void **state) { + UNUSED(state); + + test_seek_node("testdata/dbiterator/zone1.data", 9); +} + +static void +seek_node_nsec3(void **state) { + UNUSED(state); + + test_seek_node("testdata/dbiterator/zone2.data", 30); +} + +/* + * seek_emty: walk database starting at an empty nonterminal node + * (should fail) + */ +static void +test_seek_empty(const char *filename) { + isc_result_t result; + dns_db_t *db = NULL; + dns_dbiterator_t *iter = NULL; + dns_name_t *seekname; + dns_fixedname_t f1; + + seekname = dns_fixedname_initname(&f1); + + result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_createiterator(db, 0, &iter); + assert_int_equal(result, ISC_R_SUCCESS); + + result = make_name("d." TEST_ORIGIN, seekname); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_dbiterator_seek(iter, seekname); + assert_int_equal(result, DNS_R_PARTIALMATCH); + + dns_dbiterator_destroy(&iter); + dns_db_detach(&db); +} + +static void +seek_empty(void **state) { + UNUSED(state); + + test_seek_empty("testdata/dbiterator/zone1.data"); +} + +static void +seek_empty_nsec3(void **state) { + UNUSED(state); + + test_seek_empty("testdata/dbiterator/zone2.data"); +} + +/* + * seek_nx: walk database starting at a nonexistent node + */ +static void +test_seek_nx(const char *filename) { + isc_result_t result; + dns_db_t *db = NULL; + dns_dbiterator_t *iter = NULL; + dns_name_t *seekname; + dns_fixedname_t f1; + + seekname = dns_fixedname_initname(&f1); + + result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_createiterator(db, 0, &iter); + assert_int_equal(result, ISC_R_SUCCESS); + + result = make_name("nonexistent." TEST_ORIGIN, seekname); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_dbiterator_seek(iter, seekname); + assert_int_equal(result, DNS_R_PARTIALMATCH); + + result = make_name("nonexistent.", seekname); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_dbiterator_seek(iter, seekname); + assert_int_equal(result, ISC_R_NOTFOUND); + + dns_dbiterator_destroy(&iter); + dns_db_detach(&db); +} + +static void +seek_nx(void **state) { + UNUSED(state); + + test_seek_nx("testdata/dbiterator/zone1.data"); +} + +static void +seek_nx_nsec3(void **state) { + UNUSED(state); + + test_seek_nx("testdata/dbiterator/zone2.data"); +} + +/* + * XXX: + * dns_dbiterator API calls that are not yet part of this unit test: + * + * dns_dbiterator_pause + * dns_dbiterator_origin + * dns_dbiterator_setcleanmode + */ +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(create, _setup, _teardown), + cmocka_unit_test_setup_teardown(create_nsec3, _setup, + _teardown), + cmocka_unit_test_setup_teardown(walk, _setup, _teardown), + cmocka_unit_test_setup_teardown(walk_nsec3, _setup, _teardown), + cmocka_unit_test_setup_teardown(reverse, _setup, _teardown), + cmocka_unit_test_setup_teardown(reverse_nsec3, _setup, + _teardown), + cmocka_unit_test_setup_teardown(seek_node, _setup, _teardown), + cmocka_unit_test_setup_teardown(seek_node_nsec3, _setup, + _teardown), + cmocka_unit_test_setup_teardown(seek_empty, _setup, _teardown), + cmocka_unit_test_setup_teardown(seek_empty_nsec3, _setup, + _teardown), + cmocka_unit_test_setup_teardown(seek_nx, _setup, _teardown), + cmocka_unit_test_setup_teardown(seek_nx_nsec3, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/dbversion_test.c b/lib/dns/tests/dbversion_test.c new file mode 100644 index 0000000..70a5124 --- /dev/null +++ b/lib/dns/tests/dbversion_test.c @@ -0,0 +1,499 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/file.h> +#include <isc/result.h> +#include <isc/serial.h> +#include <isc/stdtime.h> +#include <isc/string.h> +#include <isc/util.h> + +#include <dns/db.h> +#include <dns/nsec3.h> +#include <dns/rdatalist.h> +#include <dns/rdataset.h> +#include <dns/rdatasetiter.h> + +#include "dnstest.h" + +static char tempname[11] = "dtXXXXXXXX"; +static dns_db_t *db1 = NULL, *db2 = NULL; +static dns_dbversion_t *v1 = NULL, *v2 = NULL; + +/* + * The code below enables us to trap assertion failures for testing + * purposes. local_callback() is set as the callback function for + * isc_assertion_failed(). It calls mock_assert() so that CMOCKA + * will be able to see it, then returns to the calling function via + * longjmp() so that the abort() call in isc_assertion_failed() will + * never be reached. Use check_assertion() to check for assertions + * instead of expect_assert_failure(). + */ +jmp_buf assertion; + +#define check_assertion(function_call) \ + do { \ + const int r = setjmp(assertion); \ + if (r == 0) { \ + expect_assert_failure(function_call); \ + } \ + } while (false); + +static void +local_callback(const char *file, int line, isc_assertiontype_t type, + const char *cond) { + UNUSED(type); + + mock_assert(1, cond, file, line); + longjmp(assertion, 1); +} + +static int +_setup(void **state) { + isc_result_t res; + + UNUSED(state); + + isc_assertion_setcallback(local_callback); + + res = dns_test_begin(NULL, false); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_zone, + dns_rdataclass_in, 0, NULL, &db1); + assert_int_equal(res, ISC_R_SUCCESS); + dns_db_newversion(db1, &v1); + assert_non_null(v1); + + res = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_zone, + dns_rdataclass_in, 0, NULL, &db2); + assert_int_equal(res, ISC_R_SUCCESS); + dns_db_newversion(db2, &v2); + assert_non_null(v1); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + if (strcmp(tempname, "dtXXXXXXXX") != 0) { + unlink(tempname); + } + + if (v1 != NULL) { + dns_db_closeversion(db1, &v1, false); + assert_null(v1); + } + if (db1 != NULL) { + dns_db_detach(&db1); + assert_null(db1); + } + + if (v2 != NULL) { + dns_db_closeversion(db2, &v2, false); + assert_null(v2); + } + if (db2 != NULL) { + dns_db_detach(&db2); + assert_null(db2); + } + + dns_test_end(); + + return (0); +} + +/* + * Check dns_db_attachversion() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +attachversion(void **state) { + dns_dbversion_t *v = NULL; + + UNUSED(state); + + dns_db_attachversion(db1, v1, &v); + assert_ptr_equal(v, v1); + dns_db_closeversion(db1, &v, false); + assert_null(v); + + check_assertion(dns_db_attachversion(db1, v2, &v)); +} + +/* + * Check dns_db_closeversion() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +closeversion(void **state) { + UNUSED(state); + + assert_non_null(v1); + dns_db_closeversion(db1, &v1, false); + assert_null(v1); + + check_assertion(dns_db_closeversion(db1, &v2, false)); +} + +/* + * Check dns_db_find() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +find(void **state) { + isc_result_t res; + dns_rdataset_t rdataset; + dns_fixedname_t fixed; + dns_name_t *name = NULL; + + UNUSED(state); + + name = dns_fixedname_initname(&fixed); + + dns_rdataset_init(&rdataset); + res = dns_db_find(db1, dns_rootname, v1, dns_rdatatype_soa, 0, 0, NULL, + name, &rdataset, NULL); + assert_int_equal(res, DNS_R_NXDOMAIN); + + if (dns_rdataset_isassociated(&rdataset)) { + dns_rdataset_disassociate(&rdataset); + } + + dns_rdataset_init(&rdataset); + check_assertion((void)dns_db_find(db1, dns_rootname, v2, + dns_rdatatype_soa, 0, 0, NULL, name, + &rdataset, NULL)); +} + +/* + * Check dns_db_allrdatasets() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +allrdatasets(void **state) { + isc_result_t res; + dns_dbnode_t *node = NULL; + dns_rdatasetiter_t *iterator = NULL; + + UNUSED(state); + + res = dns_db_findnode(db1, dns_rootname, false, &node); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_allrdatasets(db1, node, v1, 0, 0, &iterator); + assert_int_equal(res, ISC_R_SUCCESS); + + check_assertion(dns_db_allrdatasets(db1, node, v2, 0, 0, &iterator)); + + dns_rdatasetiter_destroy(&iterator); + assert_null(iterator); + + dns_db_detachnode(db1, &node); + assert_null(node); +} + +/* + * Check dns_db_findrdataset() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +findrdataset(void **state) { + isc_result_t res; + dns_rdataset_t rdataset; + dns_dbnode_t *node = NULL; + + UNUSED(state); + + res = dns_db_findnode(db1, dns_rootname, false, &node); + assert_int_equal(res, ISC_R_SUCCESS); + + dns_rdataset_init(&rdataset); + res = dns_db_findrdataset(db1, node, v1, dns_rdatatype_soa, 0, 0, + &rdataset, NULL); + assert_int_equal(res, ISC_R_NOTFOUND); + + if (dns_rdataset_isassociated(&rdataset)) { + dns_rdataset_disassociate(&rdataset); + } + + dns_rdataset_init(&rdataset); + check_assertion(dns_db_findrdataset(db1, node, v2, dns_rdatatype_soa, 0, + 0, &rdataset, NULL)); + + dns_db_detachnode(db1, &node); + assert_null(node); +} + +/* + * Check dns_db_deleterdataset() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +deleterdataset(void **state) { + isc_result_t res; + dns_dbnode_t *node = NULL; + + UNUSED(state); + + res = dns_db_findnode(db1, dns_rootname, false, &node); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_deleterdataset(db1, node, v1, dns_rdatatype_soa, 0); + assert_int_equal(res, DNS_R_UNCHANGED); + + check_assertion( + dns_db_deleterdataset(db1, node, v2, dns_rdatatype_soa, 0)); + dns_db_detachnode(db1, &node); + assert_null(node); +} + +/* + * Check dns_db_subtractrdataset() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +subtract(void **state) { + isc_result_t res; + dns_rdataset_t rdataset; + dns_rdatalist_t rdatalist; + dns_dbnode_t *node = NULL; + + UNUSED(state); + + dns_rdataset_init(&rdataset); + dns_rdatalist_init(&rdatalist); + + rdatalist.rdclass = dns_rdataclass_in; + + res = dns_rdatalist_tordataset(&rdatalist, &rdataset); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_findnode(db1, dns_rootname, false, &node); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_subtractrdataset(db1, node, v1, &rdataset, 0, NULL); + assert_int_equal(res, DNS_R_UNCHANGED); + + if (dns_rdataset_isassociated(&rdataset)) { + dns_rdataset_disassociate(&rdataset); + } + + dns_rdataset_init(&rdataset); + res = dns_rdatalist_tordataset(&rdatalist, &rdataset); + assert_int_equal(res, ISC_R_SUCCESS); + + check_assertion( + dns_db_subtractrdataset(db1, node, v2, &rdataset, 0, NULL)); + + dns_db_detachnode(db1, &node); + assert_null(node); +} + +/* + * Check dns_db_dump() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +dump(void **state) { + isc_result_t res; + FILE *f = NULL; + + UNUSED(state); + + res = isc_file_openunique(tempname, &f); + fclose(f); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_dump(db1, v1, tempname); + assert_int_equal(res, ISC_R_SUCCESS); + + check_assertion(dns_db_dump(db1, v2, tempname)); +} + +/* + * Check dns_db_addrdataset() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +addrdataset(void **state) { + isc_result_t res; + dns_rdataset_t rdataset; + dns_dbnode_t *node = NULL; + dns_rdatalist_t rdatalist; + + UNUSED(state); + + dns_rdataset_init(&rdataset); + dns_rdatalist_init(&rdatalist); + + rdatalist.rdclass = dns_rdataclass_in; + + res = dns_rdatalist_tordataset(&rdatalist, &rdataset); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_findnode(db1, dns_rootname, false, &node); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_addrdataset(db1, node, v1, 0, &rdataset, 0, NULL); + assert_int_equal(res, ISC_R_SUCCESS); + + check_assertion( + dns_db_addrdataset(db1, node, v2, 0, &rdataset, 0, NULL)); + + dns_db_detachnode(db1, &node); + assert_null(node); +} + +/* + * Check dns_db_getnsec3parameters() passes with matching db and version, + * and asserts with mis-matching db and version. + */ +static void +getnsec3parameters(void **state) { + isc_result_t res; + dns_hash_t hash; + uint8_t flags; + uint16_t iterations; + unsigned char salt[DNS_NSEC3_SALTSIZE]; + size_t salt_length = sizeof(salt); + + UNUSED(state); + + res = dns_db_getnsec3parameters(db1, v1, &hash, &flags, &iterations, + salt, &salt_length); + assert_int_equal(res, ISC_R_NOTFOUND); + + check_assertion(dns_db_getnsec3parameters( + db1, v2, &hash, &flags, &iterations, salt, &salt_length)); +} + +/* + * Check dns_db_resigned() passes with matching db and version, and + * asserts with mis-matching db and version. + */ +static void +resigned(void **state) { + isc_result_t res; + dns_rdataset_t rdataset, added; + dns_dbnode_t *node = NULL; + dns_rdatalist_t rdatalist; + dns_rdata_rrsig_t rrsig; + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_buffer_t b; + unsigned char buf[1024]; + + UNUSED(state); + + /* + * Create a dummy RRSIG record and set a resigning time. + */ + dns_rdataset_init(&added); + dns_rdataset_init(&rdataset); + dns_rdatalist_init(&rdatalist); + isc_buffer_init(&b, buf, sizeof(buf)); + + DNS_RDATACOMMON_INIT(&rrsig, dns_rdatatype_rrsig, dns_rdataclass_in); + rrsig.covered = dns_rdatatype_a; + rrsig.algorithm = 100; + rrsig.labels = 0; + rrsig.originalttl = 0; + rrsig.timeexpire = 3600; + rrsig.timesigned = 0; + rrsig.keyid = 0; + dns_name_init(&rrsig.signer, NULL); + dns_name_clone(dns_rootname, &rrsig.signer); + rrsig.siglen = 0; + rrsig.signature = NULL; + + res = dns_rdata_fromstruct(&rdata, dns_rdataclass_in, + dns_rdatatype_rrsig, &rrsig, &b); + assert_int_equal(res, ISC_R_SUCCESS); + + rdatalist.rdclass = dns_rdataclass_in; + rdatalist.type = dns_rdatatype_rrsig; + ISC_LIST_APPEND(rdatalist.rdata, &rdata, link); + + res = dns_rdatalist_tordataset(&rdatalist, &rdataset); + assert_int_equal(res, ISC_R_SUCCESS); + + rdataset.attributes |= DNS_RDATASETATTR_RESIGN; + rdataset.resign = 7200; + + res = dns_db_findnode(db1, dns_rootname, false, &node); + assert_int_equal(res, ISC_R_SUCCESS); + + res = dns_db_addrdataset(db1, node, v1, 0, &rdataset, 0, &added); + assert_int_equal(res, ISC_R_SUCCESS); + + dns_db_detachnode(db1, &node); + assert_null(node); + + check_assertion(dns_db_resigned(db1, &added, v2)); + + dns_db_resigned(db1, &added, v1); + + dns_rdataset_disassociate(&added); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(dump, _setup, _teardown), + cmocka_unit_test_setup_teardown(find, _setup, _teardown), + cmocka_unit_test_setup_teardown(allrdatasets, _setup, + _teardown), + cmocka_unit_test_setup_teardown(findrdataset, _setup, + _teardown), + cmocka_unit_test_setup_teardown(deleterdataset, _setup, + _teardown), + cmocka_unit_test_setup_teardown(subtract, _setup, _teardown), + cmocka_unit_test_setup_teardown(addrdataset, _setup, _teardown), + cmocka_unit_test_setup_teardown(getnsec3parameters, _setup, + _teardown), + cmocka_unit_test_setup_teardown(resigned, _setup, _teardown), + cmocka_unit_test_setup_teardown(attachversion, _setup, + _teardown), + cmocka_unit_test_setup_teardown(closeversion, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/dh_test.c b/lib/dns/tests/dh_test.c new file mode 100644 index 0000000..bd60d6d --- /dev/null +++ b/lib/dns/tests/dh_test.c @@ -0,0 +1,112 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/string.h> +#include <isc/util.h> + +#include <pk11/site.h> + +#include <dns/name.h> + +#include <dst/result.h> + +#include "../dst_internal.h" +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/* OpenSSL DH_compute_key() failure */ +static void +dh_computesecret(void **state) { + dst_key_t *key = NULL; + isc_buffer_t buf; + unsigned char array[1024]; + isc_result_t result; + dns_fixedname_t fname; + dns_name_t *name; + + UNUSED(state); + + name = dns_fixedname_initname(&fname); + isc_buffer_constinit(&buf, "dh.", 3); + isc_buffer_add(&buf, 3); + result = dns_name_fromtext(name, &buf, NULL, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dst_key_fromfile(name, 18602, DST_ALG_DH, + DST_TYPE_PUBLIC | DST_TYPE_KEY, "./", dt_mctx, + &key); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_buffer_init(&buf, array, sizeof(array)); + result = dst_key_computesecret(key, key, &buf); + assert_int_equal(result, DST_R_NOTPRIVATEKEY); + result = key->func->computesecret(key, key, &buf); + assert_int_equal(result, DST_R_COMPUTESECRETFAILURE); + + dst_key_free(&key); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(dh_computesecret, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/dispatch_test.c b/lib/dns/tests/dispatch_test.c new file mode 100644 index 0000000..9f9737b --- /dev/null +++ b/lib/dns/tests/dispatch_test.c @@ -0,0 +1,360 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/app.h> +#include <isc/buffer.h> +#include <isc/refcount.h> +#include <isc/socket.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <dns/dispatch.h> +#include <dns/name.h> +#include <dns/view.h> + +#include "dnstest.h" + +dns_dispatchmgr_t *dispatchmgr = NULL; +dns_dispatchset_t *dset = NULL; + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, true); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static isc_result_t +make_dispatchset(unsigned int ndisps) { + isc_result_t result; + isc_sockaddr_t any; + unsigned int attrs; + dns_dispatch_t *disp = NULL; + + result = dns_dispatchmgr_create(dt_mctx, &dispatchmgr); + if (result != ISC_R_SUCCESS) { + return (result); + } + + isc_sockaddr_any(&any); + attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP; + result = dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, &any, 512, + 6, 1024, 17, 19, attrs, attrs, &disp); + if (result != ISC_R_SUCCESS) { + return (result); + } + + result = dns_dispatchset_create(dt_mctx, socketmgr, taskmgr, disp, + &dset, ndisps); + dns_dispatch_detach(&disp); + + return (result); +} + +static void +reset(void) { + if (dset != NULL) { + dns_dispatchset_destroy(&dset); + } + if (dispatchmgr != NULL) { + dns_dispatchmgr_destroy(&dispatchmgr); + } +} + +/* create dispatch set */ +static void +dispatchset_create(void **state) { + isc_result_t result; + + UNUSED(state); + + result = make_dispatchset(1); + assert_int_equal(result, ISC_R_SUCCESS); + reset(); + + result = make_dispatchset(10); + assert_int_equal(result, ISC_R_SUCCESS); + reset(); +} + +/* test dispatch set round-robin */ +static void +dispatchset_get(void **state) { + isc_result_t result; + dns_dispatch_t *d1, *d2, *d3, *d4, *d5; + + UNUSED(state); + + result = make_dispatchset(1); + assert_int_equal(result, ISC_R_SUCCESS); + + d1 = dns_dispatchset_get(dset); + d2 = dns_dispatchset_get(dset); + d3 = dns_dispatchset_get(dset); + d4 = dns_dispatchset_get(dset); + d5 = dns_dispatchset_get(dset); + + assert_ptr_equal(d1, d2); + assert_ptr_equal(d2, d3); + assert_ptr_equal(d3, d4); + assert_ptr_equal(d4, d5); + + reset(); + + result = make_dispatchset(4); + assert_int_equal(result, ISC_R_SUCCESS); + + d1 = dns_dispatchset_get(dset); + d2 = dns_dispatchset_get(dset); + d3 = dns_dispatchset_get(dset); + d4 = dns_dispatchset_get(dset); + d5 = dns_dispatchset_get(dset); + + assert_ptr_equal(d1, d5); + assert_ptr_not_equal(d1, d2); + assert_ptr_not_equal(d2, d3); + assert_ptr_not_equal(d3, d4); + assert_ptr_not_equal(d4, d5); + + reset(); +} + +static void +senddone(isc_task_t *task, isc_event_t *event) { + isc_socket_t *sock = event->ev_arg; + + UNUSED(task); + + isc_socket_detach(&sock); + isc_event_free(&event); +} + +static void +nameserver(isc_task_t *task, isc_event_t *event) { + isc_result_t result; + isc_region_t region; + isc_socket_t *dummy; + isc_socket_t *sock = event->ev_arg; + isc_socketevent_t *ev = (isc_socketevent_t *)event; + static unsigned char buf1[16]; + static unsigned char buf2[16]; + + memmove(buf1, ev->region.base, 12); + memset(buf1 + 12, 0, 4); + buf1[2] |= 0x80; /* qr=1 */ + + memmove(buf2, ev->region.base, 12); + memset(buf2 + 12, 1, 4); + buf2[2] |= 0x80; /* qr=1 */ + + /* + * send message to be discarded. + */ + region.base = buf1; + region.length = sizeof(buf1); + dummy = NULL; + isc_socket_attach(sock, &dummy); + result = isc_socket_sendto(sock, ®ion, task, senddone, sock, + &ev->address, NULL); + if (result != ISC_R_SUCCESS) { + isc_socket_detach(&dummy); + } + + /* + * send nextitem message. + */ + region.base = buf2; + region.length = sizeof(buf2); + dummy = NULL; + isc_socket_attach(sock, &dummy); + result = isc_socket_sendto(sock, ®ion, task, senddone, sock, + &ev->address, NULL); + if (result != ISC_R_SUCCESS) { + isc_socket_detach(&dummy); + } + isc_event_free(&event); +} + +static dns_dispatch_t *dispatch = NULL; +static dns_dispentry_t *dispentry = NULL; +static atomic_bool first = true; +static isc_sockaddr_t local; +static atomic_uint_fast32_t responses; + +static void +response(isc_task_t *task, isc_event_t *event) { + dns_dispatchevent_t *devent = (dns_dispatchevent_t *)event; + bool exp_true = true; + + UNUSED(task); + + atomic_fetch_add_relaxed(&responses, 1); + if (atomic_compare_exchange_strong(&first, &exp_true, false)) { + isc_result_t result = dns_dispatch_getnext(dispentry, &devent); + assert_int_equal(result, ISC_R_SUCCESS); + } else { + dns_dispatch_removeresponse(&dispentry, &devent); + isc_app_shutdown(); + } +} + +static void +startit(isc_task_t *task, isc_event_t *event) { + isc_result_t result; + isc_socket_t *sock = NULL; + + isc_socket_attach(dns_dispatch_getsocket(dispatch), &sock); + result = isc_socket_sendto(sock, event->ev_arg, task, senddone, sock, + &local, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + isc_event_free(&event); +} + +/* test dispatch getnext */ +static void +dispatch_getnext(void **state) { + isc_region_t region; + isc_result_t result; + isc_socket_t *sock = NULL; + isc_task_t *task = NULL; + uint16_t id; + struct in_addr ina; + unsigned char message[12]; + unsigned int attrs; + unsigned char rbuf[12]; + + UNUSED(state); + + atomic_init(&responses, 0); + + result = isc_task_create(taskmgr, 0, &task); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_dispatchmgr_create(dt_mctx, &dispatchmgr); + assert_int_equal(result, ISC_R_SUCCESS); + + ina.s_addr = htonl(INADDR_LOOPBACK); + isc_sockaddr_fromin(&local, &ina, 0); + attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP; + result = dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, &local, + 512, 6, 1024, 17, 19, attrs, attrs, + &dispatch); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Create a local udp nameserver on the loopback. + */ + result = isc_socket_create(socketmgr, AF_INET, isc_sockettype_udp, + &sock); + assert_int_equal(result, ISC_R_SUCCESS); + + ina.s_addr = htonl(INADDR_LOOPBACK); + isc_sockaddr_fromin(&local, &ina, 0); + result = isc_socket_bind(sock, &local, 0); + assert_int_equal(result, ISC_R_SUCCESS); + + result = isc_socket_getsockname(sock, &local); + assert_int_equal(result, ISC_R_SUCCESS); + + region.base = rbuf; + region.length = sizeof(rbuf); + result = isc_socket_recv(sock, ®ion, 1, task, nameserver, sock); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_dispatch_addresponse(dispatch, 0, &local, task, response, + NULL, &id, &dispentry, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + memset(message, 0, sizeof(message)); + message[0] = (id >> 8) & 0xff; + message[1] = id & 0xff; + + region.base = message; + region.length = sizeof(message); + result = isc_app_onrun(dt_mctx, task, startit, ®ion); + assert_int_equal(result, ISC_R_SUCCESS); + + result = isc_app_run(); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_int_equal(atomic_load_acquire(&responses), 2); + + /* + * Shutdown nameserver. + */ + isc_socket_cancel(sock, task, ISC_SOCKCANCEL_RECV); + isc_socket_detach(&sock); + isc_task_detach(&task); + + /* + * Shutdown the dispatch. + */ + dns_dispatch_detach(&dispatch); + dns_dispatchmgr_destroy(&dispatchmgr); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(dispatchset_create, _setup, + _teardown), + cmocka_unit_test_setup_teardown(dispatchset_get, _setup, + _teardown), + cmocka_unit_test_setup_teardown(dispatch_getnext, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c new file mode 100644 index 0000000..17addc6 --- /dev/null +++ b/lib/dns/tests/dnstap_test.c @@ -0,0 +1,402 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/buffer.h> +#include <isc/file.h> +#include <isc/print.h> +#include <isc/stdio.h> +#include <isc/types.h> +#include <isc/util.h> + +#include <dns/dnstap.h> +#include <dns/view.h> + +#include "dnstest.h" + +#ifdef HAVE_DNSTAP + +#include <fstrm.h> + +#include <protobuf-c/protobuf-c.h> + +#define TAPFILE "testdata/dnstap/dnstap.file" +#define TAPSOCK "testdata/dnstap/dnstap.sock" + +#define TAPSAVED "testdata/dnstap/dnstap.saved" +#define TAPTEXT "testdata/dnstap/dnstap.text" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static void +cleanup() { + (void)isc_file_remove(TAPFILE); + (void)isc_file_remove(TAPSOCK); +} + +/* set up dnstap environment */ +static void +create_test(void **state) { + isc_result_t result; + dns_dtenv_t *dtenv = NULL; + struct fstrm_iothr_options *fopt; + + UNUSED(state); + + cleanup(); + + fopt = fstrm_iothr_options_init(); + assert_non_null(fopt); + fstrm_iothr_options_set_num_input_queues(fopt, 1); + + result = dns_dt_create(dt_mctx, dns_dtmode_file, TAPFILE, &fopt, NULL, + &dtenv); + assert_int_equal(result, ISC_R_SUCCESS); + if (dtenv != NULL) { + dns_dt_detach(&dtenv); + } + if (fopt != NULL) { + fstrm_iothr_options_destroy(&fopt); + } + + assert_true(isc_file_exists(TAPFILE)); + + fopt = fstrm_iothr_options_init(); + assert_non_null(fopt); + fstrm_iothr_options_set_num_input_queues(fopt, 1); + + result = dns_dt_create(dt_mctx, dns_dtmode_unix, TAPSOCK, &fopt, NULL, + &dtenv); + assert_int_equal(result, ISC_R_SUCCESS); + if (dtenv != NULL) { + dns_dt_detach(&dtenv); + } + if (fopt != NULL) { + fstrm_iothr_options_destroy(&fopt); + } + + /* 'create' should succeed, but the file shouldn't exist yet */ + assert_false(isc_file_exists(TAPSOCK)); + + fopt = fstrm_iothr_options_init(); + assert_non_null(fopt); + fstrm_iothr_options_set_num_input_queues(fopt, 1); + + result = dns_dt_create(dt_mctx, 33, TAPSOCK, &fopt, NULL, &dtenv); + assert_int_equal(result, ISC_R_FAILURE); + assert_null(dtenv); + if (dtenv != NULL) { + dns_dt_detach(&dtenv); + } + if (fopt != NULL) { + fstrm_iothr_options_destroy(&fopt); + } + + cleanup(); +} + +/* send dnstap messages */ +static void +send_test(void **state) { + isc_result_t result; + dns_dtenv_t *dtenv = NULL; + dns_dthandle_t *handle = NULL; + uint8_t *data; + size_t dsize; + unsigned char zone[DNS_NAME_MAXWIRE]; + unsigned char qambuffer[4096], rambuffer[4096]; + unsigned char qrmbuffer[4096], rrmbuffer[4096]; + isc_buffer_t zb, qamsg, ramsg, qrmsg, rrmsg; + size_t qasize, qrsize, rasize, rrsize; + dns_fixedname_t zfname; + dns_name_t *zname; + dns_dtmsgtype_t dt; + dns_view_t *view = NULL; + dns_compress_t cctx; + isc_region_t zr; + isc_sockaddr_t qaddr; + isc_sockaddr_t raddr; + struct in_addr in; + isc_stdtime_t now; + isc_time_t p, f; + struct fstrm_iothr_options *fopt; + + UNUSED(state); + + cleanup(); + + result = dns_test_makeview("test", &view); + assert_int_equal(result, ISC_R_SUCCESS); + + fopt = fstrm_iothr_options_init(); + assert_non_null(fopt); + fstrm_iothr_options_set_num_input_queues(fopt, 1); + + result = dns_dt_create(dt_mctx, dns_dtmode_file, TAPFILE, &fopt, NULL, + &dtenv); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_dt_attach(dtenv, &view->dtenv); + view->dttypes = DNS_DTTYPE_ALL; + + /* + * Set up some test data + */ + zname = dns_fixedname_initname(&zfname); + isc_buffer_constinit(&zb, "example.com.", 12); + isc_buffer_add(&zb, 12); + result = dns_name_fromtext(zname, &zb, NULL, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + memset(&zr, 0, sizeof(zr)); + isc_buffer_init(&zb, zone, sizeof(zone)); + result = dns_compress_init(&cctx, -1, dt_mctx); + assert_int_equal(result, ISC_R_SUCCESS); + dns_compress_setmethods(&cctx, DNS_COMPRESS_NONE); + result = dns_name_towire(zname, &cctx, &zb); + assert_int_equal(result, ISC_R_SUCCESS); + dns_compress_invalidate(&cctx); + isc_buffer_usedregion(&zb, &zr); + + in.s_addr = inet_addr("10.53.0.1"); + isc_sockaddr_fromin(&qaddr, &in, 2112); + in.s_addr = inet_addr("10.53.0.2"); + isc_sockaddr_fromin(&raddr, &in, 2112); + + isc_stdtime_get(&now); + isc_time_set(&p, now - 3600, 0); /* past */ + isc_time_set(&f, now + 3600, 0); /* future */ + + result = dns_test_getdata("testdata/dnstap/query.auth", qambuffer, + sizeof(qambuffer), &qasize); + assert_int_equal(result, ISC_R_SUCCESS); + isc_buffer_init(&qamsg, qambuffer, qasize); + isc_buffer_add(&qamsg, qasize); + + result = dns_test_getdata("testdata/dnstap/response.auth", rambuffer, + sizeof(rambuffer), &rasize); + assert_int_equal(result, ISC_R_SUCCESS); + isc_buffer_init(&ramsg, rambuffer, rasize); + isc_buffer_add(&ramsg, rasize); + + result = dns_test_getdata("testdata/dnstap/query.recursive", qrmbuffer, + sizeof(qrmbuffer), &qrsize); + assert_int_equal(result, ISC_R_SUCCESS); + isc_buffer_init(&qrmsg, qrmbuffer, qrsize); + isc_buffer_add(&qrmsg, qrsize); + + result = dns_test_getdata("testdata/dnstap/response.recursive", + rrmbuffer, sizeof(rrmbuffer), &rrsize); + assert_int_equal(result, ISC_R_SUCCESS); + isc_buffer_init(&rrmsg, rrmbuffer, rrsize); + isc_buffer_add(&rrmsg, rrsize); + + for (dt = DNS_DTTYPE_SQ; dt <= DNS_DTTYPE_TR; dt <<= 1) { + isc_buffer_t *m; + isc_sockaddr_t *q = &qaddr, *r = &raddr; + + switch (dt) { + case DNS_DTTYPE_AQ: + m = &qamsg; + break; + case DNS_DTTYPE_AR: + m = &ramsg; + break; + default: + m = &qrmsg; + if ((dt & DNS_DTTYPE_RESPONSE) != 0) { + m = &ramsg; + } + break; + } + + dns_dt_send(view, dt, q, r, false, &zr, &p, &f, m); + dns_dt_send(view, dt, q, r, false, &zr, NULL, &f, m); + dns_dt_send(view, dt, q, r, false, &zr, &p, NULL, m); + dns_dt_send(view, dt, q, r, false, &zr, NULL, NULL, m); + dns_dt_send(view, dt, q, r, true, &zr, &p, &f, m); + dns_dt_send(view, dt, q, r, true, &zr, NULL, &f, m); + dns_dt_send(view, dt, q, r, true, &zr, &p, NULL, m); + dns_dt_send(view, dt, q, r, true, &zr, NULL, NULL, m); + } + + dns_dt_detach(&view->dtenv); + dns_dt_detach(&dtenv); + dns_view_detach(&view); + + result = dns_dt_open(TAPFILE, dns_dtmode_file, dt_mctx, &handle); + assert_int_equal(result, ISC_R_SUCCESS); + + while (dns_dt_getframe(handle, &data, &dsize) == ISC_R_SUCCESS) { + dns_dtdata_t *dtdata = NULL; + isc_region_t r; + static dns_dtmsgtype_t expected = DNS_DTTYPE_SQ; + static int n = 0; + + r.base = data; + r.length = dsize; + + result = dns_dt_parse(dt_mctx, &r, &dtdata); + assert_int_equal(result, ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) { + n++; + continue; + } + + assert_int_equal(dtdata->type, expected); + if (++n % 8 == 0) { + expected <<= 1; + } + + dns_dtdata_free(&dtdata); + } + + if (fopt != NULL) { + fstrm_iothr_options_destroy(&fopt); + } + if (handle != NULL) { + dns_dt_close(&handle); + } + cleanup(); +} + +/* dnstap message to text */ +static void +totext_test(void **state) { + isc_result_t result; + dns_dthandle_t *handle = NULL; + uint8_t *data; + size_t dsize; + FILE *fp = NULL; + + UNUSED(state); + + result = dns_dt_open(TAPSAVED, dns_dtmode_file, dt_mctx, &handle); + assert_int_equal(result, ISC_R_SUCCESS); + + result = isc_stdio_open(TAPTEXT, "r", &fp); + assert_int_equal(result, ISC_R_SUCCESS); + + while (dns_dt_getframe(handle, &data, &dsize) == ISC_R_SUCCESS) { + dns_dtdata_t *dtdata = NULL; + isc_buffer_t *b = NULL; + isc_region_t r; + char s[BUFSIZ], *p; + + r.base = data; + r.length = dsize; + + /* read the corresponding line of text */ + p = fgets(s, sizeof(s), fp); + assert_ptr_equal(p, s); + if (p == NULL) { + break; + } + + p = strchr(p, '\n'); + if (p != NULL) { + *p = '\0'; + } + + /* parse dnstap frame */ + result = dns_dt_parse(dt_mctx, &r, &dtdata); + assert_int_equal(result, ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) { + continue; + } + + isc_buffer_allocate(dt_mctx, &b, 2048); + assert_non_null(b); + if (b == NULL) { + break; + } + + /* convert to text and compare */ + result = dns_dt_datatotext(dtdata, &b); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_string_equal((char *)isc_buffer_base(b), s); + + dns_dtdata_free(&dtdata); + isc_buffer_free(&b); + } + + if (handle != NULL) { + dns_dt_close(&handle); + } + cleanup(); +} +#endif /* HAVE_DNSTAP */ + +int +main(void) { +#if HAVE_DNSTAP + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(create_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(send_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(totext_test, _setup, _teardown), + }; + + /* make sure text conversion gets the right local time */ + setenv("TZ", "PST8", 1); + + return (cmocka_run_group_tests(tests, NULL, NULL)); +#else /* if HAVE_DNSTAP */ + print_message("1..0 # Skipped: dnstap not enabled\n"); + return (SKIPPED_TEST_EXIT_CODE); +#endif /* HAVE_DNSTAP */ +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* HAVE_CMOCKA */ diff --git a/lib/dns/tests/dnstest.c b/lib/dns/tests/dnstest.c new file mode 100644 index 0000000..a8cd6b5 --- /dev/null +++ b/lib/dns/tests/dnstest.c @@ -0,0 +1,643 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/*! \file */ + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include <unistd.h> + +#if HAVE_CMOCKA +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/app.h> +#include <isc/buffer.h> +#include <isc/file.h> +#include <isc/hash.h> +#include <isc/hex.h> +#include <isc/lex.h> +#include <isc/managers.h> +#include <isc/mem.h> +#include <isc/os.h> +#include <isc/print.h> +#include <isc/socket.h> +#include <isc/stdio.h> +#include <isc/string.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <dns/callbacks.h> +#include <dns/db.h> +#include <dns/fixedname.h> +#include <dns/log.h> +#include <dns/name.h> +#include <dns/result.h> +#include <dns/view.h> +#include <dns/zone.h> + +#include "dnstest.h" + +#define CHECK(r) \ + do { \ + result = (r); \ + if (result != ISC_R_SUCCESS) { \ + goto cleanup; \ + } \ + } while (0) + +isc_mem_t *dt_mctx = NULL; +isc_log_t *lctx = NULL; +isc_nm_t *netmgr = NULL; +isc_taskmgr_t *taskmgr = NULL; +isc_task_t *maintask = NULL; +isc_timermgr_t *timermgr = NULL; +isc_socketmgr_t *socketmgr = NULL; +dns_zonemgr_t *zonemgr = NULL; +bool app_running = false; +int ncpus; +bool debug_mem_record = true; + +static bool dst_active = false; +static bool test_running = false; + +/* + * Logging categories: this needs to match the list in bin/named/log.c. + */ +static isc_logcategory_t categories[] = { { "", 0 }, + { "client", 0 }, + { "network", 0 }, + { "update", 0 }, + { "queries", 0 }, + { "unmatched", 0 }, + { "update-security", 0 }, + { "query-errors", 0 }, + { NULL, 0 } }; + +static void +cleanup_managers(void) { + if (maintask != NULL) { + isc_task_shutdown(maintask); + isc_task_destroy(&maintask); + } + + isc_managers_destroy(netmgr == NULL ? NULL : &netmgr, + taskmgr == NULL ? NULL : &taskmgr); + + if (socketmgr != NULL) { + isc_socketmgr_destroy(&socketmgr); + } + if (timermgr != NULL) { + isc_timermgr_destroy(&timermgr); + } + if (app_running) { + isc_app_finish(); + } +} + +static isc_result_t +create_managers(void) { + isc_result_t result; + ncpus = isc_os_ncpus(); + + CHECK(isc_managers_create(dt_mctx, ncpus, 0, &netmgr, &taskmgr)); + CHECK(isc_timermgr_create(dt_mctx, &timermgr)); + CHECK(isc_socketmgr_create(dt_mctx, &socketmgr)); + CHECK(isc_task_create_bound(taskmgr, 0, &maintask, 0)); + return (ISC_R_SUCCESS); + +cleanup: + cleanup_managers(); + return (result); +} + +isc_result_t +dns_test_begin(FILE *logfile, bool start_managers) { + isc_result_t result; + + INSIST(!test_running); + test_running = true; + + if (start_managers) { + CHECK(isc_app_start()); + } + if (debug_mem_record) { + isc_mem_debugging |= ISC_MEM_DEBUGRECORD; + } + + INSIST(dt_mctx == NULL); + isc_mem_create(&dt_mctx); + + /* Don't check the memory leaks as they hide the assertions */ + isc_mem_setdestroycheck(dt_mctx, false); + + INSIST(!dst_active); + CHECK(dst_lib_init(dt_mctx, NULL)); + dst_active = true; + + if (logfile != NULL) { + isc_logdestination_t destination; + isc_logconfig_t *logconfig = NULL; + + INSIST(lctx == NULL); + isc_log_create(dt_mctx, &lctx, &logconfig); + isc_log_registercategories(lctx, categories); + isc_log_setcontext(lctx); + dns_log_init(lctx); + dns_log_setcontext(lctx); + + destination.file.stream = logfile; + destination.file.name = NULL; + destination.file.versions = ISC_LOG_ROLLNEVER; + destination.file.maximum_size = 0; + isc_log_createchannel(logconfig, "stderr", ISC_LOG_TOFILEDESC, + ISC_LOG_DYNAMIC, &destination, 0); + CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL)); + } + + dns_result_register(); + + if (start_managers) { + CHECK(create_managers()); + } + + /* + * The caller might run from another directory, so tests + * that access test data files must first chdir to the proper + * location. + */ + if (chdir(TESTS) == -1) { + CHECK(ISC_R_FAILURE); + } + + return (ISC_R_SUCCESS); + +cleanup: + dns_test_end(); + return (result); +} + +void +dns_test_end(void) { + cleanup_managers(); + + dst_lib_destroy(); + dst_active = false; + + if (lctx != NULL) { + isc_log_destroy(&lctx); + } + + if (dt_mctx != NULL) { + isc_mem_destroy(&dt_mctx); + } + + test_running = false; +} + +/* + * Create a view. + */ +isc_result_t +dns_test_makeview(const char *name, dns_view_t **viewp) { + isc_result_t result; + dns_view_t *view = NULL; + + CHECK(dns_view_create(dt_mctx, dns_rdataclass_in, name, &view)); + *viewp = view; + + return (ISC_R_SUCCESS); + +cleanup: + if (view != NULL) { + dns_view_detach(&view); + } + return (result); +} + +isc_result_t +dns_test_makezone(const char *name, dns_zone_t **zonep, dns_view_t *view, + bool createview) { + dns_fixedname_t fixed_origin; + dns_zone_t *zone = NULL; + isc_result_t result; + dns_name_t *origin; + + REQUIRE(view == NULL || !createview); + + /* + * Create the zone structure. + */ + result = dns_zone_create(&zone, dt_mctx); + if (result != ISC_R_SUCCESS) { + return (result); + } + + /* + * Set zone type and origin. + */ + dns_zone_settype(zone, dns_zone_primary); + origin = dns_fixedname_initname(&fixed_origin); + result = dns_name_fromstring(origin, name, 0, NULL); + if (result != ISC_R_SUCCESS) { + goto detach_zone; + } + result = dns_zone_setorigin(zone, origin); + if (result != ISC_R_SUCCESS) { + goto detach_zone; + } + + /* + * If requested, create a view. + */ + if (createview) { + result = dns_test_makeview("view", &view); + if (result != ISC_R_SUCCESS) { + goto detach_zone; + } + } + + /* + * If a view was passed as an argument or created above, attach the + * created zone to it. Otherwise, set the zone's class to IN. + */ + if (view != NULL) { + dns_zone_setview(zone, view); + dns_zone_setclass(zone, view->rdclass); + dns_view_addzone(view, zone); + } else { + dns_zone_setclass(zone, dns_rdataclass_in); + } + + *zonep = zone; + + return (ISC_R_SUCCESS); + +detach_zone: + dns_zone_detach(&zone); + + return (result); +} + +isc_result_t +dns_test_setupzonemgr(void) { + isc_result_t result; + REQUIRE(zonemgr == NULL); + + result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr, + &zonemgr); + return (result); +} + +isc_result_t +dns_test_managezone(dns_zone_t *zone) { + isc_result_t result; + REQUIRE(zonemgr != NULL); + + result = dns_zonemgr_setsize(zonemgr, 1); + if (result != ISC_R_SUCCESS) { + return (result); + } + + result = dns_zonemgr_managezone(zonemgr, zone); + return (result); +} + +void +dns_test_releasezone(dns_zone_t *zone) { + REQUIRE(zonemgr != NULL); + dns_zonemgr_releasezone(zonemgr, zone); +} + +void +dns_test_closezonemgr(void) { + REQUIRE(zonemgr != NULL); + + dns_zonemgr_shutdown(zonemgr); + dns_zonemgr_detach(&zonemgr); +} + +/* + * Sleep for 'usec' microseconds. + */ +void +dns_test_nap(uint32_t usec) { + struct timespec ts; + + ts.tv_sec = usec / 1000000; + ts.tv_nsec = (usec % 1000000) * 1000; + nanosleep(&ts, NULL); +} + +isc_result_t +dns_test_loaddb(dns_db_t **db, dns_dbtype_t dbtype, const char *origin, + const char *testfile) { + isc_result_t result; + dns_fixedname_t fixed; + dns_name_t *name; + + name = dns_fixedname_initname(&fixed); + + result = dns_name_fromstring(name, origin, 0, NULL); + if (result != ISC_R_SUCCESS) { + return (result); + } + + result = dns_db_create(dt_mctx, "rbt", name, dbtype, dns_rdataclass_in, + 0, NULL, db); + if (result != ISC_R_SUCCESS) { + return (result); + } + + result = dns_db_load(*db, testfile, dns_masterformat_text, 0); + return (result); +} + +static int +fromhex(char c) { + if (c >= '0' && c <= '9') { + return (c - '0'); + } else if (c >= 'a' && c <= 'f') { + return (c - 'a' + 10); + } else if (c >= 'A' && c <= 'F') { + return (c - 'A' + 10); + } + + printf("bad input format: %02x\n", c); + exit(3); +} + +/* + * Format contents of given memory region as a hex string, using the buffer + * of length 'buflen' pointed to by 'buf'. 'buflen' must be at least three + * times 'len'. Always returns 'buf'. + */ +char * +dns_test_tohex(const unsigned char *data, size_t len, char *buf, + size_t buflen) { + isc_constregion_t source = { .base = data, .length = len }; + isc_buffer_t target; + isc_result_t result; + + memset(buf, 0, buflen); + isc_buffer_init(&target, buf, buflen); + result = isc_hex_totext((isc_region_t *)&source, 1, " ", &target); + assert_int_equal(result, ISC_R_SUCCESS); + + return (buf); +} + +isc_result_t +dns_test_getdata(const char *file, unsigned char *buf, size_t bufsiz, + size_t *sizep) { + isc_result_t result; + unsigned char *bp; + char *rp, *wp; + char s[BUFSIZ]; + size_t len, i; + FILE *f = NULL; + int n; + + result = isc_stdio_open(file, "r", &f); + if (result != ISC_R_SUCCESS) { + return (result); + } + + bp = buf; + while (fgets(s, sizeof(s), f) != NULL) { + rp = s; + wp = s; + len = 0; + while (*rp != '\0') { + if (*rp == '#') { + break; + } + if (*rp != ' ' && *rp != '\t' && *rp != '\r' && + *rp != '\n') + { + *wp++ = *rp; + len++; + } + rp++; + } + if (len == 0U) { + continue; + } + if (len % 2 != 0U) { + CHECK(ISC_R_UNEXPECTEDEND); + } + if (len > bufsiz * 2) { + CHECK(ISC_R_NOSPACE); + } + rp = s; + for (i = 0; i < len; i += 2) { + n = fromhex(*rp++); + n *= 16; + n += fromhex(*rp++); + *bp++ = n; + } + } + + *sizep = bp - buf; + + result = ISC_R_SUCCESS; + +cleanup: + isc_stdio_close(f); + return (result); +} + +static void +nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) { + UNUSED(cb); + UNUSED(fmt); +} + +isc_result_t +dns_test_rdatafromstring(dns_rdata_t *rdata, dns_rdataclass_t rdclass, + dns_rdatatype_t rdtype, unsigned char *dst, + size_t dstlen, const char *src, bool warnings) { + dns_rdatacallbacks_t callbacks; + isc_buffer_t source, target; + isc_lex_t *lex = NULL; + isc_lexspecials_t specials = { 0 }; + isc_result_t result; + size_t length; + + REQUIRE(rdata != NULL); + REQUIRE(DNS_RDATA_INITIALIZED(rdata)); + REQUIRE(dst != NULL); + REQUIRE(src != NULL); + + /* + * Set up source to hold the input string. + */ + length = strlen(src); + isc_buffer_constinit(&source, src, length); + isc_buffer_add(&source, length); + + /* + * Create a lexer as one is required by dns_rdata_fromtext(). + */ + result = isc_lex_create(dt_mctx, 64, &lex); + if (result != ISC_R_SUCCESS) { + return (result); + } + + /* + * Set characters which will be treated as valid multi-line RDATA + * delimiters while reading the source string. These should match + * specials from lib/dns/master.c. + */ + specials[0] = 1; + specials['('] = 1; + specials[')'] = 1; + specials['"'] = 1; + isc_lex_setspecials(lex, specials); + + /* + * Expect DNS masterfile comments. + */ + isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); + + /* + * Point lexer at source. + */ + result = isc_lex_openbuffer(lex, &source); + if (result != ISC_R_SUCCESS) { + goto destroy_lexer; + } + + /* + * Set up target for storing uncompressed wire form of provided RDATA. + */ + isc_buffer_init(&target, dst, dstlen); + + /* + * Set up callbacks so warnings and errors are not printed. + */ + if (!warnings) { + dns_rdatacallbacks_init(&callbacks); + callbacks.warn = callbacks.error = nullmsg; + } + + /* + * Parse input string, determining result. + */ + result = dns_rdata_fromtext(rdata, rdclass, rdtype, lex, dns_rootname, + 0, dt_mctx, &target, &callbacks); + +destroy_lexer: + isc_lex_destroy(&lex); + + return (result); +} + +void +dns_test_namefromstring(const char *namestr, dns_fixedname_t *fname) { + size_t length; + isc_buffer_t *b = NULL; + isc_result_t result; + dns_name_t *name; + + length = strlen(namestr); + + name = dns_fixedname_initname(fname); + + isc_buffer_allocate(dt_mctx, &b, length); + + isc_buffer_putmem(b, (const unsigned char *)namestr, length); + result = dns_name_fromtext(name, b, dns_rootname, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_buffer_free(&b); +} + +isc_result_t +dns_test_difffromchanges(dns_diff_t *diff, const zonechange_t *changes, + bool warnings) { + isc_result_t result = ISC_R_SUCCESS; + unsigned char rdata_buf[1024]; + dns_difftuple_t *tuple = NULL; + isc_consttextregion_t region; + dns_rdatatype_t rdatatype; + dns_fixedname_t fixedname; + dns_rdata_t rdata; + dns_name_t *name; + size_t i; + + REQUIRE(diff != NULL); + REQUIRE(changes != NULL); + + dns_diff_init(dt_mctx, diff); + + for (i = 0; changes[i].owner != NULL; i++) { + /* + * Parse owner name. + */ + name = dns_fixedname_initname(&fixedname); + result = dns_name_fromstring(name, changes[i].owner, 0, + dt_mctx); + if (result != ISC_R_SUCCESS) { + break; + } + + /* + * Parse RDATA type. + */ + region.base = changes[i].type; + region.length = strlen(changes[i].type); + result = dns_rdatatype_fromtext(&rdatatype, + (isc_textregion_t *)®ion); + if (result != ISC_R_SUCCESS) { + break; + } + + /* + * Parse RDATA. + */ + dns_rdata_init(&rdata); + result = dns_test_rdatafromstring( + &rdata, dns_rdataclass_in, rdatatype, rdata_buf, + sizeof(rdata_buf), changes[i].rdata, warnings); + if (result != ISC_R_SUCCESS) { + break; + } + + /* + * Create a diff tuple for the parsed change and append it to + * the diff. + */ + result = dns_difftuple_create(dt_mctx, changes[i].op, name, + changes[i].ttl, &rdata, &tuple); + if (result != ISC_R_SUCCESS) { + break; + } + dns_diff_append(diff, &tuple); + } + + if (result != ISC_R_SUCCESS) { + dns_diff_clear(diff); + } + + return (result); +} +#endif /* HAVE_CMOCKA */ diff --git a/lib/dns/tests/dnstest.h b/lib/dns/tests/dnstest.h new file mode 100644 index 0000000..f19b518 --- /dev/null +++ b/lib/dns/tests/dnstest.h @@ -0,0 +1,132 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/*! \file */ + +#include <inttypes.h> +#include <stdbool.h> + +#include <isc/buffer.h> +#include <isc/hash.h> +#include <isc/log.h> +#include <isc/mem.h> +#include <isc/string.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <dns/diff.h> +#include <dns/result.h> +#include <dns/zone.h> + +typedef struct { + dns_diffop_t op; + const char *owner; + dns_ttl_t ttl; + const char *type; + const char *rdata; +} zonechange_t; + +#define ZONECHANGE_SENTINEL \ + { \ + 0, NULL, 0, NULL, NULL \ + } + +extern isc_mem_t *dt_mctx; +extern isc_log_t *lctx; +extern isc_taskmgr_t *taskmgr; +extern isc_task_t *maintask; +extern isc_timermgr_t *timermgr; +extern isc_socketmgr_t *socketmgr; +extern dns_zonemgr_t *zonemgr; +extern bool app_running; +extern int ncpus; +extern bool debug_mem_record; + +isc_result_t +dns_test_begin(FILE *logfile, bool create_managers); + +void +dns_test_end(void); + +isc_result_t +dns_test_makeview(const char *name, dns_view_t **viewp); + +/*% + * Create a zone with origin 'name', return a pointer to the zone object in + * 'zonep'. + * + * If 'view' is set, the returned zone will be assigned to the passed view. + * 'createview' must be set to false when 'view' is non-NULL. + * + * If 'view' is not set and 'createview' is true, a new view is also created + * and the returned zone is assigned to it. This imposes two requirements on + * the caller: 1) the returned zone has to be subsequently assigned to a zone + * manager, otherwise its cleanup will fail, 2) the created view has to be + * cleaned up by the caller. + * + * If 'view' is not set and 'createview' is false, the returned zone will not + * be assigned to any view. + */ +isc_result_t +dns_test_makezone(const char *name, dns_zone_t **zonep, dns_view_t *view, + bool createview); + +isc_result_t +dns_test_setupzonemgr(void); + +isc_result_t +dns_test_managezone(dns_zone_t *zone); + +void +dns_test_releasezone(dns_zone_t *zone); + +void +dns_test_closezonemgr(void); + +void +dns_test_nap(uint32_t usec); + +isc_result_t +dns_test_loaddb(dns_db_t **db, dns_dbtype_t dbtype, const char *origin, + const char *testfile); + +isc_result_t +dns_test_getdata(const char *file, unsigned char *buf, size_t bufsiz, + size_t *sizep); + +char * +dns_test_tohex(const unsigned char *data, size_t len, char *buf, size_t buflen); + +/*% + * Try parsing text form RDATA in "src" (of class "rdclass" and type "rdtype") + * into a structure representing that RDATA at "rdata", storing the + * uncompressed wire form of that RDATA at "dst", which is "dstlen" bytes long. + * Set 'warnings' to true to print logged warnings from dns_rdata_fromtext(). + */ +isc_result_t +dns_test_rdatafromstring(dns_rdata_t *rdata, dns_rdataclass_t rdclass, + dns_rdatatype_t rdtype, unsigned char *dst, + size_t dstlen, const char *src, bool warnings); + +void +dns_test_namefromstring(const char *namestr, dns_fixedname_t *fname); + +/*% + * Given a pointer to an uninitialized dns_diff_t structure in 'diff', make it + * contain diff tuples representing zone database changes listed in 'changes'. + * Set 'warnings' to true to print logged warnings from dns_rdata_fromtext(). + */ +isc_result_t +dns_test_difffromchanges(dns_diff_t *diff, const zonechange_t *changes, + bool warnings); diff --git a/lib/dns/tests/dst_test.c b/lib/dns/tests/dst_test.c new file mode 100644 index 0000000..f5370cc --- /dev/null +++ b/lib/dns/tests/dst_test.c @@ -0,0 +1,504 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/file.h> +#include <isc/hex.h> +#include <isc/stdio.h> +#include <isc/string.h> +#include <isc/util.h> + +#include <dst/dst.h> +#include <dst/result.h> + +#include "../dst_internal.h" +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/* Read sig in file at path to buf. Check signature ineffability */ +static isc_result_t +sig_fromfile(const char *path, isc_buffer_t *buf) { + isc_result_t result; + size_t rval, len; + FILE *fp = NULL; + unsigned char val; + char *p, *data; + off_t size; + + result = isc_stdio_open(path, "rb", &fp); + assert_int_equal(result, ISC_R_SUCCESS); + + result = isc_file_getsizefd(fileno(fp), &size); + assert_int_equal(result, ISC_R_SUCCESS); + + data = isc_mem_get(dt_mctx, (size + 1)); + assert_non_null(data); + + len = (size_t)size; + p = data; + while (len != 0U) { + result = isc_stdio_read(p, 1, len, fp, &rval); + assert_int_equal(result, ISC_R_SUCCESS); + len -= rval; + p += rval; + } + isc_stdio_close(fp); + + p = data; + len = size; + while (len > 0U) { + if ((*p == '\r') || (*p == '\n')) { + ++p; + --len; + continue; + } else if (len < 2U) { + goto err; + } + if (('0' <= *p) && (*p <= '9')) { + val = *p - '0'; + } else if (('A' <= *p) && (*p <= 'F')) { + val = *p - 'A' + 10; + } else { + result = ISC_R_BADHEX; + goto err; + } + ++p; + val <<= 4; + --len; + if (('0' <= *p) && (*p <= '9')) { + val |= (*p - '0'); + } else if (('A' <= *p) && (*p <= 'F')) { + val |= (*p - 'A' + 10); + } else { + result = ISC_R_BADHEX; + goto err; + } + ++p; + --len; + isc_buffer_putuint8(buf, val); + } + + result = ISC_R_SUCCESS; + +err: + isc_mem_put(dt_mctx, data, size + 1); + return (result); +} + +static void +check_sig(const char *datapath, const char *sigpath, const char *keyname, + dns_keytag_t id, dns_secalg_t alg, int type, bool expect) { + isc_result_t result; + size_t rval, len; + FILE *fp; + dst_key_t *key = NULL; + unsigned char sig[512]; + unsigned char *p; + unsigned char *data; + off_t size; + isc_buffer_t b; + isc_buffer_t databuf, sigbuf; + isc_region_t datareg, sigreg; + dns_fixedname_t fname; + dns_name_t *name; + dst_context_t *ctx = NULL; + + /* + * Read data from file in a form usable by dst_verify. + */ + result = isc_stdio_open(datapath, "rb", &fp); + assert_int_equal(result, ISC_R_SUCCESS); + + result = isc_file_getsizefd(fileno(fp), &size); + assert_int_equal(result, ISC_R_SUCCESS); + + data = isc_mem_get(dt_mctx, (size + 1)); + assert_non_null(data); + + p = data; + len = (size_t)size; + do { + result = isc_stdio_read(p, 1, len, fp, &rval); + assert_int_equal(result, ISC_R_SUCCESS); + len -= rval; + p += rval; + } while (len); + isc_stdio_close(fp); + + /* + * Read key from file in a form usable by dst_verify. + */ + name = dns_fixedname_initname(&fname); + isc_buffer_constinit(&b, keyname, strlen(keyname)); + isc_buffer_add(&b, strlen(keyname)); + result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + result = dst_key_fromfile(name, id, alg, type, "testdata/dst", dt_mctx, + &key); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_buffer_init(&databuf, data, (unsigned int)size); + isc_buffer_add(&databuf, (unsigned int)size); + isc_buffer_usedregion(&databuf, &datareg); + + memset(sig, 0, sizeof(sig)); + isc_buffer_init(&sigbuf, sig, sizeof(sig)); + + /* + * Read precomputed signature from file in a form usable by dst_verify. + */ + result = sig_fromfile(sigpath, &sigbuf); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Verify that the key signed the data. + */ + isc_buffer_remainingregion(&sigbuf, &sigreg); + + result = dst_context_create(key, dt_mctx, DNS_LOGCATEGORY_GENERAL, + false, 0, &ctx); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dst_context_adddata(ctx, &datareg); + assert_int_equal(result, ISC_R_SUCCESS); + result = dst_context_verify(ctx, &sigreg); + + /* + * Compute the expected signature and emit it + * so the precomputed signature can be updated. + * This should only be done if the covered data + * is updated. + */ + if (expect && result != ISC_R_SUCCESS) { + isc_result_t result2; + + dst_context_destroy(&ctx); + result2 = dst_context_create( + key, dt_mctx, DNS_LOGCATEGORY_GENERAL, false, 0, &ctx); + assert_int_equal(result2, ISC_R_SUCCESS); + + result2 = dst_context_adddata(ctx, &datareg); + assert_int_equal(result2, ISC_R_SUCCESS); + + char sigbuf2[4096]; + isc_buffer_t sigb; + isc_buffer_init(&sigb, sigbuf2, sizeof(sigbuf2)); + + result2 = dst_context_sign(ctx, &sigb); + assert_int_equal(result2, ISC_R_SUCCESS); + + isc_region_t r; + isc_buffer_usedregion(&sigb, &r); + + char hexbuf[4096] = { 0 }; + isc_buffer_t hb; + isc_buffer_init(&hb, hexbuf, sizeof(hexbuf)); + + isc_hex_totext(&r, 0, "", &hb); + + fprintf(stderr, "# %s:\n# %s\n", sigpath, hexbuf); + } + + isc_mem_put(dt_mctx, data, size + 1); + dst_context_destroy(&ctx); + dst_key_free(&key); + + assert_true((expect && (result == ISC_R_SUCCESS)) || + (!expect && (result != ISC_R_SUCCESS))); + + return; +} + +static void +sig_test(void **state) { + UNUSED(state); + + struct { + const char *datapath; + const char *sigpath; + const char *keyname; + dns_keytag_t keyid; + dns_secalg_t alg; + bool expect; + } testcases[] = { + { "testdata/dst/test1.data", "testdata/dst/test1.ecdsa256sig", + "test.", 49130, DST_ALG_ECDSA256, true }, + { "testdata/dst/test1.data", "testdata/dst/test1.rsasha256sig", + "test.", 11349, DST_ALG_RSASHA256, true }, + { /* wrong sig */ + "testdata/dst/test1.data", "testdata/dst/test1.ecdsa256sig", + "test.", 11349, DST_ALG_RSASHA256, false }, + { /* wrong data */ + "testdata/dst/test2.data", "testdata/dst/test1.ecdsa256sig", + "test.", 49130, DST_ALG_ECDSA256, false }, + }; + unsigned int i; + + for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) { + if (!dst_algorithm_supported(testcases[i].alg)) { + continue; + } + + check_sig(testcases[i].datapath, testcases[i].sigpath, + testcases[i].keyname, testcases[i].keyid, + testcases[i].alg, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, + testcases[i].expect); + } +} + +#if !defined(USE_PKCS11) +static void +check_cmp(const char *key1_name, dns_keytag_t key1_id, const char *key2_name, + dns_keytag_t key2_id, dns_secalg_t alg, int type, bool expect) { + isc_result_t result; + dst_key_t *key1 = NULL; + dst_key_t *key2 = NULL; + isc_buffer_t b1; + isc_buffer_t b2; + dns_fixedname_t fname1; + dns_fixedname_t fname2; + dns_name_t *name1; + dns_name_t *name2; + + /* + * Read key1 from the file. + */ + name1 = dns_fixedname_initname(&fname1); + isc_buffer_constinit(&b1, key1_name, strlen(key1_name)); + isc_buffer_add(&b1, strlen(key1_name)); + result = dns_name_fromtext(name1, &b1, dns_rootname, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + result = dst_key_fromfile(name1, key1_id, alg, type, "comparekeys", + dt_mctx, &key1); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Read key2 from the file. + */ + name2 = dns_fixedname_initname(&fname2); + isc_buffer_constinit(&b2, key2_name, strlen(key2_name)); + isc_buffer_add(&b2, strlen(key2_name)); + result = dns_name_fromtext(name2, &b2, dns_rootname, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + result = dst_key_fromfile(name2, key2_id, alg, type, "comparekeys", + dt_mctx, &key2); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Compare the keys (for public-only keys). + */ + if ((type & DST_TYPE_PRIVATE) == 0) { + assert_true(dst_key_pubcompare(key1, key2, false) == expect); + } + + /* + * Compare the keys (for both public-only keys and keypairs). + */ + assert_true(dst_key_compare(key1, key2) == expect); + + /* + * Free the keys + */ + dst_key_free(&key2); + dst_key_free(&key1); + + return; +} + +static void +cmp_test(void **state) { + UNUSED(state); + + struct { + const char *key1_name; + dns_keytag_t key1_id; + const char *key2_name; + dns_keytag_t key2_id; + dns_secalg_t alg; + int type; + bool expect; + } testcases[] = { + /* RSA Keypair: self */ + { "example.", 53461, "example.", 53461, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, true }, + + /* RSA Keypair: different key */ + { "example.", 53461, "example2.", 37993, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false }, + + /* RSA Keypair: different PublicExponent (e) */ + { "example.", 53461, "example-e.", 53973, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false }, + + /* RSA Keypair: different Modulus (n) */ + { "example.", 53461, "example-n.", 37464, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false }, + + /* RSA Keypair: different PrivateExponent (d) */ + { "example.", 53461, "example-d.", 53461, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false }, + + /* RSA Keypair: different Prime1 (p) */ + { "example.", 53461, "example-p.", 53461, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false }, + + /* RSA Keypair: different Prime2 (q) */ + { "example.", 53461, "example-q.", 53461, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false }, + + /* RSA Public Key: self */ + { "example.", 53461, "example.", 53461, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC, true }, + + /* RSA Public Key: different key */ + { "example.", 53461, "example2.", 37993, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC, false }, + + /* RSA Public Key: different PublicExponent (e) */ + { "example.", 53461, "example-e.", 53973, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC, false }, + + /* RSA Public Key: different Modulus (n) */ + { "example.", 53461, "example-n.", 37464, DST_ALG_RSASHA256, + DST_TYPE_PUBLIC, false }, + + /* ECDSA Keypair: self */ + { "example.", 19786, "example.", 19786, DST_ALG_ECDSA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, true }, + + /* ECDSA Keypair: different key */ + { "example.", 19786, "example2.", 16384, DST_ALG_ECDSA256, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false }, + + /* ECDSA Public Key: self */ + { "example.", 19786, "example.", 19786, DST_ALG_ECDSA256, + DST_TYPE_PUBLIC, true }, + + /* ECDSA Public Key: different key */ + { "example.", 19786, "example2.", 16384, DST_ALG_ECDSA256, + DST_TYPE_PUBLIC, false }, + + /* EdDSA Keypair: self */ + { "example.", 63663, "example.", 63663, DST_ALG_ED25519, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, true }, + + /* EdDSA Keypair: different key */ + { "example.", 63663, "example2.", 37529, DST_ALG_ED25519, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false }, + + /* EdDSA Public Key: self */ + { "example.", 63663, "example.", 63663, DST_ALG_ED25519, + DST_TYPE_PUBLIC, true }, + + /* EdDSA Public Key: different key */ + { "example.", 63663, "example2.", 37529, DST_ALG_ED25519, + DST_TYPE_PUBLIC, false }, + + /* DH Keypair: self */ + { "example.", 65316, "example.", 65316, DST_ALG_DH, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY, true }, + + /* DH Keypair: different key */ + { "example.", 65316, "example2.", 19823, DST_ALG_DH, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY, false }, + + /* DH Keypair: different key (with generator=5) */ + { "example.", 65316, "example3.", 17187, DST_ALG_DH, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY, false }, + + /* DH Keypair: different private key */ + { "example.", 65316, "example-private.", 65316, DST_ALG_DH, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY, false }, + + /* DH Public Key: self */ + { "example.", 65316, "example.", 65316, DST_ALG_DH, + DST_TYPE_PUBLIC | DST_TYPE_KEY, true }, + + /* DH Public Key: different key */ + { "example.", 65316, "example2.", 19823, DST_ALG_DH, + DST_TYPE_PUBLIC | DST_TYPE_KEY, false }, + + /* DH Public Key: different key (with generator=5) */ + { "example.", 65316, "example3.", 17187, DST_ALG_DH, + DST_TYPE_PUBLIC | DST_TYPE_KEY, false }, + }; + unsigned int i; + + for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) { + if (!dst_algorithm_supported(testcases[i].alg)) { + continue; + } + + check_cmp(testcases[i].key1_name, testcases[i].key1_id, + testcases[i].key2_name, testcases[i].key2_id, + testcases[i].alg, testcases[i].type, + testcases[i].expect); + } +} +#endif /* #if !defined(USE_PKCS11) */ + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(sig_test, _setup, _teardown), +#if !defined(USE_PKCS11) + cmocka_unit_test_setup_teardown(cmp_test, _setup, _teardown), +#endif /* #if !defined(USE_PKCS11) */ + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/geoip_test.c b/lib/dns/tests/geoip_test.c new file mode 100644 index 0000000..054213e --- /dev/null +++ b/lib/dns/tests/geoip_test.c @@ -0,0 +1,433 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/print.h> +#include <isc/string.h> +#include <isc/types.h> +#include <isc/util.h> + +#include <dns/geoip.h> + +#include "dnstest.h" + +#if defined(HAVE_GEOIP2) +#include <maxminddb.h> + +#include "../geoip2.c" + +/* Use GeoIP2 databases from the 'geoip2' system test */ +#define TEST_GEOIP_DATA "../../../bin/tests/system/geoip2/data" + +static dns_geoip_databases_t geoip; + +static MMDB_s geoip_country, geoip_city, geoip_as, geoip_isp, geoip_domain; + +static void +load_geoip(const char *dir); +static void +close_geoip(void); + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Use databases from the geoip system test */ + load_geoip(TEST_GEOIP_DATA); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + close_geoip(); + + dns_test_end(); + + return (0); +} + +static MMDB_s * +open_geoip2(const char *dir, const char *dbfile, MMDB_s *mmdb) { + char pathbuf[PATH_MAX]; + int ret; + + snprintf(pathbuf, sizeof(pathbuf), "%s/%s", dir, dbfile); + ret = MMDB_open(pathbuf, MMDB_MODE_MMAP, mmdb); + if (ret == MMDB_SUCCESS) { + return (mmdb); + } + + return (NULL); +} + +static void +load_geoip(const char *dir) { + geoip.country = open_geoip2(dir, "GeoIP2-Country.mmdb", &geoip_country); + geoip.city = open_geoip2(dir, "GeoIP2-City.mmdb", &geoip_city); + geoip.as = open_geoip2(dir, "GeoLite2-ASN.mmdb", &geoip_as); + geoip.isp = open_geoip2(dir, "GeoIP2-ISP.mmdb", &geoip_isp); + geoip.domain = open_geoip2(dir, "GeoIP2-Domain.mmdb", &geoip_domain); +} + +static void +close_geoip(void) { + MMDB_close(&geoip_country); + MMDB_close(&geoip_city); + MMDB_close(&geoip_as); + MMDB_close(&geoip_isp); + MMDB_close(&geoip_domain); +} + +static bool +/* Check if an MMDB entry of a given subtype exists for the given IP */ +entry_exists(dns_geoip_subtype_t subtype, const char *addr) { + struct in6_addr in6; + struct in_addr in4; + isc_netaddr_t na; + MMDB_s *db; + + if (inet_pton(AF_INET6, addr, &in6) == 1) { + isc_netaddr_fromin6(&na, &in6); + } else if (inet_pton(AF_INET, addr, &in4) == 1) { + isc_netaddr_fromin(&na, &in4); + } else { + UNREACHABLE(); + } + + db = geoip2_database(&geoip, fix_subtype(&geoip, subtype)); + + return (db != NULL && get_entry_for(db, &na) != NULL); +} + +/* + * Baseline test - check if get_entry_for() works as expected, i.e. that its + * return values are consistent with the contents of the test MMDBs found in + * bin/tests/system/geoip2/data/ (10.53.0.1 and fd92:7065:b8e:ffff::1 should be + * present in all databases, 192.0.2.128 should only be present in the country + * database, ::1 should be absent from all databases). + */ +static void +baseline(void **state) { + dns_geoip_subtype_t subtype; + + UNUSED(state); + + subtype = dns_geoip_city_name; + + assert_true(entry_exists(subtype, "10.53.0.1")); + assert_false(entry_exists(subtype, "192.0.2.128")); + assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1")); + assert_false(entry_exists(subtype, "::1")); + + subtype = dns_geoip_country_name; + + assert_true(entry_exists(subtype, "10.53.0.1")); + assert_true(entry_exists(subtype, "192.0.2.128")); + assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1")); + assert_false(entry_exists(subtype, "::1")); + + subtype = dns_geoip_domain_name; + + assert_true(entry_exists(subtype, "10.53.0.1")); + assert_false(entry_exists(subtype, "192.0.2.128")); + assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1")); + assert_false(entry_exists(subtype, "::1")); + + subtype = dns_geoip_isp_name; + + assert_true(entry_exists(subtype, "10.53.0.1")); + assert_false(entry_exists(subtype, "192.0.2.128")); + assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1")); + assert_false(entry_exists(subtype, "::1")); + + subtype = dns_geoip_as_asnum; + + assert_true(entry_exists(subtype, "10.53.0.1")); + assert_false(entry_exists(subtype, "192.0.2.128")); + assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1")); + assert_false(entry_exists(subtype, "::1")); +} + +static bool +do_lookup_string(const char *addr, dns_geoip_subtype_t subtype, + const char *string) { + dns_geoip_elem_t elt; + struct in_addr in4; + isc_netaddr_t na; + int n; + + n = inet_pton(AF_INET, addr, &in4); + assert_int_equal(n, 1); + isc_netaddr_fromin(&na, &in4); + + elt.subtype = subtype; + strlcpy(elt.as_string, string, sizeof(elt.as_string)); + + return (dns_geoip_match(&na, &geoip, &elt)); +} + +static bool +do_lookup_string_v6(const char *addr, dns_geoip_subtype_t subtype, + const char *string) { + dns_geoip_elem_t elt; + struct in6_addr in6; + isc_netaddr_t na; + int n; + + n = inet_pton(AF_INET6, addr, &in6); + assert_int_equal(n, 1); + isc_netaddr_fromin6(&na, &in6); + + elt.subtype = subtype; + strlcpy(elt.as_string, string, sizeof(elt.as_string)); + + return (dns_geoip_match(&na, &geoip, &elt)); +} + +/* GeoIP country matching */ +static void +country(void **state) { + bool match; + + UNUSED(state); + + if (geoip.country == NULL) { + skip(); + } + + match = do_lookup_string("10.53.0.1", dns_geoip_country_code, "AU"); + assert_true(match); + + match = do_lookup_string("10.53.0.1", dns_geoip_country_name, + "Australia"); + assert_true(match); + + match = do_lookup_string("192.0.2.128", dns_geoip_country_code, "O1"); + assert_true(match); + + match = do_lookup_string("192.0.2.128", dns_geoip_country_name, + "Other"); + assert_true(match); +} + +/* GeoIP country (ipv6) matching */ +static void +country_v6(void **state) { + bool match; + + UNUSED(state); + + if (geoip.country == NULL) { + skip(); + } + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_country_code, "AU"); + assert_true(match); + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_country_name, "Australia"); + assert_true(match); +} + +/* GeoIP city (ipv4) matching */ +static void +city(void **state) { + bool match; + + UNUSED(state); + + if (geoip.city == NULL) { + skip(); + } + + match = do_lookup_string("10.53.0.1", dns_geoip_city_continentcode, + "NA"); + assert_true(match); + + match = do_lookup_string("10.53.0.1", dns_geoip_city_countrycode, "US"); + assert_true(match); + + match = do_lookup_string("10.53.0.1", dns_geoip_city_countryname, + "United States"); + assert_true(match); + + match = do_lookup_string("10.53.0.1", dns_geoip_city_region, "CA"); + assert_true(match); + + match = do_lookup_string("10.53.0.1", dns_geoip_city_regionname, + "California"); + assert_true(match); + + match = do_lookup_string("10.53.0.1", dns_geoip_city_name, + "Redwood City"); + assert_true(match); + + match = do_lookup_string("10.53.0.1", dns_geoip_city_postalcode, + "94063"); + assert_true(match); +} + +/* GeoIP city (ipv6) matching */ +static void +city_v6(void **state) { + bool match; + + UNUSED(state); + + if (geoip.city == NULL) { + skip(); + } + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_city_continentcode, "NA"); + assert_true(match); + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_city_countrycode, "US"); + assert_true(match); + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_city_countryname, + "United States"); + assert_true(match); + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_city_region, "CA"); + assert_true(match); + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_city_regionname, "California"); + assert_true(match); + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_city_name, "Redwood City"); + assert_true(match); + + match = do_lookup_string_v6("fd92:7065:b8e:ffff::1", + dns_geoip_city_postalcode, "94063"); + assert_true(match); +} + +/* GeoIP asnum matching */ +static void +asnum(void **state) { + bool match; + + UNUSED(state); + + if (geoip.as == NULL) { + skip(); + } + + match = do_lookup_string("10.53.0.3", dns_geoip_as_asnum, "AS100003"); + assert_true(match); +} + +/* GeoIP isp matching */ +static void +isp(void **state) { + bool match; + + UNUSED(state); + + if (geoip.isp == NULL) { + skip(); + } + + match = do_lookup_string("10.53.0.1", dns_geoip_isp_name, + "One Systems, Inc."); + assert_true(match); +} + +/* GeoIP org matching */ +static void +org(void **state) { + bool match; + + UNUSED(state); + + if (geoip.as == NULL) { + skip(); + } + + match = do_lookup_string("10.53.0.2", dns_geoip_org_name, + "Two Technology Ltd."); + assert_true(match); +} + +/* GeoIP domain matching */ +static void +domain(void **state) { + bool match; + + UNUSED(state); + + if (geoip.domain == NULL) { + skip(); + } + + match = do_lookup_string("10.53.0.5", dns_geoip_domain_name, "five.es"); + assert_true(match); +} +#endif /* HAVE_GEOIP2 */ + +int +main(void) { +#if defined(HAVE_GEOIP2) + const struct CMUnitTest tests[] = { + cmocka_unit_test(baseline), cmocka_unit_test(country), + cmocka_unit_test(country_v6), cmocka_unit_test(city), + cmocka_unit_test(city_v6), cmocka_unit_test(asnum), + cmocka_unit_test(isp), cmocka_unit_test(org), + cmocka_unit_test(domain), + }; + + return (cmocka_run_group_tests(tests, _setup, _teardown)); +#else /* if defined(HAVE_GEOIP2) */ + print_message("1..0 # Skip GeoIP not enabled\n"); +#endif /* if defined(HAVE_GEOIP2) */ +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* HAVE_CMOCKA */ diff --git a/lib/dns/tests/keytable_test.c b/lib/dns/tests/keytable_test.c new file mode 100644 index 0000000..670b1b2 --- /dev/null +++ b/lib/dns/tests/keytable_test.c @@ -0,0 +1,720 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/base64.h> +#include <isc/buffer.h> +#include <isc/md.h> +#include <isc/util.h> + +#include <dns/fixedname.h> +#include <dns/keytable.h> +#include <dns/name.h> +#include <dns/nta.h> +#include <dns/rdataclass.h> +#include <dns/rdatastruct.h> +#include <dns/rootns.h> +#include <dns/view.h> + +#include <dst/dst.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, true); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +dns_keytable_t *keytable = NULL; +dns_ntatable_t *ntatable = NULL; + +static const char *keystr1 = "BQEAAAABok+vaUC9neRv8yeT/" + "FEGgN7svR8s7VBUVSBd8NsAiV8AlaAg " + "O5FHar3JQd95i/puZos6Vi6at9/" + "JBbN8qVmO2AuiXxVqfxMKxIcy+LEB " + "0Vw4NaSJ3N3uaVREso6aTSs98H/" + "25MjcwLOr7SFfXA7bGhZatLtYY/xu kp6Km5hMfkE="; + +static const char *keystr2 = "BQEAAAABwuHz9Cem0BJ0JQTO7C/a3McR6hMaufljs1dfG/" + "inaJpYv7vH " + "XTrAOm/MeKp+/x6eT4QLru0KoZkvZJnqTI8JyaFTw2OM/" + "ItBfh/hL2lm " + "Cft2O7n3MfeqYtvjPnY7dWghYW4sVfH7VVEGm958o9nfi7953" + "2Qeklxh x8pXWdeAaRU="; + +static dns_view_t *view = NULL; + +/* + * Test utilities. In general, these assume input parameters are valid + * (checking with assert_int_equal, thus aborting if not) and unlikely run time + * errors (such as memory allocation failure) won't happen. This helps keep + * the test code concise. + */ + +/* + * Utility to convert C-string to dns_name_t. Return a pointer to + * static data, and so is not thread safe. + */ +static dns_name_t * +str2name(const char *namestr) { + static dns_fixedname_t fname; + static dns_name_t *name; + static isc_buffer_t namebuf; + void *deconst_namestr; + + name = dns_fixedname_initname(&fname); + DE_CONST(namestr, deconst_namestr); /* OK, since we don't modify it */ + isc_buffer_init(&namebuf, deconst_namestr, strlen(deconst_namestr)); + isc_buffer_add(&namebuf, strlen(namestr)); + assert_int_equal( + dns_name_fromtext(name, &namebuf, dns_rootname, 0, NULL), + ISC_R_SUCCESS); + + return (name); +} + +static void +create_keystruct(uint16_t flags, uint8_t proto, uint8_t alg, const char *keystr, + dns_rdata_dnskey_t *keystruct) { + unsigned char keydata[4096]; + isc_buffer_t keydatabuf; + isc_region_t r; + const dns_rdataclass_t rdclass = dns_rdataclass_in; + + keystruct->common.rdclass = rdclass; + keystruct->common.rdtype = dns_rdatatype_dnskey; + keystruct->mctx = dt_mctx; + ISC_LINK_INIT(&keystruct->common, link); + keystruct->flags = flags; + keystruct->protocol = proto; + keystruct->algorithm = alg; + + isc_buffer_init(&keydatabuf, keydata, sizeof(keydata)); + assert_int_equal(isc_base64_decodestring(keystr, &keydatabuf), + ISC_R_SUCCESS); + isc_buffer_usedregion(&keydatabuf, &r); + keystruct->datalen = r.length; + keystruct->data = isc_mem_allocate(dt_mctx, r.length); + memmove(keystruct->data, r.base, r.length); +} + +static void +create_dsstruct(dns_name_t *name, uint16_t flags, uint8_t proto, uint8_t alg, + const char *keystr, unsigned char *digest, + dns_rdata_ds_t *dsstruct) { + isc_result_t result; + unsigned char rrdata[4096]; + isc_buffer_t rrdatabuf; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_dnskey_t dnskey; + + /* + * Populate DNSKEY rdata structure. + */ + create_keystruct(flags, proto, alg, keystr, &dnskey); + + /* + * Convert to wire format. + */ + isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata)); + result = dns_rdata_fromstruct(&rdata, dnskey.common.rdclass, + dnskey.common.rdtype, &dnskey, + &rrdatabuf); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Build DS rdata struct. + */ + result = dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256, digest, + dsstruct); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_rdata_freestruct(&dnskey); +} + +/* Common setup: create a keytable and ntatable to test with a few keys */ +static void +create_tables() { + isc_result_t result; + unsigned char digest[ISC_MAX_MD_SIZE]; + dns_rdata_ds_t ds; + dns_fixedname_t fn; + dns_name_t *keyname = dns_fixedname_name(&fn); + isc_stdtime_t now; + + result = dns_test_makeview("view", &view); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_int_equal(dns_keytable_create(dt_mctx, &keytable), + ISC_R_SUCCESS); + assert_int_equal( + dns_ntatable_create(view, taskmgr, timermgr, &ntatable), + ISC_R_SUCCESS); + + /* Add a normal key */ + dns_test_namefromstring("example.com", &fn); + create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds); + assert_int_equal(dns_keytable_add(keytable, false, false, keyname, &ds), + ISC_R_SUCCESS); + + /* Add an initializing managed key */ + dns_test_namefromstring("managed.com", &fn); + create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds); + assert_int_equal(dns_keytable_add(keytable, true, true, keyname, &ds), + ISC_R_SUCCESS); + + /* Add a null key */ + assert_int_equal(dns_keytable_marksecure(keytable, str2name("null." + "example")), + ISC_R_SUCCESS); + + /* Add a negative trust anchor, duration 1 hour */ + isc_stdtime_get(&now); + assert_int_equal(dns_ntatable_add(ntatable, + str2name("insecure.example"), false, + now, 3600), + ISC_R_SUCCESS); +} + +static void +destroy_tables() { + if (ntatable != NULL) { + dns_ntatable_detach(&ntatable); + } + if (keytable != NULL) { + dns_keytable_detach(&keytable); + } + + dns_view_detach(&view); +} + +/* add keys to the keytable */ +static void +add_test(void **state) { + dns_keynode_t *keynode = NULL; + dns_keynode_t *null_keynode = NULL; + unsigned char digest[ISC_MAX_MD_SIZE]; + dns_rdata_ds_t ds; + dns_fixedname_t fn; + dns_name_t *keyname = dns_fixedname_name(&fn); + + UNUSED(state); + + create_tables(); + + /* + * Getting the keynode for the example.com key should succeed. + */ + assert_int_equal( + dns_keytable_find(keytable, str2name("example.com"), &keynode), + ISC_R_SUCCESS); + + /* + * Try to add the same key. This should have no effect but + * report success. + */ + dns_test_namefromstring("example.com", &fn); + create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds); + assert_int_equal(dns_keytable_add(keytable, false, false, keyname, &ds), + ISC_R_SUCCESS); + dns_keytable_detachkeynode(keytable, &keynode); + assert_int_equal( + dns_keytable_find(keytable, str2name("example.com"), &keynode), + ISC_R_SUCCESS); + + /* Add another key (different keydata) */ + dns_keytable_detachkeynode(keytable, &keynode); + create_dsstruct(keyname, 257, 3, 5, keystr2, digest, &ds); + assert_int_equal(dns_keytable_add(keytable, false, false, keyname, &ds), + ISC_R_SUCCESS); + assert_int_equal( + dns_keytable_find(keytable, str2name("example.com"), &keynode), + ISC_R_SUCCESS); + dns_keytable_detachkeynode(keytable, &keynode); + + /* + * Get the keynode for the managed.com key. Ensure the + * retrieved key is an initializing key, then mark it as trusted using + * dns_keynode_trust() and ensure the latter works as expected. + */ + assert_int_equal( + dns_keytable_find(keytable, str2name("managed.com"), &keynode), + ISC_R_SUCCESS); + assert_int_equal(dns_keynode_initial(keynode), true); + dns_keynode_trust(keynode); + assert_int_equal(dns_keynode_initial(keynode), false); + dns_keytable_detachkeynode(keytable, &keynode); + + /* + * Add a different managed key for managed.com, marking it as an + * initializing key. Since there is already a trusted key at the + * node, the node should *not* be marked as initializing. + */ + dns_test_namefromstring("managed.com", &fn); + create_dsstruct(keyname, 257, 3, 5, keystr2, digest, &ds); + assert_int_equal(dns_keytable_add(keytable, true, true, keyname, &ds), + ISC_R_SUCCESS); + assert_int_equal( + dns_keytable_find(keytable, str2name("managed.com"), &keynode), + ISC_R_SUCCESS); + assert_int_equal(dns_keynode_initial(keynode), false); + dns_keytable_detachkeynode(keytable, &keynode); + + /* + * Add the same managed key again, but this time mark it as a + * non-initializing key. Ensure the previously added key is upgraded + * to a non-initializing key and make sure there are still two key + * nodes for managed.com, both containing non-initializing keys. + */ + assert_int_equal(dns_keytable_add(keytable, true, false, keyname, &ds), + ISC_R_SUCCESS); + assert_int_equal( + dns_keytable_find(keytable, str2name("managed.com"), &keynode), + ISC_R_SUCCESS); + assert_int_equal(dns_keynode_initial(keynode), false); + dns_keytable_detachkeynode(keytable, &keynode); + + /* + * Add a managed key at a new node, two.com, marking it as an + * initializing key. + */ + dns_test_namefromstring("two.com", &fn); + create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds); + assert_int_equal(dns_keytable_add(keytable, true, true, keyname, &ds), + ISC_R_SUCCESS); + assert_int_equal( + dns_keytable_find(keytable, str2name("two.com"), &keynode), + ISC_R_SUCCESS); + assert_int_equal(dns_keynode_initial(keynode), true); + dns_keytable_detachkeynode(keytable, &keynode); + + /* + * Add a different managed key for two.com, marking it as a + * non-initializing key. Since there is already an iniitalizing + * trust anchor for two.com and we haven't run dns_keynode_trust(), + * the initialization status should not change. + */ + create_dsstruct(keyname, 257, 3, 5, keystr2, digest, &ds); + assert_int_equal(dns_keytable_add(keytable, true, false, keyname, &ds), + ISC_R_SUCCESS); + assert_int_equal( + dns_keytable_find(keytable, str2name("two.com"), &keynode), + ISC_R_SUCCESS); + assert_int_equal(dns_keynode_initial(keynode), true); + dns_keytable_detachkeynode(keytable, &keynode); + + /* + * Add a normal key to a name that has a null key. The null key node + * will be updated with the normal key. + */ + assert_int_equal(dns_keytable_find(keytable, str2name("null.example"), + &null_keynode), + ISC_R_SUCCESS); + dns_test_namefromstring("null.example", &fn); + create_dsstruct(keyname, 257, 3, 5, keystr2, digest, &ds); + assert_int_equal(dns_keytable_add(keytable, false, false, keyname, &ds), + ISC_R_SUCCESS); + assert_int_equal( + dns_keytable_find(keytable, str2name("null.example"), &keynode), + ISC_R_SUCCESS); + assert_ptr_equal(keynode, null_keynode); /* should be the same node */ + dns_keytable_detachkeynode(keytable, &null_keynode); + + /* + * Try to add a null key to a name that already has a key. It's + * effectively no-op, so the same key node is still there. + * (Note: this and above checks confirm that if a name has a null key + * that's the only key for the name). + */ + assert_int_equal(dns_keytable_marksecure(keytable, str2name("null." + "example")), + ISC_R_SUCCESS); + assert_int_equal(dns_keytable_find(keytable, str2name("null.example"), + &null_keynode), + ISC_R_SUCCESS); + assert_ptr_equal(keynode, null_keynode); + dns_keytable_detachkeynode(keytable, &null_keynode); + + dns_keytable_detachkeynode(keytable, &keynode); + destroy_tables(); +} + +/* delete keys from the keytable */ +static void +delete_test(void **state) { + UNUSED(state); + + create_tables(); + + /* dns_keytable_delete requires exact match */ + assert_int_equal(dns_keytable_delete(keytable, str2name("example.org")), + ISC_R_NOTFOUND); + assert_int_equal(dns_keytable_delete(keytable, str2name("s.example." + "com")), + ISC_R_NOTFOUND); + assert_int_equal(dns_keytable_delete(keytable, str2name("example.com")), + ISC_R_SUCCESS); + + /* works also for nodes with a null key */ + assert_int_equal(dns_keytable_delete(keytable, str2name("null." + "example")), + ISC_R_SUCCESS); + + /* or a negative trust anchor */ + assert_int_equal(dns_ntatable_delete(ntatable, str2name("insecure." + "example")), + ISC_R_SUCCESS); + + destroy_tables(); +} + +/* delete key nodes from the keytable */ +static void +deletekey_test(void **state) { + dns_rdata_dnskey_t dnskey; + dns_fixedname_t fn; + dns_name_t *keyname = dns_fixedname_name(&fn); + + UNUSED(state); + + create_tables(); + + /* key name doesn't match */ + dns_test_namefromstring("example.org", &fn); + create_keystruct(257, 3, 5, keystr1, &dnskey); + assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey), + ISC_R_NOTFOUND); + dns_rdata_freestruct(&dnskey); + + /* subdomain match is the same as no match */ + dns_test_namefromstring("sub.example.org", &fn); + create_keystruct(257, 3, 5, keystr1, &dnskey); + assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey), + ISC_R_NOTFOUND); + dns_rdata_freestruct(&dnskey); + + /* name matches but key doesn't match (resulting in PARTIALMATCH) */ + dns_test_namefromstring("example.com", &fn); + create_keystruct(257, 3, 5, keystr2, &dnskey); + assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey), + DNS_R_PARTIALMATCH); + dns_rdata_freestruct(&dnskey); + + /* + * exact match: should return SUCCESS on the first try, then + * PARTIALMATCH on the second (because the name existed but + * not a matching key). + */ + create_keystruct(257, 3, 5, keystr1, &dnskey); + assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey), + ISC_R_SUCCESS); + assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey), + DNS_R_PARTIALMATCH); + + /* + * after deleting the node, any deletekey or delete attempt should + * result in NOTFOUND. + */ + assert_int_equal(dns_keytable_delete(keytable, keyname), ISC_R_SUCCESS); + assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey), + ISC_R_NOTFOUND); + dns_rdata_freestruct(&dnskey); + + /* + * A null key node for a name is not deleted when searched by key; + * it must be deleted by dns_keytable_delete() + */ + dns_test_namefromstring("null.example", &fn); + create_keystruct(257, 3, 5, keystr1, &dnskey); + assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey), + DNS_R_PARTIALMATCH); + assert_int_equal(dns_keytable_delete(keytable, keyname), ISC_R_SUCCESS); + dns_rdata_freestruct(&dnskey); + + destroy_tables(); +} + +/* check find-variant operations */ +static void +find_test(void **state) { + dns_keynode_t *keynode = NULL; + dns_fixedname_t fname; + dns_name_t *name; + + UNUSED(state); + + create_tables(); + + /* + * dns_keytable_find() requires exact name match. It matches node + * that has a null key, too. + */ + assert_int_equal( + dns_keytable_find(keytable, str2name("example.org"), &keynode), + ISC_R_NOTFOUND); + assert_int_equal(dns_keytable_find(keytable, + str2name("sub.example.com"), + &keynode), + ISC_R_NOTFOUND); + assert_int_equal( + dns_keytable_find(keytable, str2name("example.com"), &keynode), + ISC_R_SUCCESS); + dns_keytable_detachkeynode(keytable, &keynode); + assert_int_equal( + dns_keytable_find(keytable, str2name("null.example"), &keynode), + ISC_R_SUCCESS); + dns_keytable_detachkeynode(keytable, &keynode); + + /* + * dns_keytable_finddeepestmatch() allows partial match. Also match + * nodes with a null key. + */ + name = dns_fixedname_initname(&fname); + assert_int_equal(dns_keytable_finddeepestmatch( + keytable, str2name("example.com"), name), + ISC_R_SUCCESS); + assert_true(dns_name_equal(name, str2name("example.com"))); + assert_int_equal(dns_keytable_finddeepestmatch( + keytable, str2name("s.example.com"), name), + ISC_R_SUCCESS); + assert_true(dns_name_equal(name, str2name("example.com"))); + assert_int_equal(dns_keytable_finddeepestmatch( + keytable, str2name("example.org"), name), + ISC_R_NOTFOUND); + assert_int_equal(dns_keytable_finddeepestmatch( + keytable, str2name("null.example"), name), + ISC_R_SUCCESS); + assert_true(dns_name_equal(name, str2name("null.example"))); + + destroy_tables(); +} + +/* check issecuredomain() */ +static void +issecuredomain_test(void **state) { + bool issecure; + const char **n; + const char *names[] = { "example.com", "sub.example.com", + "null.example", "sub.null.example", NULL }; + + UNUSED(state); + create_tables(); + + /* + * Domains that are an exact or partial match of a key name are + * considered secure. It's the case even if the key is null + * (validation will then fail, but that's actually the intended effect + * of installing a null key). + */ + for (n = names; *n != NULL; n++) { + assert_int_equal(dns_keytable_issecuredomain(keytable, + str2name(*n), NULL, + &issecure), + ISC_R_SUCCESS); + assert_true(issecure); + } + + /* + * If the key table has no entry (not even a null one) for a domain or + * any of its ancestors, that domain is considered insecure. + */ + assert_int_equal(dns_keytable_issecuredomain(keytable, + str2name("example.org"), + NULL, &issecure), + ISC_R_SUCCESS); + assert_false(issecure); + + destroy_tables(); +} + +/* check dns_keytable_dump() */ +static void +dump_test(void **state) { + FILE *f = fopen("/dev/null", "w"); + + UNUSED(state); + + create_tables(); + + /* + * Right now, we only confirm the dump attempt doesn't cause disruption + * (so we don't check the dump content). + */ + assert_int_equal(dns_keytable_dump(keytable, f), ISC_R_SUCCESS); + fclose(f); + + destroy_tables(); +} + +/* check negative trust anchors */ +static void +nta_test(void **state) { + isc_result_t result; + bool issecure, covered; + dns_fixedname_t fn; + dns_name_t *keyname = dns_fixedname_name(&fn); + unsigned char digest[ISC_MAX_MD_SIZE]; + dns_rdata_ds_t ds; + dns_view_t *myview = NULL; + isc_stdtime_t now; + + UNUSED(state); + + result = dns_test_makeview("view", &myview); + assert_int_equal(result, ISC_R_SUCCESS); + + result = isc_task_create(taskmgr, 0, &myview->task); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_view_initsecroots(myview, dt_mctx); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_view_getsecroots(myview, &keytable); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_view_initntatable(myview, taskmgr, timermgr); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_view_getntatable(myview, &ntatable); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_test_namefromstring("example", &fn); + create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds); + result = dns_keytable_add(keytable, false, false, keyname, &ds), + assert_int_equal(result, ISC_R_SUCCESS); + + isc_stdtime_get(&now); + result = dns_ntatable_add(ntatable, str2name("insecure.example"), false, + now, 1); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Should be secure */ + result = dns_view_issecuredomain(myview, + str2name("test.secure.example"), now, + true, &covered, &issecure); + assert_int_equal(result, ISC_R_SUCCESS); + assert_false(covered); + assert_true(issecure); + + /* Should not be secure */ + result = dns_view_issecuredomain(myview, + str2name("test.insecure.example"), now, + true, &covered, &issecure); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(covered); + assert_false(issecure); + + /* NTA covered */ + covered = dns_view_ntacovers(myview, now, str2name("insecure.example"), + dns_rootname); + assert_true(covered); + + /* Not NTA covered */ + covered = dns_view_ntacovers(myview, now, str2name("secure.example"), + dns_rootname); + assert_false(covered); + + /* As of now + 2, the NTA should be clear */ + result = dns_view_issecuredomain(myview, + str2name("test.insecure.example"), + now + 2, true, &covered, &issecure); + assert_int_equal(result, ISC_R_SUCCESS); + assert_false(covered); + assert_true(issecure); + + /* Now check deletion */ + result = dns_view_issecuredomain(myview, str2name("test.new.example"), + now, true, &covered, &issecure); + assert_int_equal(result, ISC_R_SUCCESS); + assert_false(covered); + assert_true(issecure); + + result = dns_ntatable_add(ntatable, str2name("new.example"), false, now, + 3600); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_view_issecuredomain(myview, str2name("test.new.example"), + now, true, &covered, &issecure); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(covered); + assert_false(issecure); + + result = dns_ntatable_delete(ntatable, str2name("new.example")); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_view_issecuredomain(myview, str2name("test.new.example"), + now, true, &covered, &issecure); + assert_int_equal(result, ISC_R_SUCCESS); + assert_false(covered); + assert_true(issecure); + + /* Clean up */ + dns_ntatable_detach(&ntatable); + dns_keytable_detach(&keytable); + dns_view_detach(&myview); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test(add_test), + cmocka_unit_test(delete_test), + cmocka_unit_test(deletekey_test), + cmocka_unit_test(find_test), + cmocka_unit_test(issecuredomain_test), + cmocka_unit_test(dump_test), + cmocka_unit_test(nta_test), + }; + + return (cmocka_run_group_tests(tests, _setup, _teardown)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/master_test.c b/lib/dns/tests/master_test.c new file mode 100644 index 0000000..c060c0d --- /dev/null +++ b/lib/dns/tests/master_test.c @@ -0,0 +1,633 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/print.h> +#include <isc/string.h> +#include <isc/util.h> + +#include <dns/cache.h> +#include <dns/callbacks.h> +#include <dns/db.h> +#include <dns/master.h> +#include <dns/masterdump.h> +#include <dns/name.h> +#include <dns/rdata.h> +#include <dns/rdatalist.h> +#include <dns/rdataset.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static void +nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) { + UNUSED(cb); + UNUSED(fmt); +} + +#define BUFLEN 255 +#define BIGBUFLEN (70 * 1024) +#define TEST_ORIGIN "test" + +static dns_masterrawheader_t header; +static bool headerset; + +dns_name_t dns_origin; +char origin[sizeof(TEST_ORIGIN)]; +unsigned char name_buf[BUFLEN]; +dns_rdatacallbacks_t callbacks; +char *include_file = NULL; + +static void +rawdata_callback(dns_zone_t *zone, dns_masterrawheader_t *header); + +static isc_result_t +add_callback(void *arg, const dns_name_t *owner, dns_rdataset_t *dataset) { + char buf[BIGBUFLEN]; + isc_buffer_t target; + isc_result_t result; + + UNUSED(arg); + + isc_buffer_init(&target, buf, BIGBUFLEN); + result = dns_rdataset_totext(dataset, owner, false, false, &target); + return (result); +} + +static void +rawdata_callback(dns_zone_t *zone, dns_masterrawheader_t *h) { + UNUSED(zone); + header = *h; + headerset = true; +} + +static isc_result_t +setup_master(void (*warn)(struct dns_rdatacallbacks *, const char *, ...), + void (*error)(struct dns_rdatacallbacks *, const char *, ...)) { + isc_result_t result; + int len; + isc_buffer_t source; + isc_buffer_t target; + + strlcpy(origin, TEST_ORIGIN, sizeof(origin)); + len = strlen(origin); + isc_buffer_init(&source, origin, len); + isc_buffer_add(&source, len); + isc_buffer_setactive(&source, len); + isc_buffer_init(&target, name_buf, BUFLEN); + dns_name_init(&dns_origin, NULL); + dns_master_initrawheader(&header); + + result = dns_name_fromtext(&dns_origin, &source, dns_rootname, 0, + &target); + if (result != ISC_R_SUCCESS) { + return (result); + } + + dns_rdatacallbacks_init_stdio(&callbacks); + callbacks.add = add_callback; + callbacks.rawdata = rawdata_callback; + callbacks.zone = NULL; + if (warn != NULL) { + callbacks.warn = warn; + } + if (error != NULL) { + callbacks.error = error; + } + headerset = false; + return (result); +} + +static isc_result_t +test_master(const char *testfile, dns_masterformat_t format, + void (*warn)(struct dns_rdatacallbacks *, const char *, ...), + void (*error)(struct dns_rdatacallbacks *, const char *, ...)) { + isc_result_t result; + + result = setup_master(warn, error); + if (result != ISC_R_SUCCESS) { + return (result); + } + + dns_rdatacallbacks_init_stdio(&callbacks); + callbacks.add = add_callback; + callbacks.rawdata = rawdata_callback; + callbacks.zone = NULL; + if (warn != NULL) { + callbacks.warn = warn; + } + if (error != NULL) { + callbacks.error = error; + } + + result = dns_master_loadfile(testfile, &dns_origin, &dns_origin, + dns_rdataclass_in, true, 0, &callbacks, + NULL, NULL, dt_mctx, format, 0); + return (result); +} + +static void +include_callback(const char *filename, void *arg) { + char **argp = (char **)arg; + *argp = isc_mem_strdup(dt_mctx, filename); +} + +/* + * Successful load test: + * dns_master_loadfile() loads a valid master file and returns success + */ +static void +load_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master1.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_SUCCESS); +} + +/* + * Unexpected end of file test: + * dns_master_loadfile() returns DNS_R_UNEXPECTED when file ends too soon + */ +static void +unexpected_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master2.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_UNEXPECTEDEND); +} + +/* + * No owner test: + * dns_master_loadfile() accepts broken zones with no TTL for first record + * if it is an SOA + */ +static void +noowner_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master3.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, DNS_R_NOOWNER); +} + +/* + * No TTL test: + * dns_master_loadfile() returns DNS_R_NOOWNER when no owner name is + * specified + */ +static void +nottl_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master4.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_SUCCESS); +} + +/* + * Bad class test: + * dns_master_loadfile() returns DNS_R_BADCLASS when record class doesn't + * match zone class + */ +static void +badclass_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master5.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, DNS_R_BADCLASS); +} + +/* + * Too big rdata test: + * dns_master_loadfile() returns ISC_R_NOSPACE when record is too big + */ +static void +toobig_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master15.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_NOSPACE); +} + +/* + * Maximum rdata test: + * dns_master_loadfile() returns ISC_R_SUCCESS when record is maximum size + */ +static void +maxrdata_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master16.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_SUCCESS); +} + +/* + * DNSKEY test: + * dns_master_loadfile() understands DNSKEY with key material + */ +static void +dnskey_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master6.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_SUCCESS); +} + +/* + * DNSKEY with no key material test: + * dns_master_loadfile() understands DNSKEY with no key material + * + * RFC 4034 removed the ability to signal NOKEY, so empty key material should + * be rejected. + */ +static void +dnsnokey_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master7.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_UNEXPECTEDEND); +} + +/* + * Include test: + * dns_master_loadfile() understands $INCLUDE + */ +static void +include_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master8.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, DNS_R_SEENINCLUDE); +} + +/* + * Include file list test: + * dns_master_loadfile4() returns names of included file + */ +static void +master_includelist_test(void **state) { + isc_result_t result; + char *filename = NULL; + + UNUSED(state); + + result = setup_master(nullmsg, nullmsg); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_master_loadfile( + "testdata/master/master8.data", &dns_origin, &dns_origin, + dns_rdataclass_in, 0, true, &callbacks, include_callback, + &filename, dt_mctx, dns_masterformat_text, 0); + assert_int_equal(result, DNS_R_SEENINCLUDE); + assert_non_null(filename); + if (filename != NULL) { + assert_string_equal(filename, "testdata/master/master6.data"); + isc_mem_free(dt_mctx, filename); + } +} + +/* + * Include failure test: + * dns_master_loadfile() understands $INCLUDE failures + */ +static void +includefail_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master9.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, DNS_R_BADCLASS); +} + +/* + * Non-empty blank lines test: + * dns_master_loadfile() handles non-empty blank lines + */ +static void +blanklines_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master10.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_SUCCESS); +} + +/* + * SOA leading zeroes test: + * dns_master_loadfile() allows leading zeroes in SOA + */ + +static void +leadingzero_test(void **state) { + isc_result_t result; + + UNUSED(state); + + result = test_master("testdata/master/master11.data", + dns_masterformat_text, nullmsg, nullmsg); + assert_int_equal(result, ISC_R_SUCCESS); +} + +/* masterfile totext tests */ +static void +totext_test(void **state) { + isc_result_t result; + dns_rdataset_t rdataset; + dns_rdatalist_t rdatalist; + isc_buffer_t target; + unsigned char buf[BIGBUFLEN]; + + UNUSED(state); + + /* First, test with an empty rdataset */ + dns_rdatalist_init(&rdatalist); + rdatalist.rdclass = dns_rdataclass_in; + rdatalist.type = dns_rdatatype_none; + rdatalist.covers = dns_rdatatype_none; + + dns_rdataset_init(&rdataset); + result = dns_rdatalist_tordataset(&rdatalist, &rdataset); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_buffer_init(&target, buf, BIGBUFLEN); + result = dns_master_rdatasettotext(dns_rootname, &rdataset, + &dns_master_style_debug, NULL, + &target); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(isc_buffer_usedlength(&target), 0); + + /* + * XXX: We will also need to add tests for dumping various + * rdata types, classes, etc, and comparing the results against + * known-good output. + */ +} + +/* + * Raw load test: + * dns_master_loadfile() loads a valid raw file and returns success + */ +static void +loadraw_test(void **state) { + isc_result_t result; + + UNUSED(state); + + /* Raw format version 0 */ + result = test_master("testdata/master/master12.data", + dns_masterformat_raw, nullmsg, nullmsg); + assert_string_equal(isc_result_totext(result), "success"); + assert_true(headerset); + assert_int_equal(header.flags, 0); + + /* Raw format version 1, no source serial */ + result = test_master("testdata/master/master13.data", + dns_masterformat_raw, nullmsg, nullmsg); + assert_string_equal(isc_result_totext(result), "success"); + assert_true(headerset); + assert_int_equal(header.flags, 0); + + /* Raw format version 1, source serial == 2011120101 */ + result = test_master("testdata/master/master14.data", + dns_masterformat_raw, nullmsg, nullmsg); + assert_string_equal(isc_result_totext(result), "success"); + assert_true(headerset); + assert_true((header.flags & DNS_MASTERRAW_SOURCESERIALSET) != 0); + assert_int_equal(header.sourceserial, 2011120101); +} + +/* + * Raw dump test: + * dns_master_dump*() functions dump valid raw files + */ +static void +dumpraw_test(void **state) { + isc_result_t result; + dns_db_t *db = NULL; + dns_dbversion_t *version = NULL; + char myorigin[sizeof(TEST_ORIGIN)]; + dns_name_t dnsorigin; + isc_buffer_t source, target; + unsigned char namebuf[BUFLEN]; + int len; + + UNUSED(state); + + strlcpy(myorigin, TEST_ORIGIN, sizeof(myorigin)); + len = strlen(myorigin); + isc_buffer_init(&source, myorigin, len); + isc_buffer_add(&source, len); + isc_buffer_setactive(&source, len); + isc_buffer_init(&target, namebuf, BUFLEN); + dns_name_init(&dnsorigin, NULL); + result = dns_name_fromtext(&dnsorigin, &source, dns_rootname, 0, + &target); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_create(dt_mctx, "rbt", &dnsorigin, dns_dbtype_zone, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_load(db, "testdata/master/master1.data", + dns_masterformat_text, 0); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_db_currentversion(db, &version); + + result = dns_master_dump(dt_mctx, db, version, + &dns_master_style_default, "test.dump", + dns_masterformat_raw, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + result = test_master("test.dump", dns_masterformat_raw, nullmsg, + nullmsg); + assert_string_equal(isc_result_totext(result), "success"); + assert_true(headerset); + assert_int_equal(header.flags, 0); + + dns_master_initrawheader(&header); + header.sourceserial = 12345; + header.flags |= DNS_MASTERRAW_SOURCESERIALSET; + + unlink("test.dump"); + result = dns_master_dump(dt_mctx, db, version, + &dns_master_style_default, "test.dump", + dns_masterformat_raw, &header); + assert_int_equal(result, ISC_R_SUCCESS); + + result = test_master("test.dump", dns_masterformat_raw, nullmsg, + nullmsg); + assert_string_equal(isc_result_totext(result), "success"); + assert_true(headerset); + assert_true((header.flags & DNS_MASTERRAW_SOURCESERIALSET) != 0); + assert_int_equal(header.sourceserial, 12345); + + unlink("test.dump"); + dns_db_closeversion(db, &version, false); + dns_db_detach(&db); +} + +static const char *warn_expect_value; +static bool warn_expect_result; + +static void +warn_expect(struct dns_rdatacallbacks *mycallbacks, const char *fmt, ...) { + char buf[4096]; + va_list ap; + + UNUSED(mycallbacks); + + warn_expect_result = false; + + va_start(ap, fmt); + vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); + + if (warn_expect_value != NULL && strstr(buf, warn_expect_value) != NULL) + { + warn_expect_result = true; + } +} + +/* + * Origin change test: + * dns_master_loadfile() rejects zones with inherited name following $ORIGIN + */ +static void +neworigin_test(void **state) { + isc_result_t result; + + UNUSED(state); + + warn_expect_value = "record with inherited owner"; + result = test_master("testdata/master/master17.data", + dns_masterformat_text, warn_expect, nullmsg); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(warn_expect_result); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(load_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(unexpected_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(noowner_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(nottl_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(badclass_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(dnskey_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(dnsnokey_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(include_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(master_includelist_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(includefail_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(blanklines_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(leadingzero_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(totext_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(loadraw_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(dumpraw_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(toobig_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(maxrdata_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(neworigin_test, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/mkraw.pl b/lib/dns/tests/mkraw.pl new file mode 100644 index 0000000..5e0db75 --- /dev/null +++ b/lib/dns/tests/mkraw.pl @@ -0,0 +1,26 @@ +#!/usr/bin/perl -w + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# Convert a hexdump to binary format. +# +# To convert binary data to the input format for this command, +# use the following: +# +# perl -e 'while (read(STDIN, my $byte, 1)) { +# print unpack("H2", $byte); +# } +# print "\n";' < file > file.in + +use strict; +chomp(my $line = <STDIN>); +print pack("H*", $line); diff --git a/lib/dns/tests/name_test.c b/lib/dns/tests/name_test.c new file mode 100644 index 0000000..e48c64e --- /dev/null +++ b/lib/dns/tests/name_test.c @@ -0,0 +1,796 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/buffer.h> +#include <isc/commandline.h> +#include <isc/mem.h> +#include <isc/os.h> +#include <isc/print.h> +#include <isc/thread.h> +#include <isc/util.h> + +#include <dns/compress.h> +#include <dns/fixedname.h> +#include <dns/name.h> + +#include "dnstest.h" + +/* Set to true (or use -v option) for verbose output */ +static bool verbose = false; + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/* dns_name_fullcompare test */ +static void +fullcompare_test(void **state) { + dns_fixedname_t fixed1; + dns_fixedname_t fixed2; + dns_name_t *name1; + dns_name_t *name2; + dns_namereln_t relation; + int i; + isc_result_t result; + struct { + const char *name1; + const char *name2; + dns_namereln_t relation; + int order; + unsigned int nlabels; + } data[] = { + /* relative */ + { "", "", dns_namereln_equal, 0, 0 }, + { "foo", "", dns_namereln_subdomain, 1, 0 }, + { "", "foo", dns_namereln_contains, -1, 0 }, + { "foo", "bar", dns_namereln_none, 4, 0 }, + { "bar", "foo", dns_namereln_none, -4, 0 }, + { "bar.foo", "foo", dns_namereln_subdomain, 1, 1 }, + { "foo", "bar.foo", dns_namereln_contains, -1, 1 }, + { "baz.bar.foo", "bar.foo", dns_namereln_subdomain, 1, 2 }, + { "bar.foo", "baz.bar.foo", dns_namereln_contains, -1, 2 }, + { "foo.example", "bar.example", dns_namereln_commonancestor, 4, + 1 }, + + /* absolute */ + { ".", ".", dns_namereln_equal, 0, 1 }, + { "foo.", "bar.", dns_namereln_commonancestor, 4, 1 }, + { "bar.", "foo.", dns_namereln_commonancestor, -4, 1 }, + { "foo.example.", "bar.example.", dns_namereln_commonancestor, + 4, 2 }, + { "bar.foo.", "foo.", dns_namereln_subdomain, 1, 2 }, + { "foo.", "bar.foo.", dns_namereln_contains, -1, 2 }, + { "baz.bar.foo.", "bar.foo.", dns_namereln_subdomain, 1, 3 }, + { "bar.foo.", "baz.bar.foo.", dns_namereln_contains, -1, 3 }, + { NULL, NULL, dns_namereln_none, 0, 0 } + }; + + UNUSED(state); + + name1 = dns_fixedname_initname(&fixed1); + name2 = dns_fixedname_initname(&fixed2); + for (i = 0; data[i].name1 != NULL; i++) { + int order = 3000; + unsigned int nlabels = 3000; + + if (data[i].name1[0] == 0) { + dns_fixedname_init(&fixed1); + } else { + result = dns_name_fromstring2(name1, data[i].name1, + NULL, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + } + if (data[i].name2[0] == 0) { + dns_fixedname_init(&fixed2); + } else { + result = dns_name_fromstring2(name2, data[i].name2, + NULL, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + } + relation = dns_name_fullcompare(name1, name1, &order, &nlabels); + assert_int_equal(relation, dns_namereln_equal); + assert_int_equal(order, 0); + assert_int_equal(nlabels, name1->labels); + + /* Some random initializer */ + order = 3001; + nlabels = 3001; + + relation = dns_name_fullcompare(name1, name2, &order, &nlabels); + assert_int_equal(relation, data[i].relation); + assert_int_equal(order, data[i].order); + assert_int_equal(nlabels, data[i].nlabels); + } +} + +static void +compress_test(dns_name_t *name1, dns_name_t *name2, dns_name_t *name3, + unsigned char *expected, unsigned int length, + dns_compress_t *cctx, dns_decompress_t *dctx) { + isc_buffer_t source; + isc_buffer_t target; + dns_name_t name; + unsigned char buf1[1024]; + unsigned char buf2[1024]; + + isc_buffer_init(&source, buf1, sizeof(buf1)); + isc_buffer_init(&target, buf2, sizeof(buf2)); + + assert_int_equal(dns_name_towire(name1, cctx, &source), ISC_R_SUCCESS); + + assert_int_equal(dns_name_towire(name2, cctx, &source), ISC_R_SUCCESS); + assert_int_equal(dns_name_towire(name2, cctx, &source), ISC_R_SUCCESS); + assert_int_equal(dns_name_towire(name3, cctx, &source), ISC_R_SUCCESS); + + isc_buffer_setactive(&source, source.used); + + dns_name_init(&name, NULL); + RUNTIME_CHECK(dns_name_fromwire(&name, &source, dctx, 0, &target) == + ISC_R_SUCCESS); + RUNTIME_CHECK(dns_name_fromwire(&name, &source, dctx, 0, &target) == + ISC_R_SUCCESS); + RUNTIME_CHECK(dns_name_fromwire(&name, &source, dctx, 0, &target) == + ISC_R_SUCCESS); + RUNTIME_CHECK(dns_name_fromwire(&name, &source, dctx, 0, &target) == + ISC_R_SUCCESS); + dns_decompress_invalidate(dctx); + + assert_int_equal(target.used, length); + assert_true(memcmp(target.base, expected, target.used) == 0); +} + +/* name compression test */ +static void +compression_test(void **state) { + unsigned int allowed; + dns_compress_t cctx; + dns_decompress_t dctx; + dns_name_t name1; + dns_name_t name2; + dns_name_t name3; + isc_region_t r; + unsigned char plain1[] = "\003yyy\003foo"; + unsigned char plain2[] = "\003bar\003yyy\003foo"; + unsigned char plain3[] = "\003xxx\003bar\003foo"; + unsigned char plain[] = "\003yyy\003foo\0\003bar\003yyy\003foo\0\003" + "bar\003yyy\003foo\0\003xxx\003bar\003foo"; + + UNUSED(state); + + dns_name_init(&name1, NULL); + r.base = plain1; + r.length = sizeof(plain1); + dns_name_fromregion(&name1, &r); + + dns_name_init(&name2, NULL); + r.base = plain2; + r.length = sizeof(plain2); + dns_name_fromregion(&name2, &r); + + dns_name_init(&name3, NULL); + r.base = plain3; + r.length = sizeof(plain3); + dns_name_fromregion(&name3, &r); + + /* Test 1: NONE */ + allowed = DNS_COMPRESS_NONE; + assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS); + dns_compress_setmethods(&cctx, allowed); + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT); + dns_decompress_setmethods(&dctx, allowed); + + compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx, + &dctx); + + dns_compress_rollback(&cctx, 0); + dns_compress_invalidate(&cctx); + + /* Test2: GLOBAL14 */ + allowed = DNS_COMPRESS_GLOBAL14; + assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS); + dns_compress_setmethods(&cctx, allowed); + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT); + dns_decompress_setmethods(&dctx, allowed); + + compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx, + &dctx); + + dns_compress_rollback(&cctx, 0); + dns_compress_invalidate(&cctx); + + /* Test3: ALL */ + allowed = DNS_COMPRESS_ALL; + assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS); + dns_compress_setmethods(&cctx, allowed); + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT); + dns_decompress_setmethods(&dctx, allowed); + + compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx, + &dctx); + + dns_compress_rollback(&cctx, 0); + dns_compress_invalidate(&cctx); + + /* Test4: NONE disabled */ + allowed = DNS_COMPRESS_NONE; + assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS); + dns_compress_setmethods(&cctx, allowed); + dns_compress_disable(&cctx); + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT); + dns_decompress_setmethods(&dctx, allowed); + + compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx, + &dctx); + + dns_compress_rollback(&cctx, 0); + dns_compress_invalidate(&cctx); + + /* Test5: GLOBAL14 disabled */ + allowed = DNS_COMPRESS_GLOBAL14; + assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS); + dns_compress_setmethods(&cctx, allowed); + dns_compress_disable(&cctx); + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT); + dns_decompress_setmethods(&dctx, allowed); + + compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx, + &dctx); + + dns_compress_rollback(&cctx, 0); + dns_compress_invalidate(&cctx); + + /* Test6: ALL disabled */ + allowed = DNS_COMPRESS_ALL; + assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS); + dns_compress_setmethods(&cctx, allowed); + dns_compress_disable(&cctx); + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT); + dns_decompress_setmethods(&dctx, allowed); + + compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx, + &dctx); + + dns_compress_rollback(&cctx, 0); + dns_compress_invalidate(&cctx); +} + +/* is trust-anchor-telemetry test */ +static void +istat_test(void **state) { + dns_fixedname_t fixed; + dns_name_t *name; + isc_result_t result; + size_t i; + struct { + const char *name; + bool istat; + } data[] = { { ".", false }, + { "_ta-", false }, + { "_ta-1234", true }, + { "_TA-1234", true }, + { "+TA-1234", false }, + { "_fa-1234", false }, + { "_td-1234", false }, + { "_ta_1234", false }, + { "_ta-g234", false }, + { "_ta-1h34", false }, + { "_ta-12i4", false }, + { "_ta-123j", false }, + { "_ta-1234-abcf", true }, + { "_ta-1234-abcf-ED89", true }, + { "_ta-12345-abcf-ED89", false }, + { "_ta-.example", false }, + { "_ta-1234.example", true }, + { "_ta-1234-abcf.example", true }, + { "_ta-1234-abcf-ED89.example", true }, + { "_ta-12345-abcf-ED89.example", false }, + { "_ta-1234-abcfe-ED89.example", false }, + { "_ta-1234-abcf-EcD89.example", false } }; + + UNUSED(state); + + name = dns_fixedname_initname(&fixed); + + for (i = 0; i < (sizeof(data) / sizeof(data[0])); i++) { + result = dns_name_fromstring(name, data[i].name, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(dns_name_istat(name), data[i].istat); + } +} + +/* dns_nane_init */ +static void +init_test(void **state) { + dns_name_t name; + unsigned char offsets[1]; + + UNUSED(state); + + dns_name_init(&name, offsets); + + assert_null(name.ndata); + assert_int_equal(name.length, 0); + assert_int_equal(name.labels, 0); + assert_int_equal(name.attributes, 0); + assert_ptr_equal(name.offsets, offsets); + assert_null(name.buffer); +} + +/* dns_nane_invalidate */ +static void +invalidate_test(void **state) { + dns_name_t name; + unsigned char offsets[1]; + + UNUSED(state); + + dns_name_init(&name, offsets); + dns_name_invalidate(&name); + + assert_null(name.ndata); + assert_int_equal(name.length, 0); + assert_int_equal(name.labels, 0); + assert_int_equal(name.attributes, 0); + assert_null(name.offsets); + assert_null(name.buffer); +} + +/* dns_nane_setbuffer/hasbuffer */ +static void +buffer_test(void **state) { + dns_name_t name; + unsigned char buf[BUFSIZ]; + isc_buffer_t b; + + UNUSED(state); + + isc_buffer_init(&b, buf, BUFSIZ); + dns_name_init(&name, NULL); + dns_name_setbuffer(&name, &b); + assert_ptr_equal(name.buffer, &b); + assert_true(dns_name_hasbuffer(&name)); +} + +/* dns_nane_isabsolute */ +static void +isabsolute_test(void **state) { + struct { + const char *namestr; + bool expect; + } testcases[] = { { "x", false }, + { "a.b.c.d.", true }, + { "x.z", false } }; + unsigned int i; + + UNUSED(state); + + for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) { + isc_result_t result; + dns_name_t name; + unsigned char data[BUFSIZ]; + isc_buffer_t b, nb; + size_t len; + + len = strlen(testcases[i].namestr); + isc_buffer_constinit(&b, testcases[i].namestr, len); + isc_buffer_add(&b, len); + + dns_name_init(&name, NULL); + isc_buffer_init(&nb, data, BUFSIZ); + dns_name_setbuffer(&name, &nb); + result = dns_name_fromtext(&name, &b, NULL, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_int_equal(dns_name_isabsolute(&name), + testcases[i].expect); + } +} + +/* dns_nane_hash */ +static void +hash_test(void **state) { + struct { + const char *name1; + const char *name2; + bool expect; + bool expecti; + } testcases[] = { + { "a.b.c.d", "A.B.C.D", true, false }, + { "a.b.c.d.", "A.B.C.D.", true, false }, + { "a.b.c.d", "a.b.c.d", true, true }, + { "A.B.C.D.", "A.B.C.D.", true, false }, + { "x.y.z.w", "a.b.c.d", false, false }, + { "x.y.z.w.", "a.b.c.d.", false, false }, + }; + unsigned int i; + + UNUSED(state); + + for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) { + isc_result_t result; + dns_fixedname_t f1, f2; + dns_name_t *n1, *n2; + unsigned int h1, h2; + + n1 = dns_fixedname_initname(&f1); + n2 = dns_fixedname_initname(&f2); + + result = dns_name_fromstring2(n1, testcases[i].name1, NULL, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_name_fromstring2(n2, testcases[i].name2, NULL, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Check case-insensitive hashing first */ + h1 = dns_name_hash(n1, false); + h2 = dns_name_hash(n2, false); + + if (verbose) { + print_message("# %s hashes to %u, " + "%s to %u, case insensitive\n", + testcases[i].name1, h1, + testcases[i].name2, h2); + } + + assert_int_equal((h1 == h2), testcases[i].expect); + + /* Now case-sensitive */ + h1 = dns_name_hash(n1, false); + h2 = dns_name_hash(n2, false); + + if (verbose) { + print_message("# %s hashes to %u, " + "%s to %u, case sensitive\n", + testcases[i].name1, h1, + testcases[i].name2, h2); + } + + assert_int_equal((h1 == h2), testcases[i].expect); + } +} + +/* dns_nane_issubdomain */ +static void +issubdomain_test(void **state) { + struct { + const char *name1; + const char *name2; + bool expect; + } testcases[] = { + { "c.d", "a.b.c.d", false }, { "c.d.", "a.b.c.d.", false }, + { "b.c.d", "c.d", true }, { "a.b.c.d.", "c.d.", true }, + { "a.b.c", "a.b.c", true }, { "a.b.c.", "a.b.c.", true }, + { "x.y.z", "a.b.c", false } + }; + unsigned int i; + + UNUSED(state); + + for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) { + isc_result_t result; + dns_fixedname_t f1, f2; + dns_name_t *n1, *n2; + + n1 = dns_fixedname_initname(&f1); + n2 = dns_fixedname_initname(&f2); + + result = dns_name_fromstring2(n1, testcases[i].name1, NULL, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_name_fromstring2(n2, testcases[i].name2, NULL, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + if (verbose) { + print_message("# check: %s %s a subdomain of %s\n", + testcases[i].name1, + testcases[i].expect ? "is" : "is not", + testcases[i].name2); + } + + assert_int_equal(dns_name_issubdomain(n1, n2), + testcases[i].expect); + } +} + +/* dns_nane_countlabels */ +static void +countlabels_test(void **state) { + struct { + const char *namestr; + unsigned int expect; + } testcases[] = { + { "c.d", 2 }, { "c.d.", 3 }, { "a.b.c.d.", 5 }, + { "a.b.c.d", 4 }, { "a.b.c", 3 }, { ".", 1 }, + }; + unsigned int i; + + UNUSED(state); + + for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) { + isc_result_t result; + dns_fixedname_t fname; + dns_name_t *name; + + name = dns_fixedname_initname(&fname); + + result = dns_name_fromstring2(name, testcases[i].namestr, NULL, + 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + if (verbose) { + print_message("# %s: expect %u labels\n", + testcases[i].namestr, + testcases[i].expect); + } + + assert_int_equal(dns_name_countlabels(name), + testcases[i].expect); + } +} + +/* dns_nane_getlabel */ +static void +getlabel_test(void **state) { + struct { + const char *name1; + unsigned int pos1; + const char *name2; + unsigned int pos2; + } testcases[] = { + { "c.d", 1, "a.b.c.d", 3 }, + { "a.b.c.d", 3, "c.d", 1 }, + { "a.b.c.", 3, "A.B.C.", 3 }, + }; + unsigned int i; + + UNUSED(state); + + for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) { + isc_result_t result; + dns_fixedname_t f1, f2; + dns_name_t *n1, *n2; + dns_label_t l1, l2; + unsigned int j; + + n1 = dns_fixedname_initname(&f1); + n2 = dns_fixedname_initname(&f2); + + result = dns_name_fromstring2(n1, testcases[i].name1, NULL, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_name_fromstring2(n2, testcases[i].name2, NULL, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_name_getlabel(n1, testcases[i].pos1, &l1); + dns_name_getlabel(n2, testcases[i].pos2, &l2); + assert_int_equal(l1.length, l2.length); + + for (j = 0; j < l1.length; j++) { + assert_int_equal(l1.base[j], l2.base[j]); + } + } +} + +/* dns_nane_getlabelsequence */ +static void +getlabelsequence_test(void **state) { + struct { + const char *name1; + unsigned int pos1; + const char *name2; + unsigned int pos2; + unsigned int range; + } testcases[] = { + { "c.d", 1, "a.b.c.d", 3, 1 }, + { "a.b.c.d.e", 2, "c.d", 0, 2 }, + { "a.b.c", 0, "a.b.c", 0, 3 }, + }; + unsigned int i; + + UNUSED(state); + + for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) { + isc_result_t result; + dns_name_t t1, t2; + dns_fixedname_t f1, f2; + dns_name_t *n1, *n2; + + /* target names */ + dns_name_init(&t1, NULL); + dns_name_init(&t2, NULL); + + /* source names */ + n1 = dns_fixedname_initname(&f1); + n2 = dns_fixedname_initname(&f2); + + result = dns_name_fromstring2(n1, testcases[i].name1, NULL, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_name_fromstring2(n2, testcases[i].name2, NULL, 0, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_name_getlabelsequence(n1, testcases[i].pos1, + testcases[i].range, &t1); + dns_name_getlabelsequence(n2, testcases[i].pos2, + testcases[i].range, &t2); + + assert_true(dns_name_equal(&t1, &t2)); + } +} + +#ifdef DNS_BENCHMARK_TESTS + +/* + * XXXMUKS: Don't delete this code. It is useful in benchmarking the + * name parser, but we don't require it as part of the unit test runs. + */ + +/* Benchmark dns_name_fromwire() implementation */ + +static void * +fromwire_thread(void *arg) { + unsigned int maxval = 32000000; + uint8_t data[] = { 3, 'w', 'w', 'w', 7, 'e', 'x', + 'a', 'm', 'p', 'l', 'e', 7, 'i', + 'n', 'v', 'a', 'l', 'i', 'd', 0 }; + unsigned char output_data[DNS_NAME_MAXWIRE]; + isc_buffer_t source, target; + unsigned int i; + dns_decompress_t dctx; + + UNUSED(arg); + + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT); + dns_decompress_setmethods(&dctx, DNS_COMPRESS_NONE); + + isc_buffer_init(&source, data, sizeof(data)); + isc_buffer_add(&source, sizeof(data)); + isc_buffer_init(&target, output_data, sizeof(output_data)); + + /* Parse 32 million names in each thread */ + for (i = 0; i < maxval; i++) { + dns_name_t name; + + isc_buffer_clear(&source); + isc_buffer_clear(&target); + isc_buffer_add(&source, sizeof(data)); + isc_buffer_setactive(&source, sizeof(data)); + + dns_name_init(&name, NULL); + (void)dns_name_fromwire(&name, &source, &dctx, 0, &target); + } + + return (NULL); +} + +static void +benchmark_test(void **state) { + isc_result_t result; + unsigned int i; + isc_time_t ts1, ts2; + double t; + unsigned int nthreads; + isc_thread_t threads[32]; + + UNUSED(state); + + debug_mem_record = false; + + result = isc_time_now(&ts1); + assert_int_equal(result, ISC_R_SUCCESS); + + nthreads = ISC_MIN(isc_os_ncpus(), 32); + nthreads = ISC_MAX(nthreads, 1); + for (i = 0; i < nthreads; i++) { + isc_thread_create(fromwire_thread, NULL, &threads[i]); + } + + for (i = 0; i < nthreads; i++) { + isc_thread_join(threads[i], NULL); + } + + result = isc_time_now(&ts2); + assert_int_equal(result, ISC_R_SUCCESS); + + t = isc_time_microdiff(&ts2, &ts1); + + printf("%u dns_name_fromwire() calls, %f seconds, %f calls/second\n", + nthreads * 32000000, t / 1000000.0, + (nthreads * 32000000) / (t / 1000000.0)); +} + +#endif /* DNS_BENCHMARK_TESTS */ + +int +main(int argc, char **argv) { + const struct CMUnitTest tests[] = { + cmocka_unit_test(fullcompare_test), + cmocka_unit_test_setup_teardown(compression_test, _setup, + _teardown), + cmocka_unit_test(istat_test), + cmocka_unit_test(init_test), + cmocka_unit_test(invalidate_test), + cmocka_unit_test(buffer_test), + cmocka_unit_test(isabsolute_test), + cmocka_unit_test(hash_test), + cmocka_unit_test(issubdomain_test), + cmocka_unit_test(countlabels_test), + cmocka_unit_test(getlabel_test), + cmocka_unit_test(getlabelsequence_test), +#ifdef DNS_BENCHMARK_TESTS + cmocka_unit_test_setup_teardown(benchmark_test, _setup, + _teardown), +#endif /* DNS_BENCHMARK_TESTS */ + }; + int c; + + while ((c = isc_commandline_parse(argc, argv, "v")) != -1) { + switch (c) { + case 'v': + verbose = true; + break; + default: + break; + } + } + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/nsec3_test.c b/lib/dns/tests/nsec3_test.c new file mode 100644 index 0000000..69f4be5 --- /dev/null +++ b/lib/dns/tests/nsec3_test.c @@ -0,0 +1,196 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/string.h> +#include <isc/util.h> + +#include <dns/db.h> +#include <dns/nsec3.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static void +iteration_test(const char *file, unsigned int expected) { + isc_result_t result; + dns_db_t *db = NULL; + unsigned int iterations; + + result = dns_test_loaddb(&db, dns_dbtype_zone, "test", file); + assert_int_equal(result, ISC_R_SUCCESS); + + iterations = dns_nsec3_maxiterations(); + + assert_int_equal(iterations, expected); + + dns_db_detach(&db); +} + +/*% + * Structure containing parameters for nsec3param_salttotext_test(). + */ +typedef struct { + const char *nsec3param_text; /* NSEC3PARAM RDATA in text form */ + const char *expected_salt; /* string expected in target buffer */ +} nsec3param_salttotext_test_params_t; + +/*% + * Check whether dns_nsec3param_salttotext() handles supplied text form + * NSEC3PARAM RDATA correctly: test whether the result of calling the former is + * as expected and whether it properly checks available buffer space. + * + * Assumes supplied text form NSEC3PARAM RDATA is valid as testing handling of + * invalid NSEC3PARAM RDATA is out of scope of this unit test. + */ +static void +nsec3param_salttotext_test(const nsec3param_salttotext_test_params_t *params) { + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_nsec3param_t nsec3param; + unsigned char buf[1024]; + isc_result_t result; + char salt[64]; + size_t length; + + /* + * Prepare a dns_rdata_nsec3param_t structure for testing. + */ + result = dns_test_rdatafromstring( + &rdata, dns_rdataclass_in, dns_rdatatype_nsec3param, buf, + sizeof(buf), params->nsec3param_text, false); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_rdata_tostruct(&rdata, &nsec3param, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Check typical use. + */ + result = dns_nsec3param_salttotext(&nsec3param, salt, sizeof(salt)); + assert_int_equal(result, ISC_R_SUCCESS); + assert_string_equal(salt, params->expected_salt); + + /* + * Ensure available space in the buffer is checked before the salt is + * printed to it and that the amount of space checked for includes the + * terminating NULL byte. + */ + length = strlen(params->expected_salt); + assert_true(length < sizeof(salt) - 1); /* prevent buffer overwrite */ + assert_true(length > 0U); /* prevent length underflow */ + + result = dns_nsec3param_salttotext(&nsec3param, salt, length - 1); + assert_int_equal(result, ISC_R_NOSPACE); + + result = dns_nsec3param_salttotext(&nsec3param, salt, length); + assert_int_equal(result, ISC_R_NOSPACE); + + result = dns_nsec3param_salttotext(&nsec3param, salt, length + 1); + assert_int_equal(result, ISC_R_SUCCESS); +} + +/* + * check that appropriate max iterations is returned for different + * key size mixes + */ +static void +max_iterations(void **state) { + UNUSED(state); + + iteration_test("testdata/nsec3/1024.db", 150); + iteration_test("testdata/nsec3/2048.db", 150); + iteration_test("testdata/nsec3/4096.db", 150); + iteration_test("testdata/nsec3/min-1024.db", 150); + iteration_test("testdata/nsec3/min-2048.db", 150); +} + +/* check dns_nsec3param_salttotext() */ +static void +nsec3param_salttotext(void **state) { + size_t i; + + const nsec3param_salttotext_test_params_t tests[] = { + /* + * Tests with non-empty salts. + */ + { "0 0 10 0123456789abcdef", "0123456789ABCDEF" }, + { "0 1 11 0123456789abcdef", "0123456789ABCDEF" }, + { "1 0 12 42", "42" }, + { "1 1 13 42", "42" }, + /* + * Test with empty salt. + */ + { "0 0 0 -", "-" }, + }; + + UNUSED(state); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + nsec3param_salttotext_test(&tests[i]); + } +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(max_iterations, _setup, + _teardown), + cmocka_unit_test_setup_teardown(nsec3param_salttotext, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/nsec3param_test.c b/lib/dns/tests/nsec3param_test.c new file mode 100644 index 0000000..6fd1fc4 --- /dev/null +++ b/lib/dns/tests/nsec3param_test.c @@ -0,0 +1,304 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/hex.h> +#include <isc/string.h> +#include <isc/util.h> + +#include <dns/db.h> +#include <dns/nsec3.h> +#include <dns/result.h> + +#include "../zone_p.h" +#include "dnstest.h" + +#define HASH 1 +#define FLAGS 0 +#define ITER 5 +#define SALTLEN 4 +#define SALT "FEDCBA98" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/*% + * Structures containing parameters for nsec3param_salttotext_test(). + */ +typedef struct { + dns_hash_t hash; + unsigned char flags; + dns_iterations_t iterations; + unsigned char salt_length; + const char *salt; +} nsec3param_rdata_test_params_t; + +typedef struct { + nsec3param_rdata_test_params_t lookup; + nsec3param_rdata_test_params_t expect; + bool resalt; + isc_result_t expected_result; +} nsec3param_change_test_params_t; + +static void +decode_salt(const char *string, unsigned char *salt, size_t saltlen) { + isc_buffer_t buf; + isc_result_t result; + + isc_buffer_init(&buf, salt, saltlen); + result = isc_hex_decodestring(string, &buf); + assert_int_equal(result, ISC_R_SUCCESS); +} + +static void +copy_params(nsec3param_rdata_test_params_t from, dns_rdata_nsec3param_t *to, + unsigned char *saltbuf, size_t saltlen) { + to->hash = from.hash; + to->flags = from.flags; + to->iterations = from.iterations; + to->salt_length = from.salt_length; + if (from.salt == NULL) { + to->salt = NULL; + } else if (strcmp(from.salt, "-") == 0) { + DE_CONST("-", to->salt); + } else { + decode_salt(from.salt, saltbuf, saltlen); + to->salt = saltbuf; + } +} + +static nsec3param_rdata_test_params_t +rdata_fromparams(uint8_t hash, uint8_t flags, uint16_t iter, uint8_t saltlen, + const char *salt) { + nsec3param_rdata_test_params_t nsec3param; + nsec3param.hash = hash; + nsec3param.flags = flags; + nsec3param.iterations = iter; + nsec3param.salt_length = saltlen; + nsec3param.salt = salt; + return (nsec3param); +} + +/*% + * Check whether zone_lookup_nsec3param() finds the correct NSEC3PARAM + * and sets the correct parameters to use in dns_zone_setnsec3param(). + */ +static void +nsec3param_change_test(const nsec3param_change_test_params_t *test) { + dns_zone_t *zone = NULL; + dns_rdata_nsec3param_t param, lookup, expect; + isc_result_t result; + unsigned char lookupsalt[255]; + unsigned char expectsalt[255]; + unsigned char saltbuf[255]; + + /* + * Prepare a zone along with its signing keys. + */ + result = dns_test_makezone("nsec3", &zone, NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_zone_setfile(zone, "testdata/nsec3param/nsec3.db.signed", + dns_masterformat_text, + &dns_master_style_default); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_zone_load(zone, false); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Copy parameters. + */ + copy_params(test->lookup, &lookup, lookupsalt, sizeof(lookupsalt)); + copy_params(test->expect, &expect, expectsalt, sizeof(expectsalt)); + + /* + * Test dns__zone_lookup_nsec3param(). + */ + result = dns__zone_lookup_nsec3param(zone, &lookup, ¶m, saltbuf, + test->resalt); + assert_int_equal(result, test->expected_result); + assert_int_equal(param.hash, expect.hash); + assert_int_equal(param.flags, expect.flags); + assert_int_equal(param.iterations, expect.iterations); + assert_int_equal(param.salt_length, expect.salt_length); + assert_non_null(param.salt); + if (expect.salt != NULL) { + int ret = memcmp(param.salt, expect.salt, expect.salt_length); + assert_true(ret == 0); + } else { + /* + * We don't know what the new salt is, but we can compare it + * to the previous salt and test that it has changed. + */ + unsigned char salt[SALTLEN]; + int ret; + decode_salt(SALT, salt, SALTLEN); + ret = memcmp(param.salt, salt, SALTLEN); + assert_false(ret == 0); + } + + /* + * Detach. + */ + dns_zone_detach(&zone); +} + +static void +nsec3param_change(void **state) { + size_t i; + + /* + * Define tests. + */ + const nsec3param_change_test_params_t tests[] = { + /* + * 1. Change nothing (don't care about salt). + * This should return ISC_R_SUCCESS because we are already + * using these NSEC3 parameters. + */ + { rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, NULL), + rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, SALT), false, + ISC_R_SUCCESS }, + /* + * 2. Change nothing, but force a resalt. + * This should change the salt. Set 'expect.salt' to NULL to + * test a new salt has been generated. + */ + { rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, NULL), + rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, NULL), true, + DNS_R_NSEC3RESALT }, + /* + * 3. Change iterations. + * The NSEC3 paarameters are not found, and there is no + * need to resalt because an explicit salt has been set, + * and resalt is not enforced. + */ + { rdata_fromparams(HASH, FLAGS, 10, SALTLEN, SALT), + rdata_fromparams(HASH, FLAGS, 10, SALTLEN, SALT), false, + ISC_R_NOTFOUND }, + /* + * 4. Change iterations, don't care about the salt. + * We don't care about the salt. Since we need to change the + * NSEC3 parameters, we will also resalt. + */ + { rdata_fromparams(HASH, FLAGS, 10, SALTLEN, NULL), + rdata_fromparams(HASH, FLAGS, 10, SALTLEN, NULL), false, + DNS_R_NSEC3RESALT }, + /* + * 5. Change salt length. + * Changing salt length means we need to resalt. + */ + { rdata_fromparams(HASH, FLAGS, ITER, 16, NULL), + rdata_fromparams(HASH, FLAGS, ITER, 16, NULL), false, + DNS_R_NSEC3RESALT }, + /* + * 6. Set explicit salt. + * A different salt, so the NSEC3 parameters are not found. + * No need to resalt because an explicit salt is available. + */ + { rdata_fromparams(HASH, FLAGS, ITER, 4, "12345678"), + rdata_fromparams(HASH, FLAGS, ITER, 4, "12345678"), false, + ISC_R_NOTFOUND }, + /* + * 7. Same salt. + * Nothing changed, so expect ISC_R_SUCCESS as a result. + */ + { rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, SALT), + rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, SALT), false, + ISC_R_SUCCESS }, + /* + * 8. Same salt, and force resalt. + * Nothing changed, but a resalt is enforced. + */ + { rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, SALT), + rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, NULL), true, + DNS_R_NSEC3RESALT }, + /* + * 9. No salt. + * Change parameters to use no salt. These parameters are + * not found, and no new salt needs to be generated. + */ + { rdata_fromparams(HASH, FLAGS, ITER, 0, NULL), + rdata_fromparams(HASH, FLAGS, ITER, 0, "-"), true, + ISC_R_NOTFOUND }, + /* + * 10. No salt, explicit. + * Same as above, but set no salt explicitly. + */ + { rdata_fromparams(HASH, FLAGS, ITER, 0, "-"), + rdata_fromparams(HASH, FLAGS, ITER, 0, "-"), true, + ISC_R_NOTFOUND }, + }; + + UNUSED(state); + + /* + * Run tests. + */ + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + nsec3param_change_test(&tests[i]); + } +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(nsec3param_change, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/peer_test.c b/lib/dns/tests/peer_test.c new file mode 100644 index 0000000..69ca8bb --- /dev/null +++ b/lib/dns/tests/peer_test.c @@ -0,0 +1,175 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/util.h> + +#include <dns/peer.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/* Test DSCP set/get functions */ +static void +dscp(void **state) { + isc_result_t result; + isc_netaddr_t netaddr; + struct in_addr ina; + dns_peer_t *peer = NULL; + isc_dscp_t dscp; + + UNUSED(state); + + /* + * Create peer structure for the loopback address. + */ + ina.s_addr = INADDR_LOOPBACK; + isc_netaddr_fromin(&netaddr, &ina); + result = dns_peer_new(dt_mctx, &netaddr, &peer); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * All should be not set on creation. + * 'dscp' should remain unchanged. + */ + dscp = 100; + result = dns_peer_getquerydscp(peer, &dscp); + assert_int_equal(result, ISC_R_NOTFOUND); + assert_int_equal(dscp, 100); + + result = dns_peer_getnotifydscp(peer, &dscp); + assert_int_equal(result, ISC_R_NOTFOUND); + assert_int_equal(dscp, 100); + + result = dns_peer_gettransferdscp(peer, &dscp); + assert_int_equal(result, ISC_R_NOTFOUND); + assert_int_equal(dscp, 100); + + /* + * Test that setting query dscp does not affect the other + * dscp values. 'dscp' should remain unchanged until + * dns_peer_getquerydscp is called. + */ + dscp = 100; + result = dns_peer_setquerydscp(peer, 1); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_peer_getnotifydscp(peer, &dscp); + assert_int_equal(result, ISC_R_NOTFOUND); + assert_int_equal(dscp, 100); + + result = dns_peer_gettransferdscp(peer, &dscp); + assert_int_equal(result, ISC_R_NOTFOUND); + assert_int_equal(dscp, 100); + + result = dns_peer_getquerydscp(peer, &dscp); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(dscp, 1); + + /* + * Test that setting notify dscp does not affect the other + * dscp values. 'dscp' should remain unchanged until + * dns_peer_getquerydscp is called then should change again + * on dns_peer_getnotifydscp. + */ + dscp = 100; + result = dns_peer_setnotifydscp(peer, 2); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_peer_gettransferdscp(peer, &dscp); + assert_int_equal(result, ISC_R_NOTFOUND); + assert_int_equal(dscp, 100); + + result = dns_peer_getquerydscp(peer, &dscp); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(dscp, 1); + + result = dns_peer_getnotifydscp(peer, &dscp); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(dscp, 2); + + /* + * Test that setting notify dscp does not affect the other + * dscp values. Check that appropriate values are returned. + */ + dscp = 100; + result = dns_peer_settransferdscp(peer, 3); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_peer_getquerydscp(peer, &dscp); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(dscp, 1); + + result = dns_peer_getnotifydscp(peer, &dscp); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(dscp, 2); + + result = dns_peer_gettransferdscp(peer, &dscp); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(dscp, 3); + + dns_peer_detach(&peer); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(dscp, _setup, _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/private_test.c b/lib/dns/tests/private_test.c new file mode 100644 index 0000000..92ee391 --- /dev/null +++ b/lib/dns/tests/private_test.c @@ -0,0 +1,236 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/buffer.h> +#include <isc/util.h> + +#include <dns/nsec3.h> +#include <dns/private.h> +#include <dns/rdataclass.h> +#include <dns/rdatatype.h> + +#include <dst/dst.h> + +#include "dnstest.h" + +static dns_rdatatype_t privatetype = 65534; + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +typedef struct { + unsigned char alg; + dns_keytag_t keyid; + bool remove; + bool complete; +} signing_testcase_t; + +typedef struct { + unsigned char hash; + unsigned char flags; + unsigned int iterations; + unsigned long salt; + bool remove; + bool pending; + bool nonsec; +} nsec3_testcase_t; + +static void +make_signing(signing_testcase_t *testcase, dns_rdata_t *private, + unsigned char *buf, size_t len) { + dns_rdata_init(private); + + buf[0] = testcase->alg; + buf[1] = (testcase->keyid & 0xff00) >> 8; + buf[2] = (testcase->keyid & 0xff); + buf[3] = testcase->remove; + buf[4] = testcase->complete; + private->data = buf; + private->length = len; + private->type = privatetype; + private->rdclass = dns_rdataclass_in; +} + +static void +make_nsec3(nsec3_testcase_t *testcase, dns_rdata_t *private, + unsigned char *pbuf) { + dns_rdata_nsec3param_t params; + dns_rdata_t nsec3param = DNS_RDATA_INIT; + unsigned char bufdata[BUFSIZ]; + isc_buffer_t buf; + uint32_t salt; + unsigned char *sp; + int slen = 4; + + /* for simplicity, we're using a maximum salt length of 4 */ + salt = htonl(testcase->salt); + sp = (unsigned char *)&salt; + while (slen > 0 && *sp == '\0') { + slen--; + sp++; + } + + params.common.rdclass = dns_rdataclass_in; + params.common.rdtype = dns_rdatatype_nsec3param; + params.hash = testcase->hash; + params.iterations = testcase->iterations; + params.salt = sp; + params.salt_length = slen; + + params.flags = testcase->flags; + if (testcase->remove) { + params.flags |= DNS_NSEC3FLAG_REMOVE; + if (testcase->nonsec) { + params.flags |= DNS_NSEC3FLAG_NONSEC; + } + } else { + params.flags |= DNS_NSEC3FLAG_CREATE; + if (testcase->pending) { + params.flags |= DNS_NSEC3FLAG_INITIAL; + } + } + + isc_buffer_init(&buf, bufdata, sizeof(bufdata)); + dns_rdata_fromstruct(&nsec3param, dns_rdataclass_in, + dns_rdatatype_nsec3param, ¶ms, &buf); + + dns_rdata_init(private); + + dns_nsec3param_toprivate(&nsec3param, private, privatetype, pbuf, + DNS_NSEC3PARAM_BUFFERSIZE + 1); +} + +/* convert private signing records to text */ +static void +private_signing_totext_test(void **state) { + dns_rdata_t private; + int i; + + signing_testcase_t testcases[] = { { DST_ALG_RSASHA512, 12345, 0, 0 }, + { DST_ALG_RSASHA256, 54321, 1, 0 }, + { DST_ALG_NSEC3RSASHA1, 22222, 0, + 1 }, + { DST_ALG_RSASHA1, 33333, 1, 1 } }; + const char *results[] = { "Signing with key 12345/RSASHA512", + "Removing signatures for key 54321/RSASHA256", + "Done signing with key 22222/NSEC3RSASHA1", + ("Done removing signatures for key " + "33333/RSASHA1") }; + int ncases = 4; + + UNUSED(state); + + for (i = 0; i < ncases; i++) { + unsigned char data[5]; + char output[BUFSIZ]; + isc_buffer_t buf; + + isc_buffer_init(&buf, output, sizeof(output)); + + make_signing(&testcases[i], &private, data, sizeof(data)); + dns_private_totext(&private, &buf); + assert_string_equal(output, results[i]); + } +} + +/* convert private chain records to text */ +static void +private_nsec3_totext_test(void **state) { + dns_rdata_t private; + int i; + + nsec3_testcase_t testcases[] = { + { 1, 0, 1, 0xbeef, 0, 0, 0 }, + { 1, 1, 10, 0xdadd, 0, 0, 0 }, + { 1, 0, 20, 0xbead, 0, 1, 0 }, + { 1, 0, 30, 0xdeaf, 1, 0, 0 }, + { 1, 0, 100, 0xfeedabee, 1, 0, 1 }, + }; + const char *results[] = { "Creating NSEC3 chain 1 0 1 BEEF", + "Creating NSEC3 chain 1 1 10 DADD", + "Pending NSEC3 chain 1 0 20 BEAD", + ("Removing NSEC3 chain 1 0 30 DEAF / " + "creating NSEC chain"), + "Removing NSEC3 chain 1 0 100 FEEDABEE" }; + int ncases = 5; + + UNUSED(state); + + for (i = 0; i < ncases; i++) { + unsigned char data[DNS_NSEC3PARAM_BUFFERSIZE + 1]; + char output[BUFSIZ]; + isc_buffer_t buf; + + isc_buffer_init(&buf, output, sizeof(output)); + + make_nsec3(&testcases[i], &private, data); + dns_private_totext(&private, &buf); + assert_string_equal(output, results[i]); + } +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(private_signing_totext_test, + _setup, _teardown), + cmocka_unit_test_setup_teardown(private_nsec3_totext_test, + _setup, _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/rbt_serialize_test.c b/lib/dns/tests/rbt_serialize_test.c new file mode 100644 index 0000000..df56981 --- /dev/null +++ b/lib/dns/tests/rbt_serialize_test.c @@ -0,0 +1,489 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <fcntl.h> +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <sys/mman.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/app.h> +#include <isc/buffer.h> +#include <isc/commandline.h> +#include <isc/file.h> +#include <isc/hash.h> +#include <isc/mem.h> +#include <isc/os.h> +#include <isc/print.h> +#include <isc/random.h> +#include <isc/socket.h> +#include <isc/stdio.h> +#include <isc/string.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <dns/compress.h> +#include <dns/fixedname.h> +#include <dns/log.h> +#include <dns/name.h> +#include <dns/rbt.h> +#include <dns/result.h> + +#include <dst/dst.h> + +#include "dnstest.h" + +#ifndef MAP_FILE +#define MAP_FILE 0 +#endif /* ifndef MAP_FILE */ + +/* Set to true (or use -v option) for verbose output */ +static bool verbose = false; + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +typedef struct data_holder { + int len; + const char *data; +} data_holder_t; + +typedef struct rbt_testdata { + const char *name; + size_t name_len; + data_holder_t data; +} rbt_testdata_t; + +#define DATA_ITEM(name) \ + { \ + (name), sizeof(name) - 1, { sizeof(name), (name) } \ + } + +rbt_testdata_t testdata[] = { DATA_ITEM("first.com."), + DATA_ITEM("one.net."), + DATA_ITEM("two.com."), + DATA_ITEM("three.org."), + DATA_ITEM("asdf.com."), + DATA_ITEM("ghjkl.com."), + DATA_ITEM("1.edu."), + DATA_ITEM("2.edu."), + DATA_ITEM("3.edu."), + DATA_ITEM("123.edu."), + DATA_ITEM("1236.com."), + DATA_ITEM("and_so_forth.com."), + DATA_ITEM("thisisalongname.com."), + DATA_ITEM("a.b."), + DATA_ITEM("test.net."), + DATA_ITEM("whoknows.org."), + DATA_ITEM("blargh.com."), + DATA_ITEM("www.joe.com."), + DATA_ITEM("test.com."), + DATA_ITEM("isc.org."), + DATA_ITEM("uiop.mil."), + DATA_ITEM("last.fm."), + { NULL, 0, { 0, NULL } } }; + +static void +delete_data(void *data, void *arg) { + UNUSED(arg); + UNUSED(data); +} + +static isc_result_t +write_data(FILE *file, unsigned char *datap, void *arg, uint64_t *crc) { + isc_result_t result; + size_t ret = 0; + data_holder_t *data; + data_holder_t temp; + off_t where; + + UNUSED(arg); + + REQUIRE(file != NULL); + REQUIRE(crc != NULL); + REQUIRE(datap != NULL); + data = (data_holder_t *)datap; + REQUIRE((data->len == 0 && data->data == NULL) || + (data->len != 0 && data->data != NULL)); + + result = isc_stdio_tell(file, &where); + if (result != ISC_R_SUCCESS) { + return (result); + } + + temp = *data; + temp.data = (data->len == 0 ? NULL + : (char *)((uintptr_t)where + + sizeof(data_holder_t))); + + isc_crc64_update(crc, (void *)&temp, sizeof(temp)); + ret = fwrite(&temp, sizeof(data_holder_t), 1, file); + if (ret != 1) { + return (ISC_R_FAILURE); + } + if (data->len > 0) { + isc_crc64_update(crc, (const void *)data->data, data->len); + ret = fwrite(data->data, data->len, 1, file); + if (ret != 1) { + return (ISC_R_FAILURE); + } + } + + return (ISC_R_SUCCESS); +} + +static isc_result_t +fix_data(dns_rbtnode_t *p, void *base, size_t max, void *arg, uint64_t *crc) { + data_holder_t *data; + size_t size; + + UNUSED(base); + UNUSED(max); + UNUSED(arg); + + REQUIRE(crc != NULL); + REQUIRE(p != NULL); + + data = p->data; + + if (data == NULL || (data->len == 0 && data->data != NULL) || + (data->len != 0 && data->data == NULL)) + { + return (ISC_R_INVALIDFILE); + } + + size = max - ((char *)p - (char *)base); + + if (data->len > (int)size || data->data > (const char *)max) { + return (ISC_R_INVALIDFILE); + } + + isc_crc64_update(crc, (void *)data, sizeof(*data)); + + data->data = NULL; + if (data->len != 0) { + data->data = (char *)data + sizeof(data_holder_t); + } + + if (data->len > 0) { + isc_crc64_update(crc, (const void *)data->data, data->len); + } + + return (ISC_R_SUCCESS); +} + +/* + * Load test data into the RBT. + */ +static void +add_test_data(isc_mem_t *mctx, dns_rbt_t *rbt) { + char buffer[1024]; + isc_buffer_t b; + isc_result_t result; + dns_fixedname_t fname; + dns_name_t *name; + dns_compress_t cctx; + rbt_testdata_t *testdatap = testdata; + + dns_compress_init(&cctx, -1, mctx); + + while (testdatap->name != NULL && testdatap->data.data != NULL) { + memmove(buffer, testdatap->name, testdatap->name_len); + + isc_buffer_init(&b, buffer, testdatap->name_len); + isc_buffer_add(&b, testdatap->name_len); + name = dns_fixedname_initname(&fname); + result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); + if (result != ISC_R_SUCCESS) { + testdatap++; + continue; + } + + if (name != NULL) { + result = dns_rbt_addname(rbt, name, &testdatap->data); + assert_int_equal(result, ISC_R_SUCCESS); + } + testdatap++; + } + + dns_compress_invalidate(&cctx); +} + +/* + * Walk the tree and ensure that all the test nodes are present. + */ +static void +check_test_data(dns_rbt_t *rbt) { + char buffer[1024]; + char *arg; + dns_fixedname_t fname; + dns_fixedname_t fixed; + dns_name_t *name; + isc_buffer_t b; + data_holder_t *data; + isc_result_t result; + dns_name_t *foundname; + rbt_testdata_t *testdatap = testdata; + + foundname = dns_fixedname_initname(&fixed); + + while (testdatap->name != NULL && testdatap->data.data != NULL) { + memmove(buffer, testdatap->name, testdatap->name_len + 1); + arg = buffer; + + isc_buffer_init(&b, arg, testdatap->name_len); + isc_buffer_add(&b, testdatap->name_len); + name = dns_fixedname_initname(&fname); + result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); + if (result != ISC_R_SUCCESS) { + testdatap++; + continue; + } + + data = NULL; + result = dns_rbt_findname(rbt, name, 0, foundname, + (void *)&data); + assert_int_equal(result, ISC_R_SUCCESS); + + testdatap++; + } +} + +static void +data_printer(FILE *out, void *datap) { + data_holder_t *data = (data_holder_t *)datap; + + fprintf(out, "%d bytes, %s", data->len, data->data); +} + +/* Test writing an rbt to file */ +static void +serialize_test(void **state) { + dns_rbt_t *rbt = NULL; + isc_result_t result; + FILE *rbtfile = NULL; + dns_rbt_t *rbt_deserialized = NULL; + off_t offset; + int fd; + off_t filesize = 0; + char *base; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + result = dns_rbt_create(dt_mctx, delete_data, NULL, &rbt); + assert_int_equal(result, ISC_R_SUCCESS); + + add_test_data(dt_mctx, rbt); + + if (verbose) { + dns_rbt_printtext(rbt, data_printer, stdout); + } + + /* + * Serialize the tree. + */ + rbtfile = fopen("./zone.bin", "w+b"); + assert_non_null(rbtfile); + result = dns_rbt_serialize_tree(rbtfile, rbt, write_data, NULL, + &offset); + assert_true(result == ISC_R_SUCCESS); + dns_rbt_destroy(&rbt); + + /* + * Deserialize the tree. + * Map in the whole file in one go + */ + fd = open("zone.bin", O_RDWR); + assert_int_not_equal(fd, -1); + isc_file_getsizefd(fd, &filesize); + base = mmap(NULL, filesize, PROT_READ | PROT_WRITE, + MAP_FILE | MAP_PRIVATE, fd, 0); + assert_true(base != NULL && base != MAP_FAILED); + close(fd); + + result = dns_rbt_deserialize_tree(base, filesize, 0, dt_mctx, + delete_data, NULL, fix_data, NULL, + NULL, &rbt_deserialized); + + /* Test to make sure we have a valid tree */ + assert_true(result == ISC_R_SUCCESS); + if (rbt_deserialized == NULL) { + fail_msg("deserialized rbt is null!"); /* Abort execution. */ + } + + check_test_data(rbt_deserialized); + + if (verbose) { + dns_rbt_printtext(rbt_deserialized, data_printer, stdout); + } + + dns_rbt_destroy(&rbt_deserialized); + munmap(base, filesize); + unlink("zone.bin"); +} + +/* Test reading a corrupt map file */ +static void +deserialize_corrupt_test(void **state) { + dns_rbt_t *rbt = NULL; + isc_result_t result; + FILE *rbtfile = NULL; + off_t offset; + int fd; + off_t filesize = 0; + char *base, *p, *q; + int i; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + /* Set up map file */ + result = dns_rbt_create(dt_mctx, delete_data, NULL, &rbt); + assert_int_equal(result, ISC_R_SUCCESS); + + add_test_data(dt_mctx, rbt); + rbtfile = fopen("./zone.bin", "w+b"); + assert_non_null(rbtfile); + result = dns_rbt_serialize_tree(rbtfile, rbt, write_data, NULL, + &offset); + assert_true(result == ISC_R_SUCCESS); + dns_rbt_destroy(&rbt); + + /* Read back with random fuzzing */ + for (i = 0; i < 256; i++) { + dns_rbt_t *rbt_deserialized = NULL; + + fd = open("zone.bin", O_RDWR); + assert_int_not_equal(fd, -1); + isc_file_getsizefd(fd, &filesize); + base = mmap(NULL, filesize, PROT_READ | PROT_WRITE, + MAP_FILE | MAP_PRIVATE, fd, 0); + assert_true(base != NULL && base != MAP_FAILED); + close(fd); + + /* Randomly fuzz a portion of the memory */ + /* cppcheck-suppress nullPointerArithmeticRedundantCheck */ + p = base + (isc_random_uniform(filesize)); + /* cppcheck-suppress nullPointerArithmeticRedundantCheck */ + q = base + filesize; + q -= (isc_random_uniform(q - p)); + while (p++ < q) { + *p = isc_random8(); + } + + result = dns_rbt_deserialize_tree( + base, filesize, 0, dt_mctx, delete_data, NULL, fix_data, + NULL, NULL, &rbt_deserialized); + + /* Test to make sure we have a valid tree */ + assert_true(result == ISC_R_SUCCESS || + result == ISC_R_INVALIDFILE); + if (result != ISC_R_SUCCESS) { + assert_null(rbt_deserialized); + } + + if (rbt_deserialized != NULL) { + dns_rbt_destroy(&rbt_deserialized); + } + + munmap(base, filesize); + } + + unlink("zone.bin"); +} + +/* Test the dns_rbt_serialize_align() function */ +static void +serialize_align_test(void **state) { + UNUSED(state); + + assert_true(dns_rbt_serialize_align(0) == 0); + assert_true(dns_rbt_serialize_align(1) == 8); + assert_true(dns_rbt_serialize_align(2) == 8); + assert_true(dns_rbt_serialize_align(3) == 8); + assert_true(dns_rbt_serialize_align(4) == 8); + assert_true(dns_rbt_serialize_align(5) == 8); + assert_true(dns_rbt_serialize_align(6) == 8); + assert_true(dns_rbt_serialize_align(7) == 8); + assert_true(dns_rbt_serialize_align(8) == 8); + assert_true(dns_rbt_serialize_align(9) == 16); + assert_true(dns_rbt_serialize_align(0xff) == 0x100); + assert_true(dns_rbt_serialize_align(0x301) == 0x308); +} + +int +main(int argc, char **argv) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(serialize_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(deserialize_corrupt_test, + _setup, _teardown), + cmocka_unit_test(serialize_align_test), + }; + int c; + + while ((c = isc_commandline_parse(argc, argv, "v")) != -1) { + switch (c) { + case 'v': + verbose = true; + break; + default: + break; + } + } + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/rbt_test.c b/lib/dns/tests/rbt_test.c new file mode 100644 index 0000000..e73ac09 --- /dev/null +++ b/lib/dns/tests/rbt_test.c @@ -0,0 +1,1390 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <ctype.h> +#include <fcntl.h> +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/app.h> +#include <isc/buffer.h> +#include <isc/file.h> +#include <isc/hash.h> +#include <isc/mem.h> +#include <isc/os.h> +#include <isc/print.h> +#include <isc/random.h> +#include <isc/socket.h> +#include <isc/stdio.h> +#include <isc/string.h> +#include <isc/task.h> +#include <isc/thread.h> +#include <isc/time.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <dns/compress.h> +#include <dns/fixedname.h> +#include <dns/log.h> +#include <dns/name.h> +#include <dns/rbt.h> +#include <dns/result.h> + +#include <dst/dst.h> + +#include "dnstest.h" + +typedef struct { + dns_rbt_t *rbt; + dns_rbt_t *rbt_distances; +} test_context_t; + +/* The initial structure of domain tree will be as follows: + * + * . + * | + * b + * / \ + * a d.e.f + * / | \ + * c | g.h + * | | + * w.y i + * / | \ \ + * x | z k + * | | + * p j + * / \ + * o q + */ + +/* The full absolute names of the nodes in the tree (the tree also + * contains "." which is not included in this list). + */ +static const char *const domain_names[] = { + "c", "b", "a", "x.d.e.f", + "z.d.e.f", "g.h", "i.g.h", "o.w.y.d.e.f", + "j.z.d.e.f", "p.w.y.d.e.f", "q.w.y.d.e.f", "k.g.h" +}; + +static const size_t domain_names_count = + (sizeof(domain_names) / sizeof(domain_names[0])); + +/* These are set as the node data for the tree used in distances check + * (for the names in domain_names[] above). + */ +static const int node_distances[] = { 3, 1, 2, 2, 2, 3, 1, 2, 1, 1, 2, 2 }; + +/* + * The domain order should be: + * ., a, b, c, d.e.f, x.d.e.f, w.y.d.e.f, o.w.y.d.e.f, p.w.y.d.e.f, + * q.w.y.d.e.f, z.d.e.f, j.z.d.e.f, g.h, i.g.h, k.g.h + * . (no data, can't be found) + * | + * b + * / \ + * a d.e.f + * / | \ + * c | g.h + * | | + * w.y i + * / | \ \ + * x | z k + * | | + * p j + * / \ + * o q + */ + +static const char *const ordered_names[] = { + "a", "b", "c", "d.e.f", "x.d.e.f", + "w.y.d.e.f", "o.w.y.d.e.f", "p.w.y.d.e.f", "q.w.y.d.e.f", "z.d.e.f", + "j.z.d.e.f", "g.h", "i.g.h", "k.g.h" +}; + +static const size_t ordered_names_count = + (sizeof(ordered_names) / sizeof(*ordered_names)); + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} +static void +delete_data(void *data, void *arg) { + UNUSED(arg); + + isc_mem_put(dt_mctx, data, sizeof(size_t)); +} + +static test_context_t * +test_context_setup(void) { + test_context_t *ctx; + isc_result_t result; + size_t i; + + ctx = isc_mem_get(dt_mctx, sizeof(*ctx)); + assert_non_null(ctx); + + ctx->rbt = NULL; + result = dns_rbt_create(dt_mctx, delete_data, NULL, &ctx->rbt); + assert_int_equal(result, ISC_R_SUCCESS); + + ctx->rbt_distances = NULL; + result = dns_rbt_create(dt_mctx, delete_data, NULL, + &ctx->rbt_distances); + assert_int_equal(result, ISC_R_SUCCESS); + + for (i = 0; i < domain_names_count; i++) { + size_t *n; + dns_fixedname_t fname; + dns_name_t *name; + + dns_test_namefromstring(domain_names[i], &fname); + + name = dns_fixedname_name(&fname); + + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + *n = i + 1; + result = dns_rbt_addname(ctx->rbt, name, n); + assert_int_equal(result, ISC_R_SUCCESS); + + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + *n = node_distances[i]; + result = dns_rbt_addname(ctx->rbt_distances, name, n); + assert_int_equal(result, ISC_R_SUCCESS); + } + + return (ctx); +} + +static void +test_context_teardown(test_context_t *ctx) { + dns_rbt_destroy(&ctx->rbt); + dns_rbt_destroy(&ctx->rbt_distances); + + isc_mem_put(dt_mctx, ctx, sizeof(*ctx)); +} + +/* + * Walk the tree and ensure that all the test nodes are present. + */ +static void +check_test_data(dns_rbt_t *rbt) { + dns_fixedname_t fixed; + isc_result_t result; + dns_name_t *foundname; + size_t i; + + foundname = dns_fixedname_initname(&fixed); + + for (i = 0; i < domain_names_count; i++) { + dns_fixedname_t fname; + dns_name_t *name; + size_t *n; + + dns_test_namefromstring(domain_names[i], &fname); + + name = dns_fixedname_name(&fname); + n = NULL; + result = dns_rbt_findname(rbt, name, 0, foundname, (void *)&n); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(*n, i + 1); + } +} + +/* Test the creation of an rbt */ +static void +rbt_create(void **state) { + test_context_t *ctx; + bool tree_ok; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + check_test_data(ctx->rbt); + + tree_ok = dns__rbt_checkproperties(ctx->rbt); + assert_true(tree_ok); + + test_context_teardown(ctx); +} + +/* Test dns_rbt_nodecount() on a tree */ +static void +rbt_nodecount(void **state) { + test_context_t *ctx; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + assert_int_equal(15, dns_rbt_nodecount(ctx->rbt)); + + test_context_teardown(ctx); +} + +/* Test dns_rbtnode_get_distance() on a tree */ +static void +rbtnode_get_distance(void **state) { + isc_result_t result; + test_context_t *ctx; + const char *name_str = "a"; + dns_fixedname_t fname; + dns_name_t *name; + dns_rbtnode_t *node = NULL; + dns_rbtnodechain_t chain; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + dns_test_namefromstring(name_str, &fname); + name = dns_fixedname_name(&fname); + + dns_rbtnodechain_init(&chain); + + result = dns_rbt_findnode(ctx->rbt_distances, name, NULL, &node, &chain, + 0, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + while (node != NULL) { + const size_t *distance = (const size_t *)node->data; + if (distance != NULL) { + assert_int_equal(*distance, + dns__rbtnode_getdistance(node)); + } + result = dns_rbtnodechain_next(&chain, NULL, NULL); + if (result == ISC_R_NOMORE) { + break; + } + dns_rbtnodechain_current(&chain, NULL, NULL, &node); + } + + assert_int_equal(result, ISC_R_NOMORE); + + dns_rbtnodechain_invalidate(&chain); + + test_context_teardown(ctx); +} + +/* + * Test tree balance, inserting names in random order. + * + * This test checks an important performance-related property of + * the red-black tree, which is important for us: the longest + * path from a sub-tree's root to a node is no more than + * 2log(n). This check verifies that the tree is balanced. + */ +static void +rbt_check_distance_random(void **state) { + dns_rbt_t *mytree = NULL; + const unsigned int log_num_nodes = 16; + isc_result_t result; + bool tree_ok; + int i; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + result = dns_rbt_create(dt_mctx, delete_data, NULL, &mytree); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Names are inserted in random order. */ + + /* Make a large 65536 node top-level domain tree, i.e., the + * following code inserts names such as: + * + * savoucnsrkrqzpkqypbygwoiliawpbmz. + * wkadamcbbpjtundbxcmuayuycposvngx. + * wzbpznemtooxdpjecdxynsfztvnuyfao. + * yueojmhyffslpvfmgyfwioxegfhepnqq. + */ + for (i = 0; i < (1 << log_num_nodes); i++) { + size_t *n; + char namebuf[34]; + + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + *n = i + 1; + + while (1) { + int j; + dns_fixedname_t fname; + dns_name_t *name; + + for (j = 0; j < 32; j++) { + uint32_t v = isc_random_uniform(26); + namebuf[j] = 'a' + v; + } + namebuf[32] = '.'; + namebuf[33] = 0; + + dns_test_namefromstring(namebuf, &fname); + name = dns_fixedname_name(&fname); + + result = dns_rbt_addname(mytree, name, n); + if (result == ISC_R_SUCCESS) { + break; + } + } + } + + /* 1 (root . node) + (1 << log_num_nodes) */ + assert_int_equal(1U + (1U << log_num_nodes), dns_rbt_nodecount(mytree)); + + /* The distance from each node to its sub-tree root must be less + * than 2 * log(n). + */ + assert_true((2U * log_num_nodes) >= dns__rbt_getheight(mytree)); + + /* Also check RB tree properties */ + tree_ok = dns__rbt_checkproperties(mytree); + assert_true(tree_ok); + + dns_rbt_destroy(&mytree); +} + +/* + * Test tree balance, inserting names in sorted order. + * + * This test checks an important performance-related property of + * the red-black tree, which is important for us: the longest + * path from a sub-tree's root to a node is no more than + * 2log(n). This check verifies that the tree is balanced. + */ +static void +rbt_check_distance_ordered(void **state) { + dns_rbt_t *mytree = NULL; + const unsigned int log_num_nodes = 16; + isc_result_t result; + bool tree_ok; + int i; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + result = dns_rbt_create(dt_mctx, delete_data, NULL, &mytree); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Names are inserted in sorted order. */ + + /* Make a large 65536 node top-level domain tree, i.e., the + * following code inserts names such as: + * + * name00000000. + * name00000001. + * name00000002. + * name00000003. + */ + for (i = 0; i < (1 << log_num_nodes); i++) { + size_t *n; + char namebuf[14]; + dns_fixedname_t fname; + dns_name_t *name; + + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + *n = i + 1; + + snprintf(namebuf, sizeof(namebuf), "name%08x.", i); + dns_test_namefromstring(namebuf, &fname); + name = dns_fixedname_name(&fname); + + result = dns_rbt_addname(mytree, name, n); + assert_int_equal(result, ISC_R_SUCCESS); + } + + /* 1 (root . node) + (1 << log_num_nodes) */ + assert_int_equal(1U + (1U << log_num_nodes), dns_rbt_nodecount(mytree)); + + /* The distance from each node to its sub-tree root must be less + * than 2 * log(n). + */ + assert_true((2U * log_num_nodes) >= dns__rbt_getheight(mytree)); + + /* Also check RB tree properties */ + tree_ok = dns__rbt_checkproperties(mytree); + assert_true(tree_ok); + + dns_rbt_destroy(&mytree); +} + +static isc_result_t +insert_helper(dns_rbt_t *rbt, const char *namestr, dns_rbtnode_t **node) { + dns_fixedname_t fname; + dns_name_t *name; + + dns_test_namefromstring(namestr, &fname); + name = dns_fixedname_name(&fname); + + return (dns_rbt_addnode(rbt, name, node)); +} + +static bool +compare_labelsequences(dns_rbtnode_t *node, const char *labelstr) { + dns_name_t name; + isc_result_t result; + char *nodestr = NULL; + bool is_equal; + + dns_name_init(&name, NULL); + dns_rbt_namefromnode(node, &name); + + result = dns_name_tostring(&name, &nodestr, dt_mctx); + assert_int_equal(result, ISC_R_SUCCESS); + + is_equal = strcmp(labelstr, nodestr) == 0 ? true : false; + + isc_mem_free(dt_mctx, nodestr); + + return (is_equal); +} + +/* Test insertion into a tree */ +static void +rbt_insert(void **state) { + isc_result_t result; + test_context_t *ctx; + dns_rbtnode_t *node; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + /* Check node count before beginning. */ + assert_int_equal(15, dns_rbt_nodecount(ctx->rbt)); + + /* Try to insert a node that already exists. */ + node = NULL; + result = insert_helper(ctx->rbt, "d.e.f", &node); + assert_int_equal(result, ISC_R_EXISTS); + + /* Node count must not have changed. */ + assert_int_equal(15, dns_rbt_nodecount(ctx->rbt)); + + /* Try to insert a node that doesn't exist. */ + node = NULL; + result = insert_helper(ctx->rbt, "0", &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(compare_labelsequences(node, "0")); + + /* Node count must have increased. */ + assert_int_equal(16, dns_rbt_nodecount(ctx->rbt)); + + /* Another. */ + node = NULL; + result = insert_helper(ctx->rbt, "example.com", &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_non_null(node); + assert_null(node->data); + + /* Node count must have increased. */ + assert_int_equal(17, dns_rbt_nodecount(ctx->rbt)); + + /* Re-adding it should return EXISTS */ + node = NULL; + result = insert_helper(ctx->rbt, "example.com", &node); + assert_int_equal(result, ISC_R_EXISTS); + + /* Node count must not have changed. */ + assert_int_equal(17, dns_rbt_nodecount(ctx->rbt)); + + /* Fission the node d.e.f */ + node = NULL; + result = insert_helper(ctx->rbt, "k.e.f", &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(compare_labelsequences(node, "k")); + + /* Node count must have incremented twice ("d.e.f" fissioned to + * "d" and "e.f", and the newly added "k"). + */ + assert_int_equal(19, dns_rbt_nodecount(ctx->rbt)); + + /* Fission the node "g.h" */ + node = NULL; + result = insert_helper(ctx->rbt, "h", &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(compare_labelsequences(node, "h")); + + /* Node count must have incremented ("g.h" fissioned to "g" and + * "h"). + */ + assert_int_equal(20, dns_rbt_nodecount(ctx->rbt)); + + /* Add child domains */ + + node = NULL; + result = insert_helper(ctx->rbt, "m.p.w.y.d.e.f", &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(compare_labelsequences(node, "m")); + assert_int_equal(21, dns_rbt_nodecount(ctx->rbt)); + + node = NULL; + result = insert_helper(ctx->rbt, "n.p.w.y.d.e.f", &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(compare_labelsequences(node, "n")); + assert_int_equal(22, dns_rbt_nodecount(ctx->rbt)); + + node = NULL; + result = insert_helper(ctx->rbt, "l.a", &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(compare_labelsequences(node, "l")); + assert_int_equal(23, dns_rbt_nodecount(ctx->rbt)); + + node = NULL; + result = insert_helper(ctx->rbt, "r.d.e.f", &node); + assert_int_equal(result, ISC_R_SUCCESS); + node = NULL; + result = insert_helper(ctx->rbt, "s.d.e.f", &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(25, dns_rbt_nodecount(ctx->rbt)); + + node = NULL; + result = insert_helper(ctx->rbt, "h.w.y.d.e.f", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Add more nodes one by one to cover left and right rotation + * functions. + */ + node = NULL; + result = insert_helper(ctx->rbt, "f", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "m", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "nm", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "om", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "k", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "l", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "fe", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "ge", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "i", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "ae", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + node = NULL; + result = insert_helper(ctx->rbt, "n", &node); + assert_int_equal(result, ISC_R_SUCCESS); + + test_context_teardown(ctx); +} + +/* + * Test removal from a tree + * + * This testcase checks that after node removal, the binary-search tree is + * valid and all nodes that are supposed to exist are present in the + * correct order. It mainly tests DomainTree as a BST, and not particularly + * as a red-black tree. This test checks node deletion when upper nodes + * have data. + */ +static void +rbt_remove(void **state) { + isc_result_t result; + size_t j; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + /* + * Delete single nodes and check if the rest of the nodes exist. + */ + for (j = 0; j < ordered_names_count; j++) { + dns_rbt_t *mytree = NULL; + dns_rbtnode_t *node; + size_t i; + size_t *n; + bool tree_ok; + dns_rbtnodechain_t chain; + size_t start_node; + + /* Create a tree. */ + result = dns_rbt_create(dt_mctx, delete_data, NULL, &mytree); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Insert test data into the tree. */ + for (i = 0; i < domain_names_count; i++) { + node = NULL; + result = insert_helper(mytree, domain_names[i], &node); + assert_int_equal(result, ISC_R_SUCCESS); + } + + /* Check that all names exist in order. */ + for (i = 0; i < ordered_names_count; i++) { + dns_fixedname_t fname; + dns_name_t *name; + + dns_test_namefromstring(ordered_names[i], &fname); + + name = dns_fixedname_name(&fname); + node = NULL; + result = dns_rbt_findnode(mytree, name, NULL, &node, + NULL, DNS_RBTFIND_EMPTYDATA, + NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Add node data */ + assert_non_null(node); + assert_null(node->data); + + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + *n = i; + + node->data = n; + } + + /* Now, delete the j'th node from the tree. */ + { + dns_fixedname_t fname; + dns_name_t *name; + + dns_test_namefromstring(ordered_names[j], &fname); + + name = dns_fixedname_name(&fname); + + result = dns_rbt_deletename(mytree, name, false); + assert_int_equal(result, ISC_R_SUCCESS); + } + + /* Check RB tree properties. */ + tree_ok = dns__rbt_checkproperties(mytree); + assert_true(tree_ok); + + dns_rbtnodechain_init(&chain); + + /* Now, walk through nodes in order. */ + if (j == 0) { + /* + * Node for ordered_names[0] was already deleted + * above. We start from node 1. + */ + dns_fixedname_t fname; + dns_name_t *name; + + dns_test_namefromstring(ordered_names[0], &fname); + name = dns_fixedname_name(&fname); + node = NULL; + result = dns_rbt_findnode(mytree, name, NULL, &node, + NULL, 0, NULL, NULL); + assert_int_equal(result, ISC_R_NOTFOUND); + + dns_test_namefromstring(ordered_names[1], &fname); + name = dns_fixedname_name(&fname); + node = NULL; + result = dns_rbt_findnode(mytree, name, NULL, &node, + &chain, 0, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + start_node = 1; + } else { + /* Start from node 0. */ + dns_fixedname_t fname; + dns_name_t *name; + + dns_test_namefromstring(ordered_names[0], &fname); + name = dns_fixedname_name(&fname); + node = NULL; + result = dns_rbt_findnode(mytree, name, NULL, &node, + &chain, 0, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + start_node = 0; + } + + /* + * node and chain have been set by the code above at + * this point. + */ + for (i = start_node; i < ordered_names_count; i++) { + dns_fixedname_t fname_j, fname_i; + dns_name_t *name_j, *name_i; + + dns_test_namefromstring(ordered_names[j], &fname_j); + name_j = dns_fixedname_name(&fname_j); + dns_test_namefromstring(ordered_names[i], &fname_i); + name_i = dns_fixedname_name(&fname_i); + + if (dns_name_equal(name_i, name_j)) { + /* + * This may be true for the last node if + * we seek ahead in the loop using + * dns_rbtnodechain_next() below. + */ + if (node == NULL) { + break; + } + + /* All ordered nodes have data + * initially. If any node is empty, it + * means it was removed, but an empty + * node exists because it is a + * super-domain. Just skip it. + */ + if (node->data == NULL) { + result = dns_rbtnodechain_next( + &chain, NULL, NULL); + if (result == ISC_R_NOMORE) { + node = NULL; + } else { + dns_rbtnodechain_current( + &chain, NULL, NULL, + &node); + } + } + continue; + } + + assert_non_null(node); + + n = (size_t *)node->data; + if (n != NULL) { + /* printf("n=%zu, i=%zu\n", *n, i); */ + assert_int_equal(*n, i); + } + + result = dns_rbtnodechain_next(&chain, NULL, NULL); + if (result == ISC_R_NOMORE) { + node = NULL; + } else { + dns_rbtnodechain_current(&chain, NULL, NULL, + &node); + } + } + + /* We should have reached the end of the tree. */ + assert_null(node); + + dns_rbt_destroy(&mytree); + } +} + +static void +insert_nodes(dns_rbt_t *mytree, char **names, size_t *names_count, + uint32_t num_names) { + uint32_t i; + dns_rbtnode_t *node; + + for (i = 0; i < num_names; i++) { + size_t *n; + char namebuf[34]; + + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + + *n = i; /* Unused value */ + + while (1) { + int j; + dns_fixedname_t fname; + dns_name_t *name; + isc_result_t result; + + for (j = 0; j < 32; j++) { + uint32_t v = isc_random_uniform(26); + namebuf[j] = 'a' + v; + } + namebuf[32] = '.'; + namebuf[33] = 0; + + dns_test_namefromstring(namebuf, &fname); + name = dns_fixedname_name(&fname); + + node = NULL; + result = dns_rbt_addnode(mytree, name, &node); + if (result == ISC_R_SUCCESS) { + node->data = n; + names[*names_count] = isc_mem_strdup(dt_mctx, + namebuf); + assert_non_null(names[*names_count]); + *names_count += 1; + break; + } + } + } +} + +static void +remove_nodes(dns_rbt_t *mytree, char **names, size_t *names_count, + uint32_t num_names) { + uint32_t i; + + UNUSED(mytree); + + for (i = 0; i < num_names; i++) { + uint32_t node; + dns_fixedname_t fname; + dns_name_t *name; + isc_result_t result; + + node = isc_random_uniform(*names_count); + + dns_test_namefromstring(names[node], &fname); + name = dns_fixedname_name(&fname); + + result = dns_rbt_deletename(mytree, name, false); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_mem_free(dt_mctx, names[node]); + if (*names_count > 0) { + names[node] = names[*names_count - 1]; + names[*names_count - 1] = NULL; + *names_count -= 1; + } + } +} + +static void +check_tree(dns_rbt_t *mytree, char **names, size_t names_count) { + bool tree_ok; + + UNUSED(names); + + assert_int_equal(names_count + 1, dns_rbt_nodecount(mytree)); + + /* + * The distance from each node to its sub-tree root must be less + * than 2 * log_2(1024). + */ + assert_true((2 * 10) >= dns__rbt_getheight(mytree)); + + /* Also check RB tree properties */ + tree_ok = dns__rbt_checkproperties(mytree); + assert_true(tree_ok); +} + +/* + * Test insert and remove in a loop. + * + * What is the best way to test our red-black tree code? It is + * not a good method to test every case handled in the actual + * code itself. This is because our approach itself may be + * incorrect. + * + * We test our code at the interface level here by exercising the + * tree randomly multiple times, checking that red-black tree + * properties are valid, and all the nodes that are supposed to be + * in the tree exist and are in order. + * + * NOTE: These tests are run within a single tree level in the + * forest. The number of nodes in the tree level doesn't grow + * over 1024. + */ +static void +rbt_insert_and_remove(void **state) { + isc_result_t result; + dns_rbt_t *mytree = NULL; + size_t *n; + char *names[1024]; + size_t names_count; + int i; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + result = dns_rbt_create(dt_mctx, delete_data, NULL, &mytree); + assert_int_equal(result, ISC_R_SUCCESS); + + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + result = dns_rbt_addname(mytree, dns_rootname, n); + assert_int_equal(result, ISC_R_SUCCESS); + + memset(names, 0, sizeof(names)); + names_count = 0; + + /* Repeat the insert/remove test some 4096 times */ + for (i = 0; i < 4096; i++) { + uint32_t num_names; + + if (names_count < 1024) { + num_names = isc_random_uniform(1024 - names_count); + num_names++; + } else { + num_names = 0; + } + + insert_nodes(mytree, names, &names_count, num_names); + check_tree(mytree, names, names_count); + + if (names_count > 0) { + num_names = isc_random_uniform(names_count); + num_names++; + } else { + num_names = 0; + } + + remove_nodes(mytree, names, &names_count, num_names); + check_tree(mytree, names, names_count); + } + + /* Remove the rest of the nodes */ + remove_nodes(mytree, names, &names_count, names_count); + check_tree(mytree, names, names_count); + + for (i = 0; i < 1024; i++) { + if (names[i] != NULL) { + isc_mem_free(dt_mctx, names[i]); + } + } + + result = dns_rbt_deletename(mytree, dns_rootname, false); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(dns_rbt_nodecount(mytree), 0); + + dns_rbt_destroy(&mytree); +} + +/* Test findname return values */ +static void +rbt_findname(void **state) { + isc_result_t result; + test_context_t *ctx = NULL; + dns_fixedname_t fname, found; + dns_name_t *name = NULL, *foundname = NULL; + size_t *n = NULL; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + /* Try to find a name that exists. */ + dns_test_namefromstring("d.e.f", &fname); + name = dns_fixedname_name(&fname); + + foundname = dns_fixedname_initname(&found); + + result = dns_rbt_findname(ctx->rbt, name, DNS_RBTFIND_EMPTYDATA, + foundname, (void *)&n); + assert_true(dns_name_equal(foundname, name)); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Now without EMPTYDATA */ + result = dns_rbt_findname(ctx->rbt, name, 0, foundname, (void *)&n); + assert_int_equal(result, ISC_R_NOTFOUND); + + /* Now one that partially matches */ + dns_test_namefromstring("d.e.f.g.h.i.j", &fname); + name = dns_fixedname_name(&fname); + result = dns_rbt_findname(ctx->rbt, name, DNS_RBTFIND_EMPTYDATA, + foundname, (void *)&n); + assert_int_equal(result, DNS_R_PARTIALMATCH); + + /* Now one that doesn't match */ + dns_test_namefromstring("1.2", &fname); + name = dns_fixedname_name(&fname); + result = dns_rbt_findname(ctx->rbt, name, DNS_RBTFIND_EMPTYDATA, + foundname, (void *)&n); + assert_int_equal(result, DNS_R_PARTIALMATCH); + assert_true(dns_name_equal(foundname, dns_rootname)); + + test_context_teardown(ctx); +} + +/* Test addname return values */ +static void +rbt_addname(void **state) { + isc_result_t result; + test_context_t *ctx = NULL; + dns_fixedname_t fname; + dns_name_t *name = NULL; + size_t *n; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + *n = 1; + + dns_test_namefromstring("d.e.f.g.h.i.j.k", &fname); + name = dns_fixedname_name(&fname); + + /* Add a name that doesn't exist */ + result = dns_rbt_addname(ctx->rbt, name, n); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Now add again, should get ISC_R_EXISTS */ + n = isc_mem_get(dt_mctx, sizeof(size_t)); + assert_non_null(n); + *n = 2; + result = dns_rbt_addname(ctx->rbt, name, n); + assert_int_equal(result, ISC_R_EXISTS); + isc_mem_put(dt_mctx, n, sizeof(size_t)); + + test_context_teardown(ctx); +} + +/* Test deletename return values */ +static void +rbt_deletename(void **state) { + isc_result_t result; + test_context_t *ctx = NULL; + dns_fixedname_t fname; + dns_name_t *name = NULL; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + /* Delete a name that doesn't exist */ + dns_test_namefromstring("z.x.y.w", &fname); + name = dns_fixedname_name(&fname); + result = dns_rbt_deletename(ctx->rbt, name, false); + assert_int_equal(result, ISC_R_NOTFOUND); + + /* Now one that does */ + dns_test_namefromstring("d.e.f", &fname); + name = dns_fixedname_name(&fname); + result = dns_rbt_deletename(ctx->rbt, name, false); + assert_int_equal(result, ISC_R_NOTFOUND); + + test_context_teardown(ctx); +} + +/* Test nodechain */ +static void +rbt_nodechain(void **state) { + isc_result_t result; + test_context_t *ctx; + dns_fixedname_t fname, found, expect; + dns_name_t *name, *foundname, *expected; + dns_rbtnode_t *node = NULL; + dns_rbtnodechain_t chain; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + dns_rbtnodechain_init(&chain); + + dns_test_namefromstring("a", &fname); + name = dns_fixedname_name(&fname); + + result = dns_rbt_findnode(ctx->rbt, name, NULL, &node, &chain, 0, NULL, + NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + foundname = dns_fixedname_initname(&found); + + dns_test_namefromstring("a", &expect); + expected = dns_fixedname_name(&expect); + UNUSED(expected); + + result = dns_rbtnodechain_first(&chain, ctx->rbt, foundname, NULL); + assert_int_equal(result, DNS_R_NEWORIGIN); + assert_int_equal(dns_name_countlabels(foundname), 0); + + result = dns_rbtnodechain_prev(&chain, NULL, NULL); + assert_int_equal(result, ISC_R_NOMORE); + + result = dns_rbtnodechain_next(&chain, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_rbtnodechain_next(&chain, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_rbtnodechain_last(&chain, ctx->rbt, NULL, NULL); + assert_int_equal(result, DNS_R_NEWORIGIN); + + result = dns_rbtnodechain_next(&chain, NULL, NULL); + assert_int_equal(result, ISC_R_NOMORE); + + result = dns_rbtnodechain_last(&chain, ctx->rbt, NULL, NULL); + assert_int_equal(result, DNS_R_NEWORIGIN); + + result = dns_rbtnodechain_prev(&chain, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_rbtnodechain_invalidate(&chain); + + test_context_teardown(ctx); +} + +/* Test addname return values */ +static void +rbtnode_namelen(void **state) { + isc_result_t result; + test_context_t *ctx = NULL; + dns_rbtnode_t *node; + unsigned int len; + + UNUSED(state); + + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + + ctx = test_context_setup(); + + node = NULL; + result = insert_helper(ctx->rbt, ".", &node); + len = dns__rbtnode_namelen(node); + assert_int_equal(result, ISC_R_EXISTS); + assert_int_equal(len, 1); + node = NULL; + + result = insert_helper(ctx->rbt, "a.b.c.d.e.f.g.h.i.j.k.l.m", &node); + len = dns__rbtnode_namelen(node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(len, 27); + + node = NULL; + result = insert_helper(ctx->rbt, "isc.org", &node); + len = dns__rbtnode_namelen(node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(len, 9); + + node = NULL; + result = insert_helper(ctx->rbt, "example.com", &node); + len = dns__rbtnode_namelen(node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(len, 13); + + test_context_teardown(ctx); +} + +#if defined(DNS_BENCHMARK_TESTS) && !defined(__SANITIZE_THREAD__) + +/* + * XXXMUKS: Don't delete this code. It is useful in benchmarking the + * RBT, but we don't require it as part of the unit test runs. + */ + +static dns_fixedname_t *fnames; +static dns_name_t **names; +static int *values; + +static void * +find_thread(void *arg) { + dns_rbt_t *mytree; + isc_result_t result; + dns_rbtnode_t *node; + unsigned int j, i; + unsigned int start = 0; + + mytree = (dns_rbt_t *)arg; + while (start == 0) { + start = random() % 4000000; + } + + /* Query 32 million random names from it in each thread */ + for (j = 0; j < 8; j++) { + for (i = start; i != start - 1; i = (i + 1) % 4000000) { + node = NULL; + result = dns_rbt_findnode(mytree, names[i], NULL, &node, + NULL, DNS_RBTFIND_EMPTYDATA, + NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + assert_non_null(node); + assert_int_equal(values[i], (intptr_t)node->data); + } + } + + return (NULL); +} + +/* Benchmark RBT implementation */ +static void +benchmark(void **state) { + isc_result_t result; + char namestr[sizeof("name18446744073709551616.example.org.")]; + unsigned int r; + dns_rbt_t *mytree; + dns_rbtnode_t *node; + unsigned int i; + unsigned int maxvalue = 1000000; + isc_time_t ts1, ts2; + double t; + unsigned int nthreads; + isc_thread_t threads[32]; + + UNUSED(state); + + srandom(time(NULL)); + + debug_mem_record = false; + + fnames = (dns_fixedname_t *)malloc(4000000 * sizeof(dns_fixedname_t)); + names = (dns_name_t **)malloc(4000000 * sizeof(dns_name_t *)); + values = (int *)malloc(4000000 * sizeof(int)); + + for (i = 0; i < 4000000; i++) { + r = ((unsigned long)random()) % maxvalue; + snprintf(namestr, sizeof(namestr), "name%u.example.org.", r); + dns_test_namefromstring(namestr, &fnames[i]); + names[i] = dns_fixedname_name(&fnames[i]); + values[i] = r; + } + + /* Create a tree. */ + mytree = NULL; + result = dns_rbt_create(dt_mctx, NULL, NULL, &mytree); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Insert test data into the tree. */ + for (i = 0; i < maxvalue; i++) { + snprintf(namestr, sizeof(namestr), "name%u.example.org.", i); + node = NULL; + result = insert_helper(mytree, namestr, &node); + assert_int_equal(result, ISC_R_SUCCESS); + node->data = (void *)(intptr_t)i; + } + + result = isc_time_now(&ts1); + assert_int_equal(result, ISC_R_SUCCESS); + + nthreads = ISC_MIN(isc_os_ncpus(), 32); + nthreads = ISC_MAX(nthreads, 1); + for (i = 0; i < nthreads; i++) { + isc_thread_create(find_thread, mytree, &threads[i]); + } + + for (i = 0; i < nthreads; i++) { + isc_thread_join(threads[i], NULL); + } + + result = isc_time_now(&ts2); + assert_int_equal(result, ISC_R_SUCCESS); + + t = isc_time_microdiff(&ts2, &ts1); + + printf("%u findnode calls, %f seconds, %f calls/second\n", + nthreads * 8 * 4000000, t / 1000000.0, + (nthreads * 8 * 4000000) / (t / 1000000.0)); + + free(values); + free(names); + free(fnames); + + dns_rbt_destroy(&mytree); +} +#endif /* defined(DNS_BENCHMARK_TESTS) && !defined(__SANITIZE_THREAD__) */ + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(rbt_create, _setup, _teardown), + cmocka_unit_test_setup_teardown(rbt_nodecount, _setup, + _teardown), + cmocka_unit_test_setup_teardown(rbtnode_get_distance, _setup, + _teardown), + cmocka_unit_test_setup_teardown(rbt_check_distance_random, + _setup, _teardown), + cmocka_unit_test_setup_teardown(rbt_check_distance_ordered, + _setup, _teardown), + cmocka_unit_test_setup_teardown(rbt_insert, _setup, _teardown), + cmocka_unit_test_setup_teardown(rbt_remove, _setup, _teardown), + cmocka_unit_test_setup_teardown(rbt_insert_and_remove, _setup, + _teardown), + cmocka_unit_test_setup_teardown(rbt_findname, _setup, + _teardown), + cmocka_unit_test_setup_teardown(rbt_addname, _setup, _teardown), + cmocka_unit_test_setup_teardown(rbt_deletename, _setup, + _teardown), + cmocka_unit_test_setup_teardown(rbt_nodechain, _setup, + _teardown), + cmocka_unit_test_setup_teardown(rbtnode_namelen, _setup, + _teardown), +#if defined(DNS_BENCHMARK_TESTS) && !defined(__SANITIZE_THREAD__) + cmocka_unit_test_setup_teardown(benchmark, _setup, _teardown), +#endif /* defined(DNS_BENCHMARK_TESTS) && !defined(__SANITIZE_THREAD__) */ + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/rbtdb_test.c b/lib/dns/tests/rbtdb_test.c new file mode 100644 index 0000000..ac7b776 --- /dev/null +++ b/lib/dns/tests/rbtdb_test.c @@ -0,0 +1,423 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/print.h> +#include <isc/util.h> + +#include <dns/rbt.h> +#include <dns/rdatalist.h> +#include <dns/rdataset.h> +#include <dns/rdatastruct.h> + +#include "dnstest.h" + +/* Include the main file */ + +#include "../rbtdb.c" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +const char *ownercase_vectors[12][2] = { + { + "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz", + "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz", + }, + { + "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz", + "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ", + }, + { + "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ", + "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz", + }, + { + "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ", + "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz", + }, + { + "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVxXyYzZ", + "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvxxyyzz", + }, + { + "WwW.ExAmPlE.OrG", + "wWw.eXaMpLe.oRg", + }, + { + "_SIP.tcp.example.org", + "_sip.TCP.example.org", + }, + { + "bind-USERS.lists.example.org", + "bind-users.lists.example.org", + }, + { + "a0123456789.example.org", + "A0123456789.example.org", + }, + { + "\\000.example.org", + "\\000.example.org", + }, + { + "wWw.\\000.isc.org", + "www.\\000.isc.org", + }, + { + "\255.example.org", + "\255.example.ORG", + } +}; + +static bool +ownercase_test_one(const char *str1, const char *str2) { + isc_result_t result; + rbtdb_nodelock_t node_locks[1]; + dns_rbtdb_t rbtdb = { .node_locks = node_locks }; + dns_rbtnode_t rbtnode = { .locknum = 0 }; + rdatasetheader_t header = { 0 }; + unsigned char *raw = (unsigned char *)(&header) + sizeof(header); + dns_rdataset_t rdataset = { + .magic = DNS_RDATASET_MAGIC, + .private1 = &rbtdb, + .private2 = &rbtnode, + .private3 = raw, + .methods = &rdataset_methods, + }; + + isc_buffer_t b; + dns_fixedname_t fname1, fname2; + dns_name_t *name1, *name2; + + memset(node_locks, 0, sizeof(node_locks)); + /* Minimal initialization of the mock objects */ + NODE_INITLOCK(&rbtdb.node_locks[0].lock); + + name1 = dns_fixedname_initname(&fname1); + isc_buffer_constinit(&b, str1, strlen(str1)); + isc_buffer_add(&b, strlen(str1)); + result = dns_name_fromtext(name1, &b, dns_rootname, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + name2 = dns_fixedname_initname(&fname2); + isc_buffer_constinit(&b, str2, strlen(str2)); + isc_buffer_add(&b, strlen(str2)); + result = dns_name_fromtext(name2, &b, dns_rootname, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Store the case from name1 */ + dns_rdataset_setownercase(&rdataset, name1); + + assert_true(CASESET(&header)); + + /* Retrieve the case to name2 */ + dns_rdataset_getownercase(&rdataset, name2); + + NODE_DESTROYLOCK(&rbtdb.node_locks[0].lock); + + return (dns_name_caseequal(name1, name2)); +} + +static void +ownercase_test(void **state) { + UNUSED(state); + + for (size_t n = 0; n < ARRAY_SIZE(ownercase_vectors); n++) { + assert_true(ownercase_test_one(ownercase_vectors[n][0], + ownercase_vectors[n][1])); + } + + assert_false(ownercase_test_one("W.example.org", "\\000.example.org")); + + /* Ö and ö in ISO Latin 1 */ + assert_false(ownercase_test_one("\\216", "\\246")); +} + +static void +setownercase_test(void **state) { + isc_result_t result; + rbtdb_nodelock_t node_locks[1]; + dns_rbtdb_t rbtdb = { .node_locks = node_locks }; + dns_rbtnode_t rbtnode = { .locknum = 0 }; + rdatasetheader_t header = { 0 }; + unsigned char *raw = (unsigned char *)(&header) + sizeof(header); + dns_rdataset_t rdataset = { + .magic = DNS_RDATASET_MAGIC, + .private1 = &rbtdb, + .private2 = &rbtnode, + .private3 = raw, + .methods = &rdataset_methods, + }; + const char *str1 = + "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz"; + + isc_buffer_t b; + dns_fixedname_t fname1, fname2; + dns_name_t *name1, *name2; + + UNUSED(state); + + /* Minimal initialization of the mock objects */ + memset(node_locks, 0, sizeof(node_locks)); + NODE_INITLOCK(&rbtdb.node_locks[0].lock); + + name1 = dns_fixedname_initname(&fname1); + isc_buffer_constinit(&b, str1, strlen(str1)); + isc_buffer_add(&b, strlen(str1)); + result = dns_name_fromtext(name1, &b, dns_rootname, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + name2 = dns_fixedname_initname(&fname2); + isc_buffer_constinit(&b, str1, strlen(str1)); + isc_buffer_add(&b, strlen(str1)); + result = dns_name_fromtext(name2, &b, dns_rootname, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_false(CASESET(&header)); + + /* Retrieve the case to name2 */ + dns_rdataset_getownercase(&rdataset, name2); + + NODE_DESTROYLOCK(&rbtdb.node_locks[0].lock); + + assert_true(dns_name_caseequal(name1, name2)); +} + +/* + * No operation water() callback. We need it to cause overmem condition, but + * nothing has to be done in the callback. + */ +static void +overmempurge_water(void *arg, int mark) { + UNUSED(arg); + UNUSED(mark); +} + +/* + * Add to a cache DB 'db' an rdataset of type 'rtype' at a name + * <idx>.example.com. The rdataset would contain one data, and rdata_len is + * its length. 'rtype' is supposed to be some private type whose data can be + * arbitrary (and it doesn't matter in this test). + */ +static void +overmempurge_addrdataset(dns_db_t *db, isc_stdtime_t now, int idx, + dns_rdatatype_t rtype, size_t rdata_len, + bool longname) { + isc_result_t result; + dns_rdata_t rdata; + dns_dbnode_t *node = NULL; + dns_rdatalist_t rdatalist; + dns_rdataset_t rdataset; + dns_fixedname_t fname; + dns_name_t *name; + char namebuf[DNS_NAME_FORMATSIZE]; + unsigned char rdatabuf[65535]; /* large enough for any valid RDATA */ + + REQUIRE(rdata_len <= sizeof(rdatabuf)); + + if (longname) { + /* + * Build a longest possible name (in wire format) that would + * result in a new rbt node with the long name data. + */ + snprintf(namebuf, sizeof(namebuf), + "%010d.%010dabcdef%010dabcdef%010dabcdef%010dabcde." + "%010dabcdef%010dabcdef%010dabcdef%010dabcde." + "%010dabcdef%010dabcdef%010dabcdef%010dabcde." + "%010dabcdef%010dabcdef%010dabcdef01.", + idx, idx, idx, idx, idx, idx, idx, idx, idx, idx, idx, + idx, idx, idx, idx, idx); + } else { + snprintf(namebuf, sizeof(namebuf), "%d.example.com.", idx); + } + + dns_test_namefromstring(namebuf, &fname); + name = dns_fixedname_name(&fname); + + result = dns_db_findnode(db, name, true, &node); + assert_int_equal(result, ISC_R_SUCCESS); + assert_non_null(node); + + dns_rdata_init(&rdata); + rdata.length = rdata_len; + rdata.data = rdatabuf; + rdata.rdclass = dns_rdataclass_in; + rdata.type = rtype; + + dns_rdatalist_init(&rdatalist); + rdatalist.rdclass = dns_rdataclass_in; + rdatalist.type = rtype; + rdatalist.ttl = 3600; + ISC_LIST_APPEND(rdatalist.rdata, &rdata, link); + + dns_rdataset_init(&rdataset); + result = dns_rdatalist_tordataset(&rdatalist, &rdataset); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_db_addrdataset(db, node, NULL, now, &rdataset, 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_db_detachnode(db, &node); +} + +static void +overmempurge_bigrdata_test(void **state) { + size_t maxcache = 2097152U; /* 2MB - same as DNS_CACHE_MINSIZE */ + size_t hiwater = maxcache - (maxcache >> 3); /* borrowed from cache.c */ + size_t lowater = maxcache - (maxcache >> 2); /* ditto */ + isc_result_t result; + dns_db_t *db = NULL; + isc_mem_t *mctx2 = NULL; + isc_stdtime_t now; + size_t i; + + UNUSED(state); + + isc_stdtime_get(&now); + + isc_mem_create(&mctx2); + + result = dns_db_create(mctx2, "rbt", dns_rootname, dns_dbtype_cache, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_mem_setwater(mctx2, overmempurge_water, NULL, hiwater, lowater); + + /* + * Add cache entries with minimum size of data until 'overmem' + * condition is triggered. + * This should eventually happen, but we also limit the number of + * iteration to avoid an infinite loop in case something gets wrong. + */ + for (i = 0; !isc_mem_isovermem(mctx2) && i < (maxcache / 10); i++) { + overmempurge_addrdataset(db, now, i, 50053, 0, false); + } + assert_true(isc_mem_isovermem(mctx2)); + + /* + * Then try to add the same number of entries, each has very large data. + * 'overmem purge' should keep the total cache size from not exceeding + * the 'hiwater' mark too much. So we should be able to assume the + * cache size doesn't reach the "max". + */ + while (i-- > 0) { + overmempurge_addrdataset(db, now, i, 50054, 65535, false); + assert_true(isc_mem_inuse(mctx2) < maxcache); + } + + dns_db_detach(&db); + isc_mem_destroy(&mctx2); +} + +static void +overmempurge_longname_test(void **state) { + size_t maxcache = 2097152U; /* 2MB - same as DNS_CACHE_MINSIZE */ + size_t hiwater = maxcache - (maxcache >> 3); /* borrowed from cache.c */ + size_t lowater = maxcache - (maxcache >> 2); /* ditto */ + isc_result_t result; + dns_db_t *db = NULL; + isc_mem_t *mctx2 = NULL; + isc_stdtime_t now; + size_t i; + + UNUSED(state); + + isc_stdtime_get(&now); + isc_mem_create(&mctx2); + + result = dns_db_create(mctx2, "rbt", dns_rootname, dns_dbtype_cache, + dns_rdataclass_in, 0, NULL, &db); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_mem_setwater(mctx2, overmempurge_water, NULL, hiwater, lowater); + + /* + * Add cache entries with minimum size of data until 'overmem' + * condition is triggered. + * This should eventually happen, but we also limit the number of + * iteration to avoid an infinite loop in case something gets wrong. + */ + for (i = 0; !isc_mem_isovermem(mctx2) && i < (maxcache / 10); i++) { + overmempurge_addrdataset(db, now, i, 50053, 0, false); + } + assert_true(isc_mem_isovermem(mctx2)); + + /* + * Then try to add the same number of entries, each has very large data. + * 'overmem purge' should keep the total cache size from not exceeding + * the 'hiwater' mark too much. So we should be able to assume the + * cache size doesn't reach the "max". + */ + while (i-- > 0) { + overmempurge_addrdataset(db, now, i, 50054, 0, true); + assert_true(isc_mem_inuse(mctx2) < maxcache); + } + + dns_db_detach(&db); + isc_mem_destroy(&mctx2); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test(ownercase_test), + cmocka_unit_test(setownercase_test), + cmocka_unit_test(overmempurge_bigrdata_test), + cmocka_unit_test(overmempurge_longname_test), + }; + + return (cmocka_run_group_tests(tests, _setup, _teardown)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/rdata_test.c b/lib/dns/tests/rdata_test.c new file mode 100644 index 0000000..9bcac99 --- /dev/null +++ b/lib/dns/tests/rdata_test.c @@ -0,0 +1,3229 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING + +#include <isc/cmocka.h> +#include <isc/commandline.h> +#include <isc/hex.h> +#include <isc/lex.h> +#include <isc/print.h> +#include <isc/stdio.h> +#include <isc/types.h> +#include <isc/util.h> + +#include <dns/rdata.h> + +#include "dnstest.h" + +static bool debug = false; + +/* + * An array of these structures is passed to compare_ok(). + */ +struct compare_ok { + const char *text1; /* text passed to fromtext_*() */ + const char *text2; /* text passed to fromtext_*() */ + int answer; /* -1, 0, 1 */ + int lineno; /* source line defining this RDATA */ +}; +typedef struct compare_ok compare_ok_t; + +struct textvsunknown { + const char *text1; + const char *text2; +}; +typedef struct textvsunknown textvsunknown_t; + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/* + * An array of these structures is passed to check_text_ok(). + */ +typedef struct text_ok { + const char *text_in; /* text passed to fromtext_*() */ + const char *text_out; /* text expected from totext_*(); + * NULL indicates text_in is invalid */ + unsigned int loop; +} text_ok_t; + +/* + * An array of these structures is passed to check_wire_ok(). + */ +typedef struct wire_ok { + unsigned char data[512]; /* RDATA in wire format */ + size_t len; /* octets of data to parse */ + bool ok; /* is this RDATA valid? */ + unsigned int loop; +} wire_ok_t; + +#define COMPARE(r1, r2, answer) \ + { \ + r1, r2, answer, __LINE__ \ + } +#define COMPARE_SENTINEL() \ + { \ + NULL, NULL, 0, __LINE__ \ + } + +#define TEXT_VALID_CHANGED(data_in, data_out) \ + { \ + data_in, data_out, 0 \ + } +#define TEXT_VALID(data) \ + { \ + data, data, 0 \ + } +#define TEXT_VALID_LOOP(loop, data) \ + { \ + data, data, loop \ + } +#define TEXT_VALID_LOOPCHG(loop, data_in, data_out) \ + { \ + data_in, data_out, loop \ + } +#define TEXT_INVALID(data) \ + { \ + data, NULL, 0 \ + } +#define TEXT_SENTINEL() TEXT_INVALID(NULL) + +#define VARGC(...) (sizeof((unsigned char[]){ __VA_ARGS__ })) +#define WIRE_TEST(ok, loop, ...) \ + { \ + { __VA_ARGS__ }, VARGC(__VA_ARGS__), ok, loop \ + } +#define WIRE_VALID(...) WIRE_TEST(true, 0, __VA_ARGS__) +#define WIRE_VALID_LOOP(loop, ...) WIRE_TEST(true, loop, __VA_ARGS__) +/* + * WIRE_INVALID() test cases must always have at least one octet specified to + * distinguish them from WIRE_SENTINEL(). Use the 'empty_ok' parameter passed + * to check_wire_ok() for indicating whether empty RDATA is allowed for a given + * RR type or not. + */ +#define WIRE_INVALID(FIRST, ...) WIRE_TEST(false, 0, FIRST, __VA_ARGS__) +#define WIRE_SENTINEL() WIRE_TEST(false, 0) + +/* + * Call dns_rdata_fromwire() for data in 'src', which is 'srclen' octets in + * size and represents RDATA of given 'type' and 'class'. Store the resulting + * uncompressed wire form in 'dst', which is 'dstlen' octets in size, and make + * 'rdata' refer to that uncompressed wire form. + */ +static isc_result_t +wire_to_rdata(const unsigned char *src, size_t srclen, dns_rdataclass_t rdclass, + dns_rdatatype_t type, unsigned char *dst, size_t dstlen, + dns_rdata_t *rdata) { + isc_buffer_t source, target; + dns_decompress_t dctx; + isc_result_t result; + + /* + * Set up len-octet buffer pointing at data. + */ + isc_buffer_constinit(&source, src, srclen); + isc_buffer_add(&source, srclen); + isc_buffer_setactive(&source, srclen); + + /* + * Initialize target buffer. + */ + isc_buffer_init(&target, dst, dstlen); + + /* + * Try converting input data into uncompressed wire form. + */ + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY); + result = dns_rdata_fromwire(rdata, rdclass, type, &source, &dctx, 0, + &target); + dns_decompress_invalidate(&dctx); + + return (result); +} + +/* + * Call dns_rdata_towire() for rdata and write to result to dst. + */ +static isc_result_t +rdata_towire(dns_rdata_t *rdata, unsigned char *dst, size_t dstlen, + size_t *length) { + isc_buffer_t target; + dns_compress_t cctx; + isc_result_t result; + + /* + * Initialize target buffer. + */ + isc_buffer_init(&target, dst, dstlen); + + /* + * Try converting input data into uncompressed wire form. + */ + dns_compress_init(&cctx, -1, dt_mctx); + result = dns_rdata_towire(rdata, &cctx, &target); + dns_compress_invalidate(&cctx); + + *length = isc_buffer_usedlength(&target); + + return (result); +} + +static isc_result_t +additionaldata_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) { + UNUSED(arg); + UNUSED(name); + UNUSED(qtype); + return (ISC_R_SUCCESS); +} + +/* + * call dns_rdata_additionaldata() for rdata. + */ +static isc_result_t +rdata_additionadata(dns_rdata_t *rdata) { + return (dns_rdata_additionaldata(rdata, additionaldata_cb, NULL)); +} + +/* + * Call dns_rdata_checknames() with various owner names chosen to + * match well known forms. + * + * We are currently only checking that the calls do not trigger + * assertion failures. + * + * XXXMPA A future extension could be to record the expected + * result and the expected value of 'bad'. + */ +static void +rdata_checknames(dns_rdata_t *rdata) { + dns_fixedname_t fixed, bfixed; + dns_name_t *name, *bad; + isc_result_t result; + + name = dns_fixedname_initname(&fixed); + bad = dns_fixedname_initname(&bfixed); + + (void)dns_rdata_checknames(rdata, dns_rootname, NULL); + (void)dns_rdata_checknames(rdata, dns_rootname, bad); + + result = dns_name_fromstring(name, "example.net", 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + (void)dns_rdata_checknames(rdata, name, NULL); + (void)dns_rdata_checknames(rdata, name, bad); + + result = dns_name_fromstring(name, "in-addr.arpa", 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + (void)dns_rdata_checknames(rdata, name, NULL); + (void)dns_rdata_checknames(rdata, name, bad); + + result = dns_name_fromstring(name, "ip6.arpa", 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + (void)dns_rdata_checknames(rdata, name, NULL); + (void)dns_rdata_checknames(rdata, name, bad); +} + +/* + * Test whether converting rdata to a type-specific struct and then back to + * rdata results in the same uncompressed wire form. This checks whether + * tostruct_*() and fromstruct_*() routines for given RR class and type behave + * consistently. + * + * This function is called for every correctly processed input RDATA, from both + * check_text_ok_single() and check_wire_ok_single(). + */ +static void +check_struct_conversions(dns_rdata_t *rdata, size_t structsize, + unsigned int loop) { + dns_rdataclass_t rdclass = rdata->rdclass; + dns_rdatatype_t type = rdata->type; + isc_result_t result; + isc_buffer_t target; + void *rdata_struct; + char buf[1024]; + unsigned int count = 0; + + rdata_struct = isc_mem_allocate(dt_mctx, structsize); + assert_non_null(rdata_struct); + + /* + * Convert from uncompressed wire form into type-specific struct. + */ + result = dns_rdata_tostruct(rdata, rdata_struct, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Convert from type-specific struct into uncompressed wire form. + */ + isc_buffer_init(&target, buf, sizeof(buf)); + result = dns_rdata_fromstruct(NULL, rdclass, type, rdata_struct, + &target); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Ensure results are consistent. + */ + assert_int_equal(isc_buffer_usedlength(&target), rdata->length); + + assert_memory_equal(buf, rdata->data, rdata->length); + + /* + * Check that one can walk hip rendezvous servers and + * https/svcb parameters. + */ + switch (type) { + case dns_rdatatype_hip: { + dns_rdata_hip_t *hip = rdata_struct; + + for (result = dns_rdata_hip_first(hip); result == ISC_R_SUCCESS; + result = dns_rdata_hip_next(hip)) + { + dns_name_t name; + dns_name_init(&name, NULL); + dns_rdata_hip_current(hip, &name); + assert_int_not_equal(dns_name_countlabels(&name), 0); + assert_true(dns_name_isabsolute(&name)); + count++; + } + assert_int_equal(result, ISC_R_NOMORE); + assert_int_equal(count, loop); + break; + } + case dns_rdatatype_https: { + dns_rdata_in_https_t *https = rdata_struct; + + for (result = dns_rdata_in_https_first(https); + result == ISC_R_SUCCESS; + result = dns_rdata_in_https_next(https)) + { + isc_region_t region; + dns_rdata_in_https_current(https, ®ion); + assert_true(region.length >= 4); + count++; + } + assert_int_equal(result, ISC_R_NOMORE); + assert_int_equal(count, loop); + break; + } + case dns_rdatatype_svcb: { + dns_rdata_in_svcb_t *svcb = rdata_struct; + + for (result = dns_rdata_in_svcb_first(svcb); + result == ISC_R_SUCCESS; + result = dns_rdata_in_svcb_next(svcb)) + { + isc_region_t region; + dns_rdata_in_svcb_current(svcb, ®ion); + assert_true(region.length >= 4); + count++; + } + assert_int_equal(result, ISC_R_NOMORE); + assert_int_equal(count, loop); + break; + } + } + + isc_mem_free(dt_mctx, rdata_struct); +} + +/* + * Check whether converting supplied text form RDATA into uncompressed wire + * form succeeds (tests fromtext_*()). If so, try converting it back into text + * form and see if it results in the original text (tests totext_*()). + */ +static void +check_text_ok_single(const text_ok_t *text_ok, dns_rdataclass_t rdclass, + dns_rdatatype_t type, size_t structsize) { + unsigned char buf_fromtext[1024], buf_fromwire[1024], buf_towire[1024]; + dns_rdata_t rdata = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; + char buf_totext[1024] = { 0 }; + isc_buffer_t target; + isc_result_t result; + size_t length = 0; + + if (debug) { + fprintf(stdout, "#check_text_ok_single(%s)\n", + text_ok->text_in); + } + /* + * Try converting text form RDATA into uncompressed wire form. + */ + result = dns_test_rdatafromstring(&rdata, rdclass, type, buf_fromtext, + sizeof(buf_fromtext), + text_ok->text_in, false); + /* + * Check whether result is as expected. + */ + if (text_ok->text_out != NULL) { + if (debug && result != ISC_R_SUCCESS) { + fprintf(stdout, "# '%s'\n", text_ok->text_in); + fprintf(stdout, "# result=%s\n", + dns_result_totext(result)); + } + assert_int_equal(result, ISC_R_SUCCESS); + } else { + if (debug && result == ISC_R_SUCCESS) { + fprintf(stdout, "#'%s'\n", text_ok->text_in); + } + assert_int_not_equal(result, ISC_R_SUCCESS); + } + + /* + * If text form RDATA was not parsed correctly, performing any + * additional checks is pointless. + */ + if (result != ISC_R_SUCCESS) { + return; + } + + /* + * Try converting uncompressed wire form RDATA back into text form and + * check whether the resulting text is the same as the original one. + */ + isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); + result = dns_rdata_totext(&rdata, NULL, &target); + if (result != ISC_R_SUCCESS && debug) { + size_t i; + fprintf(stdout, "# dns_rdata_totext -> %s", + dns_result_totext(result)); + for (i = 0; i < rdata.length; i++) { + if ((i % 16) == 0) { + fprintf(stdout, "\n#"); + } + fprintf(stdout, " %02x", rdata.data[i]); + } + fprintf(stdout, "\n"); + } + assert_int_equal(result, ISC_R_SUCCESS); + /* + * Ensure buf_totext is properly NUL terminated as dns_rdata_totext() + * may attempt different output formats writing into the apparently + * unused part of the buffer. + */ + isc_buffer_putuint8(&target, 0); + if (debug && strcmp(buf_totext, text_ok->text_out) != 0) { + fprintf(stdout, "# '%s' != '%s'\n", buf_totext, + text_ok->text_out); + } + assert_string_equal(buf_totext, text_ok->text_out); + + if (debug) { + fprintf(stdout, "#dns_rdata_totext -> '%s'\n", buf_totext); + } + + /* + * Ensure that fromtext_*() output is valid input for fromwire_*(). + */ + result = wire_to_rdata(rdata.data, rdata.length, rdclass, type, + buf_fromwire, sizeof(buf_fromwire), &rdata2); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(rdata.length, rdata2.length); + assert_memory_equal(rdata.data, buf_fromwire, rdata.length); + + /* + * Ensure that fromtext_*() output is valid input for towire_*(). + */ + result = rdata_towire(&rdata, buf_towire, sizeof(buf_towire), &length); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(rdata.length, length); + assert_memory_equal(rdata.data, buf_towire, length); + + /* + * Test that additionaldata_*() succeeded. + */ + result = rdata_additionadata(&rdata); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Exercise checknames_*(). + */ + rdata_checknames(&rdata); + + /* + * Perform two-way conversion checks between uncompressed wire form and + * type-specific struct. + */ + check_struct_conversions(&rdata, structsize, text_ok->loop); +} + +/* + * Test whether converting rdata to text form and then parsing the result of + * that conversion again results in the same uncompressed wire form. This + * checks whether totext_*() output is parsable by fromtext_*() for given RR + * class and type. + * + * This function is called for every input RDATA which is successfully parsed + * by check_wire_ok_single() and whose type is not a meta-type. + */ +static void +check_text_conversions(dns_rdata_t *rdata) { + char buf_totext[1024] = { 0 }; + unsigned char buf_fromtext[1024]; + isc_result_t result; + isc_buffer_t target; + dns_rdata_t rdata2 = DNS_RDATA_INIT; + + /* + * Convert uncompressed wire form RDATA into text form. This + * conversion must succeed since input RDATA was successfully + * parsed by check_wire_ok_single(). + */ + isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); + result = dns_rdata_totext(rdata, NULL, &target); + assert_int_equal(result, ISC_R_SUCCESS); + /* + * Ensure buf_totext is properly NUL terminated as dns_rdata_totext() + * may attempt different output formats writing into the apparently + * unused part of the buffer. + */ + isc_buffer_putuint8(&target, 0); + if (debug) { + fprintf(stdout, "#'%s'\n", buf_totext); + } + + /* + * Try parsing text form RDATA output by dns_rdata_totext() again. + */ + result = dns_test_rdatafromstring(&rdata2, rdata->rdclass, rdata->type, + buf_fromtext, sizeof(buf_fromtext), + buf_totext, false); + if (debug && result != ISC_R_SUCCESS) { + fprintf(stdout, "# result = %s\n", dns_result_totext(result)); + fprintf(stdout, "# '%s'\n", buf_fromtext); + } + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(rdata2.length, rdata->length); + assert_memory_equal(buf_fromtext, rdata->data, rdata->length); +} + +/* + * Test whether converting rdata to multi-line text form and then parsing the + * result of that conversion again results in the same uncompressed wire form. + * This checks whether multi-line totext_*() output is parsable by fromtext_*() + * for given RR class and type. + * + * This function is called for every input RDATA which is successfully parsed + * by check_wire_ok_single() and whose type is not a meta-type. + */ +static void +check_multiline_text_conversions(dns_rdata_t *rdata) { + char buf_totext[1024] = { 0 }; + unsigned char buf_fromtext[1024]; + isc_result_t result; + isc_buffer_t target; + dns_rdata_t rdata2 = DNS_RDATA_INIT; + unsigned int flags; + + /* + * Convert uncompressed wire form RDATA into multi-line text form. + * This conversion must succeed since input RDATA was successfully + * parsed by check_wire_ok_single(). + */ + isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); + flags = dns_master_styleflags(&dns_master_style_default); + result = dns_rdata_tofmttext(rdata, dns_rootname, flags, 80 - 32, 4, + "\n", &target); + assert_int_equal(result, ISC_R_SUCCESS); + /* + * Ensure buf_totext is properly NUL terminated as + * dns_rdata_tofmttext() may attempt different output formats + * writing into the apparently unused part of the buffer. + */ + isc_buffer_putuint8(&target, 0); + if (debug) { + fprintf(stdout, "#'%s'\n", buf_totext); + } + + /* + * Try parsing multi-line text form RDATA output by + * dns_rdata_tofmttext() again. + */ + result = dns_test_rdatafromstring(&rdata2, rdata->rdclass, rdata->type, + buf_fromtext, sizeof(buf_fromtext), + buf_totext, false); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(rdata2.length, rdata->length); + assert_memory_equal(buf_fromtext, rdata->data, rdata->length); +} + +/* + * Test whether supplied wire form RDATA is properly handled as being either + * valid or invalid for an RR of given rdclass and type. + */ +static void +check_wire_ok_single(const wire_ok_t *wire_ok, dns_rdataclass_t rdclass, + dns_rdatatype_t type, size_t structsize) { + unsigned char buf[1024], buf_towire[1024]; + isc_result_t result; + dns_rdata_t rdata = DNS_RDATA_INIT; + size_t length = 0; + + /* + * Try converting wire data into uncompressed wire form. + */ + result = wire_to_rdata(wire_ok->data, wire_ok->len, rdclass, type, buf, + sizeof(buf), &rdata); + /* + * Check whether result is as expected. + */ + if (wire_ok->ok) { + assert_int_equal(result, ISC_R_SUCCESS); + } else { + assert_int_not_equal(result, ISC_R_SUCCESS); + } + + if (result != ISC_R_SUCCESS) { + return; + } + + /* + * If data was parsed correctly, perform two-way conversion checks + * between uncompressed wire form and type-specific struct. + * + * If the RR type is not a meta-type, additionally perform two-way + * conversion checks between: + * + * - uncompressed wire form and text form, + * - uncompressed wire form and multi-line text form. + */ + check_struct_conversions(&rdata, structsize, wire_ok->loop); + if (!dns_rdatatype_ismeta(rdata.type)) { + check_text_conversions(&rdata); + check_multiline_text_conversions(&rdata); + } + + /* + * Ensure that fromwire_*() output is valid input for towire_*(). + */ + result = rdata_towire(&rdata, buf_towire, sizeof(buf_towire), &length); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(rdata.length, length); + assert_memory_equal(rdata.data, buf_towire, length); + + /* + * Test that additionaldata_*() succeeded. + */ + result = rdata_additionadata(&rdata); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Exercise checknames_*(). + */ + rdata_checknames(&rdata); +} + +/* + * Test fromtext_*() and totext_*() routines for given RR class and type for + * each text form RDATA in the supplied array. See the comment for + * check_text_ok_single() for an explanation of how exactly these routines are + * tested. + */ +static void +check_text_ok(const text_ok_t *text_ok, dns_rdataclass_t rdclass, + dns_rdatatype_t type, size_t structsize) { + size_t i; + + /* + * Check all entries in the supplied array. + */ + for (i = 0; text_ok[i].text_in != NULL; i++) { + check_text_ok_single(&text_ok[i], rdclass, type, structsize); + } +} + +/* + * For each wire form RDATA in the supplied array, check whether it is properly + * handled as being either valid or invalid for an RR of given rdclass and + * type, then check whether trying to process a zero-length wire data buffer + * yields the expected result. This checks whether the fromwire_*() routine + * for given RR class and type behaves as expected. + */ +static void +check_wire_ok(const wire_ok_t *wire_ok, bool empty_ok, dns_rdataclass_t rdclass, + dns_rdatatype_t type, size_t structsize) { + wire_ok_t empty_wire = WIRE_TEST(empty_ok, 0); + size_t i; + + /* + * Check all entries in the supplied array. + */ + for (i = 0; wire_ok[i].len != 0; i++) { + if (debug) { + fprintf(stderr, "calling check_wire_ok_single on %zu\n", + i); + } + check_wire_ok_single(&wire_ok[i], rdclass, type, structsize); + } + + /* + * Check empty wire data. + */ + check_wire_ok_single(&empty_wire, rdclass, type, structsize); +} + +/* + * Check that two records compare as expected with dns_rdata_compare(). + */ +static void +check_compare_ok_single(const compare_ok_t *compare_ok, + dns_rdataclass_t rdclass, dns_rdatatype_t type) { + dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; + unsigned char buf1[1024], buf2[1024]; + isc_result_t result; + int answer; + + result = dns_test_rdatafromstring(&rdata1, rdclass, type, buf1, + sizeof(buf1), compare_ok->text1, + false); + if (result != ISC_R_SUCCESS) { + fail_msg("# line %d: '%s': expected success, got failure", + compare_ok->lineno, compare_ok->text1); + } + + result = dns_test_rdatafromstring(&rdata2, rdclass, type, buf2, + sizeof(buf2), compare_ok->text2, + false); + + if (result != ISC_R_SUCCESS) { + fail_msg("# line %d: '%s': expected success, got failure", + compare_ok->lineno, compare_ok->text2); + } + + answer = dns_rdata_compare(&rdata1, &rdata2); + if (compare_ok->answer == 0 && answer != 0) { + fail_msg("# line %d: dns_rdata_compare('%s', '%s'): " + "expected equal, got %s", + compare_ok->lineno, compare_ok->text1, + compare_ok->text2, + (answer > 0) ? "greater than" : "less than"); + } + if (compare_ok->answer < 0 && answer >= 0) { + fail_msg("# line %d: dns_rdata_compare('%s', '%s'): " + "expected less than, got %s", + compare_ok->lineno, compare_ok->text1, + compare_ok->text2, + (answer == 0) ? "equal" : "greater than"); + } + if (compare_ok->answer > 0 && answer <= 0) { + fail_msg("line %d: dns_rdata_compare('%s', '%s'): " + "expected greater than, got %s", + compare_ok->lineno, compare_ok->text1, + compare_ok->text2, + (answer == 0) ? "equal" : "less than"); + } +} + +/* + * Check that all the records sets in compare_ok compare as expected + * with dns_rdata_compare(). + */ +static void +check_compare_ok(const compare_ok_t *compare_ok, dns_rdataclass_t rdclass, + dns_rdatatype_t type) { + size_t i; + /* + * Check all entries in the supplied array. + */ + for (i = 0; compare_ok[i].text1 != NULL; i++) { + check_compare_ok_single(&compare_ok[i], rdclass, type); + } +} + +/* + * Test whether supplied sets of text form and/or wire form RDATA are handled + * as expected. + * + * The empty_ok argument denotes whether an attempt to parse a zero-length wire + * data buffer should succeed or not (it is valid for some RR types). There is + * no point in performing a similar check for empty text form RDATA, because + * dns_rdata_fromtext() returns ISC_R_UNEXPECTEDEND before calling fromtext_*() + * for the given RR class and type. + */ +static void +check_rdata(const text_ok_t *text_ok, const wire_ok_t *wire_ok, + const compare_ok_t *compare_ok, bool empty_ok, + dns_rdataclass_t rdclass, dns_rdatatype_t type, size_t structsize) { + if (text_ok != NULL) { + check_text_ok(text_ok, rdclass, type, structsize); + } + if (wire_ok != NULL) { + check_wire_ok(wire_ok, empty_ok, rdclass, type, structsize); + } + if (compare_ok != NULL) { + check_compare_ok(compare_ok, rdclass, type); + } +} + +/* + * Check presentation vs unknown format of the record. + */ +static void +check_textvsunknown_single(const textvsunknown_t *textvsunknown, + dns_rdataclass_t rdclass, dns_rdatatype_t type) { + dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; + unsigned char buf1[1024], buf2[1024]; + isc_result_t result; + + result = dns_test_rdatafromstring(&rdata1, rdclass, type, buf1, + sizeof(buf1), textvsunknown->text1, + false); + if (debug && result != ISC_R_SUCCESS) { + fprintf(stdout, "# '%s'\n", textvsunknown->text1); + fprintf(stdout, "# result=%s\n", dns_result_totext(result)); + } + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_test_rdatafromstring(&rdata2, rdclass, type, buf2, + sizeof(buf2), textvsunknown->text2, + false); + if (debug && result != ISC_R_SUCCESS) { + fprintf(stdout, "# '%s'\n", textvsunknown->text2); + fprintf(stdout, "# result=%s\n", dns_result_totext(result)); + } + assert_int_equal(result, ISC_R_SUCCESS); + if (debug && rdata1.length != rdata2.length) { + fprintf(stdout, "# '%s'\n", textvsunknown->text1); + fprintf(stdout, "# rdata1.length (%u) != rdata2.length (%u)\n", + rdata1.length, rdata2.length); + } + assert_int_equal(rdata1.length, rdata2.length); + if (debug && memcmp(rdata1.data, rdata2.data, rdata1.length) != 0) { + unsigned int i; + fprintf(stdout, "# '%s'\n", textvsunknown->text1); + for (i = 0; i < rdata1.length; i++) { + if (rdata1.data[i] != rdata2.data[i]) { + fprintf(stderr, "# %u: %02x != %02x\n", i, + rdata1.data[i], rdata2.data[i]); + } + } + } + assert_memory_equal(rdata1.data, rdata2.data, rdata1.length); +} + +static void +check_textvsunknown(const textvsunknown_t *textvsunknown, + dns_rdataclass_t rdclass, dns_rdatatype_t type) { + size_t i; + + /* + * Check all entries in the supplied array. + */ + for (i = 0; textvsunknown[i].text1 != NULL; i++) { + check_textvsunknown_single(&textvsunknown[i], rdclass, type); + } +} + +/* + * Common tests for RR types based on KEY that require key data: + * + * - CDNSKEY (RFC 7344) + * - DNSKEY (RFC 4034) + * - RKEY (draft-reid-dnsext-rkey-00) + */ +static void +key_required(void **state, dns_rdatatype_t type, size_t size) { + wire_ok_t wire_ok[] = { /* + * RDATA must be at least 5 octets in size: + * + * - 2 octets for Flags, + * - 1 octet for Protocol, + * - 1 octet for Algorithm, + * - Public Key must not be empty. + * + * RFC 2535 section 3.1.2 allows the Public Key + * to be empty if bits 0-1 of Flags are both + * set, but that only applies to KEY records: + * for the RR types tested here, the Public Key + * must not be empty. + */ + WIRE_INVALID(0x00), + WIRE_INVALID(0x00, 0x00), + WIRE_INVALID(0x00, 0x00, 0x00), + WIRE_INVALID(0xc0, 0x00, 0x00, 0x00), + WIRE_INVALID(0x00, 0x00, 0x00, 0x00), + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, type, size); +} + +/* APL RDATA manipulations */ +static void +apl(void **state) { + text_ok_t text_ok[] = { + /* empty list */ + TEXT_VALID(""), + /* min,max prefix IPv4 */ + TEXT_VALID("1:0.0.0.0/0"), TEXT_VALID("1:127.0.0.1/32"), + /* min,max prefix IPv6 */ + TEXT_VALID("2:::/0"), TEXT_VALID("2:::1/128"), + /* negated */ + TEXT_VALID("!1:0.0.0.0/0"), TEXT_VALID("!1:127.0.0.1/32"), + TEXT_VALID("!2:::/0"), TEXT_VALID("!2:::1/128"), + /* bits set after prefix length - not disallowed */ + TEXT_VALID("1:127.0.0.0/0"), TEXT_VALID("2:8000::/0"), + /* multiple */ + TEXT_VALID("1:0.0.0.0/0 1:127.0.0.1/32"), + TEXT_VALID("1:0.0.0.0/0 !1:127.0.0.1/32"), + /* family 0, prefix 0, positive */ + TEXT_VALID("\\# 4 00000000"), + /* family 0, prefix 0, negative */ + TEXT_VALID("\\# 4 00000080"), + /* prefix too long */ + TEXT_INVALID("1:0.0.0.0/33"), TEXT_INVALID("2:::/129"), + /* + * Sentinel. + */ + TEXT_SENTINEL() + }; + wire_ok_t wire_ok[] = { /* zero length */ + WIRE_VALID(), + /* prefix too big IPv4 */ + WIRE_INVALID(0x00, 0x01, 33U, 0x00), + /* prefix too big IPv6 */ + WIRE_INVALID(0x00, 0x02, 129U, 0x00), + /* trailing zero octet in afdpart */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x00), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, true, dns_rdataclass_in, + dns_rdatatype_apl, sizeof(dns_rdata_in_apl_t)); +} + +/* + * http://broadband-forum.org/ftp/pub/approved-specs/af-saa-0069.000.pdf + * + * ATMA RR’s have the following RDATA format: + * + * 1 1 1 1 1 1 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | FORMAT | | + * +--+--+--+--+--+--+--+--+ | + * / ADDRESS / + * | | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + * The fields have the following meaning: + * + * * FORMAT: One octet that indicates the format of ADDRESS. The two + * possible values for FORMAT are value 0 indicating ATM End System Address + * (AESA) format and value 1 indicating E.164 format. + * + * * ADDRESS: Variable length string of octets containing the ATM address of + * the node to which this RR pertains. + * + * When the format value is 0, indicating that the address is in AESA format, + * the address is coded as described in ISO 8348/AD 2 using the preferred + * binary encoding of the ISO NSAP format. When the format value is 1, + * indicating that the address is in E.164 format, the Address/Number Digits + * appear in the order in which they would be entered on a numeric keypad. + * Digits are coded in IA5 characters with the leftmost bit of each digit set + * to 0. This ATM address appears in ATM End System Address Octets field (AESA + * format) or the Address/Number Digits field (E.164 format) of the Called + * party number information element [ATMUNI3.1]. Subaddress information is + * intentionally not included because E.164 subaddress information is used for + * routing. + * + * ATMA RRs cause no additional section processing. + */ +static void +atma(void **state) { + text_ok_t text_ok[] = { TEXT_VALID("00"), + TEXT_VALID_CHANGED("0.0", "00"), + /* + * multiple consecutive periods + */ + TEXT_INVALID("0..0"), + /* + * trailing period + */ + TEXT_INVALID("00."), + /* + * leading period + */ + TEXT_INVALID(".00"), + /* + * Not full octets. + */ + TEXT_INVALID("000"), + /* + * E.164 + */ + TEXT_VALID("+61200000000"), + /* + * E.164 with periods + */ + TEXT_VALID_CHANGED("+61.2.0000.0000", "+6120000" + "0000"), + /* + * E.164 with period at end + */ + TEXT_INVALID("+61200000000."), + /* + * E.164 with multiple consecutive periods + */ + TEXT_INVALID("+612..00000000"), + /* + * E.164 with period before the leading digit. + */ + TEXT_INVALID("+.61200000000"), + /* + * Sentinel. + */ + TEXT_SENTINEL() }; + wire_ok_t wire_ok[] = { + /* + * Too short. + */ + WIRE_INVALID(0x00), WIRE_INVALID(0x01), + /* + * all digits + */ + WIRE_VALID(0x01, '6', '1', '2', '0', '0', '0'), + /* + * non digit + */ + WIRE_INVALID(0x01, '+', '6', '1', '2', '0', '0', '0'), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_atma, sizeof(dns_rdata_in_atma_t)); +} + +/* AMTRELAY RDATA manipulations */ +static void +amtrelay(void **state) { + text_ok_t text_ok[] = { + TEXT_INVALID(""), TEXT_INVALID("0"), TEXT_INVALID("0 0"), + /* gateway type 0 */ + TEXT_VALID("0 0 0"), TEXT_VALID("0 1 0"), + TEXT_INVALID("0 2 0"), /* discovery out of range */ + TEXT_VALID("255 1 0"), /* max precedence */ + TEXT_INVALID("256 1 0"), /* precedence out of range */ + + /* IPv4 gateway */ + TEXT_INVALID("0 0 1"), /* no address */ + TEXT_VALID("0 0 1 0.0.0.0"), + TEXT_INVALID("0 0 1 0.0.0.0 x"), /* extra */ + TEXT_INVALID("0 0 1 0.0.0.0.0"), /* bad address */ + TEXT_INVALID("0 0 1 ::"), /* bad address */ + TEXT_INVALID("0 0 1 ."), /* bad address */ + + /* IPv6 gateway */ + TEXT_INVALID("0 0 2"), /* no address */ + TEXT_VALID("0 0 2 ::"), TEXT_INVALID("0 0 2 :: xx"), /* extra */ + TEXT_INVALID("0 0 2 0.0.0.0"), /* bad address */ + TEXT_INVALID("0 0 2 ."), /* bad address */ + + /* hostname gateway */ + TEXT_INVALID("0 0 3"), /* no name */ + /* IPv4 is a valid name */ + TEXT_VALID_CHANGED("0 0 3 0.0.0.0", "0 0 3 0.0.0.0."), + /* IPv6 is a valid name */ + TEXT_VALID_CHANGED("0 0 3 ::", "0 0 3 ::."), + TEXT_VALID_CHANGED("0 0 3 example", "0 0 3 example."), + TEXT_VALID("0 0 3 example."), + TEXT_INVALID("0 0 3 example. x"), /* extra */ + + /* unknown gateway */ + TEXT_VALID("\\# 2 0004"), TEXT_VALID("\\# 2 0084"), + TEXT_VALID("\\# 2 007F"), TEXT_VALID("\\# 3 000400"), + TEXT_VALID("\\# 3 008400"), TEXT_VALID("\\# 3 00FF00"), + + /* + * Sentinel. + */ + TEXT_SENTINEL() + }; + wire_ok_t wire_ok[] = { + WIRE_INVALID(0x00), WIRE_VALID(0x00, 0x00), + WIRE_VALID(0x00, 0x80), WIRE_INVALID(0x00, 0x00, 0x00), + WIRE_INVALID(0x00, 0x80, 0x00), + + WIRE_INVALID(0x00, 0x01), WIRE_INVALID(0x00, 0x01, 0x00), + WIRE_INVALID(0x00, 0x01, 0x00, 0x00), + WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00), + WIRE_VALID(0x00, 0x01, 0x00, 0x00, 0x00, 0x00), + WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00), + + WIRE_INVALID(0x00, 0x02), WIRE_INVALID(0x00, 0x02, 0x00), + WIRE_VALID(0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, + 0x15), + WIRE_INVALID(0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, + 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, + 0x14, 0x15, 0x16), + + WIRE_INVALID(0x00, 0x03), WIRE_VALID(0x00, 0x03, 0x00), + WIRE_INVALID(0x00, 0x03, 0x00, 0x00), /* extra */ + + WIRE_VALID(0x00, 0x04), WIRE_VALID(0x00, 0x04, 0x00), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_amtrelay, sizeof(dns_rdata_amtrelay_t)); +} + +static void +cdnskey(void **state) { + key_required(state, dns_rdatatype_cdnskey, sizeof(dns_rdata_cdnskey_t)); +} + +/* + * CSYNC tests. + * + * RFC 7477: + * + * 2.1. The CSYNC Resource Record Format + * + * 2.1.1. The CSYNC Resource Record Wire Format + * + * The CSYNC RDATA consists of the following fields: + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | SOA Serial | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Flags | Type Bit Map / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * / Type Bit Map (continued) / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * 2.1.1.1. The SOA Serial Field + * + * The SOA Serial field contains a copy of the 32-bit SOA serial number + * from the child zone. If the soaminimum flag is set, parental agents + * querying children's authoritative servers MUST NOT act on data from + * zones advertising an SOA serial number less than this value. See + * [RFC1982] for properly implementing "less than" logic. If the + * soaminimum flag is not set, parental agents MUST ignore the value in + * the SOA Serial field. Clients can set the field to any value if the + * soaminimum flag is unset, such as the number zero. + * + * (...) + * + * 2.1.1.2. The Flags Field + * + * The Flags field contains 16 bits of boolean flags that define + * operations that affect the processing of the CSYNC record. The flags + * defined in this document are as follows: + * + * 0x00 0x01: "immediate" + * + * 0x00 0x02: "soaminimum" + * + * The definitions for how the flags are to be used can be found in + * Section 3. + * + * The remaining flags are reserved for use by future specifications. + * Undefined flags MUST be set to 0 by CSYNC publishers. Parental + * agents MUST NOT process a CSYNC record if it contains a 1 value for a + * flag that is unknown to or unsupported by the parental agent. + * + * 2.1.1.2.1. The Type Bit Map Field + * + * The Type Bit Map field indicates the record types to be processed by + * the parental agent, according to the procedures in Section 3. The + * Type Bit Map field is encoded in the same way as the Type Bit Map + * field of the NSEC record, described in [RFC4034], Section 4.1.2. If + * a bit has been set that a parental agent implementation does not + * understand, the parental agent MUST NOT act upon the record. + * Specifically, a parental agent must not simply copy the data, and it + * must understand the semantics associated with a bit in the Type Bit + * Map field that has been set to 1. + */ +static void +csync(void **state) { + text_ok_t text_ok[] = { TEXT_INVALID(""), + TEXT_INVALID("0"), + TEXT_VALID("0 0"), + TEXT_VALID("0 0 A"), + TEXT_VALID("0 0 NS"), + TEXT_VALID("0 0 AAAA"), + TEXT_VALID("0 0 A AAAA"), + TEXT_VALID("0 0 A NS AAAA"), + TEXT_INVALID("0 0 A NS AAAA BOGUS"), + TEXT_SENTINEL() }; + wire_ok_t wire_ok[] = { + /* + * Short. + */ + WIRE_INVALID(0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Serial + flags only. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Bad type map. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Bad type map. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Good type map. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x02), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_csync, sizeof(dns_rdata_csync_t)); +} + +static void +dnskey(void **state) { + key_required(state, dns_rdatatype_dnskey, sizeof(dns_rdata_dnskey_t)); +} + +/* + * DOA tests. + * + * draft-durand-doa-over-dns-03: + * + * 3.2. DOA RDATA Wire Format + * + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 0: | | + * | DOA-ENTERPRISE | + * | | + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 4: | | + * | DOA-TYPE | + * | | + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 8: | DOA-LOCATION | DOA-MEDIA-TYPE / + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 10: / / + * / DOA-MEDIA-TYPE (continued) / + * / / + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * / / + * / DOA-DATA / + * / / + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * + * DOA-ENTERPRISE: a 32-bit unsigned integer in network order. + * + * DOA-TYPE: a 32-bit unsigned integer in network order. + * + * DOA-LOCATION: an 8-bit unsigned integer. + * + * DOA-MEDIA-TYPE: A <character-string> (see [RFC1035]). The first + * octet of the <character-string> contains the number of characters to + * follow. + * + * DOA-DATA: A variable length blob of binary data. The length of the + * DOA-DATA is not contained within the wire format of the RR and has to + * be computed from the RDLENGTH of the entire RR once other fields have + * been taken into account. + * + * 3.3. DOA RDATA Presentation Format + * + * The DOA-ENTERPRISE field is presented as an unsigned 32-bit decimal + * integer with range 0 - 4,294,967,295. + * + * The DOA-TYPE field is presented as an unsigned 32-bit decimal integer + * with range 0 - 4,294,967,295. + * + * The DOA-LOCATION field is presented as an unsigned 8-bit decimal + * integer with range 0 - 255. + * + * The DOA-MEDIA-TYPE field is presented as a single <character-string>. + * + * The DOA-DATA is presented as Base64 encoded data [RFC4648] unless the + * DOA-DATA is empty in which case it is presented as a single dash + * character ("-", ASCII 45). White space is permitted within Base64 + * data. + */ +static void +doa(void **state) { + text_ok_t text_ok[] = { + /* + * Valid, non-empty DOA-DATA. + */ + TEXT_VALID("0 0 1 \"text/plain\" Zm9v"), + /* + * Valid, non-empty DOA-DATA with whitespace in between. + */ + TEXT_VALID_CHANGED("0 0 1 \"text/plain\" Zm 9v", "0 0 1 " + "\"text/" + "plain\" " + "Zm9v"), + /* + * Valid, unquoted DOA-MEDIA-TYPE, non-empty DOA-DATA. + */ + TEXT_VALID_CHANGED("0 0 1 text/plain Zm9v", "0 0 1 " + "\"text/plain\" " + "Zm9v"), + /* + * Invalid, quoted non-empty DOA-DATA. + */ + TEXT_INVALID("0 0 1 \"text/plain\" \"Zm9v\""), + /* + * Valid, empty DOA-DATA. + */ + TEXT_VALID("0 0 1 \"text/plain\" -"), + /* + * Invalid, quoted empty DOA-DATA. + */ + TEXT_INVALID("0 0 1 \"text/plain\" \"-\""), + /* + * Invalid, missing "-" in empty DOA-DATA. + */ + TEXT_INVALID("0 0 1 \"text/plain\""), + /* + * Valid, undefined DOA-LOCATION. + */ + TEXT_VALID("0 0 100 \"text/plain\" Zm9v"), + /* + * Invalid, DOA-LOCATION too big. + */ + TEXT_INVALID("0 0 256 \"text/plain\" ZM9v"), + /* + * Valid, empty DOA-MEDIA-TYPE, non-empty DOA-DATA. + */ + TEXT_VALID("0 0 2 \"\" aHR0cHM6Ly93d3cuaXNjLm9yZy8="), + /* + * Valid, empty DOA-MEDIA-TYPE, empty DOA-DATA. + */ + TEXT_VALID("0 0 1 \"\" -"), + /* + * Valid, DOA-MEDIA-TYPE with a space. + */ + TEXT_VALID("0 0 1 \"plain text\" Zm9v"), + /* + * Invalid, missing DOA-MEDIA-TYPE. + */ + TEXT_INVALID("1234567890 1234567890 1"), + /* + * Valid, DOA-DATA over 255 octets. + */ + TEXT_VALID("1234567890 1234567890 1 \"image/gif\" " + "R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM" + "/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAA" + "AAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c" + "3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS" + "1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeF" + "AgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9" + "pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1" + "SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7"), + /* + * Invalid, bad Base64 in DOA-DATA. + */ + TEXT_INVALID("1234567890 1234567890 1 \"image/gif\" R0lGODl"), + /* + * Sentinel. + */ + TEXT_SENTINEL() + }; + wire_ok_t wire_ok[] = { + /* + * Valid, empty DOA-MEDIA-TYPE, empty DOA-DATA. + */ + WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, + 0x00), + /* + * Invalid, missing DOA-MEDIA-TYPE. + */ + WIRE_INVALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, + 0x01), + /* + * Invalid, malformed DOA-MEDIA-TYPE length. + */ + WIRE_INVALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, + 0x01, 0xff), + /* + * Valid, empty DOA-DATA. + */ + WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, + 0x03, 0x66, 0x6f, 0x6f), + /* + * Valid, non-empty DOA-DATA. + */ + WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, + 0x03, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72), + /* + * Valid, DOA-DATA over 255 octets. + */ + WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, + 0x06, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x00, 0x66, + 0x99, 0xff, 0xff, 0xff, 0x33, 0x99, 0xcc, 0xcc, 0xff, + 0xff, 0x99, 0xcc, 0xff, 0x33, 0x66, 0x99, 0x66, 0xcc, + 0xff, 0x99, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x00, 0x99, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x21, 0xf9, + 0x04, 0x01, 0x0a, 0x00, 0x0f, 0x00, 0x2c, 0x00, 0x00, + 0x00, 0x00, 0x28, 0x00, 0x19, 0x00, 0x00, 0x04, 0xc7, + 0xf0, 0x81, 0x49, 0x2b, 0x95, 0x36, 0x6b, 0x8d, 0xf7, + 0xec, 0x5e, 0x68, 0x81, 0x19, 0x29, 0x9e, 0x80, 0x89, + 0xae, 0x5c, 0xbb, 0x3e, 0xb0, 0x8a, 0xca, 0x1f, 0x1c, + 0xdc, 0x78, 0x00, 0x87, 0x34, 0xf7, 0xe4, 0xc0, 0xdb, + 0x6e, 0xd3, 0xbb, 0xfc, 0x82, 0x48, 0x1d, 0xb1, 0xa2, + 0x3a, 0x26, 0x93, 0xc5, 0x54, 0xe9, 0x49, 0x55, 0x96, + 0x2e, 0xa3, 0x6a, 0xd5, 0x45, 0x72, 0x6a, 0x93, 0x52, + 0xd7, 0x07, 0x77, 0x38, 0x0c, 0x6e, 0x83, 0x42, 0xe1, + 0x9c, 0x2b, 0x9b, 0x71, 0x58, 0x6c, 0xc7, 0x2b, 0x10, + 0x9c, 0xeb, 0x78, 0x01, 0x3a, 0x6f, 0xbf, 0x31, 0xe5, + 0x17, 0x39, 0x75, 0x03, 0x03, 0x83, 0x85, 0x67, 0x85, + 0x02, 0x04, 0x69, 0x7a, 0x7e, 0x7f, 0x52, 0x18, 0x5e, + 0x01, 0x83, 0x05, 0x75, 0x40, 0x78, 0x48, 0x57, 0x29, + 0x18, 0x41, 0x86, 0x75, 0x07, 0x82, 0x02, 0xa0, 0x41, + 0x2d, 0x3b, 0x92, 0x93, 0x7d, 0x04, 0x79, 0x77, 0x7d, + 0xa4, 0x4b, 0x00, 0x6c, 0xa1, 0xb1, 0x8c, 0x7a, 0x83, + 0x48, 0x4d, 0x12, 0xa7, 0xa8, 0xb1, 0x37, 0x83, 0x75, + 0x04, 0x99, 0x9b, 0x73, 0xb9, 0x48, 0x86, 0x6b, 0x01, + 0x89, 0xc8, 0x75, 0x6b, 0x03, 0xc0, 0x8e, 0x46, 0x35, + 0x49, 0x94, 0x7c, 0x6c, 0x95, 0xab, 0xcf, 0x7f, 0x36, + 0x48, 0x6a, 0x88, 0x05, 0x04, 0x05, 0x41, 0xde, 0x08, + 0xb1, 0x44, 0xda, 0x5f, 0xe7, 0x1e, 0xba, 0xe7, 0x4f, + 0x11, 0x00, 0x3b), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_doa, sizeof(dns_rdata_doa_t)); +} + +/* + * DS tests. + * + * RFC 4034: + * + * 5.1. DS RDATA Wire Format + * + * The RDATA for a DS RR consists of a 2 octet Key Tag field, a 1 octet + * Algorithm field, a 1 octet Digest Type field, and a Digest field. + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Key Tag | Algorithm | Digest Type | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * / / + * / Digest / + * / / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * 5.1.1. The Key Tag Field + * + * The Key Tag field lists the key tag of the DNSKEY RR referred to by + * the DS record, in network byte order. + * + * The Key Tag used by the DS RR is identical to the Key Tag used by + * RRSIG RRs. Appendix B describes how to compute a Key Tag. + * + * 5.1.2. The Algorithm Field + * + * The Algorithm field lists the algorithm number of the DNSKEY RR + * referred to by the DS record. + * + * The algorithm number used by the DS RR is identical to the algorithm + * number used by RRSIG and DNSKEY RRs. Appendix A.1 lists the + * algorithm number types. + * + * 5.1.3. The Digest Type Field + * + * The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY + * RR. The Digest Type field identifies the algorithm used to construct + * the digest. Appendix A.2 lists the possible digest algorithm types. + * + * 5.1.4. The Digest Field + * + * The DS record refers to a DNSKEY RR by including a digest of that + * DNSKEY RR. + * + * The digest is calculated by concatenating the canonical form of the + * fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA, + * and then applying the digest algorithm. + * + * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA); + * + * "|" denotes concatenation + * + * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. + * + * The size of the digest may vary depending on the digest algorithm and + * DNSKEY RR size. As of the time of this writing, the only defined + * digest algorithm is SHA-1, which produces a 20 octet digest. + */ +static void +ds(void **state) { + text_ok_t text_ok[] = { + /* + * Invalid, empty record. + */ + TEXT_INVALID(""), + /* + * Invalid, no algorithm. + */ + TEXT_INVALID("0"), + /* + * Invalid, no digest type. + */ + TEXT_INVALID("0 0"), + /* + * Invalid, no digest. + */ + TEXT_INVALID("0 0 0"), + /* + * Valid, 1-octet digest for a reserved digest type. + */ + TEXT_VALID("0 0 0 00"), + /* + * Invalid, short SHA-1 digest. + */ + TEXT_INVALID("0 0 1 00"), + TEXT_INVALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B"), + /* + * Valid, 20-octet SHA-1 digest. + */ + TEXT_VALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B6A"), + /* + * Invalid, excessively long SHA-1 digest. + */ + TEXT_INVALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B" + "6A00"), + /* + * Invalid, short SHA-256 digest. + */ + TEXT_INVALID("0 0 2 00"), + TEXT_INVALID("0 0 2 D001BD422FFDA9B745425B71DC17D007E69186" + "9BD59C5F237D9BF85434C313"), + /* + * Valid, 32-octet SHA-256 digest. + */ + TEXT_VALID_CHANGED("0 0 2 " + "D001BD422FFDA9B745425B71DC17D007E691869B" + "D59C5F237D9BF85434C3133F", + "0 0 2 " + "D001BD422FFDA9B745425B71DC17D007E691869B" + "D59C5F237D9BF854 34C3133F"), + /* + * Invalid, excessively long SHA-256 digest. + */ + TEXT_INVALID("0 0 2 D001BD422FFDA9B745425B71DC17D007E69186" + "9BD59C5F237D9BF85434C3133F00"), + /* + * Valid, GOST is no longer supported, hence no length checks. + */ + TEXT_VALID("0 0 3 00"), + /* + * Invalid, short SHA-384 digest. + */ + TEXT_INVALID("0 0 4 00"), + TEXT_INVALID("0 0 4 AC748D6C5AA652904A8763D64B7DFFFFA98152" + "BE12128D238BEBB4814B648F5A841E15CAA2DE348891" + "A37A699F65E5"), + /* + * Valid, 48-octet SHA-384 digest. + */ + TEXT_VALID_CHANGED("0 0 4 " + "AC748D6C5AA652904A8763D64B7DFFFFA98152BE" + "12128D238BEBB4814B648F5A841E15CAA2DE348891A" + "37A" + "699F65E54D", + "0 0 4 " + "AC748D6C5AA652904A8763D64B7DFFFFA98152BE" + "12128D238BEBB481 " + "4B648F5A841E15CAA2DE348891A37A" + "699F65E54D"), + /* + * Invalid, excessively long SHA-384 digest. + */ + TEXT_INVALID("0 0 4 AC748D6C5AA652904A8763D64B7DFFFFA98152" + "BE12128D238BEBB4814B648F5A841E15CAA2DE348891" + "A37A699F65E54D00"), + /* + * Valid, 1-octet digest for an unassigned digest type. + */ + TEXT_VALID("0 0 5 00"), + /* + * Sentinel. + */ + TEXT_SENTINEL() + }; + wire_ok_t wire_ok[] = { + /* + * Invalid, truncated key tag. + */ + WIRE_INVALID(0x00), + /* + * Invalid, no algorithm. + */ + WIRE_INVALID(0x00, 0x00), + /* + * Invalid, no digest type. + */ + WIRE_INVALID(0x00, 0x00, 0x00), + /* + * Invalid, no digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00), + /* + * Valid, 1-octet digest for a reserved digest type. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Invalid, short SHA-1 digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x00), + WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, + 0x16, 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, + 0x68, 0xF8, 0xDA, 0xDD, 0xB5, 0x80, 0x9B), + /* + * Valid, 20-octet SHA-1 digest. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, 0x16, + 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, 0x68, 0xF8, + 0xDA, 0xDD, 0xB5, 0x80, 0x9B, 0x6A), + /* + * Invalid, excessively long SHA-1 digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, + 0x16, 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, + 0x68, 0xF8, 0xDA, 0xDD, 0xB5, 0x80, 0x9B, 0x6A, + 0x00), + /* + * Invalid, short SHA-256 digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0x00), + WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, + 0x2F, 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, + 0xDC, 0x17, 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, + 0xD5, 0x9C, 0x5F, 0x23, 0x7D, 0x9B, 0xF8, 0x54, + 0x34, 0xC3, 0x13), + /* + * Valid, 32-octet SHA-256 digest. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, 0x2F, + 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, 0xDC, 0x17, + 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, 0xD5, 0x9C, 0x5F, + 0x23, 0x7D, 0x9B, 0xF8, 0x54, 0x34, 0xC3, 0x13, + 0x3F), + /* + * Invalid, excessively long SHA-256 digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, + 0x2F, 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, + 0xDC, 0x17, 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, + 0xD5, 0x9C, 0x5F, 0x23, 0x7D, 0x9B, 0xF8, 0x54, + 0x34, 0xC3, 0x13, 0x3F, 0x00), + /* + * Valid, GOST is no longer supported, hence no length checks. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x03, 0x00), + /* + * Invalid, short SHA-384 digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0x00), + WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, + 0x5A, 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, + 0x4B, 0x7D, 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, + 0x12, 0x12, 0x8D, 0x23, 0x8B, 0xEB, 0xB4, 0x81, + 0x4B, 0x64, 0x8F, 0x5A, 0x84, 0x1E, 0x15, 0xCA, + 0xA2, 0xDE, 0x34, 0x88, 0x91, 0xA3, 0x7A, 0x69, + 0x9F, 0x65, 0xE5), + /* + * Valid, 48-octet SHA-384 digest. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, 0x5A, + 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, 0x4B, 0x7D, + 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, 0x12, 0x12, 0x8D, + 0x23, 0x8B, 0xEB, 0xB4, 0x81, 0x4B, 0x64, 0x8F, 0x5A, + 0x84, 0x1E, 0x15, 0xCA, 0xA2, 0xDE, 0x34, 0x88, 0x91, + 0xA3, 0x7A, 0x69, 0x9F, 0x65, 0xE5, 0x4D), + /* + * Invalid, excessively long SHA-384 digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, + 0x5A, 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, + 0x4B, 0x7D, 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, + 0x12, 0x12, 0x8D, 0x23, 0x8B, 0xEB, 0xB4, 0x81, + 0x4B, 0x64, 0x8F, 0x5A, 0x84, 0x1E, 0x15, 0xCA, + 0xA2, 0xDE, 0x34, 0x88, 0x91, 0xA3, 0x7A, 0x69, + 0x9F, 0x65, 0xE5, 0x4D, 0x00), + WIRE_VALID(0x00, 0x00, 0x04, 0x00, 0x00), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_ds, sizeof(dns_rdata_ds_t)); +} + +/* + * EDNS Client Subnet tests. + * + * RFC 7871: + * + * 6. Option Format + * + * This protocol uses an EDNS0 [RFC6891] option to include client + * address information in DNS messages. The option is structured as + * follows: + * + * +0 (MSB) +1 (LSB) + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 0: | OPTION-CODE | + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 2: | OPTION-LENGTH | + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 4: | FAMILY | + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 6: | SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH | + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * 8: | ADDRESS... / + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * + * o (Defined in [RFC6891]) OPTION-CODE, 2 octets, for ECS is 8 (0x00 + * 0x08). + * + * o (Defined in [RFC6891]) OPTION-LENGTH, 2 octets, contains the + * length of the payload (everything after OPTION-LENGTH) in octets. + * + * o FAMILY, 2 octets, indicates the family of the address contained in + * the option, using address family codes as assigned by IANA in + * Address Family Numbers [Address_Family_Numbers]. + * + * The format of the address part depends on the value of FAMILY. This + * document only defines the format for FAMILY 1 (IPv4) and FAMILY 2 + * (IPv6), which are as follows: + * + * o SOURCE PREFIX-LENGTH, an unsigned octet representing the leftmost + * number of significant bits of ADDRESS to be used for the lookup. + * In responses, it mirrors the same value as in the queries. + * + * o SCOPE PREFIX-LENGTH, an unsigned octet representing the leftmost + * number of significant bits of ADDRESS that the response covers. + * In queries, it MUST be set to 0. + * + * o ADDRESS, variable number of octets, contains either an IPv4 or + * IPv6 address, depending on FAMILY, which MUST be truncated to the + * number of bits indicated by the SOURCE PREFIX-LENGTH field, + * padding with 0 bits to pad to the end of the last octet needed. + * + * o A server receiving an ECS option that uses either too few or too + * many ADDRESS octets, or that has non-zero ADDRESS bits set beyond + * SOURCE PREFIX-LENGTH, SHOULD return FORMERR to reject the packet, + * as a signal to the software developer making the request to fix + * their implementation. + * + * All fields are in network byte order ("big-endian", per [RFC1700], + * Data Notation). + */ +static void +edns_client_subnet(void **state) { + wire_ok_t wire_ok[] = { + /* + * Option code with no content. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 0x00), + /* + * Option code family 0, source 0, scope 0. + */ + WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00), + /* + * Option code family 1 (IPv4), source 0, scope 0. + */ + WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00), + /* + * Option code family 2 (IPv6) , source 0, scope 0. + */ + WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00), + /* + * Extra octet. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, + 0x00), + /* + * Source too long for IPv4. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 8, 0x00, 0x01, 33, 0x00, 0x00, + 0x00, 0x00, 0x00), + /* + * Source too long for IPv6. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 20, 0x00, 0x02, 129, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Scope too long for IPv4. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 8, 0x00, 0x01, 0x00, 33, 0x00, + 0x00, 0x00, 0x00), + /* + * Scope too long for IPv6. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 20, 0x00, 0x02, 0x00, 129, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * When family=0, source and scope should be 0. + */ + WIRE_VALID(0x00, 0x08, 0x00, 4, 0x00, 0x00, 0x00, 0x00), + /* + * When family=0, source and scope should be 0. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 5, 0x00, 0x00, 0x01, 0x00, 0x00), + /* + * When family=0, source and scope should be 0. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 5, 0x00, 0x00, 0x00, 0x01, 0x00), + /* + * Length too short for source IPv4. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 7, 0x00, 0x01, 32, 0x00, 0x00, + 0x00, 0x00), + /* + * Length too short for source IPv6. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 19, 0x00, 0x02, 128, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(NULL, wire_ok, NULL, true, dns_rdataclass_in, + dns_rdatatype_opt, sizeof(dns_rdata_opt_t)); +} + +/* + * http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt + * + * The RDATA portion of both the NIMLOC and EID records contains + * uninterpreted binary data. The representation in the text master file + * is an even number of hex characters (0 to 9, a to f), case is not + * significant. For readability, whitespace may be included in the value + * field and should be ignored when reading a master file. + */ +static void +eid(void **state) { + text_ok_t text_ok[] = { TEXT_VALID("AABBCC"), + TEXT_VALID_CHANGED("AA bb cc", "AABBCC"), + TEXT_INVALID("aab"), + /* + * Sentinel. + */ + TEXT_SENTINEL() }; + wire_ok_t wire_ok[] = { WIRE_VALID(0x00), WIRE_VALID(0xAA, 0xBB, 0xCC), + /* + * Sentinel. + */ + WIRE_SENTINEL() }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_eid, sizeof(dns_rdata_in_eid_t)); +} + +/* + * test that an oversized HIP record will be rejected + */ +static void +hip(void **state) { + text_ok_t text_ok[] = { + /* RFC 8005 examples. */ + TEXT_VALID_LOOP(0, "2 200100107B1A74DF365639CC39F1D578 " + "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" + "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" + "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" + "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" + "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D"), + TEXT_VALID_LOOP(1, "2 200100107B1A74DF365639CC39F1D578 " + "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" + "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" + "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" + "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" + "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D " + "rvs1.example.com."), + TEXT_VALID_LOOP(2, "2 200100107B1A74DF365639CC39F1D578 " + "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" + "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" + "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" + "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" + "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D " + "rvs1.example.com. rvs2.example.com."), + /* + * Sentinel. + */ + TEXT_SENTINEL() + }; + unsigned char hipwire[DNS_RDATA_MAXLENGTH] = { 0x01, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x04, 0x41, + 0x42, 0x43, 0x44, 0x00 }; + unsigned char buf[1024 * 1024]; + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_result_t result; + size_t i; + + UNUSED(state); + + /* + * Fill the rest of input buffer with compression pointers. + */ + for (i = 12; i < sizeof(hipwire) - 2; i += 2) { + hipwire[i] = 0xc0; + hipwire[i + 1] = 0x06; + } + + result = wire_to_rdata(hipwire, sizeof(hipwire), dns_rdataclass_in, + dns_rdatatype_hip, buf, sizeof(buf), &rdata); + assert_int_equal(result, DNS_R_FORMERR); + check_text_ok(text_ok, dns_rdataclass_in, dns_rdatatype_hip, + sizeof(dns_rdata_hip_t)); +} + +/* + * ISDN tests. + * + * RFC 1183: + * + * 3.2. The ISDN RR + * + * The ISDN RR is defined with mnemonic ISDN and type code 20 (decimal). + * + * An ISDN (Integrated Service Digital Network) number is simply a + * telephone number. The intent of the members of the CCITT is to + * upgrade all telephone and data network service to a common service. + * + * The numbering plan (E.163/E.164) is the same as the familiar + * international plan for POTS (an un-official acronym, meaning Plain + * Old Telephone Service). In E.166, CCITT says "An E.163/E.164 + * telephony subscriber may become an ISDN subscriber without a number + * change." + * + * ISDN has the following format: + * + * <owner> <ttl> <class> ISDN <ISDN-address> <sa> + * + * The <ISDN-address> field is required; <sa> is optional. + * + * <ISDN-address> identifies the ISDN number of <owner> and DDI (Direct + * Dial In) if any, as defined by E.164 [8] and E.163 [7], the ISDN and + * PSTN (Public Switched Telephone Network) numbering plan. E.163 + * defines the country codes, and E.164 the form of the addresses. Its + * format in master files is a <character-string> syntactically + * identical to that used in TXT and HINFO. + * + * <sa> specifies the subaddress (SA). The format of <sa> in master + * files is a <character-string> syntactically identical to that used in + * TXT and HINFO. + * + * The format of ISDN is class insensitive. ISDN RRs cause no + * additional section processing. + * + * The <ISDN-address> is a string of characters, normally decimal + * digits, beginning with the E.163 country code and ending with the DDI + * if any. Note that ISDN, in Q.931, permits any IA5 character in the + * general case. + * + * The <sa> is a string of hexadecimal digits. For digits 0-9, the + * concrete encoding in the Q.931 call setup information element is + * identical to BCD. + * + * For example: + * + * Relay.Prime.COM. IN ISDN 150862028003217 + * sh.Prime.COM. IN ISDN 150862028003217 004 + * + * (Note: "1" is the country code for the North American Integrated + * Numbering Area, i.e., the system of "area codes" familiar to people + * in those countries.) + * + * The RR data is the ASCII representation of the digits. It is encoded + * as one or two <character-string>s, i.e., count followed by + * characters. + */ +static void +isdn(void **state) { + wire_ok_t wire_ok[] = { /* + * "". + */ + WIRE_VALID(0x00), + /* + * "\001". + */ + WIRE_VALID(0x01, 0x01), + /* + * "\001" "". + */ + WIRE_VALID(0x01, 0x01, 0x00), + /* + * "\001" "\001". + */ + WIRE_VALID(0x01, 0x01, 0x01, 0x01), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_isdn, sizeof(dns_rdata_isdn_t)); +} + +/* + * KEY tests. + */ +static void +key(void **state) { + wire_ok_t wire_ok[] = { /* + * RDATA is comprised of: + * + * - 2 octets for Flags, + * - 1 octet for Protocol, + * - 1 octet for Algorithm, + * - variable number of octets for Public Key. + * + * RFC 2535 section 3.1.2 states that if bits + * 0-1 of Flags are both set, the RR stops after + * the algorithm octet and thus its length must + * be 4 octets. In any other case, though, the + * Public Key part must not be empty. + */ + WIRE_INVALID(0x00), + WIRE_INVALID(0x00, 0x00), + WIRE_INVALID(0x00, 0x00, 0x00), + WIRE_VALID(0xc0, 0x00, 0x00, 0x00), + WIRE_INVALID(0xc0, 0x00, 0x00, 0x00, 0x00), + WIRE_INVALID(0x00, 0x00, 0x00, 0x00), + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_key, sizeof(dns_rdata_key_t)); +} + +/* + * LOC tests. + */ +static void +loc(void **state) { + text_ok_t text_ok[] = { + TEXT_VALID_CHANGED("0 N 0 E 0", "0 0 0.000 N 0 0 0.000 E 0.00m " + "1m 10000m 10m"), + TEXT_VALID_CHANGED("0 S 0 W 0", "0 0 0.000 N 0 0 0.000 E 0.00m " + "1m 10000m 10m"), + TEXT_VALID_CHANGED("0 0 N 0 0 E 0", "0 0 0.000 N 0 0 0.000 E " + "0.00m 1m 10000m 10m"), + TEXT_VALID_CHANGED("0 0 0 N 0 0 0 E 0", + "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " + "10m"), + TEXT_VALID_CHANGED("0 0 0 N 0 0 0 E 0", + "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " + "10m"), + TEXT_VALID_CHANGED("0 0 0. N 0 0 0. E 0", + "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " + "10m"), + TEXT_VALID_CHANGED("0 0 .0 N 0 0 .0 E 0", + "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " + "10m"), + TEXT_INVALID("0 North 0 East 0"), + TEXT_INVALID("0 South 0 West 0"), + TEXT_INVALID("0 0 . N 0 0 0. E 0"), + TEXT_INVALID("0 0 0. N 0 0 . E 0"), + TEXT_INVALID("0 0 0. N 0 0 0. E m"), + TEXT_INVALID("0 0 0. N 0 0 0. E 0 ."), + TEXT_INVALID("0 0 0. N 0 0 0. E 0 m"), + TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 ."), + TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 m"), + TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 0 ."), + TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 0 m"), + TEXT_VALID_CHANGED("90 N 180 E 0", "90 0 0.000 N 180 0 0.000 E " + "0.00m 1m 10000m 10m"), + TEXT_INVALID("90 1 N 180 E 0"), + TEXT_INVALID("90 0 1 N 180 E 0"), + TEXT_INVALID("90 N 180 1 E 0"), + TEXT_INVALID("90 N 180 0 1 E 0"), + TEXT_VALID_CHANGED("90 S 180 W 0", "90 0 0.000 S 180 0 0.000 W " + "0.00m 1m 10000m 10m"), + TEXT_INVALID("90 1 S 180 W 0"), + TEXT_INVALID("90 0 1 S 180 W 0"), + TEXT_INVALID("90 S 180 1 W 0"), + TEXT_INVALID("90 S 180 0 1 W 0"), + TEXT_INVALID("0 0 0.000 E 0 0 0.000 E -0.95m 1m 10000m 10m"), + TEXT_VALID("0 0 0.000 N 0 0 0.000 E -0.95m 1m 10000m 10m"), + TEXT_VALID("0 0 0.000 N 0 0 0.000 E -0.05m 1m 10000m 10m"), + TEXT_VALID("0 0 0.000 N 0 0 0.000 E -100000.00m 1m 10000m 10m"), + TEXT_VALID("0 0 0.000 N 0 0 0.000 E 42849672.95m 1m 10000m " + "10m"), + /* + * Sentinel. + */ + TEXT_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, 0, NULL, false, dns_rdataclass_in, + dns_rdatatype_loc, sizeof(dns_rdata_loc_t)); +} + +/* + * http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt + * + * The RDATA portion of both the NIMLOC and EID records contains + * uninterpreted binary data. The representation in the text master file + * is an even number of hex characters (0 to 9, a to f), case is not + * significant. For readability, whitespace may be included in the value + * field and should be ignored when reading a master file. + */ +static void +nimloc(void **state) { + text_ok_t text_ok[] = { TEXT_VALID("AABBCC"), + TEXT_VALID_CHANGED("AA bb cc", "AABBCC"), + TEXT_INVALID("aab"), + /* + * Sentinel. + */ + TEXT_SENTINEL() }; + wire_ok_t wire_ok[] = { WIRE_VALID(0x00), WIRE_VALID(0xAA, 0xBB, 0xCC), + /* + * Sentinel. + */ + WIRE_SENTINEL() }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_nimloc, sizeof(dns_rdata_in_nimloc_t)); +} + +/* + * NSEC tests. + * + * RFC 4034: + * + * 4.1. NSEC RDATA Wire Format + * + * The RDATA of the NSEC RR is as shown below: + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * / Next Domain Name / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * / Type Bit Maps / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * 4.1.1. The Next Domain Name Field + * + * The Next Domain field contains the next owner name (in the canonical + * ordering of the zone) that has authoritative data or contains a + * delegation point NS RRset; see Section 6.1 for an explanation of + * canonical ordering. The value of the Next Domain Name field in the + * last NSEC record in the zone is the name of the zone apex (the owner + * name of the zone's SOA RR). This indicates that the owner name of + * the NSEC RR is the last name in the canonical ordering of the zone. + * + * A sender MUST NOT use DNS name compression on the Next Domain Name + * field when transmitting an NSEC RR. + * + * Owner names of RRsets for which the given zone is not authoritative + * (such as glue records) MUST NOT be listed in the Next Domain Name + * unless at least one authoritative RRset exists at the same owner + * name. + * + * 4.1.2. The Type Bit Maps Field + * + * The Type Bit Maps field identifies the RRset types that exist at the + * NSEC RR's owner name. + * + * The RR type space is split into 256 window blocks, each representing + * the low-order 8 bits of the 16-bit RR type space. Each block that + * has at least one active RR type is encoded using a single octet + * window number (from 0 to 255), a single octet bitmap length (from 1 + * to 32) indicating the number of octets used for the window block's + * bitmap, and up to 32 octets (256 bits) of bitmap. + * + * Blocks are present in the NSEC RR RDATA in increasing numerical + * order. + * + * Type Bit Maps Field = ( Window Block # | Bitmap Length | Bitmap )+ + * + * where "|" denotes concatenation. + * + * Each bitmap encodes the low-order 8 bits of RR types within the + * window block, in network bit order. The first bit is bit 0. For + * window block 0, bit 1 corresponds to RR type 1 (A), bit 2 corresponds + * to RR type 2 (NS), and so forth. For window block 1, bit 1 + * corresponds to RR type 257, and bit 2 to RR type 258. If a bit is + * set, it indicates that an RRset of that type is present for the NSEC + * RR's owner name. If a bit is clear, it indicates that no RRset of + * that type is present for the NSEC RR's owner name. + * + * Bits representing pseudo-types MUST be clear, as they do not appear + * in zone data. If encountered, they MUST be ignored upon being read. + */ +static void +nsec(void **state) { + text_ok_t text_ok[] = { TEXT_INVALID(""), TEXT_INVALID("."), + TEXT_VALID(". RRSIG"), TEXT_SENTINEL() }; + wire_ok_t wire_ok[] = { WIRE_INVALID(0x00), WIRE_INVALID(0x00, 0x00), + WIRE_INVALID(0x00, 0x00, 0x00), + WIRE_VALID(0x00, 0x00, 0x01, 0x02), + WIRE_SENTINEL() }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_nsec, sizeof(dns_rdata_nsec_t)); +} + +/* + * NSEC3 tests. + * + * RFC 5155. + */ +static void +nsec3(void **state) { + text_ok_t text_ok[] = { TEXT_INVALID(""), + TEXT_INVALID("."), + TEXT_INVALID(". RRSIG"), + TEXT_INVALID("1 0 10 76931F"), + TEXT_INVALID("1 0 10 76931F " + "IMQ912BREQP1POLAH3RMONG&" + "UED541AS"), + TEXT_INVALID("1 0 10 76931F " + "IMQ912BREQP1POLAH3RMONGAUED541AS " + "A RRSIG BADTYPE"), + TEXT_VALID("1 0 10 76931F " + "AJHVGTICN6K0VDA53GCHFMT219SRRQLM A " + "RRSIG"), + TEXT_VALID("1 0 10 76931F " + "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"), + TEXT_VALID("1 0 10 - " + "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"), + TEXT_SENTINEL() }; + + UNUSED(state); + + check_rdata(text_ok, NULL, NULL, false, dns_rdataclass_in, + dns_rdatatype_nsec3, sizeof(dns_rdata_nsec3_t)); +} + +/* NXT RDATA manipulations */ +static void +nxt(void **state) { + compare_ok_t compare_ok[] = { + COMPARE("a. A SIG", "a. A SIG", 0), + /* + * Records that differ only in the case of the next + * name should be equal. + */ + COMPARE("A. A SIG", "a. A SIG", 0), + /* + * Sorting on name field. + */ + COMPARE("A. A SIG", "b. A SIG", -1), + COMPARE("b. A SIG", "A. A SIG", 1), + /* bit map differs */ + COMPARE("b. A SIG", "b. A AAAA SIG", -1), + /* order of bit map does not matter */ + COMPARE("b. A SIG AAAA", "b. A AAAA SIG", 0), COMPARE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(NULL, NULL, compare_ok, false, dns_rdataclass_in, + dns_rdatatype_nxt, sizeof(dns_rdata_nxt_t)); +} + +static void +rkey(void **state) { + text_ok_t text_ok[] = { /* + * Valid, flags set to 0 and a key is present. + */ + TEXT_VALID("0 0 0 aaaa"), + /* + * Invalid, non-zero flags. + */ + TEXT_INVALID("1 0 0 aaaa"), + TEXT_INVALID("65535 0 0 aaaa"), + /* + * Sentinel. + */ + TEXT_SENTINEL() + }; + wire_ok_t wire_ok[] = { /* + * Valid, flags set to 0 and a key is present. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Invalid, non-zero flags. + */ + WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00), + WIRE_INVALID(0xff, 0xff, 0x00, 0x00, 0x00), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + key_required(state, dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t)); + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t)); +} + +/* SSHFP RDATA manipulations */ +static void +sshfp(void **state) { + text_ok_t text_ok[] = { TEXT_INVALID(""), /* too short */ + TEXT_INVALID("0"), /* reserved, too short */ + TEXT_VALID("0 0"), /* no finger print */ + TEXT_VALID("0 0 AA"), /* reserved */ + TEXT_INVALID("0 1 AA"), /* too short SHA 1 + * digest */ + TEXT_INVALID("0 2 AA"), /* too short SHA 256 + * digest */ + TEXT_VALID("0 3 AA"), /* unknown finger print + * type */ + /* good length SHA 1 digest */ + TEXT_VALID("1 1 " + "00112233445566778899AABBCCDDEEFF171" + "81920"), + /* good length SHA 256 digest */ + TEXT_VALID("4 2 " + "A87F1B687AC0E57D2A081A2F282672334D9" + "0ED316D2B818CA9580EA3 84D92401"), + /* + * totext splits the fingerprint into chunks and + * emits uppercase hex. + */ + TEXT_VALID_CHANGED("1 2 " + "00112233445566778899aabbccd" + "deeff " + "00112233445566778899AABBCCD" + "DEEFF", + "1 2 " + "00112233445566778899AABBCCD" + "DEEFF" + "00112233445566778899AABB " + "CCDDEEFF"), + TEXT_SENTINEL() }; + wire_ok_t wire_ok[] = { + WIRE_INVALID(0x00), /* reserved too short */ + WIRE_VALID(0x00, 0x00), /* reserved no finger print */ + WIRE_VALID(0x00, 0x00, 0x00), /* reserved */ + + /* too short SHA 1 digests */ + WIRE_INVALID(0x00, 0x01), WIRE_INVALID(0x00, 0x01, 0x00), + WIRE_INVALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x17, 0x18, 0x19), + /* good length SHA 1 digest */ + WIRE_VALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, + 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x17, 0x18, 0x19, 0x20), + /* too long SHA 1 digest */ + WIRE_INVALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21), + /* too short SHA 256 digests */ + WIRE_INVALID(0x00, 0x02), WIRE_INVALID(0x00, 0x02, 0x00), + WIRE_INVALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, + 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, + 0x31), + /* good length SHA 256 digest */ + WIRE_VALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, + 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, + 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32), + /* too long SHA 256 digest */ + WIRE_INVALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, + 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, + 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, + 0x31, 0x32, 0x33), + /* unknown digest, * no fingerprint */ + WIRE_VALID(0x00, 0x03), WIRE_VALID(0x00, 0x03, 0x00), /* unknown + * digest + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_sshfp, sizeof(dns_rdata_sshfp_t)); +} + +/* + * WKS tests. + * + * RFC 1035: + * + * 3.4.2. WKS RDATA format + * + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | ADDRESS | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | PROTOCOL | | + * +--+--+--+--+--+--+--+--+ | + * | | + * / <BIT MAP> / + * / / + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + * where: + * + * ADDRESS An 32 bit Internet address + * + * PROTOCOL An 8 bit IP protocol number + * + * <BIT MAP> A variable length bit map. The bit map must be a + * multiple of 8 bits long. + * + * The WKS record is used to describe the well known services supported by + * a particular protocol on a particular internet address. The PROTOCOL + * field specifies an IP protocol number, and the bit map has one bit per + * port of the specified protocol. The first bit corresponds to port 0, + * the second to port 1, etc. If the bit map does not include a bit for a + * protocol of interest, that bit is assumed zero. The appropriate values + * and mnemonics for ports and protocols are specified in [RFC-1010]. + * + * For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port + * 25 (SMTP). If this bit is set, a SMTP server should be listening on TCP + * port 25; if zero, SMTP service is not supported on the specified + * address. + */ +static void +wks(void **state) { + text_ok_t text_ok[] = { /* + * Valid, IPv4 address in dotted-quad form. + */ + TEXT_VALID("127.0.0.1 6"), + /* + * Invalid, IPv4 address not in dotted-quad + * form. + */ + TEXT_INVALID("127.1 6"), + /* + * Sentinel. + */ + TEXT_SENTINEL() + }; + wire_ok_t wire_ok[] = { /* + * Too short. + */ + WIRE_INVALID(0x00, 0x08, 0x00, 0x00), + /* + * Minimal TCP. + */ + WIRE_VALID(0x00, 0x08, 0x00, 0x00, 6), + /* + * Minimal UDP. + */ + WIRE_VALID(0x00, 0x08, 0x00, 0x00, 17), + /* + * Minimal other. + */ + WIRE_VALID(0x00, 0x08, 0x00, 0x00, 1), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_wks, sizeof(dns_rdata_in_wks_t)); +} + +static void +https_svcb(void **state) { + /* + * Known keys: mandatory, apln, no-default-alpn, port, + * ipv4hint, port, ipv6hint, dohpath. + */ + text_ok_t text_ok[] = { + /* unknown key invalid */ + TEXT_INVALID("1 . unknown="), + /* no domain */ + TEXT_INVALID("0"), + /* minimal record */ + TEXT_VALID_LOOP(0, "0 ."), + /* Alias form requires SvcFieldValue to be empty */ + TEXT_INVALID("0 . alpn=\"h2\""), + /* no "key" prefix */ + TEXT_INVALID("2 svc.example.net. 0=\"2222\""), + /* no key value */ + TEXT_INVALID("2 svc.example.net. key"), + /* no key value */ + TEXT_INVALID("2 svc.example.net. key=\"2222\""), + /* zero pad invalid */ + TEXT_INVALID("2 svc.example.net. key07=\"2222\""), + TEXT_VALID_LOOP(1, "2 svc.example.net. key8=\"2222\""), + TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key8=2222", + "2 svc.example.net. key8=\"2222\""), + TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h2", + "2 svc.example.net. alpn=\"h2\""), + TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h3", + "2 svc.example.net. alpn=\"h3\""), + /* alpn has 2 sub field "h2" and "h3" */ + TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h2,h3", + "2 svc.example.net. alpn=\"h2,h3\""), + /* apln has 2 sub fields "h1,h2" and "h3" (comma escaped) */ + TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h1\\\\,h2,h3", + "2 svc.example.net. alpn=\"h1\\\\,h2,h3\""), + TEXT_VALID_LOOP(1, "2 svc.example.net. port=50"), + /* no-default-alpn, alpn is required */ + TEXT_INVALID("2 svc.example.net. no-default-alpn"), + /* no-default-alpn with alpn present */ + TEXT_VALID_LOOPCHG( + 2, "2 svc.example.net. no-default-alpn alpn=h2", + "2 svc.example.net. alpn=\"h2\" no-default-alpn"), + /* empty hint */ + TEXT_INVALID("2 svc.example.net. ipv4hint="), + TEXT_VALID_LOOP(1, "2 svc.example.net. " + "ipv4hint=10.50.0.1,10.50.0.2"), + /* empty hint */ + TEXT_INVALID("2 svc.example.net. ipv6hint="), + TEXT_VALID_LOOP(1, "2 svc.example.net. ipv6hint=::1,2002::1"), + TEXT_VALID_LOOP(1, "2 svc.example.net. ech=abcdefghijkl"), + /* bad base64 */ + TEXT_INVALID("2 svc.example.net. ech=abcdefghijklm"), + TEXT_VALID_LOOP(1, "2 svc.example.net. key8=\"2222\""), + /* Out of key order on input (alpn == key1). */ + TEXT_VALID_LOOPCHG(2, + "2 svc.example.net. key8=\"2222\" alpn=h2", + "2 svc.example.net. alpn=\"h2\" " + "key8=\"2222\""), + TEXT_VALID_LOOP(1, "2 svc.example.net. key65535=\"2222\""), + TEXT_INVALID("2 svc.example.net. key65536=\"2222\""), + TEXT_VALID_LOOP(1, "2 svc.example.net. key10"), + TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key11=", + "2 svc.example.net. key11"), + TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key12=\"\"", + "2 svc.example.net. key12"), + /* empty alpn-id sub fields */ + TEXT_INVALID("2 svc.example.net. alpn"), + TEXT_INVALID("2 svc.example.net. alpn="), + TEXT_INVALID("2 svc.example.net. alpn=,h1"), + TEXT_INVALID("2 svc.example.net. alpn=h1,"), + TEXT_INVALID("2 svc.example.net. alpn=h1,,h2"), + /* mandatory */ + TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=alpn " + "alpn=\"h2\""), + TEXT_VALID_LOOP(3, "2 svc.example.net. mandatory=alpn,port " + "alpn=\"h2\" port=443"), + TEXT_VALID_LOOPCHG(3, + "2 svc.example.net. mandatory=port,alpn " + "alpn=\"h2\" port=443", + "2 svc.example.net. mandatory=alpn,port " + "alpn=\"h2\" port=443"), + TEXT_INVALID("2 svc.example.net. mandatory=mandatory"), + TEXT_INVALID("2 svc.example.net. mandatory=port"), + TEXT_INVALID("2 svc.example.net. mandatory=,port port=433"), + TEXT_INVALID("2 svc.example.net. mandatory=port, port=433"), + TEXT_INVALID("2 svc.example.net. " + "mandatory=alpn,,port alpn=h2 port=433"), + /* mandatory w/ unknown key values */ + TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=key8 key8"), + TEXT_VALID_LOOP(3, "2 svc.example.net. mandatory=key8,key9 " + "key8 key9"), + TEXT_VALID_LOOPCHG( + 3, "2 svc.example.net. mandatory=key9,key8 key8 key9", + "2 svc.example.net. mandatory=key8,key9 key8 key9"), + TEXT_INVALID("2 svc.example.net. " + "mandatory=key8,key8"), + TEXT_INVALID("2 svc.example.net. mandatory=,key8"), + TEXT_INVALID("2 svc.example.net. mandatory=key8,"), + TEXT_INVALID("2 svc.example.net. " + "mandatory=key8,,key8"), + /* Invalid test vectors */ + TEXT_INVALID("1 foo.example.com. ( key123=abc key123=def )"), + TEXT_INVALID("1 foo.example.com. mandatory"), + TEXT_INVALID("1 foo.example.com. alpn"), + TEXT_INVALID("1 foo.example.com. port"), + TEXT_INVALID("1 foo.example.com. ipv4hint"), + TEXT_INVALID("1 foo.example.com. ipv6hint"), + TEXT_INVALID("1 foo.example.com. no-default-alpn=abc"), + TEXT_INVALID("1 foo.example.com. mandatory=key123"), + TEXT_INVALID("1 foo.example.com. mandatory=mandatory"), + TEXT_INVALID("1 foo.example.com. ( mandatory=key123,key123 " + "key123=abc)"), + /* dohpath tests */ + TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{?dns}", + "1 example.net. key7=\"/{?dns}\""), + TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/some/path{?dns}", + "1 example.net. key7=\"/some/path{?dns}\""), + TEXT_INVALID("1 example.com. dohpath=no-slash"), + TEXT_INVALID("1 example.com. dohpath=/{?notdns}"), + TEXT_INVALID("1 example.com. dohpath=/notvariable"), + TEXT_SENTINEL() + + }; + wire_ok_t wire_ok[] = { + /* + * Too short + */ + WIRE_INVALID(0x00, 0x00), + /* + * Minimal length record. + */ + WIRE_VALID(0x00, 0x00, 0x00), + /* + * Alias with non-empty SvcFieldValue (key7=""). + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00), + /* + * Bad key7= length (longer than rdata). + */ + WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x07, 0x00, 0x01), + /* + * Port (0x03) too small (zero and one octets). + */ + WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x00), + WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00), + /* Valid port */ + WIRE_VALID_LOOP(1, 0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x02, + 0x00, 0x00), + /* + * Port (0x03) too big (three octets). + */ + WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x03, 0x00, + 0x00, 0x00), + /* + * Duplicate keys. + */ + WIRE_INVALID(0x01, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, + 0x80, 0x00, 0x00), + /* + * Out of order keys. + */ + WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x81, 0x00, 0x00, 0x00, + 0x80, 0x00, 0x00), + /* + * Empty of mandatory key list. + */ + WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * "mandatory=mandatory" is invalid + */ + WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, + 0x00), + /* + * Out of order mandatory key list. + */ + WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, + 0x80, 0x00, 0x71, 0x00, 0x71, 0x00, 0x00, 0x00, + 0x80, 0x00, 0x00), + /* + * Alpn(0x00 0x01) (length 0x00 0x09) "h1,h2" + "h3" + */ + WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09, + 5, 'h', '1', ',', 'h', '2', 2, 'h', '3'), + /* + * Alpn(0x00 0x01) (length 0x00 0x09) "h1\h2" + "h3" + */ + WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09, + 5, 'h', '1', '\\', 'h', '2', 2, 'h', '3'), + /* + * no-default-alpn (0x00 0x02) without alpn, alpn is required. + */ + WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00), + /* + * Alpn(0x00 0x01) with zero length elements is invalid + */ + WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x05, + 0x00, 0x00, 0x00, 0x00, 0x00), + WIRE_SENTINEL() + }; + /* Test vectors from RFCXXXX */ + textvsunknown_t textvsunknown[] = { + /* AliasForm */ + { "0 foo.example.com", "\\# 19 ( 00 00 03 66 6f 6f 07 65 78 61 " + "6d 70 6c 65 03 63 6f 6d 00)" }, + /* ServiceForm */ + { "1 .", "\\# 3 ( 00 01 00)" }, + /* Port example */ + { "16 foo.example.com port=53", + "\\# 25 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " + "6d 00 00 03 00 02 00 35 )" }, + /* Unregistered keys with unquoted value. */ + { "1 foo.example.com key667=hello", + "\\# 28 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " + "6d 00 02 9b 00 05 68 65 6c 6c 6f )" }, + /* + * Quoted decimal-escaped character. + * 1 foo.example.com key667="hello\210qoo" + */ + { "1 foo.example.com key667=\"hello\\210qoo\"", + "\\# 32 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " + "6d 00 02 9b 00 09 68 65 6c 6c 6f d2 71 6f 6f )" }, + /* + * IPv6 hints example, quoted. + * 1 foo.example.com ipv6hint="2001:db8::1,2001:db8::53:1" + */ + { "1 foo.example.com ipv6hint=\"2001:db8::1,2001:db8::53:1\"", + "\\# 55 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " + "6d 00 00 06 00 20 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 " + "00 01 20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 )" }, + /* SvcParamValues and mandatory out of order. */ + { "16 foo.example.org alpn=h2,h3-19 mandatory=ipv4hint,alpn " + "ipv4hint=192.0.2.1", + "\\# 48 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " + "67 00 00 00 00 04 00 01 00 04 00 01 00 09 02 68 32 05 68 33 " + "2d 31 39 00 04 00 04 c0 00 02 01 )" }, + /* + * Quoted ALPN with escaped comma and backslash. + * 16 foo.example.org alpn="f\\\\oo\\,bar,h2" + */ + { "16 foo.example.org alpn=\"f\\\\\\\\oo\\\\,bar,h2\"", + "\\# 35 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " + "67 00 00 01 00 0c 08 66 5c 6f 6f 2c 62 61 72 02 68 32 )" }, + /* + * Unquoted ALPN with escaped comma and backslash. + * 16 foo.example.org alpn=f\\\092oo\092,bar,h2 + */ + { "16 foo.example.org alpn=f\\\\\\092oo\\092,bar,h2", + "\\# 35 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " + "67 00 00 01 00 0c 08 66 5c 6f 6f 2c 62 61 72 02 68 32 )" }, + { NULL, NULL } + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_svcb, sizeof(dns_rdata_in_svcb_t)); + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_https, sizeof(dns_rdata_in_https_t)); + + check_textvsunknown(textvsunknown, dns_rdataclass_in, + dns_rdatatype_svcb); + check_textvsunknown(textvsunknown, dns_rdataclass_in, + dns_rdatatype_https); +} + +/* + * ZONEMD tests. + * + * Excerpted from RFC 8976: + * + * The ZONEMD RDATA wire format is encoded as follows: + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Serial | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Scheme |Hash Algorithm | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + * | Digest | + * / / + * / / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * 2.2.1. The Serial Field + * + * The Serial field is a 32-bit unsigned integer in network byte order. + * It is the serial number from the zone's SOA record ([RFC1035], + * Section 3.3.13) for which the zone digest was generated. + * + * It is included here to clearly bind the ZONEMD RR to a particular + * version of the zone's content. Without the serial number, a stand- + * alone ZONEMD digest has no obvious association to any particular + * instance of a zone. + * + * 2.2.2. The Scheme Field + * + * The Scheme field is an 8-bit unsigned integer that identifies the + * methods by which data is collated and presented as input to the + * hashing function. + * + * Herein, SIMPLE, with Scheme value 1, is the only standardized Scheme + * defined for ZONEMD records and it MUST be supported by + * implementations. The "ZONEMD Schemes" registry is further described + * in Section 5. + * + * Scheme values 240-254 are allocated for Private Use. + * + * 2.2.3. The Hash Algorithm Field + * + * The Hash Algorithm field is an 8-bit unsigned integer that identifies + * the cryptographic hash algorithm used to construct the digest. + * + * Herein, SHA384 ([RFC6234]), with Hash Algorithm value 1, is the only + * standardized Hash Algorithm defined for ZONEMD records that MUST be + * supported by implementations. When SHA384 is used, the size of the + * Digest field is 48 octets. The result of the SHA384 digest algorithm + * MUST NOT be truncated, and the entire 48-octet digest is published in + * the ZONEMD record. + * + * SHA512 ([RFC6234]), with Hash Algorithm value 2, is also defined for + * ZONEMD records and SHOULD be supported by implementations. When + * SHA512 is used, the size of the Digest field is 64 octets. The + * result of the SHA512 digest algorithm MUST NOT be truncated, and the + * entire 64-octet digest is published in the ZONEMD record. + * + * Hash Algorithm values 240-254 are allocated for Private Use. + * + * The "ZONEMD Hash Algorithms" registry is further described in + * Section 5. + * + * 2.2.4. The Digest Field + * + * The Digest field is a variable-length sequence of octets containing + * the output of the hash algorithm. The length of the Digest field is + * determined by deducting the fixed size of the Serial, Scheme, and + * Hash Algorithm fields from the RDATA size in the ZONEMD RR header. + * + * The Digest field MUST NOT be shorter than 12 octets. Digests for the + * SHA384 and SHA512 hash algorithms specified herein are never + * truncated. Digests for future hash algorithms MAY be truncated but + * MUST NOT be truncated to a length that results in less than 96 bits + * (12 octets) of equivalent strength. + * + * Section 3 describes how to calculate the digest for a zone. + * Section 4 describes how to use the digest to verify the contents of a + * zone. + * + */ + +static void +zonemd(void **state) { + text_ok_t text_ok[] = { + TEXT_INVALID(""), + /* No digest scheme or digest type*/ + TEXT_INVALID("0"), + /* No digest type */ + TEXT_INVALID("0 0"), + /* No digest */ + TEXT_INVALID("0 0 0"), + /* No digest */ + TEXT_INVALID("99999999 0 0"), + /* No digest */ + TEXT_INVALID("2019020700 0 0"), + /* Digest too short */ + TEXT_INVALID("2019020700 1 1 DEADBEEF"), + /* Digest too short */ + TEXT_INVALID("2019020700 1 2 DEADBEEF"), + /* Digest too short */ + TEXT_INVALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBE"), + /* Digest type unknown */ + TEXT_VALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBEEF"), + /* Digest type max */ + TEXT_VALID("2019020700 1 255 DEADBEEFDEADBEEFDEADBEEF"), + /* Digest type too big */ + TEXT_INVALID("2019020700 0 256 DEADBEEFDEADBEEFDEADBEEF"), + /* Scheme max */ + TEXT_VALID("2019020700 255 3 DEADBEEFDEADBEEFDEADBEEF"), + /* Scheme too big */ + TEXT_INVALID("2019020700 256 3 DEADBEEFDEADBEEFDEADBEEF"), + /* SHA384 */ + TEXT_VALID("2019020700 1 1 " + "7162D2BB75C047A53DE98767C9192BEB" + "14DB01E7E2267135DAF0230A 19BA4A31" + "6AF6BF64AA5C7BAE24B2992850300509"), + /* SHA512 */ + TEXT_VALID("2019020700 1 2 " + "08CFA1115C7B948C4163A901270395EA" + "226A930CD2CBCF2FA9A5E6EB 85F37C8A" + "4E114D884E66F176EAB121CB02DB7D65" + "2E0CC4827E7A3204 F166B47E5613FD27"), + /* SHA384 too short and with private scheme */ + TEXT_INVALID("2021042801 0 1 " + "7162D2BB75C047A53DE98767C9192BEB" + "6AF6BF64AA5C7BAE24B2992850300509"), + /* SHA512 too short and with private scheme */ + TEXT_INVALID("2021042802 5 2 " + "A897B40072ECAE9E4CA3F1F227DE8F5E" + "480CDEBB16DFC64C1C349A7B5F6C71AB" + "E8A88B76EF0BA1604EC25752E946BF98"), + TEXT_SENTINEL() + }; + wire_ok_t wire_ok[] = { + /* + * Short. + */ + WIRE_INVALID(0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Short 11-octet digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00), + /* + * Minimal, 12-octet hash for an undefined digest type. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00), + /* + * SHA-384 is defined, so we insist there be a digest of + * the expected length. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00), + /* + * 48-octet digest, valid for SHA-384. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, + 0xce), + /* + * 56-octet digest, too long for SHA-384. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce), + /* + * 56-octet digest, too short for SHA-512 + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad), + /* + * 64-octet digest, just right for SHA-512 + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef), + /* + * 72-octet digest, too long for SHA-512 + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, + 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce), + /* + * 56-octet digest, valid for an undefined digest type. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, + 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_zonemd, sizeof(dns_rdata_zonemd_t)); +} + +static void +atcname(void **state) { + unsigned int i; + UNUSED(state); +#define UNR "# Unexpected result from dns_rdatatype_atcname for type %u\n" + for (i = 0; i < 0xffffU; i++) { + bool tf = dns_rdatatype_atcname((dns_rdatatype_t)i); + switch (i) { + case dns_rdatatype_nsec: + case dns_rdatatype_key: + case dns_rdatatype_rrsig: + if (!tf) { + print_message(UNR, i); + } + assert_true(tf); + break; + default: + if (tf) { + print_message(UNR, i); + } + assert_false(tf); + break; + } + } +#undef UNR +} + +static void +atparent(void **state) { + unsigned int i; + UNUSED(state); +#define UNR "# Unexpected result from dns_rdatatype_atparent for type %u\n" + for (i = 0; i < 0xffffU; i++) { + bool tf = dns_rdatatype_atparent((dns_rdatatype_t)i); + switch (i) { + case dns_rdatatype_ds: + if (!tf) { + print_message(UNR, i); + } + assert_true(tf); + break; + default: + if (tf) { + print_message(UNR, i); + } + assert_false(tf); + break; + } + } +#undef UNR +} + +static void +iszonecutauth(void **state) { + unsigned int i; + UNUSED(state); +#define UNR "# Unexpected result from dns_rdatatype_iszonecutauth for type %u\n" + for (i = 0; i < 0xffffU; i++) { + bool tf = dns_rdatatype_iszonecutauth((dns_rdatatype_t)i); + switch (i) { + case dns_rdatatype_ns: + case dns_rdatatype_ds: + case dns_rdatatype_nsec: + case dns_rdatatype_key: + case dns_rdatatype_rrsig: + if (!tf) { + print_message(UNR, i); + } + assert_true(tf); + break; + default: + if (tf) { + print_message(UNR, i); + } + assert_false(tf); + break; + } + } +#undef UNR +} + +int +main(int argc, char **argv) { + const struct CMUnitTest tests[] = { + /* types */ + cmocka_unit_test_setup_teardown(amtrelay, _setup, _teardown), + cmocka_unit_test_setup_teardown(apl, _setup, _teardown), + cmocka_unit_test_setup_teardown(atma, _setup, _teardown), + cmocka_unit_test_setup_teardown(cdnskey, _setup, _teardown), + cmocka_unit_test_setup_teardown(csync, _setup, _teardown), + cmocka_unit_test_setup_teardown(dnskey, _setup, _teardown), + cmocka_unit_test_setup_teardown(doa, _setup, _teardown), + cmocka_unit_test_setup_teardown(ds, _setup, _teardown), + cmocka_unit_test_setup_teardown(eid, _setup, _teardown), + cmocka_unit_test_setup_teardown(hip, _setup, _teardown), + cmocka_unit_test_setup_teardown(https_svcb, _setup, _teardown), + cmocka_unit_test_setup_teardown(isdn, _setup, _teardown), + cmocka_unit_test_setup_teardown(key, _setup, _teardown), + cmocka_unit_test_setup_teardown(loc, _setup, _teardown), + cmocka_unit_test_setup_teardown(nimloc, _setup, _teardown), + cmocka_unit_test_setup_teardown(nsec, _setup, _teardown), + cmocka_unit_test_setup_teardown(nsec3, _setup, _teardown), + cmocka_unit_test_setup_teardown(nxt, _setup, _teardown), + cmocka_unit_test_setup_teardown(rkey, _setup, _teardown), + cmocka_unit_test_setup_teardown(sshfp, _setup, _teardown), + cmocka_unit_test_setup_teardown(wks, _setup, _teardown), + cmocka_unit_test_setup_teardown(zonemd, _setup, _teardown), + /* other tests */ + cmocka_unit_test_setup_teardown(edns_client_subnet, _setup, + _teardown), + cmocka_unit_test_setup_teardown(atcname, NULL, NULL), + cmocka_unit_test_setup_teardown(atparent, NULL, NULL), + cmocka_unit_test_setup_teardown(iszonecutauth, NULL, NULL), + }; + struct CMUnitTest selected[sizeof(tests) / sizeof(tests[0])]; + size_t i; + int c; + + memset(selected, 0, sizeof(selected)); + + while ((c = isc_commandline_parse(argc, argv, "dlt:")) != -1) { + switch (c) { + case 'd': + debug = true; + break; + case 'l': + for (i = 0; i < (sizeof(tests) / sizeof(tests[0])); i++) + { + if (tests[i].name != NULL) { + fprintf(stdout, "%s\n", tests[i].name); + } + } + return (0); + case 't': + if (!cmocka_add_test_byname( + tests, isc_commandline_argument, selected)) + { + fprintf(stderr, "unknown test '%s'\n", + isc_commandline_argument); + exit(1); + } + break; + default: + break; + } + } + + if (selected[0].name != NULL) { + return (cmocka_run_group_tests(selected, NULL, NULL)); + } else { + return (cmocka_run_group_tests(tests, NULL, NULL)); + } +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/rdataset_test.c b/lib/dns/tests/rdataset_test.c new file mode 100644 index 0000000..ebdd128 --- /dev/null +++ b/lib/dns/tests/rdataset_test.c @@ -0,0 +1,146 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/util.h> + +#include <dns/rdataset.h> +#include <dns/rdatastruct.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/* test trimming of rdataset TTLs */ +static void +trimttl(void **state) { + dns_rdataset_t rdataset, sigrdataset; + dns_rdata_rrsig_t rrsig; + isc_stdtime_t ttltimenow, ttltimeexpire; + + ttltimenow = 10000000; + ttltimeexpire = ttltimenow + 800; + + UNUSED(state); + + dns_rdataset_init(&rdataset); + dns_rdataset_init(&sigrdataset); + + rdataset.ttl = 900; + sigrdataset.ttl = 1000; + rrsig.timeexpire = ttltimeexpire; + rrsig.originalttl = 1000; + + dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, true); + assert_int_equal(rdataset.ttl, 800); + assert_int_equal(sigrdataset.ttl, 800); + + rdataset.ttl = 900; + sigrdataset.ttl = 1000; + rrsig.timeexpire = ttltimenow - 200; + rrsig.originalttl = 1000; + + dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, true); + assert_int_equal(rdataset.ttl, 120); + assert_int_equal(sigrdataset.ttl, 120); + + rdataset.ttl = 900; + sigrdataset.ttl = 1000; + rrsig.timeexpire = ttltimenow - 200; + rrsig.originalttl = 1000; + + dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, + false); + assert_int_equal(rdataset.ttl, 0); + assert_int_equal(sigrdataset.ttl, 0); + + sigrdataset.ttl = 900; + rdataset.ttl = 1000; + rrsig.timeexpire = ttltimeexpire; + rrsig.originalttl = 1000; + + dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, true); + assert_int_equal(rdataset.ttl, 800); + assert_int_equal(sigrdataset.ttl, 800); + + sigrdataset.ttl = 900; + rdataset.ttl = 1000; + rrsig.timeexpire = ttltimenow - 200; + rrsig.originalttl = 1000; + + dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, true); + assert_int_equal(rdataset.ttl, 120); + assert_int_equal(sigrdataset.ttl, 120); + + sigrdataset.ttl = 900; + rdataset.ttl = 1000; + rrsig.timeexpire = ttltimenow - 200; + rrsig.originalttl = 1000; + + dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, + false); + assert_int_equal(rdataset.ttl, 0); + assert_int_equal(sigrdataset.ttl, 0); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(trimttl, _setup, _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/rdatasetstats_test.c b/lib/dns/tests/rdatasetstats_test.c new file mode 100644 index 0000000..20b333d --- /dev/null +++ b/lib/dns/tests/rdatasetstats_test.c @@ -0,0 +1,312 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/print.h> +#include <isc/util.h> + +#include <dns/stats.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static void +set_typestats(dns_stats_t *stats, dns_rdatatype_t type) { + dns_rdatastatstype_t which; + unsigned int attributes; + + attributes = 0; + which = DNS_RDATASTATSTYPE_VALUE(type, attributes); + dns_rdatasetstats_increment(stats, which); + + attributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET; + which = DNS_RDATASTATSTYPE_VALUE(type, attributes); + dns_rdatasetstats_increment(stats, which); +} + +static void +set_nxdomainstats(dns_stats_t *stats) { + dns_rdatastatstype_t which; + unsigned int attributes; + + attributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN; + which = DNS_RDATASTATSTYPE_VALUE(0, attributes); + dns_rdatasetstats_increment(stats, which); +} + +static void +mark_stale(dns_stats_t *stats, dns_rdatatype_t type, int from, int to) { + dns_rdatastatstype_t which; + unsigned int attributes; + + attributes = from; + which = DNS_RDATASTATSTYPE_VALUE(type, attributes); + dns_rdatasetstats_decrement(stats, which); + + attributes |= to; + which = DNS_RDATASTATSTYPE_VALUE(type, attributes); + dns_rdatasetstats_increment(stats, which); + + attributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET | from; + which = DNS_RDATASTATSTYPE_VALUE(type, attributes); + dns_rdatasetstats_decrement(stats, which); + + attributes |= to; + which = DNS_RDATASTATSTYPE_VALUE(type, attributes); + dns_rdatasetstats_increment(stats, which); +} + +static void +mark_nxdomain_stale(dns_stats_t *stats, int from, int to) { + dns_rdatastatstype_t which; + unsigned int attributes; + + attributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN | from; + which = DNS_RDATASTATSTYPE_VALUE(0, attributes); + dns_rdatasetstats_decrement(stats, which); + + attributes |= to; + which = DNS_RDATASTATSTYPE_VALUE(0, attributes); + dns_rdatasetstats_increment(stats, which); +} + +#define ATTRIBUTE_SET(y) ((attributes & (y)) != 0) +static void +verify_active_counters(dns_rdatastatstype_t which, uint64_t value, void *arg) { + unsigned int attributes; +#if debug + unsigned int type; +#endif /* if debug */ + + UNUSED(which); + UNUSED(arg); + + attributes = DNS_RDATASTATSTYPE_ATTR(which); +#if debug + type = DNS_RDATASTATSTYPE_BASE(which); + + fprintf(stderr, "%s%s%s%s%s/%u, %u\n", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) ? "O" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXRRSET) ? "!" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_ANCIENT) ? "~" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_STALE) ? "#" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) ? "X" : " ", + type, (unsigned)value); +#endif /* if debug */ + if ((attributes & DNS_RDATASTATSTYPE_ATTR_ANCIENT) == 0 && + (attributes & DNS_RDATASTATSTYPE_ATTR_STALE) == 0) + { + assert_int_equal(value, 1); + } else { + assert_int_equal(value, 0); + } +} + +static void +verify_stale_counters(dns_rdatastatstype_t which, uint64_t value, void *arg) { + unsigned int attributes; +#if debug + unsigned int type; +#endif /* if debug */ + + UNUSED(which); + UNUSED(arg); + + attributes = DNS_RDATASTATSTYPE_ATTR(which); +#if debug + type = DNS_RDATASTATSTYPE_BASE(which); + + fprintf(stderr, "%s%s%s%s%s/%u, %u\n", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) ? "O" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXRRSET) ? "!" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_ANCIENT) ? "~" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_STALE) ? "#" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) ? "X" : " ", + type, (unsigned)value); +#endif /* if debug */ + if ((attributes & DNS_RDATASTATSTYPE_ATTR_STALE) != 0) { + assert_int_equal(value, 1); + } else { + assert_int_equal(value, 0); + } +} + +static void +verify_ancient_counters(dns_rdatastatstype_t which, uint64_t value, void *arg) { + unsigned int attributes; +#if debug + unsigned int type; +#endif /* if debug */ + + UNUSED(which); + UNUSED(arg); + + attributes = DNS_RDATASTATSTYPE_ATTR(which); +#if debug + type = DNS_RDATASTATSTYPE_BASE(which); + + fprintf(stderr, "%s%s%s%s%s/%u, %u\n", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) ? "O" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXRRSET) ? "!" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_ANCIENT) ? "~" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_STALE) ? "#" : " ", + ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) ? "X" : " ", + type, (unsigned)value); +#endif /* if debug */ + if ((attributes & DNS_RDATASTATSTYPE_ATTR_ANCIENT) != 0) { + assert_int_equal(value, 1); + } else { + assert_int_equal(value, 0); + } +} +/* + * Individual unit tests + */ + +/* + * Test that rdatasetstats counters are properly set when moving from + * active -> stale -> ancient. + */ +static void +rdatasetstats(void **state, bool servestale) { + unsigned int i; + unsigned int from = 0; + dns_stats_t *stats = NULL; + isc_result_t result; + + UNUSED(state); + + result = dns_rdatasetstats_create(dt_mctx, &stats); + assert_int_equal(result, ISC_R_SUCCESS); + + /* First 255 types. */ + for (i = 1; i <= 255; i++) { + set_typestats(stats, (dns_rdatatype_t)i); + } + /* Specials */ + set_typestats(stats, (dns_rdatatype_t)1000); + set_nxdomainstats(stats); + + /* Check that all active counters are set to appropriately. */ + dns_rdatasetstats_dump(stats, verify_active_counters, NULL, 1); + + if (servestale) { + /* Mark stale */ + for (i = 1; i <= 255; i++) { + mark_stale(stats, (dns_rdatatype_t)i, 0, + DNS_RDATASTATSTYPE_ATTR_STALE); + } + mark_stale(stats, (dns_rdatatype_t)1000, 0, + DNS_RDATASTATSTYPE_ATTR_STALE); + mark_nxdomain_stale(stats, 0, DNS_RDATASTATSTYPE_ATTR_STALE); + + /* Check that all counters are set to appropriately. */ + dns_rdatasetstats_dump(stats, verify_stale_counters, NULL, 1); + + /* Set correct staleness state */ + from = DNS_RDATASTATSTYPE_ATTR_STALE; + } + + /* Mark ancient */ + for (i = 1; i <= 255; i++) { + mark_stale(stats, (dns_rdatatype_t)i, from, + DNS_RDATASTATSTYPE_ATTR_ANCIENT); + } + mark_stale(stats, (dns_rdatatype_t)1000, from, + DNS_RDATASTATSTYPE_ATTR_ANCIENT); + mark_nxdomain_stale(stats, from, DNS_RDATASTATSTYPE_ATTR_ANCIENT); + + /* + * Check that all counters are set to appropriately. + */ + dns_rdatasetstats_dump(stats, verify_ancient_counters, NULL, 1); + + dns_stats_detach(&stats); +} + +/* + * Test that rdatasetstats counters are properly set when moving from + * active -> stale -> ancient. + */ +static void +test_rdatasetstats_active_stale_ancient(void **state) { + rdatasetstats(state, true); +} + +/* + * Test that rdatasetstats counters are properly set when moving from + * active -> ancient. + */ +static void +test_rdatasetstats_active_ancient(void **state) { + rdatasetstats(state, false); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown( + test_rdatasetstats_active_stale_ancient, _setup, + _teardown), + cmocka_unit_test_setup_teardown( + test_rdatasetstats_active_ancient, _setup, _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/resolver_test.c b/lib/dns/tests/resolver_test.c new file mode 100644 index 0000000..ed89d01 --- /dev/null +++ b/lib/dns/tests/resolver_test.c @@ -0,0 +1,228 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/app.h> +#include <isc/buffer.h> +#include <isc/print.h> +#include <isc/socket.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <dns/dispatch.h> +#include <dns/name.h> +#include <dns/resolver.h> +#include <dns/view.h> + +#include "dnstest.h" + +static dns_dispatchmgr_t *dispatchmgr = NULL; +static dns_dispatch_t *dispatch = NULL; +static dns_view_t *view = NULL; + +static int +_setup(void **state) { + isc_result_t result; + isc_sockaddr_t local; + + UNUSED(state); + + result = dns_test_begin(NULL, true); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_dispatchmgr_create(dt_mctx, &dispatchmgr); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_test_makeview("view", &view); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_sockaddr_any(&local); + result = dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, &local, + 4096, 100, 100, 100, 500, 0, 0, &dispatch); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_dispatch_detach(&dispatch); + dns_view_detach(&view); + dns_dispatchmgr_destroy(&dispatchmgr); + dns_test_end(); + + return (0); +} + +static void +mkres(dns_resolver_t **resolverp) { + isc_result_t result; + + result = dns_resolver_create(view, taskmgr, 1, 1, socketmgr, timermgr, + 0, dispatchmgr, dispatch, NULL, resolverp); + assert_int_equal(result, ISC_R_SUCCESS); +} + +static void +destroy_resolver(dns_resolver_t **resolverp) { + dns_resolver_shutdown(*resolverp); + dns_resolver_detach(resolverp); +} + +/* dns_resolver_create */ +static void +create_test(void **state) { + dns_resolver_t *resolver = NULL; + + UNUSED(state); + + mkres(&resolver); + destroy_resolver(&resolver); +} + +/* dns_resolver_gettimeout */ +static void +gettimeout_test(void **state) { + dns_resolver_t *resolver = NULL; + unsigned int timeout; + + UNUSED(state); + + mkres(&resolver); + + timeout = dns_resolver_gettimeout(resolver); + assert_true(timeout > 0); + + destroy_resolver(&resolver); +} + +/* dns_resolver_settimeout */ +static void +settimeout_test(void **state) { + dns_resolver_t *resolver = NULL; + unsigned int default_timeout, timeout; + + UNUSED(state); + + mkres(&resolver); + + default_timeout = dns_resolver_gettimeout(resolver); + dns_resolver_settimeout(resolver, default_timeout + 1); + timeout = dns_resolver_gettimeout(resolver); + assert_true(timeout == default_timeout + 1); + + destroy_resolver(&resolver); +} + +/* dns_resolver_settimeout */ +static void +settimeout_default_test(void **state) { + dns_resolver_t *resolver = NULL; + unsigned int default_timeout, timeout; + + UNUSED(state); + + mkres(&resolver); + + default_timeout = dns_resolver_gettimeout(resolver); + dns_resolver_settimeout(resolver, default_timeout + 100); + + timeout = dns_resolver_gettimeout(resolver); + assert_int_equal(timeout, default_timeout + 100); + + dns_resolver_settimeout(resolver, 0); + timeout = dns_resolver_gettimeout(resolver); + assert_int_equal(timeout, default_timeout); + + destroy_resolver(&resolver); +} + +/* dns_resolver_settimeout below minimum */ +static void +settimeout_belowmin_test(void **state) { + dns_resolver_t *resolver = NULL; + unsigned int default_timeout, timeout; + + UNUSED(state); + + mkres(&resolver); + + default_timeout = dns_resolver_gettimeout(resolver); + dns_resolver_settimeout(resolver, 9000); + + timeout = dns_resolver_gettimeout(resolver); + assert_int_equal(timeout, default_timeout); + + destroy_resolver(&resolver); +} + +/* dns_resolver_settimeout over maximum */ +static void +settimeout_overmax_test(void **state) { + dns_resolver_t *resolver = NULL; + unsigned int timeout; + + UNUSED(state); + + mkres(&resolver); + + dns_resolver_settimeout(resolver, 4000000); + timeout = dns_resolver_gettimeout(resolver); + assert_in_range(timeout, 0, 3999999); + destroy_resolver(&resolver); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(create_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(gettimeout_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(settimeout_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(settimeout_default_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(settimeout_belowmin_test, + _setup, _teardown), + cmocka_unit_test_setup_teardown(settimeout_overmax_test, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/result_test.c b/lib/dns/tests/result_test.c new file mode 100644 index 0000000..3a05c71 --- /dev/null +++ b/lib/dns/tests/result_test.c @@ -0,0 +1,133 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/result.h> +#include <isc/util.h> + +#include <dns/lib.h> +#include <dns/result.h> + +#include <dst/result.h> + +/* + * Check ids array is populated. + */ +static void +ids(void **state) { + const char *str; + isc_result_t result; + + UNUSED(state); + + dns_result_register(); + dst_result_register(); + + for (result = ISC_RESULTCLASS_DNS; + result < (ISC_RESULTCLASS_DNS + DNS_R_NRESULTS); result++) + { + str = isc_result_toid(result); + assert_non_null(str); + assert_string_not_equal(str, "(result code text not " + "available)"); + + str = isc_result_totext(result); + assert_non_null(str); + assert_string_not_equal(str, "(result code text not " + "available)"); + } + + str = isc_result_toid(result); + assert_non_null(str); + assert_string_equal(str, "(result code text not available)"); + + str = isc_result_totext(result); + assert_non_null(str); + assert_string_equal(str, "(result code text not available)"); + + for (result = ISC_RESULTCLASS_DST; + result < (ISC_RESULTCLASS_DST + DST_R_NRESULTS); result++) + { + str = isc_result_toid(result); + assert_non_null(str); + assert_string_not_equal(str, "(result code text not " + "available)"); + + str = isc_result_totext(result); + assert_non_null(str); + assert_string_not_equal(str, "(result code text not " + "available)"); + } + + str = isc_result_toid(result); + assert_non_null(str); + assert_string_equal(str, "(result code text not available)"); + + str = isc_result_totext(result); + assert_non_null(str); + assert_string_equal(str, "(result code text not available)"); + + for (result = ISC_RESULTCLASS_DNSRCODE; + result < (ISC_RESULTCLASS_DNSRCODE + DNS_R_NRCODERESULTS); + result++) + { + str = isc_result_toid(result); + assert_non_null(str); + assert_string_not_equal(str, "(result code text not " + "available)"); + + str = isc_result_totext(result); + assert_non_null(str); + assert_string_not_equal(str, "(result code text not " + "available)"); + } + + str = isc_result_toid(result); + assert_non_null(str); + assert_string_equal(str, "(result code text not available)"); + + str = isc_result_totext(result); + assert_non_null(str); + assert_string_equal(str, "(result code text not available)"); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test(ids), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c new file mode 100644 index 0000000..7d8897b --- /dev/null +++ b/lib/dns/tests/rsa_test.c @@ -0,0 +1,242 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/print.h> +#include <isc/util.h> + +#include <pk11/site.h> + +#include "../dst_internal.h" +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static unsigned char d[10] = { 0xa, 0x10, 0xbb, 0, 0xfe, + 0x15, 0x1, 0x88, 0xcc, 0x7d }; + +static unsigned char sigsha1[256] = { + 0x45, 0x55, 0xd6, 0xf8, 0x05, 0xd2, 0x2e, 0x79, 0x14, 0x2b, 0x1b, 0xd1, + 0x4b, 0xb7, 0xcd, 0xc0, 0xa2, 0xf3, 0x85, 0x32, 0x1f, 0xa3, 0xfd, 0x1f, + 0x30, 0xe0, 0xde, 0xb2, 0x6f, 0x3c, 0x8e, 0x2b, 0x82, 0x92, 0xcd, 0x1c, + 0x1b, 0xdf, 0xe6, 0xd5, 0x4d, 0x93, 0xe6, 0xaa, 0x40, 0x28, 0x1b, 0x7b, + 0x2e, 0x40, 0x4d, 0xb5, 0x4d, 0x43, 0xe8, 0xfc, 0x93, 0x86, 0x68, 0xe3, + 0xbf, 0x73, 0x9a, 0x1e, 0x6b, 0x5d, 0x52, 0xb8, 0x98, 0x1c, 0x94, 0xe1, + 0x85, 0x8b, 0xee, 0xb1, 0x4f, 0x22, 0x71, 0xcb, 0xfd, 0xb2, 0xa8, 0x88, + 0x64, 0xb4, 0xb1, 0x4a, 0xa1, 0x7a, 0xce, 0x52, 0x83, 0xd8, 0xf2, 0x9e, + 0x67, 0x4c, 0xc3, 0x37, 0x74, 0xfe, 0xe0, 0x25, 0x2a, 0xfd, 0xa3, 0x09, + 0xff, 0x8a, 0x92, 0x0d, 0xa9, 0xb3, 0x90, 0x23, 0xbe, 0x6a, 0x2c, 0x9e, + 0x5c, 0x6d, 0xb4, 0xa7, 0xd7, 0x97, 0xdd, 0xc6, 0xb8, 0xae, 0xd4, 0x88, + 0x64, 0x63, 0x1e, 0x85, 0x20, 0x09, 0xea, 0xc4, 0x0b, 0xca, 0xbf, 0x83, + 0x5c, 0x89, 0xae, 0x64, 0x15, 0x76, 0x06, 0x51, 0xb6, 0xa1, 0x99, 0xb2, + 0x3c, 0x50, 0x99, 0x86, 0x7d, 0xc7, 0xca, 0x4e, 0x1d, 0x2c, 0x17, 0xbb, + 0x6c, 0x7a, 0xc9, 0x3f, 0x5e, 0x28, 0x57, 0x2c, 0xda, 0x01, 0x1d, 0xe8, + 0x01, 0xf8, 0xf6, 0x37, 0xe1, 0x34, 0x56, 0xae, 0x6e, 0xb1, 0xd4, 0xa2, + 0xc4, 0x02, 0xc1, 0xca, 0x96, 0xb0, 0x06, 0x72, 0x2a, 0x27, 0xaa, 0xc8, + 0xd5, 0x50, 0x81, 0x49, 0x46, 0x33, 0xf8, 0xf7, 0x6b, 0xf4, 0x9c, 0x30, + 0x90, 0x50, 0xf6, 0x16, 0x76, 0x9d, 0xc6, 0x73, 0xb5, 0xbc, 0x8a, 0xb6, + 0x1d, 0x98, 0xcb, 0xce, 0x36, 0x6f, 0x60, 0xec, 0x96, 0x49, 0x08, 0x85, + 0x5b, 0xc1, 0x8e, 0xb0, 0xea, 0x9e, 0x1f, 0xd6, 0x27, 0x7f, 0xb6, 0xe0, + 0x04, 0x12, 0xd2, 0x81 +}; + +static unsigned char sigsha256[256] = { + 0x83, 0x53, 0x15, 0xfc, 0xca, 0xdb, 0xf6, 0x0d, 0x53, 0x24, 0x5b, 0x5a, + 0x8e, 0xd0, 0xbe, 0x5e, 0xbc, 0xe8, 0x9e, 0x92, 0x3c, 0xfa, 0x93, 0x03, + 0xce, 0x2f, 0xc7, 0x6d, 0xd0, 0xbb, 0x9d, 0x06, 0x83, 0xc6, 0xd3, 0xc0, + 0xc1, 0x57, 0x9c, 0x82, 0x17, 0x7f, 0xb5, 0xf8, 0x31, 0x18, 0xda, 0x46, + 0x05, 0x2c, 0xf8, 0xea, 0xaa, 0xcd, 0x99, 0x18, 0xff, 0x23, 0x5e, 0xef, + 0xf0, 0x87, 0x47, 0x6e, 0x91, 0xfd, 0x19, 0x0b, 0x39, 0x19, 0x6a, 0xc8, + 0xdf, 0x71, 0x66, 0x8e, 0xa9, 0xa0, 0x79, 0x5c, 0x2c, 0x52, 0x00, 0x61, + 0x17, 0x86, 0x66, 0x03, 0x52, 0xad, 0xec, 0x06, 0x53, 0xd9, 0x6d, 0xe3, + 0xe3, 0xea, 0x28, 0x15, 0xb3, 0x75, 0xf4, 0x61, 0x7d, 0xed, 0x69, 0x2c, + 0x24, 0xf3, 0x21, 0xb1, 0x8a, 0xea, 0x60, 0xa2, 0x9e, 0x6a, 0xa6, 0x53, + 0x12, 0xf6, 0x5c, 0xef, 0xd7, 0x49, 0x4a, 0x02, 0xe7, 0xf8, 0x64, 0x89, + 0x13, 0xac, 0xd5, 0x1e, 0x58, 0xff, 0xa1, 0x63, 0xdd, 0xa0, 0x1f, 0x44, + 0x99, 0x6a, 0x59, 0x7f, 0x35, 0xbd, 0xf1, 0xf3, 0x7a, 0x28, 0x44, 0xe3, + 0x4c, 0x68, 0xb1, 0xb3, 0x97, 0x3c, 0x46, 0xe3, 0xc2, 0x12, 0x9e, 0x68, + 0x0b, 0xa6, 0x6c, 0x8f, 0x58, 0x48, 0x44, 0xa4, 0xf7, 0xa7, 0xc2, 0x91, + 0x8f, 0xbf, 0x00, 0xd0, 0x01, 0x35, 0xd4, 0x86, 0x6e, 0x1f, 0xea, 0x42, + 0x60, 0xb1, 0x84, 0x27, 0xf4, 0x99, 0x36, 0x06, 0x98, 0x12, 0x83, 0x32, + 0x9f, 0xcd, 0x50, 0x5a, 0x5e, 0xb8, 0x8e, 0xfe, 0x8d, 0x8d, 0x33, 0x2d, + 0x45, 0xe1, 0xc9, 0xdf, 0x2a, 0xd8, 0x38, 0x1d, 0x95, 0xd4, 0x42, 0xee, + 0x93, 0x5b, 0x0f, 0x1e, 0x07, 0x06, 0x3a, 0x92, 0xf1, 0x59, 0x1d, 0x6e, + 0x1c, 0x31, 0xf3, 0xce, 0xa9, 0x1f, 0xad, 0x4d, 0x76, 0x4d, 0x24, 0x98, + 0xe2, 0x0e, 0x8c, 0x35 +}; + +static unsigned char sigsha512[512] = { + 0x4e, 0x2f, 0x63, 0x42, 0xc5, 0xf3, 0x05, 0x4a, 0xa6, 0x3a, 0x93, 0xa0, + 0xd9, 0x33, 0xa0, 0xd1, 0x46, 0x33, 0x42, 0xe8, 0x74, 0xeb, 0x3b, 0x10, + 0x82, 0xd7, 0xcf, 0x39, 0x23, 0xb3, 0xe9, 0x23, 0x53, 0x87, 0x8c, 0xee, + 0x78, 0xcb, 0xb3, 0xd9, 0xd2, 0x6d, 0x1a, 0x7c, 0x01, 0x4f, 0xed, 0x8d, + 0xf2, 0x72, 0xe4, 0x6a, 0x00, 0x8a, 0x60, 0xa6, 0xd5, 0x9c, 0x43, 0x6c, + 0xef, 0x38, 0x0c, 0x74, 0x82, 0x5d, 0x22, 0xaa, 0x87, 0x81, 0x90, 0x9c, + 0x64, 0x07, 0x9b, 0x13, 0x51, 0xe0, 0xa5, 0xc2, 0x83, 0x78, 0x2b, 0x9b, + 0xb3, 0x8a, 0x9d, 0x36, 0x33, 0xbd, 0x0d, 0x53, 0x84, 0xae, 0xe8, 0x13, + 0x36, 0xf6, 0xdf, 0x96, 0xe9, 0xda, 0xc3, 0xd7, 0xa9, 0x2f, 0xf3, 0x5e, + 0x5f, 0x1f, 0x7f, 0x38, 0x7e, 0x8d, 0xbe, 0x90, 0x5e, 0x13, 0xb2, 0x20, + 0xbb, 0x9d, 0xfe, 0xe1, 0x52, 0xce, 0xe6, 0x80, 0xa7, 0x95, 0x24, 0x59, + 0xe3, 0xac, 0x24, 0xc4, 0xfa, 0x1c, 0x44, 0x34, 0x29, 0x8d, 0xb1, 0xd0, + 0xd9, 0x4c, 0xff, 0xc4, 0xdb, 0xca, 0xc4, 0x3f, 0x38, 0xf9, 0xe4, 0xaf, + 0x75, 0x0a, 0x67, 0x4d, 0xa0, 0x2b, 0xb0, 0x83, 0xce, 0x53, 0xc4, 0xb9, + 0x2e, 0x61, 0xb6, 0x64, 0xe5, 0xb5, 0xe5, 0xac, 0x9d, 0x51, 0xec, 0x58, + 0x42, 0x90, 0x78, 0xf6, 0x46, 0x96, 0xef, 0xb6, 0x97, 0xb7, 0x54, 0x28, + 0x1a, 0x4c, 0x29, 0xf4, 0x7a, 0x33, 0xc6, 0x07, 0xfd, 0xec, 0x97, 0x36, + 0x1d, 0x42, 0x88, 0x94, 0x27, 0xc2, 0xa3, 0xe1, 0xd4, 0x87, 0xa1, 0x8a, + 0x2b, 0xff, 0x47, 0x60, 0xfe, 0x1f, 0xaf, 0xc2, 0xeb, 0x17, 0xdd, 0x56, + 0xc5, 0x94, 0x5c, 0xcb, 0x23, 0xe5, 0x49, 0x4d, 0x99, 0x06, 0x02, 0x5a, + 0xfc, 0xfc, 0xdc, 0xee, 0x49, 0xbc, 0x47, 0x60, 0xff, 0x6a, 0x63, 0x8b, + 0xe1, 0x2e, 0xa3, 0xa7 +}; + +/* RSA verify */ +static void +isc_rsa_verify_test(void **state) { + isc_result_t ret; + dns_fixedname_t fname; + isc_buffer_t buf; + dns_name_t *name; + dst_key_t *key = NULL; + dst_context_t *ctx = NULL; + isc_region_t r; + + UNUSED(state); + + name = dns_fixedname_initname(&fname); + isc_buffer_constinit(&buf, "rsa.", 4); + isc_buffer_add(&buf, 4); + ret = dns_name_fromtext(name, &buf, NULL, 0, NULL); + assert_int_equal(ret, ISC_R_SUCCESS); + + ret = dst_key_fromfile(name, 29238, DST_ALG_RSASHA256, DST_TYPE_PUBLIC, + "./", dt_mctx, &key); + assert_int_equal(ret, ISC_R_SUCCESS); + + /* RSASHA1 - May not be supported by the OS */ + if (dst_algorithm_supported(DST_ALG_RSASHA1)) { + key->key_alg = DST_ALG_RSASHA1; + + ret = dst_context_create(key, dt_mctx, DNS_LOGCATEGORY_DNSSEC, + false, 0, &ctx); + assert_int_equal(ret, ISC_R_SUCCESS); + + r.base = d; + r.length = 10; + ret = dst_context_adddata(ctx, &r); + assert_int_equal(ret, ISC_R_SUCCESS); + + r.base = sigsha1; + r.length = 256; + ret = dst_context_verify(ctx, &r); + assert_int_equal(ret, ISC_R_SUCCESS); + + dst_context_destroy(&ctx); + } + + /* RSASHA256 */ + + key->key_alg = DST_ALG_RSASHA256; + + ret = dst_context_create(key, dt_mctx, DNS_LOGCATEGORY_DNSSEC, false, 0, + &ctx); + assert_int_equal(ret, ISC_R_SUCCESS); + + r.base = d; + r.length = 10; + ret = dst_context_adddata(ctx, &r); + assert_int_equal(ret, ISC_R_SUCCESS); + + r.base = sigsha256; + r.length = 256; + ret = dst_context_verify(ctx, &r); + assert_int_equal(ret, ISC_R_SUCCESS); + + dst_context_destroy(&ctx); + + /* RSASHA512 */ + + key->key_alg = DST_ALG_RSASHA512; + + ret = dst_context_create(key, dt_mctx, DNS_LOGCATEGORY_DNSSEC, false, 0, + &ctx); + assert_int_equal(ret, ISC_R_SUCCESS); + + r.base = d; + r.length = 10; + ret = dst_context_adddata(ctx, &r); + assert_int_equal(ret, ISC_R_SUCCESS); + + r.base = sigsha512; + r.length = 256; + ret = dst_context_verify(ctx, &r); + assert_int_equal(ret, ISC_R_SUCCESS); + + dst_context_destroy(&ctx); + + dst_key_free(&key); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(isc_rsa_verify_test, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* HAVE_CMOCKA */ diff --git a/lib/dns/tests/sigs_test.c b/lib/dns/tests/sigs_test.c new file mode 100644 index 0000000..8e438cb --- /dev/null +++ b/lib/dns/tests/sigs_test.c @@ -0,0 +1,462 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/buffer.h> +#include <isc/list.h> +#include <isc/region.h> +#include <isc/result.h> +#include <isc/stdtime.h> +#include <isc/types.h> +#include <isc/util.h> + +#include <dns/db.h> +#include <dns/diff.h> +#include <dns/dnssec.h> +#include <dns/fixedname.h> +#include <dns/name.h> +#include <dns/rdata.h> +#include <dns/rdatastruct.h> +#include <dns/rdatatype.h> +#include <dns/result.h> +#include <dns/types.h> +#include <dns/zone.h> + +#include <dst/dst.h> + +#include "../zone_p.h" +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/*% + * Structure characterizing a single diff tuple in the dns_diff_t structure + * prepared by dns__zone_updatesigs(). + */ +typedef struct { + dns_diffop_t op; + const char *owner; + dns_ttl_t ttl; + const char *type; +} zonediff_t; + +#define ZONEDIFF_SENTINEL \ + { \ + 0, NULL, 0, NULL \ + } + +/*% + * Structure defining a dns__zone_updatesigs() test. + */ +typedef struct { + const char *description; /* test description */ + const zonechange_t *changes; /* array of "raw" zone changes */ + const zonediff_t *zonediff; /* array of "processed" zone changes + * */ +} updatesigs_test_params_t; + +/*% + * Check whether the 'found' tuple matches the 'expected' tuple. 'found' is + * the 'index'th tuple output by dns__zone_updatesigs() in test 'test'. + */ +static void +compare_tuples(const zonediff_t *expected, dns_difftuple_t *found, + size_t index) { + char found_covers[DNS_RDATATYPE_FORMATSIZE] = {}; + char found_type[DNS_RDATATYPE_FORMATSIZE] = {}; + char found_name[DNS_NAME_FORMATSIZE]; + isc_consttextregion_t typeregion; + dns_fixedname_t expected_fname; + dns_rdatatype_t expected_type; + dns_name_t *expected_name; + dns_rdata_rrsig_t rrsig; + isc_buffer_t typebuf; + isc_result_t result; + + REQUIRE(expected != NULL); + REQUIRE(found != NULL); + REQUIRE(index > 0); + + /* + * Check operation. + */ + assert_int_equal(expected->op, found->op); + + /* + * Check owner name. + */ + expected_name = dns_fixedname_initname(&expected_fname); + result = dns_name_fromstring(expected_name, expected->owner, 0, + dt_mctx); + assert_int_equal(result, ISC_R_SUCCESS); + dns_name_format(&found->name, found_name, sizeof(found_name)); + assert_true(dns_name_equal(expected_name, &found->name)); + + /* + * Check TTL. + */ + assert_int_equal(expected->ttl, found->ttl); + + /* + * Parse expected RR type. + */ + typeregion.base = expected->type; + typeregion.length = strlen(expected->type); + result = dns_rdatatype_fromtext(&expected_type, + (isc_textregion_t *)&typeregion); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Format found RR type for reporting purposes. + */ + isc_buffer_init(&typebuf, found_type, sizeof(found_type)); + result = dns_rdatatype_totext(found->rdata.type, &typebuf); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Check RR type. + */ + switch (expected->op) { + case DNS_DIFFOP_ADDRESIGN: + case DNS_DIFFOP_DELRESIGN: + /* + * Found tuple must be of type RRSIG. + */ + assert_int_equal(found->rdata.type, dns_rdatatype_rrsig); + if (found->rdata.type != dns_rdatatype_rrsig) { + break; + } + /* + * The signature must cover an RRset of type 'expected->type'. + */ + result = dns_rdata_tostruct(&found->rdata, &rrsig, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + isc_buffer_init(&typebuf, found_covers, sizeof(found_covers)); + result = dns_rdatatype_totext(rrsig.covered, &typebuf); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(expected_type, rrsig.covered); + break; + default: + /* + * Found tuple must be of type 'expected->type'. + */ + assert_int_equal(expected_type, found->rdata.type); + break; + } +} + +/*% + * Perform a single dns__zone_updatesigs() test defined in 'test'. All other + * arguments are expected to remain constant between subsequent invocations of + * this function. + */ +static void +updatesigs_test(const updatesigs_test_params_t *test, dns_zone_t *zone, + dns_db_t *db, dst_key_t *zone_keys[], unsigned int nkeys, + isc_stdtime_t now) { + size_t tuples_expected, tuples_found, index; + dns_dbversion_t *version = NULL; + dns_diff_t raw_diff, zone_diff; + const zonediff_t *expected; + dns_difftuple_t *found; + isc_result_t result; + + dns__zonediff_t zonediff = { + .diff = &zone_diff, + .offline = false, + }; + + REQUIRE(test != NULL); + REQUIRE(test->description != NULL); + REQUIRE(test->changes != NULL); + REQUIRE(zone != NULL); + REQUIRE(db != NULL); + REQUIRE(zone_keys != NULL); + + /* + * Create a new version of the zone's database. + */ + result = dns_db_newversion(db, &version); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Create a diff representing the supplied changes. + */ + result = dns_test_difffromchanges(&raw_diff, test->changes, false); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Apply the "raw" diff to the new version of the zone's database as + * this is what dns__zone_updatesigs() expects to happen before it is + * called. + */ + dns_diff_apply(&raw_diff, db, version); + + /* + * Initialize the structure dns__zone_updatesigs() will modify. + */ + dns_diff_init(dt_mctx, &zone_diff); + + /* + * Check whether dns__zone_updatesigs() behaves as expected. + */ + result = dns__zone_updatesigs(&raw_diff, db, version, zone_keys, nkeys, + zone, now - 3600, now + 3600, 0, now, + true, false, &zonediff); + assert_int_equal(result, ISC_R_SUCCESS); + assert_true(ISC_LIST_EMPTY(raw_diff.tuples)); + assert_false(ISC_LIST_EMPTY(zone_diff.tuples)); + + /* + * Ensure that the number of tuples in the zone diff is as expected. + */ + + tuples_expected = 0; + for (expected = test->zonediff; expected->owner != NULL; expected++) { + tuples_expected++; + } + + tuples_found = 0; + for (found = ISC_LIST_HEAD(zone_diff.tuples); found != NULL; + found = ISC_LIST_NEXT(found, link)) + { + tuples_found++; + } + + assert_int_equal(tuples_expected, tuples_found); + + /* + * Ensure that every tuple in the zone diff matches expectations. + */ + expected = test->zonediff; + index = 1; + for (found = ISC_LIST_HEAD(zone_diff.tuples); found != NULL; + found = ISC_LIST_NEXT(found, link)) + { + compare_tuples(expected, found, index); + expected++; + index++; + } + + /* + * Apply changes to zone database contents and clean up. + */ + dns_db_closeversion(db, &version, true); + dns_diff_clear(&zone_diff); + dns_diff_clear(&raw_diff); +} + +/* dns__zone_updatesigs() tests */ +static void +updatesigs_next_test(void **state) { + dst_key_t *zone_keys[DNS_MAXZONEKEYS]; + dns_zone_t *zone = NULL; + dns_db_t *db = NULL; + isc_result_t result; + unsigned int nkeys; + isc_stdtime_t now; + size_t i; + + UNUSED(state); + + /* + * Prepare a zone along with its signing keys. + */ + + result = dns_test_makezone("example", &zone, NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_test_loaddb(&db, dns_dbtype_zone, "example", + "testdata/master/master18.data"); + assert_int_equal(result, DNS_R_SEENINCLUDE); + + result = dns_zone_setkeydirectory(zone, "testkeys"); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_stdtime_get(&now); + result = dns__zone_findkeys(zone, db, NULL, now, dt_mctx, + DNS_MAXZONEKEYS, zone_keys, &nkeys); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(nkeys, 2); + + /* + * Define the tests to be run. Note that changes to zone database + * contents introduced by each test are preserved between tests. + */ + + const zonechange_t changes_add[] = { + { DNS_DIFFOP_ADD, "foo.example", 300, "TXT", "foo" }, + { DNS_DIFFOP_ADD, "bar.example", 600, "TXT", "bar" }, + ZONECHANGE_SENTINEL, + }; + const zonediff_t zonediff_add[] = { + { DNS_DIFFOP_ADDRESIGN, "foo.example", 300, "TXT" }, + { DNS_DIFFOP_ADD, "foo.example", 300, "TXT" }, + { DNS_DIFFOP_ADDRESIGN, "bar.example", 600, "TXT" }, + { DNS_DIFFOP_ADD, "bar.example", 600, "TXT" }, + ZONEDIFF_SENTINEL, + }; + const updatesigs_test_params_t test_add = { + .description = "add new RRsets", + .changes = changes_add, + .zonediff = zonediff_add, + }; + + const zonechange_t changes_append[] = { + { DNS_DIFFOP_ADD, "foo.example", 300, "TXT", "foo1" }, + { DNS_DIFFOP_ADD, "foo.example", 300, "TXT", "foo2" }, + ZONECHANGE_SENTINEL, + }; + const zonediff_t zonediff_append[] = { + { DNS_DIFFOP_DELRESIGN, "foo.example", 300, "TXT" }, + { DNS_DIFFOP_ADDRESIGN, "foo.example", 300, "TXT" }, + { DNS_DIFFOP_ADD, "foo.example", 300, "TXT" }, + { DNS_DIFFOP_ADD, "foo.example", 300, "TXT" }, + ZONEDIFF_SENTINEL, + }; + const updatesigs_test_params_t test_append = { + .description = "append multiple RRs to an existing RRset", + .changes = changes_append, + .zonediff = zonediff_append, + }; + + const zonechange_t changes_replace[] = { + { DNS_DIFFOP_DEL, "bar.example", 600, "TXT", "bar" }, + { DNS_DIFFOP_ADD, "bar.example", 600, "TXT", "rab" }, + ZONECHANGE_SENTINEL, + }; + const zonediff_t zonediff_replace[] = { + { DNS_DIFFOP_DELRESIGN, "bar.example", 600, "TXT" }, + { DNS_DIFFOP_ADDRESIGN, "bar.example", 600, "TXT" }, + { DNS_DIFFOP_DEL, "bar.example", 600, "TXT" }, + { DNS_DIFFOP_ADD, "bar.example", 600, "TXT" }, + ZONEDIFF_SENTINEL, + }; + const updatesigs_test_params_t test_replace = { + .description = "replace an existing RRset", + .changes = changes_replace, + .zonediff = zonediff_replace, + }; + + const zonechange_t changes_delete[] = { + { DNS_DIFFOP_DEL, "bar.example", 600, "TXT", "rab" }, + ZONECHANGE_SENTINEL, + }; + const zonediff_t zonediff_delete[] = { + { DNS_DIFFOP_DELRESIGN, "bar.example", 600, "TXT" }, + { DNS_DIFFOP_DEL, "bar.example", 600, "TXT" }, + ZONEDIFF_SENTINEL, + }; + const updatesigs_test_params_t test_delete = { + .description = "delete an existing RRset", + .changes = changes_delete, + .zonediff = zonediff_delete, + }; + + const zonechange_t changes_mixed[] = { + { DNS_DIFFOP_ADD, "baz.example", 900, "TXT", "baz1" }, + { DNS_DIFFOP_ADD, "baz.example", 900, "A", "127.0.0.1" }, + { DNS_DIFFOP_ADD, "baz.example", 900, "TXT", "baz2" }, + { DNS_DIFFOP_ADD, "baz.example", 900, "AAAA", "::1" }, + ZONECHANGE_SENTINEL, + }; + const zonediff_t zonediff_mixed[] = { + { DNS_DIFFOP_ADDRESIGN, "baz.example", 900, "TXT" }, + { DNS_DIFFOP_ADD, "baz.example", 900, "TXT" }, + { DNS_DIFFOP_ADD, "baz.example", 900, "TXT" }, + { DNS_DIFFOP_ADDRESIGN, "baz.example", 900, "A" }, + { DNS_DIFFOP_ADD, "baz.example", 900, "A" }, + { DNS_DIFFOP_ADDRESIGN, "baz.example", 900, "AAAA" }, + { DNS_DIFFOP_ADD, "baz.example", 900, "AAAA" }, + ZONEDIFF_SENTINEL, + }; + const updatesigs_test_params_t test_mixed = { + .description = "add different RRsets with common owner name", + .changes = changes_mixed, + .zonediff = zonediff_mixed, + }; + + const updatesigs_test_params_t *tests[] = { + &test_add, &test_append, &test_replace, + &test_delete, &test_mixed, + }; + + /* + * Run tests. + */ + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + updatesigs_test(tests[i], zone, db, zone_keys, nkeys, now); + } + + /* + * Clean up. + */ + for (i = 0; i < nkeys; i++) { + dst_key_free(&zone_keys[i]); + } + dns_db_detach(&db); + dns_zone_detach(&zone); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(updatesigs_next_test, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/testdata/db/data.db b/lib/dns/tests/testdata/db/data.db new file mode 100644 index 0000000..67a4fba --- /dev/null +++ b/lib/dns/tests/testdata/db/data.db @@ -0,0 +1,22 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum +a in ns ns.vix.com. +a in ns ns2.vix.com. +a in ns ns3.vix.com. +b in a 1.2.3.4 diff --git a/lib/dns/tests/testdata/dbiterator/zone1.data b/lib/dns/tests/testdata/dbiterator/zone1.data new file mode 100644 index 0000000..c380d39 --- /dev/null +++ b/lib/dns/tests/testdata/dbiterator/zone1.data @@ -0,0 +1,30 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 +@ in soa localhost. postmaster.localhost. ( + 2011080901 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 600 ) ;minimum + in ns ns + in ns ns2 +ns in a 10.0.0.1 +ns2 in a 10.0.0.2 + +a in txt "test" +b in txt "test" +c in txt "test" +d.e.f in txt "test" +e in txt "test" +f.g.h in txt "test" +f.g.i in txt "test" +f.g.j in txt "test" +k in txt "test" diff --git a/lib/dns/tests/testdata/dbiterator/zone2.data b/lib/dns/tests/testdata/dbiterator/zone2.data new file mode 100644 index 0000000..7265c27 --- /dev/null +++ b/lib/dns/tests/testdata/dbiterator/zone2.data @@ -0,0 +1,319 @@ +; File written on Mon Aug 15 16:51:56 2011 +; dnssec_signzone version 9.7.3rc1 +test. 600 IN SOA localhost. postmaster.localhost. ( + 2011080901 ; serial + 3600 ; refresh (1 hour) + 1800 ; retry (30 minutes) + 604800 ; expire (1 week) + 600 ; minimum (10 minutes) + ) + 600 RRSIG SOA 7 1 600 20110914225156 ( + 20110815225156 39833 test. + IoQPcpx+Y2btVBBdM2H/9ppRMjphB1thwrdh + midhKH+MXDAauUIENucugi3zLsc1o2ke8LnQ + v3lCLd/bb5MD1otuS8vOw1GWEFhXOUBZU6wS + QwEIcG4BiSlz7/GvOlRa2znkOmZ3c8bD/J3Y + XUWDI3BEDPgrZqfxEvoMyPEWjO8= ) + 600 NS ns.test. + 600 NS ns2.test. + 600 RRSIG NS 7 1 600 20110914225156 ( + 20110815225156 39833 test. + OgEimhmFIAqlH0hyQy3pTsveBHKyqs9WfO1S + uDPRj3DFgFEAjoY473T8GxG2C+jTVL/UMVcb + BTZ8wIAiUHhqKLcmr0q/1X+kNUs7tNi+6oMn + /jxaOuRL6c8Kf2gl2t4g6JTwQqLQhUHTfQP+ + bEfKUr75VsVfxCQZIHlZ3/AlxZM= ) + 600 DNSKEY 256 3 7 ( + AwEAAc0FzrE7jUiaKIGZpIaFE8E989topAJN + dWIQUQ7BSKabmpBP2M+SXHwIiQ/yC25iqudO + IxjRcK7nHB1VoP84xU2oMj6eeSqQHf/bYaji + Y8IfR7lgrzoDWzq+0rtnKMJc/JM8SMkcoBAS + llvxarDJTZheZjlrCvhpRJC+FAkBsx81 + ) ; key id = 39833 + 600 DNSKEY 257 3 7 ( + AwEAAc55LPDhBLqfDUpjYYbBt+N63CiZtKrD + UDGeFAerbw0MWIUi3PgMr7yGVrj8e5Qjp9UN + zBUax6NdhlYVtFA8CwMTXGBjxgyqUoWpce08 + lswxfE70BpgUA6w5efs0/mYtX9/A76etCaSI + oNH2vfa47BCdCPDfC1uTgyeuNuDvhszHaSiD + 8OY7tLa/voecUlq38sdqi2raf2DvgOm7rdFa + reXOS/WIj7zd4XYrV1JGthxOMVlQ7zdv9rVd + UNUIF2d4hwCZJQr0ejhmvB3m/DuNmNOPYmnv + KTmLSE+IJ6baqYvKOVxwV+SaCnuJEjv+3Yrx + 8WQYD/iS9WBhC9FUit0dy+0= + ) ; key id = 57183 + 600 RRSIG DNSKEY 7 1 600 20110914225156 ( + 20110815225156 39833 test. + xPV+bSGUlbxA5MKBeeRbwUDh3Qc+dm77+OHQ + BHIr1L8/kRP5o5J7MqPA37kea6nhyltYf9xM + RsxyiaBGUUeLyWg/q6hTtkNgAHifOPAhiDz8 + AJDSTdSsq9RVtjdobAD0jyzz9sWnB+TPSOmj + Nlyd7VtPVEuSYljgawwfBBO3Kho= ) + 600 RRSIG DNSKEY 7 1 600 20110914225156 ( + 20110815225156 57183 test. + S3jkC7AvyFc4ShfHt6AWgS4zpx9DzWHBK9gV + 2H23OJzy8H1At/CjKxWVHLJ/io+ygryVnt/I + 47Jyhh9i43TnXj8il475YsweGnXGZSorrcXA + 3IsD2lOuRYnp3yetxe2ZrMGNDqqImE6X4x1a + UJI0cbE2UMZfUt8Rm5USiGzwAEgFD1OXxvMD + UT3flyp+Ote9FConK8gewV4wlJuBFemWT7BZ + lUYnoqfuAeEn2+1pIBS0iA0LNFjNBaEgtcjo + QeweN32yKoApau47Dl/Klw7KFT8+PLZ0QPbt + XAkJU7q94Q5aucDuHCSCTCc+2vZxdEnXKvRY + rfLuG8r/V5Kn+1iYrQ== ) + 0 NSEC3PARAM 1 0 10 - + 0 RRSIG NSEC3PARAM 7 1 0 20110914225156 ( + 20110815225156 39833 test. + kghSSeP8AZiQ/zmxgxAyG0itoUMo5adG5pxD + p8T3ZmbxEUSyG5acxBFkmeY39wVU0Cda8tWc + HHrMbB5e2GN8z6xJ0A4rVyXfKSYJSz+iKWfk + 7sOFRjd8OLYE3di6PwIpk6ORUiRPMFLDQCH0 + Q27hLsSoKyd50orKKI+ncjz7WzU= ) +a.test. 600 IN TXT "test" + 600 RRSIG TXT 7 2 600 20110914225156 ( + 20110815225156 39833 test. + UEVOlnL6CDRNCfk/Xge2oaGYCV1+ewwi5zJ0 + CX4DdwiNEkItL4HgBe8xXfxgFC3qySdsSYPE + 1krdFyIkAclMCwHECd1UwZbGlMTEUGrE1KOB + 8vQY+OhIV9TAhqNwnjbu7s2ZdNUv3wiUPcfk + hCJ4rzP6yeV2inLwZulXnhxb6Pk= ) +b.test. 600 IN TXT "test" + 600 RRSIG TXT 7 2 600 20110914225156 ( + 20110815225156 39833 test. + HcyQlO9io6Rc5e4vVqlRmK5PacOaFQJmdERG + 5Aobpgm1FuCLC7F+IMZ0d1XvBWnsw9iDzV43 + UKzTGqUSmDiSBzs4QzHlacGickIW8EOV4xyJ + +mcJ0FZh4YNbkt6CiX+8SF6IxfCMhRMjpSsK + rWqJMG3LXkI6W9stShzsYAFBOzQ= ) +e.test. 600 IN TXT "test" + 600 RRSIG TXT 7 2 600 20110914225156 ( + 20110815225156 39833 test. + jUn5FGRTL9OcFU7tvfkUnSwY8jA+8JynE0hi + ZJbYXDU5CiWGmR2B3yPHxUCewRqouyVCV8bc + xZsSuBxvcdYKryYDbjsmB83GlSEuxE9J7XZs + 8SxUP8PobLVqzXgEZS/XRU2G+R915ZDP9/iL + z9oYwc9TkeyXbp8J/ZsH88tG980= ) +c.test. 600 IN TXT "test" + 600 RRSIG TXT 7 2 600 20110914225156 ( + 20110815225156 39833 test. + cRxAj45oFDDCd8xQXxD1F0Qq8XeBWAj8EYS3 + 7nFXAgAy8sTczFvYCNGj79o7BALJwM4vc/wx + 6rjsiO/sHgfTMEBDq6lH9Wql72uhwavI2SrL + /h/wBP5q4BXlQ4xp6cLhhdifOWhNTvLP+Fe5 + U6yjvqneiKspze9SiFbcmRDiJds= ) +d.e.f.test. 600 IN TXT "test" + 600 RRSIG TXT 7 4 600 20110914225156 ( + 20110815225156 39833 test. + ENjCzr/P9rJmj5OJLzYwWtHtBg2Uz+qJDucz + I97Pq9F819/c5sxNfT4hgICCw6ZfT4ffbzye + fFJ0JVrh2cYOzu68ozlgek/Uml1UW0pDQVdI + s4zEgp4XK9wXUxtWChSqp5YXMdeHegZFu32i + IMNTbJDudwYSwhr2FyG92ZRi8Y8= ) +f.g.h.test. 600 IN TXT "test" + 600 RRSIG TXT 7 4 600 20110914225156 ( + 20110815225156 39833 test. + HT7iocFsfDjeX6j9RJdE3xfVGkIxhajFHgM/ + T/mJj/al4HKV6Ajia8DhpdfDrgM2m7r+Pgcn + FSIstfebQsuFCnHX/gIalDND/grHKsetQnMP + Y7O4QLsRnTV53fdlqQ4eT+jBW6fzJdGySVN+ + bg6kNJZS8DebjmlKtZz7tXjkP+4= ) +f.g.i.test. 600 IN TXT "test" + 600 RRSIG TXT 7 4 600 20110914225156 ( + 20110815225156 39833 test. + kHJJeNSL1rz4QRYqOzhGMQl1yIdio7l8Lg8H + f0TsvFLa6BudVtwKUm+Kz2QiDn7/Lew8w0KX + vVHxX/Vwl3Ixk54YgMKLNogz2TEvnh/VGiS7 + 8r0oSUrg0CFd+xDfxnLeRqX5NNfMuSJap5WH + Aw7IVeRjXDwJFYnytMEnTrhHHHg= ) +f.g.j.test. 600 IN TXT "test" + 600 RRSIG TXT 7 4 600 20110914225156 ( + 20110815225156 39833 test. + lIEHEhDFhOWK8W/F2xWELU2p/X77S2KTivm9 + sY4k3RPsLNHE7p+lF8p72Lcb79rtltnoVYtE + pTIiaUcmgGwfaI4cwfXbeuEgnuTiLg7Xrefx + 3GT86Q+8gfgbMXUmRA/eouWZhCOaYJN99gYz + urzDMiRLYmILHmLlnvo82SgXeuk= ) +k.test. 600 IN TXT "test" + 600 RRSIG TXT 7 2 600 20110914225156 ( + 20110815225156 39833 test. + wC3zgYWsuLga8Vu3QFu/Ci8SzRbA5bvjSmDj + NzcpjU5cvJBxtgzatCr02AaUC94bI0JzNrEB + nFyWCYw55lyy+bAHU1u05UcQmz0n5yxkvmHX + i8ZjMyQkAvNKodJHaFQqUKKIDuSHD2EziKqg + eNn55YRS11ihkODehUVNl7TnYeA= ) +ns.test. 600 IN A 10.0.0.1 + 600 RRSIG A 7 2 600 20110914225156 ( + 20110815225156 39833 test. + VyK/WlQ6ikXdjF/arGzyAyYhOc8IYNBp4QLW + gtYjvbjIcV5+9JINWmUs61VjJ14nES1sI0xb + 9vQJuiPXTM1awUAnvOKLhaX6fbJaEiR1w6Cf + RT5QKBMxNBKVStqdabHcigY4DUuc1PQk1vCw + yMUJt3nHNVMZk+XAycNHzBeYjik= ) +ns2.test. 600 IN A 10.0.0.2 + 600 RRSIG A 7 2 600 20110914225156 ( + 20110815225156 39833 test. + CX6UlZL+5NQJViKfbe/E3uIJk/wjUzoiHBhY + B6gS8nxZzlRPdTTXyMZoRa4etTZEbrRjnyXk + 1rP47faCUwbh//XqukN9f7FZ4Y39NpPS2XpX + 0Lx6M93Jz46lbzmseMFs2YmNMzzhN4uhRvl/ + 8gPtYsn9KMXnAlFfa4XrE5LNVyY= ) +1F3JQ6EANHNHOCMUPQTVNM339VDTR51C.test. 600 IN NSEC3 1 0 10 - 7QKPELF33JOK9BVJ7CKE99AHG40B0SH7 A RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + w7aS12lxLNh+G1B/2kEq1BO6IzYvyC8n/MGV + 0jvFnapNXGZMPrPxGeO2wkw1JXepuXCv98be + M4SjQywaH+VP6ZMTIfjxRxtcCM+aLAFhiz0l + /MILEkjemmxjAfvV7emRVMwCGcoGI7qC3Xxq + q5g8EzJiYyTCOnI5LKRggn97wGg= ) +7QKPELF33JOK9BVJ7CKE99AHG40B0SH7.test. 600 IN NSEC3 1 0 10 - 94Q15K1V1VE5F87EI37T2B9A39EEC368 TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + J4ObL3p4eN0jWh06M+rX2SSPANQoKfnosElB + KcKE7fLqEjKK7N6Yh6KUlbEP25tfeZ7W6GBJ + b7q6Nh0Ax8fYdc/6JVvmxcwWcx5Lw1TfITGB + ttFntJlbp1A8lwP3pn8Ksql1X2ogh78AsgTb + X5kmXVukC1oEzt98EAa/V/an8QA= ) +CS8M3UVG0UJDR6USBES4U9SNUGQI2RJE.test. 600 IN NSEC3 1 0 10 - ETEQB5V431INUIIE547FKSOF7O4DJ62J A RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + Vyd/2b0S15fACJ8TiPXKtScV9A/ZztVumZAm + o2S6jaVJKWik+8orDW+WiJ4/PEl26PK2m1uv + HD2beuUCHj9EnYkN/dzL3Bsc302qr9xqsh0q + VFS2moznoNG415ZV3vgYR7L9DAp43ZeFuw6I + 7sr21hLYLUeo31xBsJg7RlOL+4s= ) +ETEQB5V431INUIIE547FKSOF7O4DJ62J.test. 600 IN NSEC3 1 0 10 - F8G1MB0JUEU3FBI11CAVFIPGEA3POOIM + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + oOHs1eb3JYeOMOnzE2PS6NIXBNzSoTYPIxo/ + P0d/ihsLKra3yNJNPTlu4kf+FZoNYAGtMK/D + 6dZWFvtdswDdi2C5WSgsanuHqXq5Lr3A1nCe + cQI5PO4RrLymB+MtYg15CNKcnc0WmJO8deSR + WzNOarC+Iz1Xj3FkKDS4FFr+02Q= ) +94Q15K1V1VE5F87EI37T2B9A39EEC368.test. 600 IN NSEC3 1 0 10 - CS8M3UVG0UJDR6USBES4U9SNUGQI2RJE + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + K0PvN7YtHQ63x/x2yXXa2S9GBGuTNJywDZ8M + wyMSwytCb9mn4hnKD5mJHaXGTw3YX7usbnEO + ce6hiJdN/VhMfbRMOvUpgyblOj4kXiYVZY1a + SyycfugK/Hu1j4az7lIhhnnx58GChA6mg8Vx + 3Uz6cNDDCSTBTl09NyeUUrKWsHQ= ) +FBH6B0LHT9PPQB1P98D228HA1H52L8PO.test. 600 IN NSEC3 1 0 10 - JGU2L7C3LKLHAKC5RHUOORTI2DCKK3KL + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + giXRE+4ZeIzDrhx1XkFSpIKGFd3UGzlrLZnO + Ur9nMUfwvU5A3fitEkdayo3ZDH7MQGpSotaH + ReiFXx3Z6Hm2NIN/RHYZQr9e0vbMYSjkANdu + HWBA1SrSq5SHyuy970mPd4jfTHiABCo6fJGB + ykGClZGou0WSaB+Ak19fMbeQ2Wo= ) +JGU2L7C3LKLHAKC5RHUOORTI2DCKK3KL.test. 600 IN NSEC3 1 0 10 - KFMJ88CKMKUQQJE59IKFBOLLLD4DF55H TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + BHTDUgZdWNLgz3xHYMqvlWK/IJ0xrXESoREc + 6D3sO9bcLTMYPO9t80itOlipwp4AmaVOBXPt + cKSdgsUXDEtHqNSxtGbNr5xQ+Aqsep0GX71V + HkcIuiNdTUw83dkajCHMkmQCbEjp9mbdiTmS + haNW2EsscldfaS1aq5tYUhCT3l4= ) +L993U6VC0DUV5QJ8TRPD2IQLM8FJ7AT9.test. 600 IN NSEC3 1 0 10 - LSMRLLNBQGGK8J6V40KLM2LG5TE4FS0P + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + vE7K0Nrju4qLFDYkIyMY5bIMT0wu8MJdxL6u + 7WVA4HepccKQcUnvVoBAcrA9+MUeteyrad8Y + SJvQIt7sz5t7FViWSq5IMPVPujWtW5J30LhJ + mOLd1KmnFWoVthJ1oFNzBM80A60seKNnEw1M + lV6Y+v0gNYIQensUb9w6SVMTpxE= ) +F8G1MB0JUEU3FBI11CAVFIPGEA3POOIM.test. 600 IN NSEC3 1 0 10 - FA1T7MKUUV9SD4VDBJQ3GRFK1IDTCKL7 + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + DkL9ONc0vpsKdG20ol8XPAaVfLb7kf1wnKbR + rQUB1trGSHm/Igo06of43zm9J+56htFJg1xD + I2de0sCUBQYyHVBBDiBAd1g+ZvcpUlLP0w8M + NxMviMiG/WQAdGXHwYfUimwMWD7gNGl1m05H + HwYmzGs+d1bClDNBrFhdfdL2+iA= ) +LSMRLLNBQGGK8J6V40KLM2LG5TE4FS0P.test. 600 IN NSEC3 1 0 10 - LUAN2Q3I2OCVSD41MP08HNA9JP22D38K + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + ZgiWuMqodQuhwuAF6CIiJTsdRahi+poOiZAM + WXNP0wXfdptcG2uhbdDwy+0crhe3tuybhwcb + CuiaQUh0XNPhgF+qmXpGobaqBhCEvCF4K9qY + OCIoMfsI1pIBVbMw0+YXVarFZ8+mfNU/+6n6 + yy2+1nCg3k4XR2Dpv4CeDBfcAuM= ) +NAL1UIEBM38NKMN6RQOKE8T781IA7UKI.test. 600 IN NSEC3 1 0 10 - OUSGP0LO9FGAROHDULQVSTI3OLQIBB39 TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + x8JiXPI+EXHz8ZO/VW0/+9wWsBNqeSMxXZIV + ibOnogSg7Wi7Yq1xftKC2+xEevNxSZnBibEy + Sgro5xKTf0n7pD9hHVBLoYmOOnbXY3QNQ2EQ + y3LdPT355WmwVddVOOxNpNRp2zQyqg7BhVA3 + wxY7tyVQd4x1+95ATUQBnFditdE= ) +KFMJ88CKMKUQQJE59IKFBOLLLD4DF55H.test. 600 IN NSEC3 1 0 10 - L993U6VC0DUV5QJ8TRPD2IQLM8FJ7AT9 TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + KQPaN2Ecebifbl4Bz5Yo0x2DgGmZiVhpSydm + oy/5NtMjt7G472JrKlqByap+VxW0bpzo3IER + 3P8Dsv7pfBD4/Cl5sFqwZL7wYy7RB4dQLVCi + Pepc/Mr3gR2XmL91fpGttMj5jGscnVQJCyFa + obzhsVaVImUQZFDPb0UQUHwIhOA= ) +LUAN2Q3I2OCVSD41MP08HNA9JP22D38K.test. 600 IN NSEC3 1 0 10 - NAL1UIEBM38NKMN6RQOKE8T781IA7UKI TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + NJ+X3d0qh2+fbSnG0iQPxAeDIOzX5NTmY9fS + x7IO/DDcgUhPvl1YYdz5J999cec1zzOKp10J + YbsIAzg0w/Y4D4CBUw3IkcOrUFOODb6eJQGb + rVFRqmp3BUP4qOAWUZvx4oQ0KG4K/h/KJMbU + Vcdl7PF7G5O5hMyR9UWg4zal7Sk= ) +OUSGP0LO9FGAROHDULQVSTI3OLQIBB39.test. 600 IN NSEC3 1 0 10 - PQQ28M3U2MM08GGFV3JKR76G2H9IUJPC TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + A/qxYrSE/smBGbST8j8eGPCrRnwvVa25kDha + IuA3nv0vzXhFvlruc9f0HRGwsq6A2pw3I5W+ + xo2/JxsNyFOotdwaDDEBzqPkJmrzupxQS4Hm + rHSLnRnNw4QzvzNjAGWMYAoe3OeHC47wmAtI + qE91EHZTlPP28CUXOMo+7sCaOa8= ) +U0UVS2SUP89P2TM3PJO4TC1GPJ2O6519.test. 600 IN NSEC3 1 0 10 - VA2VG5BEMCKQP6MS5NHHGL18031BIA7M NS SOA RRSIG DNSKEY NSEC3PARAM + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + rahhkfiF+Rk6oqbWTdu9qcwhmj5hbDuIFdiJ + GmaG+cFSv5Mjp+txNVCvBK9Hq/VpW0ypen/3 + JC0sVAugSX+HAKAgyaMKmgWCvoQZ6ZSJUh7o + LRPcT+oxVXQAqjovxpaV8k6sYo44tpljPdOD + UluWAP5SrmJKjzCxs27KGRx8MK4= ) +VA2VG5BEMCKQP6MS5NHHGL18031BIA7M.test. 600 IN NSEC3 1 0 10 - VAKOQ2TPD7S25NFBJT73J3C4OGU10RJ5 TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + XcBeZ8lo9Qo8z56+1FdGDjh6ZHCfO+MQ/wnY + TEUo/aWLkPTyq39nLhe0qVBJxmDpM+KQFuG9 + cjQT5fvrlrY+lv6dedB64EBMYy4kKbIv7N5+ + r6+sfWlvtKsfXxysLSk2+jLEm5NuLFrOdNas + WLVsq741D3YcWt4kM1HCyk3DNF8= ) +FA1T7MKUUV9SD4VDBJQ3GRFK1IDTCKL7.test. 600 IN NSEC3 1 0 10 - FBH6B0LHT9PPQB1P98D228HA1H52L8PO TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + jB/vLrvx4sQQD7J3ZacAAyhcFmIPh7LH3ljw + IAIaeLb10oX5q1/nQKYdfq976TMy5sWpBcmd + i91WLxd+T/gOSumyP8bC3g+SUoyZ9wxY6A6a + MMx1rn0QA9IKrxMqojs9M3urJ8QAeIS+KyAn + rbyyJuG+EVm0prqlPZtzUi28WCI= ) +PQQ28M3U2MM08GGFV3JKR76G2H9IUJPC.test. 600 IN NSEC3 1 0 10 - U0UVS2SUP89P2TM3PJO4TC1GPJ2O6519 + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + asCOU9OkVWMvUU2IUpwMgdYf0faA04zPbaFf + qywYsv3NH01Lky6G3a0WUPAbBm7TAYx/ln8a + 559vlpp/gpXEl9CcLrjO6wy5i0ryp8gVHtKJ + rQlEc/uw4SY+S5t7FuZc2rNRdAbxVMYuwrvm + HBsKDPblre3e06ZZFEmnGFzCgmg= ) +VAKOQ2TPD7S25NFBJT73J3C4OGU10RJ5.test. 600 IN NSEC3 1 0 10 - VNCCJH8JPOLGLAGVMV3FKS09M7RRDU47 TXT RRSIG + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + Pt4tKB1p/jsyLYab9LSt5MF1KTRT18nRTOox + q0IACkXkKx7W5xv6nSYXIB+nQzNp1Y1hhoXn + 9IFi0liPnIAOp73w4vybhfIdTFiEmHPHT6O9 + VIx5cSriqBI6Qda8GtfeIb96P8SojbUk5BDI + g18iYjviGhQYRgpU3tg1qd7pbcc= ) +VNCCJH8JPOLGLAGVMV3FKS09M7RRDU47.test. 600 IN NSEC3 1 0 10 - 1F3JQ6EANHNHOCMUPQTVNM339VDTR51C + 600 RRSIG NSEC3 7 2 600 20110914225156 ( + 20110815225156 39833 test. + ZMZPHawhkuzSV7C7zkgghH/jpw9CQVR1JUXq + pAeY2iIIWwNhfuskJaLgtu/5SuKnJtrv6D4N + g+lfEkBReia5xO/SCcHv8/hXEPH8vZ4xe1C9 + 6GVB6ip2hKw2g5HpyF7X18WgwZ0cqPWVg+Q+ + xRLpXH+53391Wt5rG7qJswn5RLE= ) diff --git a/lib/dns/tests/testdata/diff/zone1.data b/lib/dns/tests/testdata/diff/zone1.data new file mode 100644 index 0000000..8ddf669 --- /dev/null +++ b/lib/dns/tests/testdata/diff/zone1.data @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 0 SOA . . 0 0 0 0 0 +@ 0 NS @ +@ 0 A 1.2.3.4 +remove 0 A 5.6.7.8 diff --git a/lib/dns/tests/testdata/diff/zone2.data b/lib/dns/tests/testdata/diff/zone2.data new file mode 100644 index 0000000..363af42 --- /dev/null +++ b/lib/dns/tests/testdata/diff/zone2.data @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 0 SOA . . 0 0 0 0 0 +@ 0 NS @ +@ 0 A 1.2.3.4 +remove 0 A 5.6.7.8 +added 0 A 5.6.7.8 diff --git a/lib/dns/tests/testdata/diff/zone3.data b/lib/dns/tests/testdata/diff/zone3.data new file mode 100644 index 0000000..ae3a60e --- /dev/null +++ b/lib/dns/tests/testdata/diff/zone3.data @@ -0,0 +1,12 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 0 SOA . . 0 0 0 0 0 +@ 0 NS @ +@ 0 A 1.2.3.4 diff --git a/lib/dns/tests/testdata/dnstap/dnstap.saved b/lib/dns/tests/testdata/dnstap/dnstap.saved Binary files differnew file mode 100644 index 0000000..c657f41 --- /dev/null +++ b/lib/dns/tests/testdata/dnstap/dnstap.saved diff --git a/lib/dns/tests/testdata/dnstap/dnstap.text b/lib/dns/tests/testdata/dnstap/dnstap.text new file mode 100644 index 0000000..71977e4 --- /dev/null +++ b/lib/dns/tests/testdata/dnstap/dnstap.text @@ -0,0 +1,96 @@ +03-Feb-2017 15:47:16.000 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 SR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 SR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 SR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 SR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 SR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 SR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 SR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 SR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 CR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 CR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 CR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 CR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 CR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 CR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 CR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 CR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 AR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 AR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 AR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 AR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 AR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 AR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 AR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 AR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 RR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 RR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 RR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 RR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 RR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 RR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 RR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 RR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 FR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 FR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 FR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 FR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 FR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 FR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 FR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 FR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 15:47:16.000 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 TR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 TR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 TR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 TR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 TR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 17:47:16.000 TR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 TR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A +03-Feb-2017 16:47:16.830 TR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A diff --git a/lib/dns/tests/testdata/dnstap/query.auth b/lib/dns/tests/testdata/dnstap/query.auth new file mode 100644 index 0000000..a14f850 --- /dev/null +++ b/lib/dns/tests/testdata/dnstap/query.auth @@ -0,0 +1,4 @@ +# authoritative query, www.isc.org/A +8d 24 00 20 00 01 00 00 00 00 00 01 03 77 77 77 +03 69 73 63 03 6f 72 67 00 00 01 00 01 00 00 29 +10 00 00 00 00 00 00 00 diff --git a/lib/dns/tests/testdata/dnstap/query.recursive b/lib/dns/tests/testdata/dnstap/query.recursive new file mode 100644 index 0000000..8ee705f --- /dev/null +++ b/lib/dns/tests/testdata/dnstap/query.recursive @@ -0,0 +1,4 @@ +# recursive query for www.isc.org/A +bf 08 01 20 00 01 00 00 00 00 00 01 03 77 77 77 +03 69 73 63 03 6f 72 67 00 00 01 00 01 00 00 29 +10 00 00 00 00 00 00 00 diff --git a/lib/dns/tests/testdata/dnstap/response.auth b/lib/dns/tests/testdata/dnstap/response.auth new file mode 100644 index 0000000..4d0ea81 --- /dev/null +++ b/lib/dns/tests/testdata/dnstap/response.auth @@ -0,0 +1,19 @@ +# authoritative response, www.isc.org/A +8d 24 84 00 00 01 00 01 00 04 00 07 03 77 77 77 +03 69 73 63 03 6f 72 67 00 00 01 00 01 c0 0c 00 +01 00 01 00 00 00 3c 00 04 95 14 40 45 c0 10 00 +02 00 01 00 00 1c 20 00 0d 03 61 6d 73 06 73 6e +73 2d 70 62 c0 10 c0 10 00 02 00 01 00 00 1c 20 +00 07 04 73 66 62 61 c0 3d c0 10 00 02 00 01 00 +00 1c 20 00 19 02 6e 73 03 69 73 63 0b 61 66 69 +6c 69 61 73 2d 6e 73 74 04 69 6e 66 6f 00 c0 10 +00 02 00 01 00 00 1c 20 00 06 03 6f 72 64 c0 3d +c0 39 00 01 00 01 00 00 1c 20 00 04 c7 06 01 1e +c0 39 00 1c 00 01 00 00 1c 20 00 10 20 01 05 00 +00 60 00 00 00 00 00 00 00 00 00 30 c0 8a 00 01 +00 01 00 00 1c 20 00 04 c7 06 00 1e c0 8a 00 1c +00 01 00 00 1c 20 00 10 20 01 05 00 00 71 00 00 +00 00 00 00 00 00 00 30 c0 52 00 01 00 01 00 00 +1c 20 00 04 95 14 40 03 c0 52 00 1c 00 01 00 00 +1c 20 00 10 20 01 04 f8 00 00 00 02 00 00 00 00 +00 00 00 19 00 00 29 10 00 00 00 00 00 00 00 diff --git a/lib/dns/tests/testdata/dnstap/response.recursive b/lib/dns/tests/testdata/dnstap/response.recursive new file mode 100644 index 0000000..6e3a3cf --- /dev/null +++ b/lib/dns/tests/testdata/dnstap/response.recursive @@ -0,0 +1,19 @@ +# recursive response, www.isc.org/A +bf 08 81 a0 00 01 00 01 00 04 00 07 03 77 77 77 +03 69 73 63 03 6f 72 67 00 00 01 00 01 c0 0c 00 +01 00 01 00 00 00 15 00 04 95 14 40 45 c0 10 00 +02 00 01 00 00 1b a6 00 0e 04 73 66 62 61 06 73 +6e 73 2d 70 62 c0 10 c0 10 00 02 00 01 00 00 1b +a6 00 06 03 6f 72 64 c0 3e c0 10 00 02 00 01 00 +00 1b a6 00 19 02 6e 73 03 69 73 63 0b 61 66 69 +6c 69 61 73 2d 6e 73 74 04 69 6e 66 6f 00 c0 10 +00 02 00 01 00 00 1b a6 00 06 03 61 6d 73 c0 3e +c0 8a 00 01 00 01 00 00 b1 d5 00 04 c7 06 01 1e +c0 8a 00 1c 00 01 00 00 b1 d5 00 10 20 01 05 00 +00 60 00 00 00 00 00 00 00 00 00 30 c0 53 00 01 +00 01 00 00 b1 d5 00 04 c7 06 00 1e c0 53 00 1c +00 01 00 00 b1 d5 00 10 20 01 05 00 00 71 00 00 +00 00 00 00 00 00 00 30 c0 39 00 01 00 01 00 00 +b1 d5 00 04 95 14 40 03 c0 39 00 1c 00 01 00 00 +b1 d5 00 10 20 01 04 f8 00 00 00 02 00 00 00 00 +00 00 00 19 00 00 29 10 00 00 00 00 00 00 00 diff --git a/lib/dns/tests/testdata/dst/Ktest.+008+11349.key b/lib/dns/tests/testdata/dst/Ktest.+008+11349.key new file mode 100644 index 0000000..a1bd768 --- /dev/null +++ b/lib/dns/tests/testdata/dst/Ktest.+008+11349.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 11349, for test. +; Created: 20181025090713 (Thu Oct 25 11:07:13 2018) +; Publish: 20181025090713 (Thu Oct 25 11:07:13 2018) +; Activate: 20181025090713 (Thu Oct 25 11:07:13 2018) +test. IN DNSKEY 256 3 8 AwEAAdqPwPScyURzeCUzEadKNYgQW50LPDV/ir9nWIbiSn2yMkymxiby BQH+Hk1neE9qa9X4XaEnKf5YZx7o14rRikmOb2lomtOkI9ovh1K/SvLO Zd1E3e61F29g1eCq52mMY3xAdEcBNqEq+6mgEwGmwl83+mAh5anxXNHa 2rcfdG+L diff --git a/lib/dns/tests/testdata/dst/Ktest.+008+11349.private b/lib/dns/tests/testdata/dst/Ktest.+008+11349.private new file mode 100644 index 0000000..5dfef79 --- /dev/null +++ b/lib/dns/tests/testdata/dst/Ktest.+008+11349.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: 2o/A9JzJRHN4JTMRp0o1iBBbnQs8NX+Kv2dYhuJKfbIyTKbGJvIFAf4eTWd4T2pr1fhdoScp/lhnHujXitGKSY5vaWia06Qj2i+HUr9K8s5l3UTd7rUXb2DV4KrnaYxjfEB0RwE2oSr7qaATAabCXzf6YCHlqfFc0dratx90b4s= +PublicExponent: AQAB +PrivateExponent: a4qmX/YxlmvWpz8spYr/MhcSbQCVPKGoLKv2RFBeZODknRDGmW0mh6d5U47hBPqRWvRdZak2oX7wJqZdQGIAT25bC09rLNMctfxXKtzwSaXFjXZGHGv+bDHcqIltvIYmRbb0pK/LinFaLZqfpVe0WOfKuT9BT03BlwSZV8GKgZE= +Prime1: 8oZLQoVpIqsiQw7bX5pTm/O0gEUnEzNOVEoLGsfIl68Lz/1CBm9ypTp8QOB0B9IpnH8vOS+NJM1az1d0RhqKow== +Prime2: 5rSbE6duWIb90uICkAUJn4OztHX0fkd9GKNYdsHVReFBH2poXGojVGkW6i/IaYl4NEXXr5Z89dWtR+RNH2Z9+Q== +Exponent1: 2IcuCmYyR9Gi9Vv+YIzYuRQMw7j5+hqEhJzW7UIRxdtzIG9s03INWZet9/5tmc35eM/Uyam6ynDN8vCRz0VDIQ== +Exponent2: vKcdVKIKWrvwXXzRaaGk79rLnZsDFiwxQG96TIpOczkyfpUNx9xHDaRtx4zRTnPKZrxiFkRx5LkZXHt1EWNHSQ== +Coefficient: pb9dFRZA2IRXDCGCM1ikp+QCs72wNn3hgURZLRLmtcBbQcYhP/dcp80SpInviwJPNRcKrfxninqygEARzfHtqQ== +Created: 20181025090713 +Publish: 20181025090713 +Activate: 20181025090713 diff --git a/lib/dns/tests/testdata/dst/Ktest.+013+49130.key b/lib/dns/tests/testdata/dst/Ktest.+013+49130.key new file mode 100644 index 0000000..e3ff931 --- /dev/null +++ b/lib/dns/tests/testdata/dst/Ktest.+013+49130.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 49130, for test. +; Created: 20181025090718 (Thu Oct 25 11:07:18 2018) +; Publish: 20181025090718 (Thu Oct 25 11:07:18 2018) +; Activate: 20181025090718 (Thu Oct 25 11:07:18 2018) +test. IN DNSKEY 256 3 13 uP04fwB/DuBBqdjPLseIoFT7vgtP8Lr/be1NhRBvibwQ+Hr+3GQhIKIK XbamgOUxXJ9JDjWFAT2KXw0V3sAN9w== diff --git a/lib/dns/tests/testdata/dst/Ktest.+013+49130.private b/lib/dns/tests/testdata/dst/Ktest.+013+49130.private new file mode 100644 index 0000000..754d9f9 --- /dev/null +++ b/lib/dns/tests/testdata/dst/Ktest.+013+49130.private @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: feGDRABRCbcsCqssKK5B5518y95smrv/cJnz2pa/UVA= +Created: 20181025090718 +Publish: 20181025090718 +Activate: 20181025090718 diff --git a/lib/dns/tests/testdata/dst/test1.data b/lib/dns/tests/testdata/dst/test1.data new file mode 100644 index 0000000..cf84e9f --- /dev/null +++ b/lib/dns/tests/testdata/dst/test1.data @@ -0,0 +1,3077 @@ +Network Working Group P. Mockapetris +Request for Comments: 1035 ISI + November 1987 +Obsoletes: RFCs 882, 883, 973 + + DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION + + +1. STATUS OF THIS MEMO + +This RFC describes the details of the domain system and protocol, and +assumes that the reader is familiar with the concepts discussed in a +companion RFC, "Domain Names - Concepts and Facilities" [RFC-1034]. + +The domain system is a mixture of functions and data types which are an +official protocol and functions and data types which are still +experimental. Since the domain system is intentionally extensible, new +data types and experimental behavior should always be expected in parts +of the system beyond the official protocol. The official protocol parts +include standard queries, responses and the Internet class RR data +formats (e.g., host addresses). Since the previous RFC set, several +definitions have changed, so some previous definitions are obsolete. + +Experimental or obsolete features are clearly marked in these RFCs, and +such information should be used with caution. + +The reader is especially cautioned not to depend on the values which +appear in examples to be current or complete, since their purpose is +primarily pedagogical. Distribution of this memo is unlimited. + + Table of Contents + + 1. STATUS OF THIS MEMO 1 + 2. INTRODUCTION 3 + 2.1. Overview 3 + 2.2. Common configurations 4 + 2.3. Conventions 7 + 2.3.1. Preferred name syntax 7 + 2.3.2. Data Transmission Order 8 + 2.3.3. Character Case 9 + 2.3.4. Size limits 10 + 3. DOMAIN NAME SPACE AND RR DEFINITIONS 10 + 3.1. Name space definitions 10 + 3.2. RR definitions 11 + 3.2.1. Format 11 + 3.2.2. TYPE values 12 + 3.2.3. QTYPE values 12 + 3.2.4. CLASS values 13 + + + +Mockapetris [Page 1] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 3.2.5. QCLASS values 13 + 3.3. Standard RRs 13 + 3.3.1. CNAME RDATA format 14 + 3.3.2. HINFO RDATA format 14 + 3.3.3. MB RDATA format (EXPERIMENTAL) 14 + 3.3.4. MD RDATA format (Obsolete) 15 + 3.3.5. MF RDATA format (Obsolete) 15 + 3.3.6. MG RDATA format (EXPERIMENTAL) 16 + 3.3.7. MINFO RDATA format (EXPERIMENTAL) 16 + 3.3.8. MR RDATA format (EXPERIMENTAL) 17 + 3.3.9. MX RDATA format 17 + 3.3.10. NULL RDATA format (EXPERIMENTAL) 17 + 3.3.11. NS RDATA format 18 + 3.3.12. PTR RDATA format 18 + 3.3.13. SOA RDATA format 19 + 3.3.14. TXT RDATA format 20 + 3.4. ARPA Internet specific RRs 20 + 3.4.1. A RDATA format 20 + 3.4.2. WKS RDATA format 21 + 3.5. IN-ADDR.ARPA domain 22 + 3.6. Defining new types, classes, and special namespaces 24 + 4. MESSAGES 25 + 4.1. Format 25 + 4.1.1. Header section format 26 + 4.1.2. Question section format 28 + 4.1.3. Resource record format 29 + 4.1.4. Message compression 30 + 4.2. Transport 32 + 4.2.1. UDP usage 32 + 4.2.2. TCP usage 32 + 5. MASTER FILES 33 + 5.1. Format 33 + 5.2. Use of master files to define zones 35 + 5.3. Master file example 36 + 6. NAME SERVER IMPLEMENTATION 37 + 6.1. Architecture 37 + 6.1.1. Control 37 + 6.1.2. Database 37 + 6.1.3. Time 39 + 6.2. Standard query processing 39 + 6.3. Zone refresh and reload processing 39 + 6.4. Inverse queries (Optional) 40 + 6.4.1. The contents of inverse queries and responses 40 + 6.4.2. Inverse query and response example 41 + 6.4.3. Inverse query processing 42 + + + + + + +Mockapetris [Page 2] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 6.5. Completion queries and responses 42 + 7. RESOLVER IMPLEMENTATION 43 + 7.1. Transforming a user request into a query 43 + 7.2. Sending the queries 44 + 7.3. Processing responses 46 + 7.4. Using the cache 47 + 8. MAIL SUPPORT 47 + 8.1. Mail exchange binding 48 + 8.2. Mailbox binding (Experimental) 48 + 9. REFERENCES and BIBLIOGRAPHY 50 + Index 54 + +2. INTRODUCTION + +2.1. Overview + +The goal of domain names is to provide a mechanism for naming resources +in such a way that the names are usable in different hosts, networks, +protocol families, internets, and administrative organizations. + +From the user's point of view, domain names are useful as arguments to a +local agent, called a resolver, which retrieves information associated +with the domain name. Thus a user might ask for the host address or +mail information associated with a particular domain name. To enable +the user to request a particular type of information, an appropriate +query type is passed to the resolver with the domain name. To the user, +the domain tree is a single information space; the resolver is +responsible for hiding the distribution of data among name servers from +the user. + +From the resolver's point of view, the database that makes up the domain +space is distributed among various name servers. Different parts of the +domain space are stored in different name servers, although a particular +data item will be stored redundantly in two or more name servers. The +resolver starts with knowledge of at least one name server. When the +resolver processes a user query it asks a known name server for the +information; in return, the resolver either receives the desired +information or a referral to another name server. Using these +referrals, resolvers learn the identities and contents of other name +servers. Resolvers are responsible for dealing with the distribution of +the domain space and dealing with the effects of name server failure by +consulting redundant databases in other servers. + +Name servers manage two kinds of data. The first kind of data held in +sets called zones; each zone is the complete database for a particular +"pruned" subtree of the domain space. This data is called +authoritative. A name server periodically checks to make sure that its +zones are up to date, and if not, obtains a new copy of updated zones + + + +Mockapetris [Page 3] + +RFC 1035 Domain Implementation and Specification November 1987 + + +from master files stored locally or in another name server. The second +kind of data is cached data which was acquired by a local resolver. +This data may be incomplete, but improves the performance of the +retrieval process when non-local data is repeatedly accessed. Cached +data is eventually discarded by a timeout mechanism. + +This functional structure isolates the problems of user interface, +failure recovery, and distribution in the resolvers and isolates the +database update and refresh problems in the name servers. + +2.2. Common configurations + +A host can participate in the domain name system in a number of ways, +depending on whether the host runs programs that retrieve information +from the domain system, name servers that answer queries from other +hosts, or various combinations of both functions. The simplest, and +perhaps most typical, configuration is shown below: + + Local Host | Foreign + | + +---------+ +----------+ | +--------+ + | | user queries | |queries | | | + | User |-------------->| |---------|->|Foreign | + | Program | | Resolver | | | Name | + | |<--------------| |<--------|--| Server | + | | user responses| |responses| | | + +---------+ +----------+ | +--------+ + | A | + cache additions | | references | + V | | + +----------+ | + | cache | | + +----------+ | + +User programs interact with the domain name space through resolvers; the +format of user queries and user responses is specific to the host and +its operating system. User queries will typically be operating system +calls, and the resolver and its cache will be part of the host operating +system. Less capable hosts may choose to implement the resolver as a +subroutine to be linked in with every program that needs its services. +Resolvers answer user queries with information they acquire via queries +to foreign name servers and the local cache. + +Note that the resolver may have to make several queries to several +different foreign name servers to answer a particular user query, and +hence the resolution of a user query may involve several network +accesses and an arbitrary amount of time. The queries to foreign name +servers and the corresponding responses have a standard format described + + + +Mockapetris [Page 4] + +RFC 1035 Domain Implementation and Specification November 1987 + + +in this memo, and may be datagrams. + +Depending on its capabilities, a name server could be a stand alone +program on a dedicated machine or a process or processes on a large +timeshared host. A simple configuration might be: + + Local Host | Foreign + | + +---------+ | + / /| | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + +Here a primary name server acquires information about one or more zones +by reading master files from its local file system, and answers queries +about those zones that arrive from foreign resolvers. + +The DNS requires that all zones be redundantly supported by more than +one name server. Designated secondary servers can acquire zones and +check for updates from the primary server using the zone transfer +protocol of the DNS. This configuration is shown below: + + Local Host | Foreign + | + +---------+ | + / /| | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + A |maintenance | +--------+ + | +------------|->| | + | queries | |Foreign | + | | | Name | + +------------------|--| Server | + maintenance responses | +--------+ + +In this configuration, the name server periodically establishes a +virtual circuit to a foreign name server to acquire a copy of a zone or +to check that an existing copy has not changed. The messages sent for + + + +Mockapetris [Page 5] + +RFC 1035 Domain Implementation and Specification November 1987 + + +these maintenance activities follow the same form as queries and +responses, but the message sequences are somewhat different. + +The information flow in a host that supports all aspects of the domain +name system is shown below: + + Local Host | Foreign + | + +---------+ +----------+ | +--------+ + | | user queries | |queries | | | + | User |-------------->| |---------|->|Foreign | + | Program | | Resolver | | | Name | + | |<--------------| |<--------|--| Server | + | | user responses| |responses| | | + +---------+ +----------+ | +--------+ + | A | + cache additions | | references | + V | | + +----------+ | + | Shared | | + | database | | + +----------+ | + A | | + +---------+ refreshes | | references | + / /| | V | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + A |maintenance | +--------+ + | +------------|->| | + | queries | |Foreign | + | | | Name | + +------------------|--| Server | + maintenance responses | +--------+ + +The shared database holds domain space data for the local name server +and resolver. The contents of the shared database will typically be a +mixture of authoritative data maintained by the periodic refresh +operations of the name server and cached data from previous resolver +requests. The structure of the domain data and the necessity for +synchronization between name servers and resolvers imply the general +characteristics of this database, but the actual format is up to the +local implementor. + + + + +Mockapetris [Page 6] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Information flow can also be tailored so that a group of hosts act +together to optimize activities. Sometimes this is done to offload less +capable hosts so that they do not have to implement a full resolver. +This can be appropriate for PCs or hosts which want to minimize the +amount of new network code which is required. This scheme can also +allow a group of hosts can share a small number of caches rather than +maintaining a large number of separate caches, on the premise that the +centralized caches will have a higher hit ratio. In either case, +resolvers are replaced with stub resolvers which act as front ends to +resolvers located in a recursive server in one or more name servers +known to perform that service: + + Local Hosts | Foreign + | + +---------+ | + | | responses | + | Stub |<--------------------+ | + | Resolver| | | + | |----------------+ | | + +---------+ recursive | | | + queries | | | + V | | + +---------+ recursive +----------+ | +--------+ + | | queries | |queries | | | + | Stub |-------------->| Recursive|---------|->|Foreign | + | Resolver| | Server | | | Name | + | |<--------------| |<--------|--| Server | + +---------+ responses | |responses| | | + +----------+ | +--------+ + | Central | | + | cache | | + +----------+ | + +In any case, note that domain components are always replicated for +reliability whenever possible. + +2.3. Conventions + +The domain system has several conventions dealing with low-level, but +fundamental, issues. While the implementor is free to violate these +conventions WITHIN HIS OWN SYSTEM, he must observe these conventions in +ALL behavior observed from other hosts. + +2.3.1. Preferred name syntax + +The DNS specifications attempt to be as general as possible in the rules +for constructing domain names. The idea is that the name of any +existing object can be expressed as a domain name with minimal changes. + + + +Mockapetris [Page 7] + +RFC 1035 Domain Implementation and Specification November 1987 + + +However, when assigning a domain name for an object, the prudent user +will select a name which satisfies both the rules of the domain system +and any existing rules for the object, whether these rules are published +or implied by existing programs. + +For example, when naming a mail domain, the user should satisfy both the +rules of this memo and those in RFC-822. When creating a new host name, +the old rules for HOSTS.TXT should be followed. This avoids problems +when old software is converted to use domain names. + +The following syntax will result in fewer problems with many + +applications that use domain names (e.g., mail, TELNET). + +<domain> ::= <subdomain> | " " + +<subdomain> ::= <label> | <subdomain> "." <label> + +<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ] + +<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str> + +<let-dig-hyp> ::= <let-dig> | "-" + +<let-dig> ::= <letter> | <digit> + +<letter> ::= any one of the 52 alphabetic characters A through Z in +upper case and a through z in lower case + +<digit> ::= any one of the ten digits 0 through 9 + +Note that while upper and lower case letters are allowed in domain +names, no significance is attached to the case. That is, two names with +the same spelling but different case are to be treated as if identical. + +The labels must follow the rules for ARPANET host names. They must +start with a letter, end with a letter or digit, and have as interior +characters only letters, digits, and hyphen. There are also some +restrictions on the length. Labels must be 63 characters or less. + +For example, the following strings identify hosts in the Internet: + +A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA + +2.3.2. Data Transmission Order + +The order of transmission of the header and data described in this +document is resolved to the octet level. Whenever a diagram shows a + + + +Mockapetris [Page 8] + +RFC 1035 Domain Implementation and Specification November 1987 + + +group of octets, the order of transmission of those octets is the normal +order in which they are read in English. For example, in the following +diagram, the octets are transmitted in the order they are numbered. + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 1 | 2 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 3 | 4 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 5 | 6 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +Whenever an octet represents a numeric quantity, the left most bit in +the diagram is the high order or most significant bit. That is, the bit +labeled 0 is the most significant bit. For example, the following +diagram represents the value 170 (decimal). + + 0 1 2 3 4 5 6 7 + +-+-+-+-+-+-+-+-+ + |1 0 1 0 1 0 1 0| + +-+-+-+-+-+-+-+-+ + +Similarly, whenever a multi-octet field represents a numeric quantity +the left most bit of the whole field is the most significant bit. When +a multi-octet quantity is transmitted the most significant octet is +transmitted first. + +2.3.3. Character Case + +For all parts of the DNS that are part of the official protocol, all +comparisons between character strings (e.g., labels, domain names, etc.) +are done in a case-insensitive manner. At present, this rule is in +force throughout the domain system without exception. However, future +additions beyond current usage may need to use the full binary octet +capabilities in names, so attempts to store domain names in 7-bit ASCII +or use of special bytes to terminate labels, etc., should be avoided. + +When data enters the domain system, its original case should be +preserved whenever possible. In certain circumstances this cannot be +done. For example, if two RRs are stored in a database, one at x.y and +one at X.Y, they are actually stored at the same place in the database, +and hence only one casing would be preserved. The basic rule is that +case can be discarded only when data is used to define structure in a +database, and two names are identical when compared in a case +insensitive manner. + + + + +Mockapetris [Page 9] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Loss of case sensitive data must be minimized. Thus while data for x.y +and X.Y may both be stored under a single location x.y or X.Y, data for +a.x and B.X would never be stored under A.x, A.X, b.x, or b.X. In +general, this preserves the case of the first label of a domain name, +but forces standardization of interior node labels. + +Systems administrators who enter data into the domain database should +take care to represent the data they supply to the domain system in a +case-consistent manner if their system is case-sensitive. The data +distribution system in the domain system will ensure that consistent +representations are preserved. + +2.3.4. Size limits + +Various objects and parameters in the DNS have size limits. They are +listed below. Some could be easily changed, others are more +fundamental. + +labels 63 octets or less + +names 255 octets or less + +TTL positive values of a signed 32 bit number. + +UDP messages 512 octets or less + +3. DOMAIN NAME SPACE AND RR DEFINITIONS + +3.1. Name space definitions + +Domain names in messages are expressed in terms of a sequence of labels. +Each label is represented as a one octet length field followed by that +number of octets. Since every domain name ends with the null label of +the root, a domain name is terminated by a length byte of zero. The +high order two bits of every length octet must be zero, and the +remaining six bits of the length field limit the label to 63 octets or +less. + +To simplify implementations, the total length of a domain name (i.e., +label octets and label length octets) is restricted to 255 octets or +less. + +Although labels can contain any 8 bit values in octets that make up a +label, it is strongly recommended that labels follow the preferred +syntax described elsewhere in this memo, which is compatible with +existing host naming conventions. Name servers and resolvers must +compare labels in a case-insensitive manner (i.e., A=a), assuming ASCII +with zero parity. Non-alphabetic codes must match exactly. + + + +Mockapetris [Page 10] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.2. RR definitions + +3.2.1. Format + +All RRs have the same top level format shown below: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / / + / NAME / + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | CLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TTL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RDLENGTH | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| + / RDATA / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +where: + +NAME an owner name, i.e., the name of the node to which this + resource record pertains. + +TYPE two octets containing one of the RR TYPE codes. + +CLASS two octets containing one of the RR CLASS codes. + +TTL a 32 bit signed integer that specifies the time interval + that the resource record may be cached before the source + of the information should again be consulted. Zero + values are interpreted to mean that the RR can only be + used for the transaction in progress, and should not be + cached. For example, SOA records are always distributed + with a zero TTL to prohibit caching. Zero values can + also be used for extremely volatile data. + +RDLENGTH an unsigned 16 bit integer that specifies the length in + octets of the RDATA field. + + + +Mockapetris [Page 11] + +RFC 1035 Domain Implementation and Specification November 1987 + + +RDATA a variable length string of octets that describes the + resource. The format of this information varies + according to the TYPE and CLASS of the resource record. + +3.2.2. TYPE values + +TYPE fields are used in resource records. Note that these types are a +subset of QTYPEs. + +TYPE value and meaning + +A 1 a host address + +NS 2 an authoritative name server + +MD 3 a mail destination (Obsolete - use MX) + +MF 4 a mail forwarder (Obsolete - use MX) + +CNAME 5 the canonical name for an alias + +SOA 6 marks the start of a zone of authority + +MB 7 a mailbox domain name (EXPERIMENTAL) + +MG 8 a mail group member (EXPERIMENTAL) + +MR 9 a mail rename domain name (EXPERIMENTAL) + +NULL 10 a null RR (EXPERIMENTAL) + +WKS 11 a well known service description + +PTR 12 a domain name pointer + +HINFO 13 host information + +MINFO 14 mailbox or mail list information + +MX 15 mail exchange + +TXT 16 text strings + +3.2.3. QTYPE values + +QTYPE fields appear in the question part of a query. QTYPES are a +superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the +following QTYPEs are defined: + + + +Mockapetris [Page 12] + +RFC 1035 Domain Implementation and Specification November 1987 + + +AXFR 252 A request for a transfer of an entire zone + +MAILB 253 A request for mailbox-related records (MB, MG or MR) + +MAILA 254 A request for mail agent RRs (Obsolete - see MX) + +* 255 A request for all records + +3.2.4. CLASS values + +CLASS fields appear in resource records. The following CLASS mnemonics +and values are defined: + +IN 1 the Internet + +CS 2 the CSNET class (Obsolete - used only for examples in + some obsolete RFCs) + +CH 3 the CHAOS class + +HS 4 Hesiod [Dyer 87] + +3.2.5. QCLASS values + +QCLASS fields appear in the question section of a query. QCLASS values +are a superset of CLASS values; every CLASS is a valid QCLASS. In +addition to CLASS values, the following QCLASSes are defined: + +* 255 any class + +3.3. Standard RRs + +The following RR definitions are expected to occur, at least +potentially, in all classes. In particular, NS, SOA, CNAME, and PTR +will be used in all classes, and have the same format in all classes. +Because their RDATA format is known, all domain names in the RDATA +section of these RRs may be compressed. + +<domain-name> is a domain name represented as a series of labels, and +terminated by a label with zero length. <character-string> is a single +length octet followed by that number of characters. <character-string> +is treated as binary information, and can be up to 256 characters in +length (including the length octet). + + + + + + + + +Mockapetris [Page 13] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.1. CNAME RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / CNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +CNAME A <domain-name> which specifies the canonical or primary + name for the owner. The owner name is an alias. + +CNAME RRs cause no additional section processing, but name servers may +choose to restart the query at the canonical name in certain cases. See +the description of name server logic in [RFC-1034] for details. + +3.3.2. HINFO RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / CPU / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / OS / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +CPU A <character-string> which specifies the CPU type. + +OS A <character-string> which specifies the operating + system type. + +Standard values for CPU and OS can be found in [RFC-1010]. + +HINFO records are used to acquire general information about a host. The +main use is for protocols such as FTP that can use special procedures +when talking between machines or operating systems of the same type. + +3.3.3. MB RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has the + specified mailbox. + + + +Mockapetris [Page 14] + +RFC 1035 Domain Implementation and Specification November 1987 + + +MB records cause additional section processing which looks up an A type +RRs corresponding to MADNAME. + +3.3.4. MD RDATA format (Obsolete) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has a mail + agent for the domain which should be able to deliver + mail for the domain. + +MD records cause additional section processing which looks up an A type +record corresponding to MADNAME. + +MD is obsolete. See the definition of MX and [RFC-974] for details of +the new scheme. The recommended policy for dealing with MD RRs found in +a master file is to reject them, or to convert them to MX RRs with a +preference of 0. + +3.3.5. MF RDATA format (Obsolete) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has a mail + agent for the domain which will accept mail for + forwarding to the domain. + +MF records cause additional section processing which looks up an A type +record corresponding to MADNAME. + +MF is obsolete. See the definition of MX and [RFC-974] for details ofw +the new scheme. The recommended policy for dealing with MD RRs found in +a master file is to reject them, or to convert them to MX RRs with a +preference of 10. + + + + + + + +Mockapetris [Page 15] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.6. MG RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MGMNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MGMNAME A <domain-name> which specifies a mailbox which is a + member of the mail group specified by the domain name. + +MG records cause no additional section processing. + +3.3.7. MINFO RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / RMAILBX / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / EMAILBX / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +RMAILBX A <domain-name> which specifies a mailbox which is + responsible for the mailing list or mailbox. If this + domain name names the root, the owner of the MINFO RR is + responsible for itself. Note that many existing mailing + lists use a mailbox X-request for the RMAILBX field of + mailing list X, e.g., Msgroup-request for Msgroup. This + field provides a more general mechanism. + + +EMAILBX A <domain-name> which specifies a mailbox which is to + receive error messages related to the mailing list or + mailbox specified by the owner of the MINFO RR (similar + to the ERRORS-TO: field which has been proposed). If + this domain name names the root, errors should be + returned to the sender of the message. + +MINFO records cause no additional section processing. Although these +records can be associated with a simple mailbox, they are usually used +with a mailing list. + + + + + + + + +Mockapetris [Page 16] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.8. MR RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / NEWNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NEWNAME A <domain-name> which specifies a mailbox which is the + proper rename of the specified mailbox. + +MR records cause no additional section processing. The main use for MR +is as a forwarding entry for a user who has moved to a different +mailbox. + +3.3.9. MX RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | PREFERENCE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / EXCHANGE / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +PREFERENCE A 16 bit integer which specifies the preference given to + this RR among others at the same owner. Lower values + are preferred. + +EXCHANGE A <domain-name> which specifies a host willing to act as + a mail exchange for the owner name. + +MX records cause type A additional section processing for the host +specified by EXCHANGE. The use of MX RRs is explained in detail in +[RFC-974]. + +3.3.10. NULL RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / <anything> / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +Anything at all may be in the RDATA field so long as it is 65535 octets +or less. + + + + +Mockapetris [Page 17] + +RFC 1035 Domain Implementation and Specification November 1987 + + +NULL records cause no additional section processing. NULL RRs are not +allowed in master files. NULLs are used as placeholders in some +experimental extensions of the DNS. + +3.3.11. NS RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / NSDNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NSDNAME A <domain-name> which specifies a host which should be + authoritative for the specified class and domain. + +NS records cause both the usual additional section processing to locate +a type A record, and, when used in a referral, a special search of the +zone in which they reside for glue information. + +The NS RR states that the named host should be expected to have a zone +starting at owner name of the specified class. Note that the class may +not indicate the protocol family which should be used to communicate +with the host, although it is typically a strong hint. For example, +hosts which are name servers for either Internet (IN) or Hesiod (HS) +class information are normally queried using IN class protocols. + +3.3.12. PTR RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / PTRDNAME / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +PTRDNAME A <domain-name> which points to some location in the + domain name space. + +PTR records cause no additional section processing. These RRs are used +in special domains to point to some other location in the domain space. +These records are simple data, and don't imply any special processing +similar to that performed by CNAME, which identifies aliases. See the +description of the IN-ADDR.ARPA domain for an example. + + + + + + + + +Mockapetris [Page 18] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.13. SOA RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / RNAME / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | SERIAL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | REFRESH | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RETRY | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | EXPIRE | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | MINIMUM | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MNAME The <domain-name> of the name server that was the + original or primary source of data for this zone. + +RNAME A <domain-name> which specifies the mailbox of the + person responsible for this zone. + +SERIAL The unsigned 32 bit version number of the original copy + of the zone. Zone transfers preserve this value. This + value wraps and should be compared using sequence space + arithmetic. + +REFRESH A 32 bit time interval before the zone should be + refreshed. + +RETRY A 32 bit time interval that should elapse before a + failed refresh should be retried. + +EXPIRE A 32 bit time value that specifies the upper limit on + the time interval that can elapse before the zone is no + longer authoritative. + + + + + +Mockapetris [Page 19] + +RFC 1035 Domain Implementation and Specification November 1987 + + +MINIMUM The unsigned 32 bit minimum TTL field that should be + exported with any RR from this zone. + +SOA records cause no additional section processing. + +All times are in units of seconds. + +Most of these fields are pertinent only for name server maintenance +operations. However, MINIMUM is used in all query operations that +retrieve RRs from a zone. Whenever a RR is sent in a response to a +query, the TTL field is set to the maximum of the TTL field from the RR +and the MINIMUM field in the appropriate SOA. Thus MINIMUM is a lower +bound on the TTL field for all RRs in a zone. Note that this use of +MINIMUM should occur when the RRs are copied into the response and not +when the zone is loaded from a master file or via a zone transfer. The +reason for this provison is to allow future dynamic update facilities to +change the SOA RR with known semantics. + + +3.3.14. TXT RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / TXT-DATA / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +TXT-DATA One or more <character-string>s. + +TXT RRs are used to hold descriptive text. The semantics of the text +depends on the domain where it is found. + +3.4. Internet specific RRs + +3.4.1. A RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ADDRESS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ADDRESS A 32 bit Internet address. + +Hosts that have multiple Internet addresses will have multiple A +records. + + + + + +Mockapetris [Page 20] + +RFC 1035 Domain Implementation and Specification November 1987 + + +A records cause no additional section processing. The RDATA section of +an A line in a master file is an Internet address expressed as four +decimal numbers separated by dots without any embedded spaces (e.g., +"10.2.0.52" or "192.0.5.6"). + +3.4.2. WKS RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ADDRESS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | PROTOCOL | | + +--+--+--+--+--+--+--+--+ | + | | + / <BIT MAP> / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ADDRESS An 32 bit Internet address + +PROTOCOL An 8 bit IP protocol number + +<BIT MAP> A variable length bit map. The bit map must be a + multiple of 8 bits long. + +The WKS record is used to describe the well known services supported by +a particular protocol on a particular internet address. The PROTOCOL +field specifies an IP protocol number, and the bit map has one bit per +port of the specified protocol. The first bit corresponds to port 0, +the second to port 1, etc. If the bit map does not include a bit for a +protocol of interest, that bit is assumed zero. The appropriate values +and mnemonics for ports and protocols are specified in [RFC-1010]. + +For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port +25 (SMTP). If this bit is set, a SMTP server should be listening on TCP +port 25; if zero, SMTP service is not supported on the specified +address. + +The purpose of WKS RRs is to provide availability information for +servers for TCP and UDP. If a server supports both TCP and UDP, or has +multiple Internet addresses, then multiple WKS RRs are used. + +WKS RRs cause no additional section processing. + +In master files, both ports and protocols are expressed using mnemonics +or decimal numbers. + + + + +Mockapetris [Page 21] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.5. IN-ADDR.ARPA domain + +The Internet uses a special domain to support gateway location and +Internet address to host mapping. Other classes may employ a similar +strategy in other domains. The intent of this domain is to provide a +guaranteed method to perform host address to host name mapping, and to +facilitate queries to locate all gateways on a particular network in the +Internet. + +Note that both of these services are similar to functions that could be +performed by inverse queries; the difference is that this part of the +domain name space is structured according to address, and hence can +guarantee that the appropriate data can be located without an exhaustive +search of the domain space. + +The domain begins at IN-ADDR.ARPA and has a substructure which follows +the Internet addressing structure. + +Domain names in the IN-ADDR.ARPA domain are defined to have up to four +labels in addition to the IN-ADDR.ARPA suffix. Each label represents +one octet of an Internet address, and is expressed as a character string +for a decimal value in the range 0-255 (with leading zeros omitted +except in the case of a zero octet which is represented by a single +zero). + +Host addresses are represented by domain names that have all four labels +specified. Thus data for Internet address 10.2.0.52 is located at +domain name 52.0.2.10.IN-ADDR.ARPA. The reversal, though awkward to +read, allows zones to be delegated which are exactly one network of +address space. For example, 10.IN-ADDR.ARPA can be a zone containing +data for the ARPANET, while 26.IN-ADDR.ARPA can be a separate zone for +MILNET. Address nodes are used to hold pointers to primary host names +in the normal domain space. + +Network numbers correspond to some non-terminal nodes at various depths +in the IN-ADDR.ARPA domain, since Internet network numbers are either 1, +2, or 3 octets. Network nodes are used to hold pointers to the primary +host names of gateways attached to that network. Since a gateway is, by +definition, on more than one network, it will typically have two or more +network nodes which point at it. Gateways will also have host level +pointers at their fully qualified addresses. + +Both the gateway pointers at network nodes and the normal host pointers +at full address nodes use the PTR RR to point back to the primary domain +names of the corresponding hosts. + +For example, the IN-ADDR.ARPA domain will contain information about the +ISI gateway between net 10 and 26, an MIT gateway from net 10 to MIT's + + + +Mockapetris [Page 22] + +RFC 1035 Domain Implementation and Specification November 1987 + + +net 18, and hosts A.ISI.EDU and MULTICS.MIT.EDU. Assuming that ISI +gateway has addresses 10.2.0.22 and 26.0.0.103, and a name MILNET- +GW.ISI.EDU, and the MIT gateway has addresses 10.0.0.77 and 18.10.0.4 +and a name GW.LCS.MIT.EDU, the domain database would contain: + + 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 22.0.2.10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 103.0.0.26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 77.0.0.10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 4.0.10.18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU. + 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU. + +Thus a program which wanted to locate gateways on net 10 would originate +a query of the form QTYPE=PTR, QCLASS=IN, QNAME=10.IN-ADDR.ARPA. It +would receive two RRs in response: + + 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + +The program could then originate QTYPE=A, QCLASS=IN queries for MILNET- +GW.ISI.EDU. and GW.LCS.MIT.EDU. to discover the Internet addresses of +these gateways. + +A resolver which wanted to find the host name corresponding to Internet +host address 10.0.0.6 would pursue a query of the form QTYPE=PTR, +QCLASS=IN, QNAME=6.0.0.10.IN-ADDR.ARPA, and would receive: + + 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU. + +Several cautions apply to the use of these services: + - Since the IN-ADDR.ARPA special domain and the normal domain + for a particular host or gateway will be in different zones, + the possibility exists that that the data may be inconsistent. + + - Gateways will often have two names in separate domains, only + one of which can be primary. + + - Systems that use the domain database to initialize their + routing tables must start with enough gateway information to + guarantee that they can access the appropriate name server. + + - The gateway data only reflects the existence of a gateway in a + manner equivalent to the current HOSTS.TXT file. It doesn't + replace the dynamic availability information from GGP or EGP. + + + +Mockapetris [Page 23] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.6. Defining new types, classes, and special namespaces + +The previously defined types and classes are the ones in use as of the +date of this memo. New definitions should be expected. This section +makes some recommendations to designers considering additions to the +existing facilities. The mailing list NAMEDROPPERS@SRI-NIC.ARPA is the +forum where general discussion of design issues takes place. + +In general, a new type is appropriate when new information is to be +added to the database about an existing object, or we need new data +formats for some totally new object. Designers should attempt to define +types and their RDATA formats that are generally applicable to all +classes, and which avoid duplication of information. New classes are +appropriate when the DNS is to be used for a new protocol, etc which +requires new class-specific data formats, or when a copy of the existing +name space is desired, but a separate management domain is necessary. + +New types and classes need mnemonics for master files; the format of the +master files requires that the mnemonics for type and class be disjoint. + +TYPE and CLASS values must be a proper subset of QTYPEs and QCLASSes +respectively. + +The present system uses multiple RRs to represent multiple values of a +type rather than storing multiple values in the RDATA section of a +single RR. This is less efficient for most applications, but does keep +RRs shorter. The multiple RRs assumption is incorporated in some +experimental work on dynamic update methods. + +The present system attempts to minimize the duplication of data in the +database in order to insure consistency. Thus, in order to find the +address of the host for a mail exchange, you map the mail domain name to +a host name, then the host name to addresses, rather than a direct +mapping to host address. This approach is preferred because it avoids +the opportunity for inconsistency. + +In defining a new type of data, multiple RR types should not be used to +create an ordering between entries or express different formats for +equivalent bindings, instead this information should be carried in the +body of the RR and a single type used. This policy avoids problems with +caching multiple types and defining QTYPEs to match multiple types. + +For example, the original form of mail exchange binding used two RR +types one to represent a "closer" exchange (MD) and one to represent a +"less close" exchange (MF). The difficulty is that the presence of one +RR type in a cache doesn't convey any information about the other +because the query which acquired the cached information might have used +a QTYPE of MF, MD, or MAILA (which matched both). The redesigned + + + +Mockapetris [Page 24] + +RFC 1035 Domain Implementation and Specification November 1987 + + +service used a single type (MX) with a "preference" value in the RDATA +section which can order different RRs. However, if any MX RRs are found +in the cache, then all should be there. + +4. MESSAGES + +4.1. Format + +All communications inside of the domain protocol are carried in a single +format called a message. The top level format of message is divided +into 5 sections (some of which are empty in certain cases) shown below: + + +---------------------+ + | Header | + +---------------------+ + | Question | the question for the name server + +---------------------+ + | Answer | RRs answering the question + +---------------------+ + | Authority | RRs pointing toward an authority + +---------------------+ + | Additional | RRs holding additional information + +---------------------+ + +The header section is always present. The header includes fields that +specify which of the remaining sections are present, and also specify +whether the message is a query or a response, a standard query or some +other opcode, etc. + +The names of the sections after the header are derived from their use in +standard queries. The question section contains fields that describe a +question to a name server. These fields are a query type (QTYPE), a +query class (QCLASS), and a query domain name (QNAME). The last three +sections have the same format: a possibly empty list of concatenated +resource records (RRs). The answer section contains RRs that answer the +question; the authority section contains RRs that point toward an +authoritative name server; the additional records section contains RRs +which relate to the query, but are not strictly answers for the +question. + + + + + + + + + + + + +Mockapetris [Page 25] + +RFC 1035 Domain Implementation and Specification November 1987 + + +4.1.1. Header section format + +The header contains the following fields: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ID | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + |QR| Opcode |AA|TC|RD|RA| Z | RCODE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QDCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ANCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | NSCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ARCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ID A 16 bit identifier assigned by the program that + generates any kind of query. This identifier is copied + the corresponding reply and can be used by the requester + to match up replies to outstanding queries. + +QR A one bit field that specifies whether this message is a + query (0), or a response (1). + +OPCODE A four bit field that specifies kind of query in this + message. This value is set by the originator of a query + and copied into the response. The values are: + + 0 a standard query (QUERY) + + 1 an inverse query (IQUERY) + + 2 a server status request (STATUS) + + 3-15 reserved for future use + +AA Authoritative Answer - this bit is valid in responses, + and specifies that the responding name server is an + authority for the domain name in question section. + + Note that the contents of the answer section may have + multiple owner names because of aliases. The AA bit + + + +Mockapetris [Page 26] + +RFC 1035 Domain Implementation and Specification November 1987 + + + corresponds to the name which matches the query name, or + the first owner name in the answer section. + +TC TrunCation - specifies that this message was truncated + due to length greater than that permitted on the + transmission channel. + +RD Recursion Desired - this bit may be set in a query and + is copied into the response. If RD is set, it directs + the name server to pursue the query recursively. + Recursive query support is optional. + +RA Recursion Available - this be is set or cleared in a + response, and denotes whether recursive query support is + available in the name server. + +Z Reserved for future use. Must be zero in all queries + and responses. + +RCODE Response code - this 4 bit field is set as part of + responses. The values have the following + interpretation: + + 0 No error condition + + 1 Format error - The name server was + unable to interpret the query. + + 2 Server failure - The name server was + unable to process this query due to a + problem with the name server. + + 3 Name Error - Meaningful only for + responses from an authoritative name + server, this code signifies that the + domain name referenced in the query does + not exist. + + 4 Not Implemented - The name server does + not support the requested kind of query. + + 5 Refused - The name server refuses to + perform the specified operation for + policy reasons. For example, a name + server may not wish to provide the + information to the particular requester, + or a name server may not wish to perform + a particular operation (e.g., zone + + + +Mockapetris [Page 27] + +RFC 1035 Domain Implementation and Specification November 1987 + + + transfer) for particular data. + + 6-15 Reserved for future use. + +QDCOUNT an unsigned 16 bit integer specifying the number of + entries in the question section. + +ANCOUNT an unsigned 16 bit integer specifying the number of + resource records in the answer section. + +NSCOUNT an unsigned 16 bit integer specifying the number of name + server resource records in the authority records + section. + +ARCOUNT an unsigned 16 bit integer specifying the number of + resource records in the additional records section. + +4.1.2. Question section format + +The question section is used to carry the "question" in most queries, +i.e., the parameters that define what is being asked. The section +contains QDCOUNT (usually 1) entries, each of the following format: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / QNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QTYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QCLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +QNAME a domain name represented as a sequence of labels, where + each label consists of a length octet followed by that + number of octets. The domain name terminates with the + zero length octet for the null label of the root. Note + that this field may be an odd number of octets; no + padding is used. + +QTYPE a two octet code which specifies the type of the query. + The values for this field include all codes valid for a + TYPE field, together with some more general codes which + can match more than one type of RR. + + + +Mockapetris [Page 28] + +RFC 1035 Domain Implementation and Specification November 1987 + + +QCLASS a two octet code that specifies the class of the query. + For example, the QCLASS field is IN for the Internet. + +4.1.3. Resource record format + +The answer, authority, and additional sections all share the same +format: a variable number of resource records, where the number of +records is specified in the corresponding count field in the header. +Each resource record has the following format: + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / / + / NAME / + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | CLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TTL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RDLENGTH | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| + / RDATA / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NAME a domain name to which this resource record pertains. + +TYPE two octets containing one of the RR type codes. This + field specifies the meaning of the data in the RDATA + field. + +CLASS two octets which specify the class of the data in the + RDATA field. + +TTL a 32 bit unsigned integer that specifies the time + interval (in seconds) that the resource record may be + cached before it should be discarded. Zero values are + interpreted to mean that the RR can only be used for the + transaction in progress, and should not be cached. + + + + + +Mockapetris [Page 29] + +RFC 1035 Domain Implementation and Specification November 1987 + + +RDLENGTH an unsigned 16 bit integer that specifies the length in + octets of the RDATA field. + +RDATA a variable length string of octets that describes the + resource. The format of this information varies + according to the TYPE and CLASS of the resource record. + For example, the if the TYPE is A and the CLASS is IN, + the RDATA field is a 4 octet ARPA Internet address. + +4.1.4. Message compression + +In order to reduce the size of messages, the domain system utilizes a +compression scheme which eliminates the repetition of domain names in a +message. In this scheme, an entire domain name or a list of labels at +the end of a domain name is replaced with a pointer to a prior occurrence +of the same name. + +The pointer takes the form of a two octet sequence: + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | 1 1| OFFSET | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +The first two bits are ones. This allows a pointer to be distinguished +from a label, since the label must begin with two zero bits because +labels are restricted to 63 octets or less. (The 10 and 01 combinations +are reserved for future use.) The OFFSET field specifies an offset from +the start of the message (i.e., the first octet of the ID field in the +domain header). A zero offset specifies the first byte of the ID field, +etc. + +The compression scheme allows a domain name in a message to be +represented as either: + + - a sequence of labels ending in a zero octet + + - a pointer + + - a sequence of labels ending with a pointer + +Pointers can only be used for occurrences of a domain name where the +format is not class specific. If this were not the case, a name server +or resolver would be required to know the format of all RRs it handled. +As yet, there are no such cases, but they may occur in future RDATA +formats. + +If a domain name is contained in a part of the message subject to a +length field (such as the RDATA section of an RR), and compression is + + + +Mockapetris [Page 30] + +RFC 1035 Domain Implementation and Specification November 1987 + + +used, the length of the compressed name is used in the length +calculation, rather than the length of the expanded name. + +Programs are free to avoid using pointers in messages they generate, +although this will reduce datagram capacity, and may cause truncation. +However all programs are required to understand arriving messages that +contain pointers. + +For example, a datagram might need to use the domain names F.ISI.ARPA, +FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the +message, these domain names might be represented as: + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 20 | 1 | F | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 22 | 3 | I | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 24 | S | I | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 26 | 4 | A | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 28 | R | P | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 30 | A | 0 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 40 | 3 | F | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 42 | O | O | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 44 | 1 1| 20 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 64 | 1 1| 26 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 92 | 0 | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +The domain name for F.ISI.ARPA is shown at offset 20. The domain name +FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to +concatenate a label for FOO to the previously defined F.ISI.ARPA. The +domain name ARPA is defined at offset 64 using a pointer to the ARPA +component of the name F.ISI.ARPA at 20; note that this pointer relies on +ARPA being the last label in the string at 20. The root domain name is + + + +Mockapetris [Page 31] + +RFC 1035 Domain Implementation and Specification November 1987 + + +defined by a single octet of zeros at 92; the root domain name has no +labels. + +4.2. Transport + +The DNS assumes that messages will be transmitted as datagrams or in a +byte stream carried by a virtual circuit. While virtual circuits can be +used for any DNS activity, datagrams are preferred for queries due to +their lower overhead and better performance. Zone refresh activities +must use virtual circuits because of the need for reliable transfer. + +The Internet supports name server access using TCP [RFC-793] on server +port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP +port 53 (decimal). + +4.2.1. UDP usage + +Messages sent using UDP user server port 53 (decimal). + +Messages carried by UDP are restricted to 512 bytes (not counting the IP +or UDP headers). Longer messages are truncated and the TC bit is set in +the header. + +UDP is not acceptable for zone transfers, but is the recommended method +for standard queries in the Internet. Queries sent using UDP may be +lost, and hence a retransmission strategy is required. Queries or their +responses may be reordered by the network, or by processing in name +servers, so resolvers should not depend on them being returned in order. + +The optimal UDP retransmission policy will vary with performance of the +Internet and the needs of the client, but the following are recommended: + + - The client should try other servers and server addresses + before repeating a query to a specific address of a server. + + - The retransmission interval should be based on prior + statistics if possible. Too aggressive retransmission can + easily slow responses for the community at large. Depending + on how well connected the client is to its expected servers, + the minimum retransmission interval should be 2-5 seconds. + +More suggestions on server selection and retransmission policy can be +found in the resolver section of this memo. + +4.2.2. TCP usage + +Messages sent over TCP connections use server port 53 (decimal). The +message is prefixed with a two byte length field which gives the message + + + +Mockapetris [Page 32] + +RFC 1035 Domain Implementation and Specification November 1987 + + +length, excluding the two byte length field. This length field allows +the low-level processing to assemble a complete message before beginning +to parse it. + +Several connection management policies are recommended: + + - The server should not block other activities waiting for TCP + data. + + - The server should support multiple connections. + + - The server should assume that the client will initiate + connection closing, and should delay closing its end of the + connection until all outstanding client requests have been + satisfied. + + - If the server needs to close a dormant connection to reclaim + resources, it should wait until the connection has been idle + for a period on the order of two minutes. In particular, the + server should allow the SOA and AXFR request sequence (which + begins a refresh operation) to be made on a single connection. + Since the server would be unable to answer queries anyway, a + unilateral close or reset may be used instead of a graceful + close. + +5. MASTER FILES + +Master files are text files that contain RRs in text form. Since the +contents of a zone can be expressed in the form of a list of RRs a +master file is most often used to define a zone, though it can be used +to list a cache's contents. Hence, this section first discusses the +format of RRs in a master file, and then the special considerations when +a master file is used to create a zone in some name server. + +5.1. Format + +The format of these files is a sequence of entries. Entries are +predominantly line-oriented, though parentheses can be used to continue +a list of items across a line boundary, and text literals can contain +CRLF within the text. Any combination of tabs and spaces act as a +delimiter between the separate items that make up an entry. The end of +any line in the master file can end with a comment. The comment starts +with a ";" (semicolon). + +The following entries are defined: + + <blank>[<comment>] + + + + +Mockapetris [Page 33] + +RFC 1035 Domain Implementation and Specification November 1987 + + + $ORIGIN <domain-name> [<comment>] + + $INCLUDE <file-name> [<domain-name>] [<comment>] + + <domain-name><rr> [<comment>] + + <blank><rr> [<comment>] + +Blank lines, with or without comments, are allowed anywhere in the file. + +Two control entries are defined: $ORIGIN and $INCLUDE. $ORIGIN is +followed by a domain name, and resets the current origin for relative +domain names to the stated name. $INCLUDE inserts the named file into +the current file, and may optionally specify a domain name that sets the +relative domain name origin for the included file. $INCLUDE may also +have a comment. Note that a $INCLUDE entry never changes the relative +origin of the parent file, regardless of changes to the relative origin +made within the included file. + +The last two forms represent RRs. If an entry for an RR begins with a +blank, then the RR is assumed to be owned by the last stated owner. If +an RR entry begins with a <domain-name>, then the owner name is reset. + +<rr> contents take one of the following forms: + + [<TTL>] [<class>] <type> <RDATA> + + [<class>] [<TTL>] <type> <RDATA> + +The RR begins with optional TTL and class fields, followed by a type and +RDATA field appropriate to the type and class. Class and type use the +standard mnemonics, TTL is a decimal integer. Omitted class and TTL +values are default to the last explicitly stated values. Since type and +class mnemonics are disjoint, the parse is unique. (Note that this +order is different from the order used in examples and the order used in +the actual RRs; the given order allows easier parsing and defaulting.) + +<domain-name>s make up a large share of the data in the master file. +The labels in the domain name are expressed as character strings and +separated by dots. Quoting conventions allow arbitrary characters to be +stored in domain names. Domain names that end in a dot are called +absolute, and are taken as complete. Domain names which do not end in a +dot are called relative; the actual domain name is the concatenation of +the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as +an argument to the master file loading routine. A relative name is an +error when no origin is available. + + + + + +Mockapetris [Page 34] + +RFC 1035 Domain Implementation and Specification November 1987 + + +<character-string> is expressed in one or two ways: as a contiguous set +of characters without interior spaces, or as a string beginning with a " +and ending with a ". Inside a " delimited string any character can +occur, except for a " itself, which must be quoted using \ (back slash). + +Because these files are text files several special encodings are +necessary to allow arbitrary data to be loaded. In particular: + + of the root. + +@ A free standing @ is used to denote the current origin. + +\X where X is any character other than a digit (0-9), is + used to quote that character so that its special meaning + does not apply. For example, "\." can be used to place + a dot character in a label. + +\DDD where each D is a digit is the octet corresponding to + the decimal number described by DDD. The resulting + octet is assumed to be text and is not checked for + special meaning. + +( ) Parentheses are used to group data that crosses a line + boundary. In effect, line terminations are not + recognized within parentheses. + +; Semicolon is used to start a comment; the remainder of + the line is ignored. + +5.2. Use of master files to define zones + +When a master file is used to load a zone, the operation should be +suppressed if any errors are encountered in the master file. The +rationale for this is that a single error can have widespread +consequences. For example, suppose that the RRs defining a delegation +have syntax errors; then the server will return authoritative name +errors for all names in the subzone (except in the case where the +subzone is also present on the server). + +Several other validity checks that should be performed in addition to +insuring that the file is syntactically correct: + + 1. All RRs in the file should have the same class. + + 2. Exactly one SOA RR should be present at the top of the zone. + + 3. If delegations are present and glue information is required, + it should be present. + + + +Mockapetris [Page 35] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 4. Information present outside of the authoritative nodes in the + zone should be glue information, rather than the result of an + origin or similar error. + +5.3. Master file example + +The following is an example file which might be used to define the +ISI.EDU zone.and is loaded with an origin of ISI.EDU: + +@ IN SOA VENERA Action\.domains ( + 20 ; SERIAL + 7200 ; REFRESH + 600 ; RETRY + 3600000; EXPIRE + 60) ; MINIMUM + + NS A.ISI.EDU. + NS VENERA + NS VAXA + MX 10 VENERA + MX 20 VAXA + +A A 26.3.0.103 + +VENERA A 10.1.0.52 + A 128.9.0.32 + +VAXA A 10.2.0.27 + A 128.9.0.33 + + +$INCLUDE <SUBSYS>ISI-MAILBOXES.TXT + +Where the file <SUBSYS>ISI-MAILBOXES.TXT is: + + MOE MB A.ISI.EDU. + LARRY MB A.ISI.EDU. + CURLEY MB A.ISI.EDU. + STOOGES MG MOE + MG LARRY + MG CURLEY + +Note the use of the \ character in the SOA RR to specify the responsible +person mailbox "Action.domains@E.ISI.EDU". + + + + + + + +Mockapetris [Page 36] + +RFC 1035 Domain Implementation and Specification November 1987 + + +6. NAME SERVER IMPLEMENTATION + +6.1. Architecture + +The optimal structure for the name server will depend on the host +operating system and whether the name server is integrated with resolver +operations, either by supporting recursive service, or by sharing its +database with a resolver. This section discusses implementation +considerations for a name server which shares a database with a +resolver, but most of these concerns are present in any name server. + +6.1.1. Control + +A name server must employ multiple concurrent activities, whether they +are implemented as separate tasks in the host's OS or multiplexing +inside a single name server program. It is simply not acceptable for a +name server to block the service of UDP requests while it waits for TCP +data for refreshing or query activities. Similarly, a name server +should not attempt to provide recursive service without processing such +requests in parallel, though it may choose to serialize requests from a +single client, or to regard identical requests from the same client as +duplicates. A name server should not substantially delay requests while +it reloads a zone from master files or while it incorporates a newly +refreshed zone into its database. + +6.1.2. Database + +While name server implementations are free to use any internal data +structures they choose, the suggested structure consists of three major +parts: + + - A "catalog" data structure which lists the zones available to + this server, and a "pointer" to the zone data structure. The + main purpose of this structure is to find the nearest ancestor + zone, if any, for arriving standard queries. + + - Separate data structures for each of the zones held by the + name server. + + - A data structure for cached data. (or perhaps separate caches + for different classes) + +All of these data structures can be implemented an identical tree +structure format, with different data chained off the nodes in different +parts: in the catalog the data is pointers to zones, while in the zone +and cache data structures, the data will be RRs. In designing the tree +framework the designer should recognize that query processing will need +to traverse the tree using case-insensitive label comparisons; and that + + + +Mockapetris [Page 37] + +RFC 1035 Domain Implementation and Specification November 1987 + + +in real data, a few nodes have a very high branching factor (100-1000 or +more), but the vast majority have a very low branching factor (0-1). + +One way to solve the case problem is to store the labels for each node +in two pieces: a standardized-case representation of the label where all +ASCII characters are in a single case, together with a bit mask that +denotes which characters are actually of a different case. The +branching factor diversity can be handled using a simple linked list for +a node until the branching factor exceeds some threshold, and +transitioning to a hash structure after the threshold is exceeded. In +any case, hash structures used to store tree sections must insure that +hash functions and procedures preserve the casing conventions of the +DNS. + +The use of separate structures for the different parts of the database +is motivated by several factors: + + - The catalog structure can be an almost static structure that + need change only when the system administrator changes the + zones supported by the server. This structure can also be + used to store parameters used to control refreshing + activities. + + - The individual data structures for zones allow a zone to be + replaced simply by changing a pointer in the catalog. Zone + refresh operations can build a new structure and, when + complete, splice it into the database via a simple pointer + replacement. It is very important that when a zone is + refreshed, queries should not use old and new data + simultaneously. + + - With the proper search procedures, authoritative data in zones + will always "hide", and hence take precedence over, cached + data. + + - Errors in zone definitions that cause overlapping zones, etc., + may cause erroneous responses to queries, but problem + determination is simplified, and the contents of one "bad" + zone can't corrupt another. + + - Since the cache is most frequently updated, it is most + vulnerable to corruption during system restarts. It can also + become full of expired RR data. In either case, it can easily + be discarded without disturbing zone data. + +A major aspect of database design is selecting a structure which allows +the name server to deal with crashes of the name server's host. State +information which a name server should save across system crashes + + + +Mockapetris [Page 38] + +RFC 1035 Domain Implementation and Specification November 1987 + + +includes the catalog structure (including the state of refreshing for +each zone) and the zone data itself. + +6.1.3. Time + +Both the TTL data for RRs and the timing data for refreshing activities +depends on 32 bit timers in units of seconds. Inside the database, +refresh timers and TTLs for cached data conceptually "count down", while +data in the zone stays with constant TTLs. + +A recommended implementation strategy is to store time in two ways: as +a relative increment and as an absolute time. One way to do this is to +use positive 32 bit numbers for one type and negative numbers for the +other. The RRs in zones use relative times; the refresh timers and +cache data use absolute times. Absolute numbers are taken with respect +to some known origin and converted to relative values when placed in the +response to a query. When an absolute TTL is negative after conversion +to relative, then the data is expired and should be ignored. + +6.2. Standard query processing + +The major algorithm for standard query processing is presented in +[RFC-1034]. + +When processing queries with QCLASS=*, or some other QCLASS which +matches multiple classes, the response should never be authoritative +unless the server can guarantee that the response covers all classes. + +When composing a response, RRs which are to be inserted in the +additional section, but duplicate RRs in the answer or authority +sections, may be omitted from the additional section. + +When a response is so long that truncation is required, the truncation +should start at the end of the response and work forward in the +datagram. Thus if there is any data for the authority section, the +answer section is guaranteed to be unique. + +The MINIMUM value in the SOA should be used to set a floor on the TTL of +data distributed from a zone. This floor function should be done when +the data is copied into a response. This will allow future dynamic +update protocols to change the SOA MINIMUM field without ambiguous +semantics. + +6.3. Zone refresh and reload processing + +In spite of a server's best efforts, it may be unable to load zone data +from a master file due to syntax errors, etc., or be unable to refresh a +zone within the its expiration parameter. In this case, the name server + + + +Mockapetris [Page 39] + +RFC 1035 Domain Implementation and Specification November 1987 + + +should answer queries as if it were not supposed to possess the zone. + +If a master is sending a zone out via AXFR, and a new version is created +during the transfer, the master should continue to send the old version +if possible. In any case, it should never send part of one version and +part of another. If completion is not possible, the master should reset +the connection on which the zone transfer is taking place. + +6.4. Inverse queries (Optional) + +Inverse queries are an optional part of the DNS. Name servers are not +required to support any form of inverse queries. If a name server +receives an inverse query that it does not support, it returns an error +response with the "Not Implemented" error set in the header. While +inverse query support is optional, all name servers must be at least +able to return the error response. + +6.4.1. The contents of inverse queries and responses Inverse +queries reverse the mappings performed by standard query operations; +while a standard query maps a domain name to a resource, an inverse +query maps a resource to a domain name. For example, a standard query +might bind a domain name to a host address; the corresponding inverse +query binds the host address to a domain name. + +Inverse queries take the form of a single RR in the answer section of +the message, with an empty question section. The owner name of the +query RR and its TTL are not significant. The response carries +questions in the question section which identify all names possessing +the query RR WHICH THE NAME SERVER KNOWS. Since no name server knows +about all of the domain name space, the response can never be assumed to +be complete. Thus inverse queries are primarily useful for database +management and debugging activities. Inverse queries are NOT an +acceptable method of mapping host addresses to host names; use the IN- +ADDR.ARPA domain instead. + +Where possible, name servers should provide case-insensitive comparisons +for inverse queries. Thus an inverse query asking for an MX RR of +"Venera.isi.edu" should get the same response as a query for +"VENERA.ISI.EDU"; an inverse query for HINFO RR "IBM-PC UNIX" should +produce the same result as an inverse query for "IBM-pc unix". However, +this cannot be guaranteed because name servers may possess RRs that +contain character strings but the name server does not know that the +data is character. + +When a name server processes an inverse query, it either returns: + + 1. zero, one, or multiple domain names for the specified + resource as QNAMEs in the question section + + + +Mockapetris [Page 40] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 2. an error code indicating that the name server doesn't support + inverse mapping of the specified resource type. + +When the response to an inverse query contains one or more QNAMEs, the +owner name and TTL of the RR in the answer section which defines the +inverse query is modified to exactly match an RR found at the first +QNAME. + +RRs returned in the inverse queries cannot be cached using the same +mechanism as is used for the replies to standard queries. One reason +for this is that a name might have multiple RRs of the same type, and +only one would appear. For example, an inverse query for a single +address of a multiply homed host might create the impression that only +one address existed. + +6.4.2. Inverse query and response example The overall structure +of an inverse query for retrieving the domain name that corresponds to +Internet address 10.1.0.52 is shown below: + + +-----------------------------------------+ + Header | OPCODE=IQUERY, ID=997 | + +-----------------------------------------+ + Question | <empty> | + +-----------------------------------------+ + Answer | <anyname> A IN 10.1.0.52 | + +-----------------------------------------+ + Authority | <empty> | + +-----------------------------------------+ + Additional | <empty> | + +-----------------------------------------+ + +This query asks for a question whose answer is the Internet style +address 10.1.0.52. Since the owner name is not known, any domain name +can be used as a placeholder (and is ignored). A single octet of zero, +signifying the root, is usually used because it minimizes the length of +the message. The TTL of the RR is not significant. The response to +this query might be: + + + + + + + + + + + + + + +Mockapetris [Page 41] + +RFC 1035 Domain Implementation and Specification November 1987 + + + +-----------------------------------------+ + Header | OPCODE=RESPONSE, ID=997 | + +-----------------------------------------+ + Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU | + +-----------------------------------------+ + Answer | VENERA.ISI.EDU A IN 10.1.0.52 | + +-----------------------------------------+ + Authority | <empty> | + +-----------------------------------------+ + Additional | <empty> | + +-----------------------------------------+ + +Note that the QTYPE in a response to an inverse query is the same as the +TYPE field in the answer section of the inverse query. Responses to +inverse queries may contain multiple questions when the inverse is not +unique. If the question section in the response is not empty, then the +RR in the answer section is modified to correspond to be an exact copy +of an RR at the first QNAME. + +6.4.3. Inverse query processing + +Name servers that support inverse queries can support these operations +through exhaustive searches of their databases, but this becomes +impractical as the size of the database increases. An alternative +approach is to invert the database according to the search key. + +For name servers that support multiple zones and a large amount of data, +the recommended approach is separate inversions for each zone. When a +particular zone is changed during a refresh, only its inversions need to +be redone. + +Support for transfer of this type of inversion may be included in future +versions of the domain system, but is not supported in this version. + +6.5. Completion queries and responses + +The optional completion services described in RFC-882 and RFC-883 have +been deleted. Redesigned services may become available in the future. + + + + + + + + + + + + + +Mockapetris [Page 42] + +RFC 1035 Domain Implementation and Specification November 1987 + + +7. RESOLVER IMPLEMENTATION + +The top levels of the recommended resolver algorithm are discussed in +[RFC-1034]. This section discusses implementation details assuming the +database structure suggested in the name server implementation section +of this memo. + +7.1. Transforming a user request into a query + +The first step a resolver takes is to transform the client's request, +stated in a format suitable to the local OS, into a search specification +for RRs at a specific name which match a specific QTYPE and QCLASS. +Where possible, the QTYPE and QCLASS should correspond to a single type +and a single class, because this makes the use of cached data much +simpler. The reason for this is that the presence of data of one type +in a cache doesn't confirm the existence or non-existence of data of +other types, hence the only way to be sure is to consult an +authoritative source. If QCLASS=* is used, then authoritative answers +won't be available. + +Since a resolver must be able to multiplex multiple requests if it is to +perform its function efficiently, each pending request is usually +represented in some block of state information. This state block will +typically contain: + + - A timestamp indicating the time the request began. + The timestamp is used to decide whether RRs in the database + can be used or are out of date. This timestamp uses the + absolute time format previously discussed for RR storage in + zones and caches. Note that when an RRs TTL indicates a + relative time, the RR must be timely, since it is part of a + zone. When the RR has an absolute time, it is part of a + cache, and the TTL of the RR is compared against the timestamp + for the start of the request. + + Note that using the timestamp is superior to using a current + time, since it allows RRs with TTLs of zero to be entered in + the cache in the usual manner, but still used by the current + request, even after intervals of many seconds due to system + load, query retransmission timeouts, etc. + + - Some sort of parameters to limit the amount of work which will + be performed for this request. + + The amount of work which a resolver will do in response to a + client request must be limited to guard against errors in the + database, such as circular CNAME references, and operational + problems, such as network partition which prevents the + + + +Mockapetris [Page 43] + +RFC 1035 Domain Implementation and Specification November 1987 + + + resolver from accessing the name servers it needs. While + local limits on the number of times a resolver will retransmit + a particular query to a particular name server address are + essential, the resolver should have a global per-request + counter to limit work on a single request. The counter should + be set to some initial value and decremented whenever the + resolver performs any action (retransmission timeout, + retransmission, etc.) If the counter passes zero, the request + is terminated with a temporary error. + + Note that if the resolver structure allows one request to + start others in parallel, such as when the need to access a + name server for one request causes a parallel resolve for the + name server's addresses, the spawned request should be started + with a lower counter. This prevents circular references in + the database from starting a chain reaction of resolver + activity. + + - The SLIST data structure discussed in [RFC-1034]. + + This structure keeps track of the state of a request if it + must wait for answers from foreign name servers. + +7.2. Sending the queries + +As described in [RFC-1034], the basic task of the resolver is to +formulate a query which will answer the client's request and direct that +query to name servers which can provide the information. The resolver +will usually only have very strong hints about which servers to ask, in +the form of NS RRs, and may have to revise the query, in response to +CNAMEs, or revise the set of name servers the resolver is asking, in +response to delegation responses which point the resolver to name +servers closer to the desired information. In addition to the +information requested by the client, the resolver may have to call upon +its own services to determine the address of name servers it wishes to +contact. + +In any case, the model used in this memo assumes that the resolver is +multiplexing attention between multiple requests, some from the client, +and some internally generated. Each request is represented by some +state information, and the desired behavior is that the resolver +transmit queries to name servers in a way that maximizes the probability +that the request is answered, minimizes the time that the request takes, +and avoids excessive transmissions. The key algorithm uses the state +information of the request to select the next name server address to +query, and also computes a timeout which will cause the next action +should a response not arrive. The next action will usually be a +transmission to some other server, but may be a temporary error to the + + + +Mockapetris [Page 44] + +RFC 1035 Domain Implementation and Specification November 1987 + + +client. + +The resolver always starts with a list of server names to query (SLIST). +This list will be all NS RRs which correspond to the nearest ancestor +zone that the resolver knows about. To avoid startup problems, the +resolver should have a set of default servers which it will ask should +it have no current NS RRs which are appropriate. The resolver then adds +to SLIST all of the known addresses for the name servers, and may start +parallel requests to acquire the addresses of the servers when the +resolver has the name, but no addresses, for the name servers. + +To complete initialization of SLIST, the resolver attaches whatever +history information it has to the each address in SLIST. This will +usually consist of some sort of weighted averages for the response time +of the address, and the batting average of the address (i.e., how often +the address responded at all to the request). Note that this +information should be kept on a per address basis, rather than on a per +name server basis, because the response time and batting average of a +particular server may vary considerably from address to address. Note +also that this information is actually specific to a resolver address / +server address pair, so a resolver with multiple addresses may wish to +keep separate histories for each of its addresses. Part of this step +must deal with addresses which have no such history; in this case an +expected round trip time of 5-10 seconds should be the worst case, with +lower estimates for the same local network, etc. + +Note that whenever a delegation is followed, the resolver algorithm +reinitializes SLIST. + +The information establishes a partial ranking of the available name +server addresses. Each time an address is chosen and the state should +be altered to prevent its selection again until all other addresses have +been tried. The timeout for each transmission should be 50-100% greater +than the average predicted value to allow for variance in response. + +Some fine points: + + - The resolver may encounter a situation where no addresses are + available for any of the name servers named in SLIST, and + where the servers in the list are precisely those which would + normally be used to look up their own addresses. This + situation typically occurs when the glue address RRs have a + smaller TTL than the NS RRs marking delegation, or when the + resolver caches the result of a NS search. The resolver + should detect this condition and restart the search at the + next ancestor zone, or alternatively at the root. + + + + + +Mockapetris [Page 45] + +RFC 1035 Domain Implementation and Specification November 1987 + + + - If a resolver gets a server error or other bizarre response + from a name server, it should remove it from SLIST, and may + wish to schedule an immediate transmission to the next + candidate server address. + +7.3. Processing responses + +The first step in processing arriving response datagrams is to parse the +response. This procedure should include: + + - Check the header for reasonableness. Discard datagrams which + are queries when responses are expected. + + - Parse the sections of the message, and insure that all RRs are + correctly formatted. + + - As an optional step, check the TTLs of arriving data looking + for RRs with excessively long TTLs. If a RR has an + excessively long TTL, say greater than 1 week, either discard + the whole response, or limit all TTLs in the response to 1 + week. + +The next step is to match the response to a current resolver request. +The recommended strategy is to do a preliminary matching using the ID +field in the domain header, and then to verify that the question section +corresponds to the information currently desired. This requires that +the transmission algorithm devote several bits of the domain ID field to +a request identifier of some sort. This step has several fine points: + + - Some name servers send their responses from different + addresses than the one used to receive the query. That is, a + resolver cannot rely that a response will come from the same + address which it sent the corresponding query to. This name + server bug is typically encountered in UNIX systems. + + - If the resolver retransmits a particular request to a name + server it should be able to use a response from any of the + transmissions. However, if it is using the response to sample + the round trip time to access the name server, it must be able + to determine which transmission matches the response (and keep + transmission times for each outgoing message), or only + calculate round trip times based on initial transmissions. + + - A name server will occasionally not have a current copy of a + zone which it should have according to some NS RRs. The + resolver should simply remove the name server from the current + SLIST, and continue. + + + + +Mockapetris [Page 46] + +RFC 1035 Domain Implementation and Specification November 1987 + + +7.4. Using the cache + +In general, we expect a resolver to cache all data which it receives in +responses since it may be useful in answering future client requests. +However, there are several types of data which should not be cached: + + - When several RRs of the same type are available for a + particular owner name, the resolver should either cache them + all or none at all. When a response is truncated, and a + resolver doesn't know whether it has a complete set, it should + not cache a possibly partial set of RRs. + + - Cached data should never be used in preference to + authoritative data, so if caching would cause this to happen + the data should not be cached. + + - The results of an inverse query should not be cached. + + - The results of standard queries where the QNAME contains "*" + labels if the data might be used to construct wildcards. The + reason is that the cache does not necessarily contain existing + RRs or zone boundary information which is necessary to + restrict the application of the wildcard RRs. + + - RR data in responses of dubious reliability. When a resolver + receives unsolicited responses or RR data other than that + requested, it should discard it without caching it. The basic + implication is that all sanity checks on a packet should be + performed before any of it is cached. + +In a similar vein, when a resolver has a set of RRs for some name in a +response, and wants to cache the RRs, it should check its cache for +already existing RRs. Depending on the circumstances, either the data +in the response or the cache is preferred, but the two should never be +combined. If the data in the response is from authoritative data in the +answer section, it is always preferred. + +8. MAIL SUPPORT + +The domain system defines a standard for mapping mailboxes into domain +names, and two methods for using the mailbox information to derive mail +routing information. The first method is called mail exchange binding +and the other method is mailbox binding. The mailbox encoding standard +and mail exchange binding are part of the DNS official protocol, and are +the recommended method for mail routing in the Internet. Mailbox +binding is an experimental feature which is still under development and +subject to change. + + + + +Mockapetris [Page 47] + +RFC 1035 Domain Implementation and Specification November 1987 + + +The mailbox encoding standard assumes a mailbox name of the form +"<local-part>@<mail-domain>". While the syntax allowed in each of these +sections varies substantially between the various mail internets, the +preferred syntax for the ARPA Internet is given in [RFC-822]. + +The DNS encodes the <local-part> as a single label, and encodes the +<mail-domain> as a domain name. The single label from the <local-part> +is prefaced to the domain name from <mail-domain> to form the domain +name corresponding to the mailbox. Thus the mailbox HOSTMASTER@SRI- +NIC.ARPA is mapped into the domain name HOSTMASTER.SRI-NIC.ARPA. If the +<local-part> contains dots or other special characters, its +representation in a master file will require the use of backslash +quoting to ensure that the domain name is properly encoded. For +example, the mailbox Action.domains@ISI.EDU would be represented as +Action\.domains.ISI.EDU. + +8.1. Mail exchange binding + +Mail exchange binding uses the <mail-domain> part of a mailbox +specification to determine where mail should be sent. The <local-part> +is not even consulted. [RFC-974] specifies this method in detail, and +should be consulted before attempting to use mail exchange support. + +One of the advantages of this method is that it decouples mail +destination naming from the hosts used to support mail service, at the +cost of another layer of indirection in the lookup function. However, +the addition layer should eliminate the need for complicated "%", "!", +etc encodings in <local-part>. + +The essence of the method is that the <mail-domain> is used as a domain +name to locate type MX RRs which list hosts willing to accept mail for +<mail-domain>, together with preference values which rank the hosts +according to an order specified by the administrators for <mail-domain>. + +In this memo, the <mail-domain> ISI.EDU is used in examples, together +with the hosts VENERA.ISI.EDU and VAXA.ISI.EDU as mail exchanges for +ISI.EDU. If a mailer had a message for Mockapetris@ISI.EDU, it would +route it by looking up MX RRs for ISI.EDU. The MX RRs at ISI.EDU name +VENERA.ISI.EDU and VAXA.ISI.EDU, and type A queries can find the host +addresses. + +8.2. Mailbox binding (Experimental) + +In mailbox binding, the mailer uses the entire mail destination +specification to construct a domain name. The encoded domain name for +the mailbox is used as the QNAME field in a QTYPE=MAILB query. + +Several outcomes are possible for this query: + + + +Mockapetris [Page 48] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 1. The query can return a name error indicating that the mailbox + does not exist as a domain name. + + In the long term, this would indicate that the specified + mailbox doesn't exist. However, until the use of mailbox + binding is universal, this error condition should be + interpreted to mean that the organization identified by the + global part does not support mailbox binding. The + appropriate procedure is to revert to exchange binding at + this point. + + 2. The query can return a Mail Rename (MR) RR. + + The MR RR carries new mailbox specification in its RDATA + field. The mailer should replace the old mailbox with the + new one and retry the operation. + + 3. The query can return a MB RR. + + The MB RR carries a domain name for a host in its RDATA + field. The mailer should deliver the message to that host + via whatever protocol is applicable, e.g., b,SMTP. + + 4. The query can return one or more Mail Group (MG) RRs. + + This condition means that the mailbox was actually a mailing + list or mail group, rather than a single mailbox. Each MG RR + has a RDATA field that identifies a mailbox that is a member + of the group. The mailer should deliver a copy of the + message to each member. + + 5. The query can return a MB RR as well as one or more MG RRs. + + This condition means the the mailbox was actually a mailing + list. The mailer can either deliver the message to the host + specified by the MB RR, which will in turn do the delivery to + all members, or the mailer can use the MG RRs to do the + expansion itself. + +In any of these cases, the response may include a Mail Information +(MINFO) RR. This RR is usually associated with a mail group, but is +legal with a MB. The MINFO RR identifies two mailboxes. One of these +identifies a responsible person for the original mailbox name. This +mailbox should be used for requests to be added to a mail group, etc. +The second mailbox name in the MINFO RR identifies a mailbox that should +receive error messages for mail failures. This is particularly +appropriate for mailing lists when errors in member names should be +reported to a person other than the one who sends a message to the list. + + + +Mockapetris [Page 49] + +RFC 1035 Domain Implementation and Specification November 1987 + + +New fields may be added to this RR in the future. + + +9. REFERENCES and BIBLIOGRAPHY + +[Dyer 87] S. Dyer, F. Hsu, "Hesiod", Project Athena + Technical Plan - Name Service, April 1987, version 1.9. + + Describes the fundamentals of the Hesiod name service. + +[IEN-116] J. Postel, "Internet Name Server", IEN-116, + USC/Information Sciences Institute, August 1979. + + A name service obsoleted by the Domain Name System, but + still in use. + +[Quarterman 86] J. Quarterman, and J. Hoskins, "Notable Computer Networks", + Communications of the ACM, October 1986, volume 29, number + 10. + +[RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network + Information Center, SRI International, December 1977. + +[RFC-768] J. Postel, "User Datagram Protocol", RFC-768, + USC/Information Sciences Institute, August 1980. + +[RFC-793] J. Postel, "Transmission Control Protocol", RFC-793, + USC/Information Sciences Institute, September 1981. + +[RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT, + September 1981. + + Suggests introduction of a hierarchy in place of a flat + name space for the Internet. + +[RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805, + USC/Information Sciences Institute, February 1982. + +[RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD + Internet Host Table Specification", RFC-810, Network + Information Center, SRI International, March 1982. + + Obsolete. See RFC-952. + +[RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames + Server", RFC-811, Network Information Center, SRI + International, March 1982. + + + + +Mockapetris [Page 50] + +RFC 1035 Domain Implementation and Specification November 1987 + + + Obsolete. See RFC-953. + +[RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812, + Network Information Center, SRI International, March + 1982. + +[RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for + Internet User Applications", RFC-819, Network + Information Center, SRI International, August 1982. + + Early thoughts on the design of the domain system. + Current implementation is completely different. + +[RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821, + USC/Information Sciences Institute, August 1980. + +[RFC-830] Z. Su, "A Distributed System for Internet Name Service", + RFC-830, Network Information Center, SRI International, + October 1982. + + Early thoughts on the design of the domain system. + Current implementation is completely different. + +[RFC-882] P. Mockapetris, "Domain names - Concepts and + Facilities," RFC-882, USC/Information Sciences + Institute, November 1983. + + Superseded by this memo. + +[RFC-883] P. Mockapetris, "Domain names - Implementation and + Specification," RFC-883, USC/Information Sciences + Institute, November 1983. + + Superseded by this memo. + +[RFC-920] J. Postel and J. Reynolds, "Domain Requirements", + RFC-920, USC/Information Sciences Institute, + October 1984. + + Explains the naming scheme for top level domains. + +[RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host + Table Specification", RFC-952, SRI, October 1985. + + Specifies the format of HOSTS.TXT, the host/address + table replaced by the DNS. + + + + + +Mockapetris [Page 51] + +RFC 1035 Domain Implementation and Specification November 1987 + + +[RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server", + RFC-953, SRI, October 1985. + + This RFC contains the official specification of the + hostname server protocol, which is obsoleted by the DNS. + This TCP based protocol accesses information stored in + the RFC-952 format, and is used to obtain copies of the + host table. + +[RFC-973] P. Mockapetris, "Domain System Changes and + Observations", RFC-973, USC/Information Sciences + Institute, January 1986. + + Describes changes to RFC-882 and RFC-883 and reasons for + them. + +[RFC-974] C. Partridge, "Mail routing and the domain system", + RFC-974, CSNET CIC BBN Labs, January 1986. + + Describes the transition from HOSTS.TXT based mail + addressing to the more powerful MX system used with the + domain system. + +[RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS + service on a TCP/UDP transport: Concepts and Methods", + RFC-1001, March 1987. + + This RFC and RFC-1002 are a preliminary design for + NETBIOS on top of TCP/IP which proposes to base NetBIOS + name service on top of the DNS. + +[RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS + service on a TCP/UDP transport: Detailed + Specifications", RFC-1002, March 1987. + +[RFC-1010] J. Reynolds, and J. Postel, "Assigned Numbers", RFC-1010, + USC/Information Sciences Institute, May 1987. + + Contains socket numbers and mnemonics for host names, + operating systems, etc. + +[RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031, + November 1987. + + Describes a plan for converting the MILNET to the DNS. + +[RFC-1032] M. Stahl, "Establishing a Domain - Guidelines for + Administrators", RFC-1032, November 1987. + + + +Mockapetris [Page 52] + +RFC 1035 Domain Implementation and Specification November 1987 + + + Describes the registration policies used by the NIC to + administer the top level domains and delegate subzones. + +[RFC-1033] M. Lottor, "Domain Administrators Operations Guide", + RFC-1033, November 1987. + + A cookbook for domain administrators. + +[Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET + Name Server", Computer Networks, vol 6, nr 3, July 1982. + + Describes a name service for CSNET which is independent + from the DNS and DNS use in the CSNET. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 53] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Index + + * 13 + + ; 33, 35 + + <character-string> 35 + <domain-name> 34 + + @ 35 + + \ 35 + + A 12 + + Byte order 8 + + CH 13 + Character case 9 + CLASS 11 + CNAME 12 + Completion 42 + CS 13 + + Hesiod 13 + HINFO 12 + HS 13 + + IN 13 + IN-ADDR.ARPA domain 22 + Inverse queries 40 + + Mailbox names 47 + MB 12 + MD 12 + MF 12 + MG 12 + MINFO 12 + MINIMUM 20 + MR 12 + MX 12 + + NS 12 + NULL 12 + + Port numbers 32 + Primary server 5 + PTR 12, 18 + + + +Mockapetris [Page 54] + +RFC 1035 Domain Implementation and Specification November 1987 + + + QCLASS 13 + QTYPE 12 + + RDATA 12 + RDLENGTH 11 + + Secondary server 5 + SOA 12 + Stub resolvers 7 + + TCP 32 + TXT 12 + TYPE 11 + + UDP 32 + + WKS 12 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 55] + diff --git a/lib/dns/tests/testdata/dst/test1.ecdsa256sig b/lib/dns/tests/testdata/dst/test1.ecdsa256sig new file mode 100644 index 0000000..dcae9d1 --- /dev/null +++ b/lib/dns/tests/testdata/dst/test1.ecdsa256sig @@ -0,0 +1 @@ +72E0998732EECAE2BEA12A278DFDEE14DB09A43C1E646A08BB0A6EEB90C5B75F9B359BEC1580313BFA8012C1DC15D34D1B227C71AD23161E2757AEB162AE3D99 diff --git a/lib/dns/tests/testdata/dst/test1.rsasha256sig b/lib/dns/tests/testdata/dst/test1.rsasha256sig new file mode 100644 index 0000000..36e0b09 --- /dev/null +++ b/lib/dns/tests/testdata/dst/test1.rsasha256sig @@ -0,0 +1 @@ +C5CC8AB9FB5C0B4F03650456C993A868EB674ACBF2A867E023DC00F17D240CEDCADB8714981B7B48CF6CF86722632610FF312063B5E6D20EF441B89F02BC6813A35F9C6F045D017DB75C8724DBAA0C55A0D4EA850339944C75890B4DD0382AFA3E30E1CAA7B190C1B1FB17B5DD2279C0DF1049911E64198B3376070A34F38F4B diff --git a/lib/dns/tests/testdata/dst/test2.data b/lib/dns/tests/testdata/dst/test2.data new file mode 100644 index 0000000..a323bb3 --- /dev/null +++ b/lib/dns/tests/testdata/dst/test2.data @@ -0,0 +1,3077 @@ +Network Working Group P. Mockapetris +Request for Comments: 1035 ISI + November 1987 +Obsoletes: RFCs 882, 883, 973 + + DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION + + +1. STATUS OF THIS MEMO + +This RFC describes the details of the domain system and protocol, and +assumes that the reader is familiar with the concepts discussed in a +companion RFC, "Domain Names - Concepts and Facilities" [RFC-4301]. + +The domain system is a mixture of functions and data types which are an +official protocol and functions and data types which are still +experimental. Since the domain system is intentionally extensible, new +data types and experimental behavior should always be expected in parts +of the system beyond the official protocol. The official protocol parts +include standard queries, responses and the Internet class RR data +formats (e.g., host addresses). Since the previous RFC set, several +definitions have changed, so some previous definitions are obsolete. + +Experimental or obsolete features are clearly marked in these RFCs, and +such information should be used with caution. + +The reader is especially cautioned not to depend on the values which +appear in examples to be current or complete, since their purpose is +primarily pedagogical. Distribution of this memo is unlimited. + + Table of Contents + + 1. STATUS OF THIS MEMO 1 + 2. INTRODUCTION 3 + 2.1. Overview 3 + 2.2. Common configurations 4 + 2.3. Conventions 7 + 2.3.1. Preferred name syntax 7 + 2.3.2. Data Transmission Order 8 + 2.3.3. Character Case 9 + 2.3.4. Size limits 10 + 3. DOMAIN NAME SPACE AND RR DEFINITIONS 10 + 3.1. Name space definitions 10 + 3.2. RR definitions 11 + 3.2.1. Format 11 + 3.2.2. TYPE values 12 + 3.2.3. QTYPE values 12 + 3.2.4. CLASS values 13 + + + +Mockapetris [Page 1] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 3.2.5. QCLASS values 13 + 3.3. Standard RRs 13 + 3.3.1. CNAME RDATA format 14 + 3.3.2. HINFO RDATA format 14 + 3.3.3. MB RDATA format (EXPERIMENTAL) 14 + 3.3.4. MD RDATA format (Obsolete) 15 + 3.3.5. MF RDATA format (Obsolete) 15 + 3.3.6. MG RDATA format (EXPERIMENTAL) 16 + 3.3.7. MINFO RDATA format (EXPERIMENTAL) 16 + 3.3.8. MR RDATA format (EXPERIMENTAL) 17 + 3.3.9. MX RDATA format 17 + 3.3.10. NULL RDATA format (EXPERIMENTAL) 17 + 3.3.11. NS RDATA format 18 + 3.3.12. PTR RDATA format 18 + 3.3.13. SOA RDATA format 19 + 3.3.14. TXT RDATA format 20 + 3.4. ARPA Internet specific RRs 20 + 3.4.1. A RDATA format 20 + 3.4.2. WKS RDATA format 21 + 3.5. IN-ADDR.ARPA domain 22 + 3.6. Defining new types, classes, and special namespaces 24 + 4. MESSAGES 25 + 4.1. Format 25 + 4.1.1. Header section format 26 + 4.1.2. Question section format 28 + 4.1.3. Resource record format 29 + 4.1.4. Message compression 30 + 4.2. Transport 32 + 4.2.1. UDP usage 32 + 4.2.2. TCP usage 32 + 5. MASTER FILES 33 + 5.1. Format 33 + 5.2. Use of master files to define zones 35 + 5.3. Master file example 36 + 6. NAME SERVER IMPLEMENTATION 37 + 6.1. Architecture 37 + 6.1.1. Control 37 + 6.1.2. Database 37 + 6.1.3. Time 39 + 6.2. Standard query processing 39 + 6.3. Zone refresh and reload processing 39 + 6.4. Inverse queries (Optional) 40 + 6.4.1. The contents of inverse queries and responses 40 + 6.4.2. Inverse query and response example 41 + 6.4.3. Inverse query processing 42 + + + + + + +Mockapetris [Page 2] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 6.5. Completion queries and responses 42 + 7. RESOLVER IMPLEMENTATION 43 + 7.1. Transforming a user request into a query 43 + 7.2. Sending the queries 44 + 7.3. Processing responses 46 + 7.4. Using the cache 47 + 8. MAIL SUPPORT 47 + 8.1. Mail exchange binding 48 + 8.2. Mailbox binding (Experimental) 48 + 9. REFERENCES and BIBLIOGRAPHY 50 + Index 54 + +2. INTRODUCTION + +2.1. Overview + +The goal of domain names is to provide a mechanism for naming resources +in such a way that the names are usable in different hosts, networks, +protocol families, internets, and administrative organizations. + +From the user's point of view, domain names are useful as arguments to a +local agent, called a resolver, which retrieves information associated +with the domain name. Thus a user might ask for the host address or +mail information associated with a particular domain name. To enable +the user to request a particular type of information, an appropriate +query type is passed to the resolver with the domain name. To the user, +the domain tree is a single information space; the resolver is +responsible for hiding the distribution of data among name servers from +the user. + +From the resolver's point of view, the database that makes up the domain +space is distributed among various name servers. Different parts of the +domain space are stored in different name servers, although a particular +data item will be stored redundantly in two or more name servers. The +resolver starts with knowledge of at least one name server. When the +resolver processes a user query it asks a known name server for the +information; in return, the resolver either receives the desired +information or a referral to another name server. Using these +referrals, resolvers learn the identities and contents of other name +servers. Resolvers are responsible for dealing with the distribution of +the domain space and dealing with the effects of name server failure by +consulting redundant databases in other servers. + +Name servers manage two kinds of data. The first kind of data held in +sets called zones; each zone is the complete database for a particular +"pruned" subtree of the domain space. This data is called +authoritative. A name server periodically checks to make sure that its +zones are up to date, and if not, obtains a new copy of updated zones + + + +Mockapetris [Page 3] + +RFC 1035 Domain Implementation and Specification November 1987 + + +from master files stored locally or in another name server. The second +kind of data is cached data which was acquired by a local resolver. +This data may be incomplete, but improves the performance of the +retrieval process when non-local data is repeatedly accessed. Cached +data is eventually discarded by a timeout mechanism. + +This functional structure isolates the problems of user interface, +failure recovery, and distribution in the resolvers and isolates the +database update and refresh problems in the name servers. + +2.2. Common configurations + +A host can participate in the domain name system in a number of ways, +depending on whether the host runs programs that retrieve information +from the domain system, name servers that answer queries from other +hosts, or various combinations of both functions. The simplest, and +perhaps most typical, configuration is shown below: + + Local Host | Foreign + | + +---------+ +----------+ | +--------+ + | | user queries | |queries | | | + | User |-------------->| |---------|->|Foreign | + | Program | | Resolver | | | Name | + | |<--------------| |<--------|--| Server | + | | user responses| |responses| | | + +---------+ +----------+ | +--------+ + | A | + cache additions | | references | + V | | + +----------+ | + | cache | | + +----------+ | + +User programs interact with the domain name space through resolvers; the +format of user queries and user responses is specific to the host and +its operating system. User queries will typically be operating system +calls, and the resolver and its cache will be part of the host operating +system. Less capable hosts may choose to implement the resolver as a +subroutine to be linked in with every program that needs its services. +Resolvers answer user queries with information they acquire via queries +to foreign name servers and the local cache. + +Note that the resolver may have to make several queries to several +different foreign name servers to answer a particular user query, and +hence the resolution of a user query may involve several network +accesses and an arbitrary amount of time. The queries to foreign name +servers and the corresponding responses have a standard format described + + + +Mockapetris [Page 4] + +RFC 1035 Domain Implementation and Specification November 1987 + + +in this memo, and may be datagrams. + +Depending on its capabilities, a name server could be a stand alone +program on a dedicated machine or a process or processes on a large +timeshared host. A simple configuration might be: + + Local Host | Foreign + | + +---------+ | + / /| | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + +Here a primary name server acquires information about one or more zones +by reading master files from its local file system, and answers queries +about those zones that arrive from foreign resolvers. + +The DNS requires that all zones be redundantly supported by more than +one name server. Designated secondary servers can acquire zones and +check for updates from the primary server using the zone transfer +protocol of the DNS. This configuration is shown below: + + Local Host | Foreign + | + +---------+ | + / /| | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + A |maintenance | +--------+ + | +------------|->| | + | queries | |Foreign | + | | | Name | + +------------------|--| Server | + maintenance responses | +--------+ + +In this configuration, the name server periodically establishes a +virtual circuit to a foreign name server to acquire a copy of a zone or +to check that an existing copy has not changed. The messages sent for + + + +Mockapetris [Page 5] + +RFC 1035 Domain Implementation and Specification November 1987 + + +these maintenance activities follow the same form as queries and +responses, but the message sequences are somewhat different. + +The information flow in a host that supports all aspects of the domain +name system is shown below: + + Local Host | Foreign + | + +---------+ +----------+ | +--------+ + | | user queries | |queries | | | + | User |-------------->| |---------|->|Foreign | + | Program | | Resolver | | | Name | + | |<--------------| |<--------|--| Server | + | | user responses| |responses| | | + +---------+ +----------+ | +--------+ + | A | + cache additions | | references | + V | | + +----------+ | + | Shared | | + | database | | + +----------+ | + A | | + +---------+ refreshes | | references | + / /| | V | + +---------+ | +----------+ | +--------+ + | | | | |responses| | | + | | | | Name |---------|->|Foreign | + | Master |-------------->| Server | | |Resolver| + | files | | | |<--------|--| | + | |/ | | queries | +--------+ + +---------+ +----------+ | + A |maintenance | +--------+ + | +------------|->| | + | queries | |Foreign | + | | | Name | + +------------------|--| Server | + maintenance responses | +--------+ + +The shared database holds domain space data for the local name server +and resolver. The contents of the shared database will typically be a +mixture of authoritative data maintained by the periodic refresh +operations of the name server and cached data from previous resolver +requests. The structure of the domain data and the necessity for +synchronization between name servers and resolvers imply the general +characteristics of this database, but the actual format is up to the +local implementor. + + + + +Mockapetris [Page 6] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Information flow can also be tailored so that a group of hosts act +together to optimize activities. Sometimes this is done to offload less +capable hosts so that they do not have to implement a full resolver. +This can be appropriate for PCs or hosts which want to minimize the +amount of new network code which is required. This scheme can also +allow a group of hosts can share a small number of caches rather than +maintaining a large number of separate caches, on the premise that the +centralized caches will have a higher hit ratio. In either case, +resolvers are replaced with stub resolvers which act as front ends to +resolvers located in a recursive server in one or more name servers +known to perform that service: + + Local Hosts | Foreign + | + +---------+ | + | | responses | + | Stub |<--------------------+ | + | Resolver| | | + | |----------------+ | | + +---------+ recursive | | | + queries | | | + V | | + +---------+ recursive +----------+ | +--------+ + | | queries | |queries | | | + | Stub |-------------->| Recursive|---------|->|Foreign | + | Resolver| | Server | | | Name | + | |<--------------| |<--------|--| Server | + +---------+ responses | |responses| | | + +----------+ | +--------+ + | Central | | + | cache | | + +----------+ | + +In any case, note that domain components are always replicated for +reliability whenever possible. + +2.3. Conventions + +The domain system has several conventions dealing with low-level, but +fundamental, issues. While the implementor is free to violate these +conventions WITHIN HIS OWN SYSTEM, he must observe these conventions in +ALL behavior observed from other hosts. + +2.3.1. Preferred name syntax + +The DNS specifications attempt to be as general as possible in the rules +for constructing domain names. The idea is that the name of any +existing object can be expressed as a domain name with minimal changes. + + + +Mockapetris [Page 7] + +RFC 1035 Domain Implementation and Specification November 1987 + + +However, when assigning a domain name for an object, the prudent user +will select a name which satisfies both the rules of the domain system +and any existing rules for the object, whether these rules are published +or implied by existing programs. + +For example, when naming a mail domain, the user should satisfy both the +rules of this memo and those in RFC-822. When creating a new host name, +the old rules for HOSTS.TXT should be followed. This avoids problems +when old software is converted to use domain names. + +The following syntax will result in fewer problems with many + +applications that use domain names (e.g., mail, TELNET). + +<domain> ::= <subdomain> | " " + +<subdomain> ::= <label> | <subdomain> "." <label> + +<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ] + +<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str> + +<let-dig-hyp> ::= <let-dig> | "-" + +<let-dig> ::= <letter> | <digit> + +<letter> ::= any one of the 52 alphabetic characters A through Z in +upper case and a through z in lower case + +<digit> ::= any one of the ten digits 0 through 9 + +Note that while upper and lower case letters are allowed in domain +names, no significance is attached to the case. That is, two names with +the same spelling but different case are to be treated as if identical. + +The labels must follow the rules for ARPANET host names. They must +start with a letter, end with a letter or digit, and have as interior +characters only letters, digits, and hyphen. There are also some +restrictions on the length. Labels must be 63 characters or less. + +For example, the following strings identify hosts in the Internet: + +A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA + +2.3.2. Data Transmission Order + +The order of transmission of the header and data described in this +document is resolved to the octet level. Whenever a diagram shows a + + + +Mockapetris [Page 8] + +RFC 1035 Domain Implementation and Specification November 1987 + + +group of octets, the order of transmission of those octets is the normal +order in which they are read in English. For example, in the following +diagram, the octets are transmitted in the order they are numbered. + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 1 | 2 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 3 | 4 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 5 | 6 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +Whenever an octet represents a numeric quantity, the left most bit in +the diagram is the high order or most significant bit. That is, the bit +labeled 0 is the most significant bit. For example, the following +diagram represents the value 170 (decimal). + + 0 1 2 3 4 5 6 7 + +-+-+-+-+-+-+-+-+ + |1 0 1 0 1 0 1 0| + +-+-+-+-+-+-+-+-+ + +Similarly, whenever a multi-octet field represents a numeric quantity +the left most bit of the whole field is the most significant bit. When +a multi-octet quantity is transmitted the most significant octet is +transmitted first. + +2.3.3. Character Case + +For all parts of the DNS that are part of the official protocol, all +comparisons between character strings (e.g., labels, domain names, etc.) +are done in a case-insensitive manner. At present, this rule is in +force throughout the domain system without exception. However, future +additions beyond current usage may need to use the full binary octet +capabilities in names, so attempts to store domain names in 7-bit ASCII +or use of special bytes to terminate labels, etc., should be avoided. + +When data enters the domain system, its original case should be +preserved whenever possible. In certain circumstances this cannot be +done. For example, if two RRs are stored in a database, one at x.y and +one at X.Y, they are actually stored at the same place in the database, +and hence only one casing would be preserved. The basic rule is that +case can be discarded only when data is used to define structure in a +database, and two names are identical when compared in a case +insensitive manner. + + + + +Mockapetris [Page 9] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Loss of case sensitive data must be minimized. Thus while data for x.y +and X.Y may both be stored under a single location x.y or X.Y, data for +a.x and B.X would never be stored under A.x, A.X, b.x, or b.X. In +general, this preserves the case of the first label of a domain name, +but forces standardization of interior node labels. + +Systems administrators who enter data into the domain database should +take care to represent the data they supply to the domain system in a +case-consistent manner if their system is case-sensitive. The data +distribution system in the domain system will ensure that consistent +representations are preserved. + +2.3.4. Size limits + +Various objects and parameters in the DNS have size limits. They are +listed below. Some could be easily changed, others are more +fundamental. + +labels 63 octets or less + +names 255 octets or less + +TTL positive values of a signed 32 bit number. + +UDP messages 512 octets or less + +3. DOMAIN NAME SPACE AND RR DEFINITIONS + +3.1. Name space definitions + +Domain names in messages are expressed in terms of a sequence of labels. +Each label is represented as a one octet length field followed by that +number of octets. Since every domain name ends with the null label of +the root, a domain name is terminated by a length byte of zero. The +high order two bits of every length octet must be zero, and the +remaining six bits of the length field limit the label to 63 octets or +less. + +To simplify implementations, the total length of a domain name (i.e., +label octets and label length octets) is restricted to 255 octets or +less. + +Although labels can contain any 8 bit values in octets that make up a +label, it is strongly recommended that labels follow the preferred +syntax described elsewhere in this memo, which is compatible with +existing host naming conventions. Name servers and resolvers must +compare labels in a case-insensitive manner (i.e., A=a), assuming ASCII +with zero parity. Non-alphabetic codes must match exactly. + + + +Mockapetris [Page 10] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.2. RR definitions + +3.2.1. Format + +All RRs have the same top level format shown below: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / / + / NAME / + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | CLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TTL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RDLENGTH | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| + / RDATA / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +where: + +NAME an owner name, i.e., the name of the node to which this + resource record pertains. + +TYPE two octets containing one of the RR TYPE codes. + +CLASS two octets containing one of the RR CLASS codes. + +TTL a 32 bit signed integer that specifies the time interval + that the resource record may be cached before the source + of the information should again be consulted. Zero + values are interpreted to mean that the RR can only be + used for the transaction in progress, and should not be + cached. For example, SOA records are always distributed + with a zero TTL to prohibit caching. Zero values can + also be used for extremely volatile data. + +RDLENGTH an unsigned 16 bit integer that specifies the length in + octets of the RDATA field. + + + +Mockapetris [Page 11] + +RFC 1035 Domain Implementation and Specification November 1987 + + +RDATA a variable length string of octets that describes the + resource. The format of this information varies + according to the TYPE and CLASS of the resource record. + +3.2.2. TYPE values + +TYPE fields are used in resource records. Note that these types are a +subset of QTYPEs. + +TYPE value and meaning + +A 1 a host address + +NS 2 an authoritative name server + +MD 3 a mail destination (Obsolete - use MX) + +MF 4 a mail forwarder (Obsolete - use MX) + +CNAME 5 the canonical name for an alias + +SOA 6 marks the start of a zone of authority + +MB 7 a mailbox domain name (EXPERIMENTAL) + +MG 8 a mail group member (EXPERIMENTAL) + +MR 9 a mail rename domain name (EXPERIMENTAL) + +NULL 10 a null RR (EXPERIMENTAL) + +WKS 11 a well known service description + +PTR 12 a domain name pointer + +HINFO 13 host information + +MINFO 14 mailbox or mail list information + +MX 15 mail exchange + +TXT 16 text strings + +3.2.3. QTYPE values + +QTYPE fields appear in the question part of a query. QTYPES are a +superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the +following QTYPEs are defined: + + + +Mockapetris [Page 12] + +RFC 1035 Domain Implementation and Specification November 1987 + + +AXFR 252 A request for a transfer of an entire zone + +MAILB 253 A request for mailbox-related records (MB, MG or MR) + +MAILA 254 A request for mail agent RRs (Obsolete - see MX) + +* 255 A request for all records + +3.2.4. CLASS values + +CLASS fields appear in resource records. The following CLASS mnemonics +and values are defined: + +IN 1 the Internet + +CS 2 the CSNET class (Obsolete - used only for examples in + some obsolete RFCs) + +CH 3 the CHAOS class + +HS 4 Hesiod [Dyer 87] + +3.2.5. QCLASS values + +QCLASS fields appear in the question section of a query. QCLASS values +are a superset of CLASS values; every CLASS is a valid QCLASS. In +addition to CLASS values, the following QCLASSes are defined: + +* 255 any class + +3.3. Standard RRs + +The following RR definitions are expected to occur, at least +potentially, in all classes. In particular, NS, SOA, CNAME, and PTR +will be used in all classes, and have the same format in all classes. +Because their RDATA format is known, all domain names in the RDATA +section of these RRs may be compressed. + +<domain-name> is a domain name represented as a series of labels, and +terminated by a label with zero length. <character-string> is a single +length octet followed by that number of characters. <character-string> +is treated as binary information, and can be up to 256 characters in +length (including the length octet). + + + + + + + + +Mockapetris [Page 13] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.1. CNAME RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / CNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +CNAME A <domain-name> which specifies the canonical or primary + name for the owner. The owner name is an alias. + +CNAME RRs cause no additional section processing, but name servers may +choose to restart the query at the canonical name in certain cases. See +the description of name server logic in [RFC-1034] for details. + +3.3.2. HINFO RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / CPU / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / OS / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +CPU A <character-string> which specifies the CPU type. + +OS A <character-string> which specifies the operating + system type. + +Standard values for CPU and OS can be found in [RFC-1010]. + +HINFO records are used to acquire general information about a host. The +main use is for protocols such as FTP that can use special procedures +when talking between machines or operating systems of the same type. + +3.3.3. MB RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has the + specified mailbox. + + + +Mockapetris [Page 14] + +RFC 1035 Domain Implementation and Specification November 1987 + + +MB records cause additional section processing which looks up an A type +RRs corresponding to MADNAME. + +3.3.4. MD RDATA format (Obsolete) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has a mail + agent for the domain which should be able to deliver + mail for the domain. + +MD records cause additional section processing which looks up an A type +record corresponding to MADNAME. + +MD is obsolete. See the definition of MX and [RFC-974] for details of +the new scheme. The recommended policy for dealing with MD RRs found in +a master file is to reject them, or to convert them to MX RRs with a +preference of 0. + +3.3.5. MF RDATA format (Obsolete) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MADNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MADNAME A <domain-name> which specifies a host which has a mail + agent for the domain which will accept mail for + forwarding to the domain. + +MF records cause additional section processing which looks up an A type +record corresponding to MADNAME. + +MF is obsolete. See the definition of MX and [RFC-974] for details ofw +the new scheme. The recommended policy for dealing with MD RRs found in +a master file is to reject them, or to convert them to MX RRs with a +preference of 10. + + + + + + + +Mockapetris [Page 15] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.6. MG RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MGMNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MGMNAME A <domain-name> which specifies a mailbox which is a + member of the mail group specified by the domain name. + +MG records cause no additional section processing. + +3.3.7. MINFO RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / RMAILBX / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / EMAILBX / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +RMAILBX A <domain-name> which specifies a mailbox which is + responsible for the mailing list or mailbox. If this + domain name names the root, the owner of the MINFO RR is + responsible for itself. Note that many existing mailing + lists use a mailbox X-request for the RMAILBX field of + mailing list X, e.g., Msgroup-request for Msgroup. This + field provides a more general mechanism. + + +EMAILBX A <domain-name> which specifies a mailbox which is to + receive error messages related to the mailing list or + mailbox specified by the owner of the MINFO RR (similar + to the ERRORS-TO: field which has been proposed). If + this domain name names the root, errors should be + returned to the sender of the message. + +MINFO records cause no additional section processing. Although these +records can be associated with a simple mailbox, they are usually used +with a mailing list. + + + + + + + + +Mockapetris [Page 16] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.8. MR RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / NEWNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NEWNAME A <domain-name> which specifies a mailbox which is the + proper rename of the specified mailbox. + +MR records cause no additional section processing. The main use for MR +is as a forwarding entry for a user who has moved to a different +mailbox. + +3.3.9. MX RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | PREFERENCE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / EXCHANGE / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +PREFERENCE A 16 bit integer which specifies the preference given to + this RR among others at the same owner. Lower values + are preferred. + +EXCHANGE A <domain-name> which specifies a host willing to act as + a mail exchange for the owner name. + +MX records cause type A additional section processing for the host +specified by EXCHANGE. The use of MX RRs is explained in detail in +[RFC-974]. + +3.3.10. NULL RDATA format (EXPERIMENTAL) + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / <anything> / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +Anything at all may be in the RDATA field so long as it is 65535 octets +or less. + + + + +Mockapetris [Page 17] + +RFC 1035 Domain Implementation and Specification November 1987 + + +NULL records cause no additional section processing. NULL RRs are not +allowed in master files. NULLs are used as placeholders in some +experimental extensions of the DNS. + +3.3.11. NS RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / NSDNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NSDNAME A <domain-name> which specifies a host which should be + authoritative for the specified class and domain. + +NS records cause both the usual additional section processing to locate +a type A record, and, when used in a referral, a special search of the +zone in which they reside for glue information. + +The NS RR states that the named host should be expected to have a zone +starting at owner name of the specified class. Note that the class may +not indicate the protocol family which should be used to communicate +with the host, although it is typically a strong hint. For example, +hosts which are name servers for either Internet (IN) or Hesiod (HS) +class information are normally queried using IN class protocols. + +3.3.12. PTR RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / PTRDNAME / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +PTRDNAME A <domain-name> which points to some location in the + domain name space. + +PTR records cause no additional section processing. These RRs are used +in special domains to point to some other location in the domain space. +These records are simple data, and don't imply any special processing +similar to that performed by CNAME, which identifies aliases. See the +description of the IN-ADDR.ARPA domain for an example. + + + + + + + + +Mockapetris [Page 18] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.3.13. SOA RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / MNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / RNAME / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | SERIAL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | REFRESH | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RETRY | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | EXPIRE | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | MINIMUM | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +MNAME The <domain-name> of the name server that was the + original or primary source of data for this zone. + +RNAME A <domain-name> which specifies the mailbox of the + person responsible for this zone. + +SERIAL The unsigned 32 bit version number of the original copy + of the zone. Zone transfers preserve this value. This + value wraps and should be compared using sequence space + arithmetic. + +REFRESH A 32 bit time interval before the zone should be + refreshed. + +RETRY A 32 bit time interval that should elapse before a + failed refresh should be retried. + +EXPIRE A 32 bit time value that specifies the upper limit on + the time interval that can elapse before the zone is no + longer authoritative. + + + + + +Mockapetris [Page 19] + +RFC 1035 Domain Implementation and Specification November 1987 + + +MINIMUM The unsigned 32 bit minimum TTL field that should be + exported with any RR from this zone. + +SOA records cause no additional section processing. + +All times are in units of seconds. + +Most of these fields are pertinent only for name server maintenance +operations. However, MINIMUM is used in all query operations that +retrieve RRs from a zone. Whenever a RR is sent in a response to a +query, the TTL field is set to the maximum of the TTL field from the RR +and the MINIMUM field in the appropriate SOA. Thus MINIMUM is a lower +bound on the TTL field for all RRs in a zone. Note that this use of +MINIMUM should occur when the RRs are copied into the response and not +when the zone is loaded from a master file or via a zone transfer. The +reason for this provison is to allow future dynamic update facilities to +change the SOA RR with known semantics. + + +3.3.14. TXT RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + / TXT-DATA / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +TXT-DATA One or more <character-string>s. + +TXT RRs are used to hold descriptive text. The semantics of the text +depends on the domain where it is found. + +3.4. Internet specific RRs + +3.4.1. A RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ADDRESS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ADDRESS A 32 bit Internet address. + +Hosts that have multiple Internet addresses will have multiple A +records. + + + + + +Mockapetris [Page 20] + +RFC 1035 Domain Implementation and Specification November 1987 + + +A records cause no additional section processing. The RDATA section of +an A line in a master file is an Internet address expressed as four +decimal numbers separated by dots without any embedded spaces (e.g., +"10.2.0.52" or "192.0.5.6"). + +3.4.2. WKS RDATA format + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ADDRESS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | PROTOCOL | | + +--+--+--+--+--+--+--+--+ | + | | + / <BIT MAP> / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ADDRESS An 32 bit Internet address + +PROTOCOL An 8 bit IP protocol number + +<BIT MAP> A variable length bit map. The bit map must be a + multiple of 8 bits long. + +The WKS record is used to describe the well known services supported by +a particular protocol on a particular internet address. The PROTOCOL +field specifies an IP protocol number, and the bit map has one bit per +port of the specified protocol. The first bit corresponds to port 0, +the second to port 1, etc. If the bit map does not include a bit for a +protocol of interest, that bit is assumed zero. The appropriate values +and mnemonics for ports and protocols are specified in [RFC-1010]. + +For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port +25 (SMTP). If this bit is set, a SMTP server should be listening on TCP +port 25; if zero, SMTP service is not supported on the specified +address. + +The purpose of WKS RRs is to provide availability information for +servers for TCP and UDP. If a server supports both TCP and UDP, or has +multiple Internet addresses, then multiple WKS RRs are used. + +WKS RRs cause no additional section processing. + +In master files, both ports and protocols are expressed using mnemonics +or decimal numbers. + + + + +Mockapetris [Page 21] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.5. IN-ADDR.ARPA domain + +The Internet uses a special domain to support gateway location and +Internet address to host mapping. Other classes may employ a similar +strategy in other domains. The intent of this domain is to provide a +guaranteed method to perform host address to host name mapping, and to +facilitate queries to locate all gateways on a particular network in the +Internet. + +Note that both of these services are similar to functions that could be +performed by inverse queries; the difference is that this part of the +domain name space is structured according to address, and hence can +guarantee that the appropriate data can be located without an exhaustive +search of the domain space. + +The domain begins at IN-ADDR.ARPA and has a substructure which follows +the Internet addressing structure. + +Domain names in the IN-ADDR.ARPA domain are defined to have up to four +labels in addition to the IN-ADDR.ARPA suffix. Each label represents +one octet of an Internet address, and is expressed as a character string +for a decimal value in the range 0-255 (with leading zeros omitted +except in the case of a zero octet which is represented by a single +zero). + +Host addresses are represented by domain names that have all four labels +specified. Thus data for Internet address 10.2.0.52 is located at +domain name 52.0.2.10.IN-ADDR.ARPA. The reversal, though awkward to +read, allows zones to be delegated which are exactly one network of +address space. For example, 10.IN-ADDR.ARPA can be a zone containing +data for the ARPANET, while 26.IN-ADDR.ARPA can be a separate zone for +MILNET. Address nodes are used to hold pointers to primary host names +in the normal domain space. + +Network numbers correspond to some non-terminal nodes at various depths +in the IN-ADDR.ARPA domain, since Internet network numbers are either 1, +2, or 3 octets. Network nodes are used to hold pointers to the primary +host names of gateways attached to that network. Since a gateway is, by +definition, on more than one network, it will typically have two or more +network nodes which point at it. Gateways will also have host level +pointers at their fully qualified addresses. + +Both the gateway pointers at network nodes and the normal host pointers +at full address nodes use the PTR RR to point back to the primary domain +names of the corresponding hosts. + +For example, the IN-ADDR.ARPA domain will contain information about the +ISI gateway between net 10 and 26, an MIT gateway from net 10 to MIT's + + + +Mockapetris [Page 22] + +RFC 1035 Domain Implementation and Specification November 1987 + + +net 18, and hosts A.ISI.EDU and MULTICS.MIT.EDU. Assuming that ISI +gateway has addresses 10.2.0.22 and 26.0.0.103, and a name MILNET- +GW.ISI.EDU, and the MIT gateway has addresses 10.0.0.77 and 18.10.0.4 +and a name GW.LCS.MIT.EDU, the domain database would contain: + + 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 22.0.2.10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 103.0.0.26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 77.0.0.10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 4.0.10.18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU. + 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU. + +Thus a program which wanted to locate gateways on net 10 would originate +a query of the form QTYPE=PTR, QCLASS=IN, QNAME=10.IN-ADDR.ARPA. It +would receive two RRs in response: + + 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU. + 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU. + +The program could then originate QTYPE=A, QCLASS=IN queries for MILNET- +GW.ISI.EDU. and GW.LCS.MIT.EDU. to discover the Internet addresses of +these gateways. + +A resolver which wanted to find the host name corresponding to Internet +host address 10.0.0.6 would pursue a query of the form QTYPE=PTR, +QCLASS=IN, QNAME=6.0.0.10.IN-ADDR.ARPA, and would receive: + + 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU. + +Several cautions apply to the use of these services: + - Since the IN-ADDR.ARPA special domain and the normal domain + for a particular host or gateway will be in different zones, + the possibility exists that that the data may be inconsistent. + + - Gateways will often have two names in separate domains, only + one of which can be primary. + + - Systems that use the domain database to initialize their + routing tables must start with enough gateway information to + guarantee that they can access the appropriate name server. + + - The gateway data only reflects the existence of a gateway in a + manner equivalent to the current HOSTS.TXT file. It doesn't + replace the dynamic availability information from GGP or EGP. + + + +Mockapetris [Page 23] + +RFC 1035 Domain Implementation and Specification November 1987 + + +3.6. Defining new types, classes, and special namespaces + +The previously defined types and classes are the ones in use as of the +date of this memo. New definitions should be expected. This section +makes some recommendations to designers considering additions to the +existing facilities. The mailing list NAMEDROPPERS@SRI-NIC.ARPA is the +forum where general discussion of design issues takes place. + +In general, a new type is appropriate when new information is to be +added to the database about an existing object, or we need new data +formats for some totally new object. Designers should attempt to define +types and their RDATA formats that are generally applicable to all +classes, and which avoid duplication of information. New classes are +appropriate when the DNS is to be used for a new protocol, etc which +requires new class-specific data formats, or when a copy of the existing +name space is desired, but a separate management domain is necessary. + +New types and classes need mnemonics for master files; the format of the +master files requires that the mnemonics for type and class be disjoint. + +TYPE and CLASS values must be a proper subset of QTYPEs and QCLASSes +respectively. + +The present system uses multiple RRs to represent multiple values of a +type rather than storing multiple values in the RDATA section of a +single RR. This is less efficient for most applications, but does keep +RRs shorter. The multiple RRs assumption is incorporated in some +experimental work on dynamic update methods. + +The present system attempts to minimize the duplication of data in the +database in order to insure consistency. Thus, in order to find the +address of the host for a mail exchange, you map the mail domain name to +a host name, then the host name to addresses, rather than a direct +mapping to host address. This approach is preferred because it avoids +the opportunity for inconsistency. + +In defining a new type of data, multiple RR types should not be used to +create an ordering between entries or express different formats for +equivalent bindings, instead this information should be carried in the +body of the RR and a single type used. This policy avoids problems with +caching multiple types and defining QTYPEs to match multiple types. + +For example, the original form of mail exchange binding used two RR +types one to represent a "closer" exchange (MD) and one to represent a +"less close" exchange (MF). The difficulty is that the presence of one +RR type in a cache doesn't convey any information about the other +because the query which acquired the cached information might have used +a QTYPE of MF, MD, or MAILA (which matched both). The redesigned + + + +Mockapetris [Page 24] + +RFC 1035 Domain Implementation and Specification November 1987 + + +service used a single type (MX) with a "preference" value in the RDATA +section which can order different RRs. However, if any MX RRs are found +in the cache, then all should be there. + +4. MESSAGES + +4.1. Format + +All communications inside of the domain protocol are carried in a single +format called a message. The top level format of message is divided +into 5 sections (some of which are empty in certain cases) shown below: + + +---------------------+ + | Header | + +---------------------+ + | Question | the question for the name server + +---------------------+ + | Answer | RRs answering the question + +---------------------+ + | Authority | RRs pointing toward an authority + +---------------------+ + | Additional | RRs holding additional information + +---------------------+ + +The header section is always present. The header includes fields that +specify which of the remaining sections are present, and also specify +whether the message is a query or a response, a standard query or some +other opcode, etc. + +The names of the sections after the header are derived from their use in +standard queries. The question section contains fields that describe a +question to a name server. These fields are a query type (QTYPE), a +query class (QCLASS), and a query domain name (QNAME). The last three +sections have the same format: a possibly empty list of concatenated +resource records (RRs). The answer section contains RRs that answer the +question; the authority section contains RRs that point toward an +authoritative name server; the additional records section contains RRs +which relate to the query, but are not strictly answers for the +question. + + + + + + + + + + + + +Mockapetris [Page 25] + +RFC 1035 Domain Implementation and Specification November 1987 + + +4.1.1. Header section format + +The header contains the following fields: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ID | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + |QR| Opcode |AA|TC|RD|RA| Z | RCODE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QDCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ANCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | NSCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ARCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +ID A 16 bit identifier assigned by the program that + generates any kind of query. This identifier is copied + the corresponding reply and can be used by the requester + to match up replies to outstanding queries. + +QR A one bit field that specifies whether this message is a + query (0), or a response (1). + +OPCODE A four bit field that specifies kind of query in this + message. This value is set by the originator of a query + and copied into the response. The values are: + + 0 a standard query (QUERY) + + 1 an inverse query (IQUERY) + + 2 a server status request (STATUS) + + 3-15 reserved for future use + +AA Authoritative Answer - this bit is valid in responses, + and specifies that the responding name server is an + authority for the domain name in question section. + + Note that the contents of the answer section may have + multiple owner names because of aliases. The AA bit + + + +Mockapetris [Page 26] + +RFC 1035 Domain Implementation and Specification November 1987 + + + corresponds to the name which matches the query name, or + the first owner name in the answer section. + +TC TrunCation - specifies that this message was truncated + due to length greater than that permitted on the + transmission channel. + +RD Recursion Desired - this bit may be set in a query and + is copied into the response. If RD is set, it directs + the name server to pursue the query recursively. + Recursive query support is optional. + +RA Recursion Available - this be is set or cleared in a + response, and denotes whether recursive query support is + available in the name server. + +Z Reserved for future use. Must be zero in all queries + and responses. + +RCODE Response code - this 4 bit field is set as part of + responses. The values have the following + interpretation: + + 0 No error condition + + 1 Format error - The name server was + unable to interpret the query. + + 2 Server failure - The name server was + unable to process this query due to a + problem with the name server. + + 3 Name Error - Meaningful only for + responses from an authoritative name + server, this code signifies that the + domain name referenced in the query does + not exist. + + 4 Not Implemented - The name server does + not support the requested kind of query. + + 5 Refused - The name server refuses to + perform the specified operation for + policy reasons. For example, a name + server may not wish to provide the + information to the particular requester, + or a name server may not wish to perform + a particular operation (e.g., zone + + + +Mockapetris [Page 27] + +RFC 1035 Domain Implementation and Specification November 1987 + + + transfer) for particular data. + + 6-15 Reserved for future use. + +QDCOUNT an unsigned 16 bit integer specifying the number of + entries in the question section. + +ANCOUNT an unsigned 16 bit integer specifying the number of + resource records in the answer section. + +NSCOUNT an unsigned 16 bit integer specifying the number of name + server resource records in the authority records + section. + +ARCOUNT an unsigned 16 bit integer specifying the number of + resource records in the additional records section. + +4.1.2. Question section format + +The question section is used to carry the "question" in most queries, +i.e., the parameters that define what is being asked. The section +contains QDCOUNT (usually 1) entries, each of the following format: + + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / QNAME / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QTYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QCLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +QNAME a domain name represented as a sequence of labels, where + each label consists of a length octet followed by that + number of octets. The domain name terminates with the + zero length octet for the null label of the root. Note + that this field may be an odd number of octets; no + padding is used. + +QTYPE a two octet code which specifies the type of the query. + The values for this field include all codes valid for a + TYPE field, together with some more general codes which + can match more than one type of RR. + + + +Mockapetris [Page 28] + +RFC 1035 Domain Implementation and Specification November 1987 + + +QCLASS a two octet code that specifies the class of the query. + For example, the QCLASS field is IN for the Internet. + +4.1.3. Resource record format + +The answer, authority, and additional sections all share the same +format: a variable number of resource records, where the number of +records is specified in the corresponding count field in the header. +Each resource record has the following format: + 1 1 1 1 1 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | | + / / + / NAME / + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TYPE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | CLASS | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | TTL | + | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | RDLENGTH | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--| + / RDATA / + / / + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +where: + +NAME a domain name to which this resource record pertains. + +TYPE two octets containing one of the RR type codes. This + field specifies the meaning of the data in the RDATA + field. + +CLASS two octets which specify the class of the data in the + RDATA field. + +TTL a 32 bit unsigned integer that specifies the time + interval (in seconds) that the resource record may be + cached before it should be discarded. Zero values are + interpreted to mean that the RR can only be used for the + transaction in progress, and should not be cached. + + + + + +Mockapetris [Page 29] + +RFC 1035 Domain Implementation and Specification November 1987 + + +RDLENGTH an unsigned 16 bit integer that specifies the length in + octets of the RDATA field. + +RDATA a variable length string of octets that describes the + resource. The format of this information varies + according to the TYPE and CLASS of the resource record. + For example, the if the TYPE is A and the CLASS is IN, + the RDATA field is a 4 octet ARPA Internet address. + +4.1.4. Message compression + +In order to reduce the size of messages, the domain system utilizes a +compression scheme which eliminates the repetition of domain names in a +message. In this scheme, an entire domain name or a list of labels at +the end of a domain name is replaced with a pointer to a prior occurrence +of the same name. + +The pointer takes the form of a two octet sequence: + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | 1 1| OFFSET | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +The first two bits are ones. This allows a pointer to be distinguished +from a label, since the label must begin with two zero bits because +labels are restricted to 63 octets or less. (The 10 and 01 combinations +are reserved for future use.) The OFFSET field specifies an offset from +the start of the message (i.e., the first octet of the ID field in the +domain header). A zero offset specifies the first byte of the ID field, +etc. + +The compression scheme allows a domain name in a message to be +represented as either: + + - a sequence of labels ending in a zero octet + + - a pointer + + - a sequence of labels ending with a pointer + +Pointers can only be used for occurrences of a domain name where the +format is not class specific. If this were not the case, a name server +or resolver would be required to know the format of all RRs it handled. +As yet, there are no such cases, but they may occur in future RDATA +formats. + +If a domain name is contained in a part of the message subject to a +length field (such as the RDATA section of an RR), and compression is + + + +Mockapetris [Page 30] + +RFC 1035 Domain Implementation and Specification November 1987 + + +used, the length of the compressed name is used in the length +calculation, rather than the length of the expanded name. + +Programs are free to avoid using pointers in messages they generate, +although this will reduce datagram capacity, and may cause truncation. +However all programs are required to understand arriving messages that +contain pointers. + +For example, a datagram might need to use the domain names F.ISI.ARPA, +FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the +message, these domain names might be represented as: + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 20 | 1 | F | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 22 | 3 | I | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 24 | S | I | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 26 | 4 | A | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 28 | R | P | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 30 | A | 0 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 40 | 3 | F | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 42 | O | O | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 44 | 1 1| 20 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 64 | 1 1| 26 | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + 92 | 0 | | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + +The domain name for F.ISI.ARPA is shown at offset 20. The domain name +FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to +concatenate a label for FOO to the previously defined F.ISI.ARPA. The +domain name ARPA is defined at offset 64 using a pointer to the ARPA +component of the name F.ISI.ARPA at 20; note that this pointer relies on +ARPA being the last label in the string at 20. The root domain name is + + + +Mockapetris [Page 31] + +RFC 1035 Domain Implementation and Specification November 1987 + + +defined by a single octet of zeros at 92; the root domain name has no +labels. + +4.2. Transport + +The DNS assumes that messages will be transmitted as datagrams or in a +byte stream carried by a virtual circuit. While virtual circuits can be +used for any DNS activity, datagrams are preferred for queries due to +their lower overhead and better performance. Zone refresh activities +must use virtual circuits because of the need for reliable transfer. + +The Internet supports name server access using TCP [RFC-793] on server +port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP +port 53 (decimal). + +4.2.1. UDP usage + +Messages sent using UDP user server port 53 (decimal). + +Messages carried by UDP are restricted to 512 bytes (not counting the IP +or UDP headers). Longer messages are truncated and the TC bit is set in +the header. + +UDP is not acceptable for zone transfers, but is the recommended method +for standard queries in the Internet. Queries sent using UDP may be +lost, and hence a retransmission strategy is required. Queries or their +responses may be reordered by the network, or by processing in name +servers, so resolvers should not depend on them being returned in order. + +The optimal UDP retransmission policy will vary with performance of the +Internet and the needs of the client, but the following are recommended: + + - The client should try other servers and server addresses + before repeating a query to a specific address of a server. + + - The retransmission interval should be based on prior + statistics if possible. Too aggressive retransmission can + easily slow responses for the community at large. Depending + on how well connected the client is to its expected servers, + the minimum retransmission interval should be 2-5 seconds. + +More suggestions on server selection and retransmission policy can be +found in the resolver section of this memo. + +4.2.2. TCP usage + +Messages sent over TCP connections use server port 53 (decimal). The +message is prefixed with a two byte length field which gives the message + + + +Mockapetris [Page 32] + +RFC 1035 Domain Implementation and Specification November 1987 + + +length, excluding the two byte length field. This length field allows +the low-level processing to assemble a complete message before beginning +to parse it. + +Several connection management policies are recommended: + + - The server should not block other activities waiting for TCP + data. + + - The server should support multiple connections. + + - The server should assume that the client will initiate + connection closing, and should delay closing its end of the + connection until all outstanding client requests have been + satisfied. + + - If the server needs to close a dormant connection to reclaim + resources, it should wait until the connection has been idle + for a period on the order of two minutes. In particular, the + server should allow the SOA and AXFR request sequence (which + begins a refresh operation) to be made on a single connection. + Since the server would be unable to answer queries anyway, a + unilateral close or reset may be used instead of a graceful + close. + +5. MASTER FILES + +Master files are text files that contain RRs in text form. Since the +contents of a zone can be expressed in the form of a list of RRs a +master file is most often used to define a zone, though it can be used +to list a cache's contents. Hence, this section first discusses the +format of RRs in a master file, and then the special considerations when +a master file is used to create a zone in some name server. + +5.1. Format + +The format of these files is a sequence of entries. Entries are +predominantly line-oriented, though parentheses can be used to continue +a list of items across a line boundary, and text literals can contain +CRLF within the text. Any combination of tabs and spaces act as a +delimiter between the separate items that make up an entry. The end of +any line in the master file can end with a comment. The comment starts +with a ";" (semicolon). + +The following entries are defined: + + <blank>[<comment>] + + + + +Mockapetris [Page 33] + +RFC 1035 Domain Implementation and Specification November 1987 + + + $ORIGIN <domain-name> [<comment>] + + $INCLUDE <file-name> [<domain-name>] [<comment>] + + <domain-name><rr> [<comment>] + + <blank><rr> [<comment>] + +Blank lines, with or without comments, are allowed anywhere in the file. + +Two control entries are defined: $ORIGIN and $INCLUDE. $ORIGIN is +followed by a domain name, and resets the current origin for relative +domain names to the stated name. $INCLUDE inserts the named file into +the current file, and may optionally specify a domain name that sets the +relative domain name origin for the included file. $INCLUDE may also +have a comment. Note that a $INCLUDE entry never changes the relative +origin of the parent file, regardless of changes to the relative origin +made within the included file. + +The last two forms represent RRs. If an entry for an RR begins with a +blank, then the RR is assumed to be owned by the last stated owner. If +an RR entry begins with a <domain-name>, then the owner name is reset. + +<rr> contents take one of the following forms: + + [<TTL>] [<class>] <type> <RDATA> + + [<class>] [<TTL>] <type> <RDATA> + +The RR begins with optional TTL and class fields, followed by a type and +RDATA field appropriate to the type and class. Class and type use the +standard mnemonics, TTL is a decimal integer. Omitted class and TTL +values are default to the last explicitly stated values. Since type and +class mnemonics are disjoint, the parse is unique. (Note that this +order is different from the order used in examples and the order used in +the actual RRs; the given order allows easier parsing and defaulting.) + +<domain-name>s make up a large share of the data in the master file. +The labels in the domain name are expressed as character strings and +separated by dots. Quoting conventions allow arbitrary characters to be +stored in domain names. Domain names that end in a dot are called +absolute, and are taken as complete. Domain names which do not end in a +dot are called relative; the actual domain name is the concatenation of +the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as +an argument to the master file loading routine. A relative name is an +error when no origin is available. + + + + + +Mockapetris [Page 34] + +RFC 1035 Domain Implementation and Specification November 1987 + + +<character-string> is expressed in one or two ways: as a contiguous set +of characters without interior spaces, or as a string beginning with a " +and ending with a ". Inside a " delimited string any character can +occur, except for a " itself, which must be quoted using \ (back slash). + +Because these files are text files several special encodings are +necessary to allow arbitrary data to be loaded. In particular: + + of the root. + +@ A free standing @ is used to denote the current origin. + +\X where X is any character other than a digit (0-9), is + used to quote that character so that its special meaning + does not apply. For example, "\." can be used to place + a dot character in a label. + +\DDD where each D is a digit is the octet corresponding to + the decimal number described by DDD. The resulting + octet is assumed to be text and is not checked for + special meaning. + +( ) Parentheses are used to group data that crosses a line + boundary. In effect, line terminations are not + recognized within parentheses. + +; Semicolon is used to start a comment; the remainder of + the line is ignored. + +5.2. Use of master files to define zones + +When a master file is used to load a zone, the operation should be +suppressed if any errors are encountered in the master file. The +rationale for this is that a single error can have widespread +consequences. For example, suppose that the RRs defining a delegation +have syntax errors; then the server will return authoritative name +errors for all names in the subzone (except in the case where the +subzone is also present on the server). + +Several other validity checks that should be performed in addition to +insuring that the file is syntactically correct: + + 1. All RRs in the file should have the same class. + + 2. Exactly one SOA RR should be present at the top of the zone. + + 3. If delegations are present and glue information is required, + it should be present. + + + +Mockapetris [Page 35] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 4. Information present outside of the authoritative nodes in the + zone should be glue information, rather than the result of an + origin or similar error. + +5.3. Master file example + +The following is an example file which might be used to define the +ISI.EDU zone.and is loaded with an origin of ISI.EDU: + +@ IN SOA VENERA Action\.domains ( + 20 ; SERIAL + 7200 ; REFRESH + 600 ; RETRY + 3600000; EXPIRE + 60) ; MINIMUM + + NS A.ISI.EDU. + NS VENERA + NS VAXA + MX 10 VENERA + MX 20 VAXA + +A A 26.3.0.103 + +VENERA A 10.1.0.52 + A 128.9.0.32 + +VAXA A 10.2.0.27 + A 128.9.0.33 + + +$INCLUDE <SUBSYS>ISI-MAILBOXES.TXT + +Where the file <SUBSYS>ISI-MAILBOXES.TXT is: + + MOE MB A.ISI.EDU. + LARRY MB A.ISI.EDU. + CURLEY MB A.ISI.EDU. + STOOGES MG MOE + MG LARRY + MG CURLEY + +Note the use of the \ character in the SOA RR to specify the responsible +person mailbox "Action.domains@E.ISI.EDU". + + + + + + + +Mockapetris [Page 36] + +RFC 1035 Domain Implementation and Specification November 1987 + + +6. NAME SERVER IMPLEMENTATION + +6.1. Architecture + +The optimal structure for the name server will depend on the host +operating system and whether the name server is integrated with resolver +operations, either by supporting recursive service, or by sharing its +database with a resolver. This section discusses implementation +considerations for a name server which shares a database with a +resolver, but most of these concerns are present in any name server. + +6.1.1. Control + +A name server must employ multiple concurrent activities, whether they +are implemented as separate tasks in the host's OS or multiplexing +inside a single name server program. It is simply not acceptable for a +name server to block the service of UDP requests while it waits for TCP +data for refreshing or query activities. Similarly, a name server +should not attempt to provide recursive service without processing such +requests in parallel, though it may choose to serialize requests from a +single client, or to regard identical requests from the same client as +duplicates. A name server should not substantially delay requests while +it reloads a zone from master files or while it incorporates a newly +refreshed zone into its database. + +6.1.2. Database + +While name server implementations are free to use any internal data +structures they choose, the suggested structure consists of three major +parts: + + - A "catalog" data structure which lists the zones available to + this server, and a "pointer" to the zone data structure. The + main purpose of this structure is to find the nearest ancestor + zone, if any, for arriving standard queries. + + - Separate data structures for each of the zones held by the + name server. + + - A data structure for cached data. (or perhaps separate caches + for different classes) + +All of these data structures can be implemented an identical tree +structure format, with different data chained off the nodes in different +parts: in the catalog the data is pointers to zones, while in the zone +and cache data structures, the data will be RRs. In designing the tree +framework the designer should recognize that query processing will need +to traverse the tree using case-insensitive label comparisons; and that + + + +Mockapetris [Page 37] + +RFC 1035 Domain Implementation and Specification November 1987 + + +in real data, a few nodes have a very high branching factor (100-1000 or +more), but the vast majority have a very low branching factor (0-1). + +One way to solve the case problem is to store the labels for each node +in two pieces: a standardized-case representation of the label where all +ASCII characters are in a single case, together with a bit mask that +denotes which characters are actually of a different case. The +branching factor diversity can be handled using a simple linked list for +a node until the branching factor exceeds some threshold, and +transitioning to a hash structure after the threshold is exceeded. In +any case, hash structures used to store tree sections must insure that +hash functions and procedures preserve the casing conventions of the +DNS. + +The use of separate structures for the different parts of the database +is motivated by several factors: + + - The catalog structure can be an almost static structure that + need change only when the system administrator changes the + zones supported by the server. This structure can also be + used to store parameters used to control refreshing + activities. + + - The individual data structures for zones allow a zone to be + replaced simply by changing a pointer in the catalog. Zone + refresh operations can build a new structure and, when + complete, splice it into the database via a simple pointer + replacement. It is very important that when a zone is + refreshed, queries should not use old and new data + simultaneously. + + - With the proper search procedures, authoritative data in zones + will always "hide", and hence take precedence over, cached + data. + + - Errors in zone definitions that cause overlapping zones, etc., + may cause erroneous responses to queries, but problem + determination is simplified, and the contents of one "bad" + zone can't corrupt another. + + - Since the cache is most frequently updated, it is most + vulnerable to corruption during system restarts. It can also + become full of expired RR data. In either case, it can easily + be discarded without disturbing zone data. + +A major aspect of database design is selecting a structure which allows +the name server to deal with crashes of the name server's host. State +information which a name server should save across system crashes + + + +Mockapetris [Page 38] + +RFC 1035 Domain Implementation and Specification November 1987 + + +includes the catalog structure (including the state of refreshing for +each zone) and the zone data itself. + +6.1.3. Time + +Both the TTL data for RRs and the timing data for refreshing activities +depends on 32 bit timers in units of seconds. Inside the database, +refresh timers and TTLs for cached data conceptually "count down", while +data in the zone stays with constant TTLs. + +A recommended implementation strategy is to store time in two ways: as +a relative increment and as an absolute time. One way to do this is to +use positive 32 bit numbers for one type and negative numbers for the +other. The RRs in zones use relative times; the refresh timers and +cache data use absolute times. Absolute numbers are taken with respect +to some known origin and converted to relative values when placed in the +response to a query. When an absolute TTL is negative after conversion +to relative, then the data is expired and should be ignored. + +6.2. Standard query processing + +The major algorithm for standard query processing is presented in +[RFC-1034]. + +When processing queries with QCLASS=*, or some other QCLASS which +matches multiple classes, the response should never be authoritative +unless the server can guarantee that the response covers all classes. + +When composing a response, RRs which are to be inserted in the +additional section, but duplicate RRs in the answer or authority +sections, may be omitted from the additional section. + +When a response is so long that truncation is required, the truncation +should start at the end of the response and work forward in the +datagram. Thus if there is any data for the authority section, the +answer section is guaranteed to be unique. + +The MINIMUM value in the SOA should be used to set a floor on the TTL of +data distributed from a zone. This floor function should be done when +the data is copied into a response. This will allow future dynamic +update protocols to change the SOA MINIMUM field without ambiguous +semantics. + +6.3. Zone refresh and reload processing + +In spite of a server's best efforts, it may be unable to load zone data +from a master file due to syntax errors, etc., or be unable to refresh a +zone within the its expiration parameter. In this case, the name server + + + +Mockapetris [Page 39] + +RFC 1035 Domain Implementation and Specification November 1987 + + +should answer queries as if it were not supposed to possess the zone. + +If a master is sending a zone out via AXFR, and a new version is created +during the transfer, the master should continue to send the old version +if possible. In any case, it should never send part of one version and +part of another. If completion is not possible, the master should reset +the connection on which the zone transfer is taking place. + +6.4. Inverse queries (Optional) + +Inverse queries are an optional part of the DNS. Name servers are not +required to support any form of inverse queries. If a name server +receives an inverse query that it does not support, it returns an error +response with the "Not Implemented" error set in the header. While +inverse query support is optional, all name servers must be at least +able to return the error response. + +6.4.1. The contents of inverse queries and responses Inverse +queries reverse the mappings performed by standard query operations; +while a standard query maps a domain name to a resource, an inverse +query maps a resource to a domain name. For example, a standard query +might bind a domain name to a host address; the corresponding inverse +query binds the host address to a domain name. + +Inverse queries take the form of a single RR in the answer section of +the message, with an empty question section. The owner name of the +query RR and its TTL are not significant. The response carries +questions in the question section which identify all names possessing +the query RR WHICH THE NAME SERVER KNOWS. Since no name server knows +about all of the domain name space, the response can never be assumed to +be complete. Thus inverse queries are primarily useful for database +management and debugging activities. Inverse queries are NOT an +acceptable method of mapping host addresses to host names; use the IN- +ADDR.ARPA domain instead. + +Where possible, name servers should provide case-insensitive comparisons +for inverse queries. Thus an inverse query asking for an MX RR of +"Venera.isi.edu" should get the same response as a query for +"VENERA.ISI.EDU"; an inverse query for HINFO RR "IBM-PC UNIX" should +produce the same result as an inverse query for "IBM-pc unix". However, +this cannot be guaranteed because name servers may possess RRs that +contain character strings but the name server does not know that the +data is character. + +When a name server processes an inverse query, it either returns: + + 1. zero, one, or multiple domain names for the specified + resource as QNAMEs in the question section + + + +Mockapetris [Page 40] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 2. an error code indicating that the name server doesn't support + inverse mapping of the specified resource type. + +When the response to an inverse query contains one or more QNAMEs, the +owner name and TTL of the RR in the answer section which defines the +inverse query is modified to exactly match an RR found at the first +QNAME. + +RRs returned in the inverse queries cannot be cached using the same +mechanism as is used for the replies to standard queries. One reason +for this is that a name might have multiple RRs of the same type, and +only one would appear. For example, an inverse query for a single +address of a multiply homed host might create the impression that only +one address existed. + +6.4.2. Inverse query and response example The overall structure +of an inverse query for retrieving the domain name that corresponds to +Internet address 10.1.0.52 is shown below: + + +-----------------------------------------+ + Header | OPCODE=IQUERY, ID=997 | + +-----------------------------------------+ + Question | <empty> | + +-----------------------------------------+ + Answer | <anyname> A IN 10.1.0.52 | + +-----------------------------------------+ + Authority | <empty> | + +-----------------------------------------+ + Additional | <empty> | + +-----------------------------------------+ + +This query asks for a question whose answer is the Internet style +address 10.1.0.52. Since the owner name is not known, any domain name +can be used as a placeholder (and is ignored). A single octet of zero, +signifying the root, is usually used because it minimizes the length of +the message. The TTL of the RR is not significant. The response to +this query might be: + + + + + + + + + + + + + + +Mockapetris [Page 41] + +RFC 1035 Domain Implementation and Specification November 1987 + + + +-----------------------------------------+ + Header | OPCODE=RESPONSE, ID=997 | + +-----------------------------------------+ + Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU | + +-----------------------------------------+ + Answer | VENERA.ISI.EDU A IN 10.1.0.52 | + +-----------------------------------------+ + Authority | <empty> | + +-----------------------------------------+ + Additional | <empty> | + +-----------------------------------------+ + +Note that the QTYPE in a response to an inverse query is the same as the +TYPE field in the answer section of the inverse query. Responses to +inverse queries may contain multiple questions when the inverse is not +unique. If the question section in the response is not empty, then the +RR in the answer section is modified to correspond to be an exact copy +of an RR at the first QNAME. + +6.4.3. Inverse query processing + +Name servers that support inverse queries can support these operations +through exhaustive searches of their databases, but this becomes +impractical as the size of the database increases. An alternative +approach is to invert the database according to the search key. + +For name servers that support multiple zones and a large amount of data, +the recommended approach is separate inversions for each zone. When a +particular zone is changed during a refresh, only its inversions need to +be redone. + +Support for transfer of this type of inversion may be included in future +versions of the domain system, but is not supported in this version. + +6.5. Completion queries and responses + +The optional completion services described in RFC-882 and RFC-883 have +been deleted. Redesigned services may become available in the future. + + + + + + + + + + + + + +Mockapetris [Page 42] + +RFC 1035 Domain Implementation and Specification November 1987 + + +7. RESOLVER IMPLEMENTATION + +The top levels of the recommended resolver algorithm are discussed in +[RFC-1034]. This section discusses implementation details assuming the +database structure suggested in the name server implementation section +of this memo. + +7.1. Transforming a user request into a query + +The first step a resolver takes is to transform the client's request, +stated in a format suitable to the local OS, into a search specification +for RRs at a specific name which match a specific QTYPE and QCLASS. +Where possible, the QTYPE and QCLASS should correspond to a single type +and a single class, because this makes the use of cached data much +simpler. The reason for this is that the presence of data of one type +in a cache doesn't confirm the existence or non-existence of data of +other types, hence the only way to be sure is to consult an +authoritative source. If QCLASS=* is used, then authoritative answers +won't be available. + +Since a resolver must be able to multiplex multiple requests if it is to +perform its function efficiently, each pending request is usually +represented in some block of state information. This state block will +typically contain: + + - A timestamp indicating the time the request began. + The timestamp is used to decide whether RRs in the database + can be used or are out of date. This timestamp uses the + absolute time format previously discussed for RR storage in + zones and caches. Note that when an RRs TTL indicates a + relative time, the RR must be timely, since it is part of a + zone. When the RR has an absolute time, it is part of a + cache, and the TTL of the RR is compared against the timestamp + for the start of the request. + + Note that using the timestamp is superior to using a current + time, since it allows RRs with TTLs of zero to be entered in + the cache in the usual manner, but still used by the current + request, even after intervals of many seconds due to system + load, query retransmission timeouts, etc. + + - Some sort of parameters to limit the amount of work which will + be performed for this request. + + The amount of work which a resolver will do in response to a + client request must be limited to guard against errors in the + database, such as circular CNAME references, and operational + problems, such as network partition which prevents the + + + +Mockapetris [Page 43] + +RFC 1035 Domain Implementation and Specification November 1987 + + + resolver from accessing the name servers it needs. While + local limits on the number of times a resolver will retransmit + a particular query to a particular name server address are + essential, the resolver should have a global per-request + counter to limit work on a single request. The counter should + be set to some initial value and decremented whenever the + resolver performs any action (retransmission timeout, + retransmission, etc.) If the counter passes zero, the request + is terminated with a temporary error. + + Note that if the resolver structure allows one request to + start others in parallel, such as when the need to access a + name server for one request causes a parallel resolve for the + name server's addresses, the spawned request should be started + with a lower counter. This prevents circular references in + the database from starting a chain reaction of resolver + activity. + + - The SLIST data structure discussed in [RFC-1034]. + + This structure keeps track of the state of a request if it + must wait for answers from foreign name servers. + +7.2. Sending the queries + +As described in [RFC-1034], the basic task of the resolver is to +formulate a query which will answer the client's request and direct that +query to name servers which can provide the information. The resolver +will usually only have very strong hints about which servers to ask, in +the form of NS RRs, and may have to revise the query, in response to +CNAMEs, or revise the set of name servers the resolver is asking, in +response to delegation responses which point the resolver to name +servers closer to the desired information. In addition to the +information requested by the client, the resolver may have to call upon +its own services to determine the address of name servers it wishes to +contact. + +In any case, the model used in this memo assumes that the resolver is +multiplexing attention between multiple requests, some from the client, +and some internally generated. Each request is represented by some +state information, and the desired behavior is that the resolver +transmit queries to name servers in a way that maximizes the probability +that the request is answered, minimizes the time that the request takes, +and avoids excessive transmissions. The key algorithm uses the state +information of the request to select the next name server address to +query, and also computes a timeout which will cause the next action +should a response not arrive. The next action will usually be a +transmission to some other server, but may be a temporary error to the + + + +Mockapetris [Page 44] + +RFC 1035 Domain Implementation and Specification November 1987 + + +client. + +The resolver always starts with a list of server names to query (SLIST). +This list will be all NS RRs which correspond to the nearest ancestor +zone that the resolver knows about. To avoid startup problems, the +resolver should have a set of default servers which it will ask should +it have no current NS RRs which are appropriate. The resolver then adds +to SLIST all of the known addresses for the name servers, and may start +parallel requests to acquire the addresses of the servers when the +resolver has the name, but no addresses, for the name servers. + +To complete initialization of SLIST, the resolver attaches whatever +history information it has to the each address in SLIST. This will +usually consist of some sort of weighted averages for the response time +of the address, and the batting average of the address (i.e., how often +the address responded at all to the request). Note that this +information should be kept on a per address basis, rather than on a per +name server basis, because the response time and batting average of a +particular server may vary considerably from address to address. Note +also that this information is actually specific to a resolver address / +server address pair, so a resolver with multiple addresses may wish to +keep separate histories for each of its addresses. Part of this step +must deal with addresses which have no such history; in this case an +expected round trip time of 5-10 seconds should be the worst case, with +lower estimates for the same local network, etc. + +Note that whenever a delegation is followed, the resolver algorithm +reinitializes SLIST. + +The information establishes a partial ranking of the available name +server addresses. Each time an address is chosen and the state should +be altered to prevent its selection again until all other addresses have +been tried. The timeout for each transmission should be 50-100% greater +than the average predicted value to allow for variance in response. + +Some fine points: + + - The resolver may encounter a situation where no addresses are + available for any of the name servers named in SLIST, and + where the servers in the list are precisely those which would + normally be used to look up their own addresses. This + situation typically occurs when the glue address RRs have a + smaller TTL than the NS RRs marking delegation, or when the + resolver caches the result of a NS search. The resolver + should detect this condition and restart the search at the + next ancestor zone, or alternatively at the root. + + + + + +Mockapetris [Page 45] + +RFC 1035 Domain Implementation and Specification November 1987 + + + - If a resolver gets a server error or other bizarre response + from a name server, it should remove it from SLIST, and may + wish to schedule an immediate transmission to the next + candidate server address. + +7.3. Processing responses + +The first step in processing arriving response datagrams is to parse the +response. This procedure should include: + + - Check the header for reasonableness. Discard datagrams which + are queries when responses are expected. + + - Parse the sections of the message, and insure that all RRs are + correctly formatted. + + - As an optional step, check the TTLs of arriving data looking + for RRs with excessively long TTLs. If a RR has an + excessively long TTL, say greater than 1 week, either discard + the whole response, or limit all TTLs in the response to 1 + week. + +The next step is to match the response to a current resolver request. +The recommended strategy is to do a preliminary matching using the ID +field in the domain header, and then to verify that the question section +corresponds to the information currently desired. This requires that +the transmission algorithm devote several bits of the domain ID field to +a request identifier of some sort. This step has several fine points: + + - Some name servers send their responses from different + addresses than the one used to receive the query. That is, a + resolver cannot rely that a response will come from the same + address which it sent the corresponding query to. This name + server bug is typically encountered in UNIX systems. + + - If the resolver retransmits a particular request to a name + server it should be able to use a response from any of the + transmissions. However, if it is using the response to sample + the round trip time to access the name server, it must be able + to determine which transmission matches the response (and keep + transmission times for each outgoing message), or only + calculate round trip times based on initial transmissions. + + - A name server will occasionally not have a current copy of a + zone which it should have according to some NS RRs. The + resolver should simply remove the name server from the current + SLIST, and continue. + + + + +Mockapetris [Page 46] + +RFC 1035 Domain Implementation and Specification November 1987 + + +7.4. Using the cache + +In general, we expect a resolver to cache all data which it receives in +responses since it may be useful in answering future client requests. +However, there are several types of data which should not be cached: + + - When several RRs of the same type are available for a + particular owner name, the resolver should either cache them + all or none at all. When a response is truncated, and a + resolver doesn't know whether it has a complete set, it should + not cache a possibly partial set of RRs. + + - Cached data should never be used in preference to + authoritative data, so if caching would cause this to happen + the data should not be cached. + + - The results of an inverse query should not be cached. + + - The results of standard queries where the QNAME contains "*" + labels if the data might be used to construct wildcards. The + reason is that the cache does not necessarily contain existing + RRs or zone boundary information which is necessary to + restrict the application of the wildcard RRs. + + - RR data in responses of dubious reliability. When a resolver + receives unsolicited responses or RR data other than that + requested, it should discard it without caching it. The basic + implication is that all sanity checks on a packet should be + performed before any of it is cached. + +In a similar vein, when a resolver has a set of RRs for some name in a +response, and wants to cache the RRs, it should check its cache for +already existing RRs. Depending on the circumstances, either the data +in the response or the cache is preferred, but the two should never be +combined. If the data in the response is from authoritative data in the +answer section, it is always preferred. + +8. MAIL SUPPORT + +The domain system defines a standard for mapping mailboxes into domain +names, and two methods for using the mailbox information to derive mail +routing information. The first method is called mail exchange binding +and the other method is mailbox binding. The mailbox encoding standard +and mail exchange binding are part of the DNS official protocol, and are +the recommended method for mail routing in the Internet. Mailbox +binding is an experimental feature which is still under development and +subject to change. + + + + +Mockapetris [Page 47] + +RFC 1035 Domain Implementation and Specification November 1987 + + +The mailbox encoding standard assumes a mailbox name of the form +"<local-part>@<mail-domain>". While the syntax allowed in each of these +sections varies substantially between the various mail internets, the +preferred syntax for the ARPA Internet is given in [RFC-822]. + +The DNS encodes the <local-part> as a single label, and encodes the +<mail-domain> as a domain name. The single label from the <local-part> +is prefaced to the domain name from <mail-domain> to form the domain +name corresponding to the mailbox. Thus the mailbox HOSTMASTER@SRI- +NIC.ARPA is mapped into the domain name HOSTMASTER.SRI-NIC.ARPA. If the +<local-part> contains dots or other special characters, its +representation in a master file will require the use of backslash +quoting to ensure that the domain name is properly encoded. For +example, the mailbox Action.domains@ISI.EDU would be represented as +Action\.domains.ISI.EDU. + +8.1. Mail exchange binding + +Mail exchange binding uses the <mail-domain> part of a mailbox +specification to determine where mail should be sent. The <local-part> +is not even consulted. [RFC-974] specifies this method in detail, and +should be consulted before attempting to use mail exchange support. + +One of the advantages of this method is that it decouples mail +destination naming from the hosts used to support mail service, at the +cost of another layer of indirection in the lookup function. However, +the addition layer should eliminate the need for complicated "%", "!", +etc encodings in <local-part>. + +The essence of the method is that the <mail-domain> is used as a domain +name to locate type MX RRs which list hosts willing to accept mail for +<mail-domain>, together with preference values which rank the hosts +according to an order specified by the administrators for <mail-domain>. + +In this memo, the <mail-domain> ISI.EDU is used in examples, together +with the hosts VENERA.ISI.EDU and VAXA.ISI.EDU as mail exchanges for +ISI.EDU. If a mailer had a message for Mockapetris@ISI.EDU, it would +route it by looking up MX RRs for ISI.EDU. The MX RRs at ISI.EDU name +VENERA.ISI.EDU and VAXA.ISI.EDU, and type A queries can find the host +addresses. + +8.2. Mailbox binding (Experimental) + +In mailbox binding, the mailer uses the entire mail destination +specification to construct a domain name. The encoded domain name for +the mailbox is used as the QNAME field in a QTYPE=MAILB query. + +Several outcomes are possible for this query: + + + +Mockapetris [Page 48] + +RFC 1035 Domain Implementation and Specification November 1987 + + + 1. The query can return a name error indicating that the mailbox + does not exist as a domain name. + + In the long term, this would indicate that the specified + mailbox doesn't exist. However, until the use of mailbox + binding is universal, this error condition should be + interpreted to mean that the organization identified by the + global part does not support mailbox binding. The + appropriate procedure is to revert to exchange binding at + this point. + + 2. The query can return a Mail Rename (MR) RR. + + The MR RR carries new mailbox specification in its RDATA + field. The mailer should replace the old mailbox with the + new one and retry the operation. + + 3. The query can return a MB RR. + + The MB RR carries a domain name for a host in its RDATA + field. The mailer should deliver the message to that host + via whatever protocol is applicable, e.g., b,SMTP. + + 4. The query can return one or more Mail Group (MG) RRs. + + This condition means that the mailbox was actually a mailing + list or mail group, rather than a single mailbox. Each MG RR + has a RDATA field that identifies a mailbox that is a member + of the group. The mailer should deliver a copy of the + message to each member. + + 5. The query can return a MB RR as well as one or more MG RRs. + + This condition means the the mailbox was actually a mailing + list. The mailer can either deliver the message to the host + specified by the MB RR, which will in turn do the delivery to + all members, or the mailer can use the MG RRs to do the + expansion itself. + +In any of these cases, the response may include a Mail Information +(MINFO) RR. This RR is usually associated with a mail group, but is +legal with a MB. The MINFO RR identifies two mailboxes. One of these +identifies a responsible person for the original mailbox name. This +mailbox should be used for requests to be added to a mail group, etc. +The second mailbox name in the MINFO RR identifies a mailbox that should +receive error messages for mail failures. This is particularly +appropriate for mailing lists when errors in member names should be +reported to a person other than the one who sends a message to the list. + + + +Mockapetris [Page 49] + +RFC 1035 Domain Implementation and Specification November 1987 + + +New fields may be added to this RR in the future. + + +9. REFERENCES and BIBLIOGRAPHY + +[Dyer 87] S. Dyer, F. Hsu, "Hesiod", Project Athena + Technical Plan - Name Service, April 1987, version 1.9. + + Describes the fundamentals of the Hesiod name service. + +[IEN-116] J. Postel, "Internet Name Server", IEN-116, + USC/Information Sciences Institute, August 1979. + + A name service obsoleted by the Domain Name System, but + still in use. + +[Quarterman 86] J. Quarterman, and J. Hoskins, "Notable Computer Networks", + Communications of the ACM, October 1986, volume 29, number + 10. + +[RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network + Information Center, SRI International, December 1977. + +[RFC-768] J. Postel, "User Datagram Protocol", RFC-768, + USC/Information Sciences Institute, August 1980. + +[RFC-793] J. Postel, "Transmission Control Protocol", RFC-793, + USC/Information Sciences Institute, September 1981. + +[RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT, + September 1981. + + Suggests introduction of a hierarchy in place of a flat + name space for the Internet. + +[RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805, + USC/Information Sciences Institute, February 1982. + +[RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD + Internet Host Table Specification", RFC-810, Network + Information Center, SRI International, March 1982. + + Obsolete. See RFC-952. + +[RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames + Server", RFC-811, Network Information Center, SRI + International, March 1982. + + + + +Mockapetris [Page 50] + +RFC 1035 Domain Implementation and Specification November 1987 + + + Obsolete. See RFC-953. + +[RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812, + Network Information Center, SRI International, March + 1982. + +[RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for + Internet User Applications", RFC-819, Network + Information Center, SRI International, August 1982. + + Early thoughts on the design of the domain system. + Current implementation is completely different. + +[RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821, + USC/Information Sciences Institute, August 1980. + +[RFC-830] Z. Su, "A Distributed System for Internet Name Service", + RFC-830, Network Information Center, SRI International, + October 1982. + + Early thoughts on the design of the domain system. + Current implementation is completely different. + +[RFC-882] P. Mockapetris, "Domain names - Concepts and + Facilities," RFC-882, USC/Information Sciences + Institute, November 1983. + + Superseded by this memo. + +[RFC-883] P. Mockapetris, "Domain names - Implementation and + Specification," RFC-883, USC/Information Sciences + Institute, November 1983. + + Superseded by this memo. + +[RFC-920] J. Postel and J. Reynolds, "Domain Requirements", + RFC-920, USC/Information Sciences Institute, + October 1984. + + Explains the naming scheme for top level domains. + +[RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host + Table Specification", RFC-952, SRI, October 1985. + + Specifies the format of HOSTS.TXT, the host/address + table replaced by the DNS. + + + + + +Mockapetris [Page 51] + +RFC 1035 Domain Implementation and Specification November 1987 + + +[RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server", + RFC-953, SRI, October 1985. + + This RFC contains the official specification of the + hostname server protocol, which is obsoleted by the DNS. + This TCP based protocol accesses information stored in + the RFC-952 format, and is used to obtain copies of the + host table. + +[RFC-973] P. Mockapetris, "Domain System Changes and + Observations", RFC-973, USC/Information Sciences + Institute, January 1986. + + Describes changes to RFC-882 and RFC-883 and reasons for + them. + +[RFC-974] C. Partridge, "Mail routing and the domain system", + RFC-974, CSNET CIC BBN Labs, January 1986. + + Describes the transition from HOSTS.TXT based mail + addressing to the more powerful MX system used with the + domain system. + +[RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS + service on a TCP/UDP transport: Concepts and Methods", + RFC-1001, March 1987. + + This RFC and RFC-1002 are a preliminary design for + NETBIOS on top of TCP/IP which proposes to base NetBIOS + name service on top of the DNS. + +[RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS + service on a TCP/UDP transport: Detailed + Specifications", RFC-1002, March 1987. + +[RFC-1010] J. Reynolds, and J. Postel, "Assigned Numbers", RFC-1010, + USC/Information Sciences Institute, May 1987. + + Contains socket numbers and mnemonics for host names, + operating systems, etc. + +[RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031, + November 1987. + + Describes a plan for converting the MILNET to the DNS. + +[RFC-1032] M. Stahl, "Establishing a Domain - Guidelines for + Administrators", RFC-1032, November 1987. + + + +Mockapetris [Page 52] + +RFC 1035 Domain Implementation and Specification November 1987 + + + Describes the registration policies used by the NIC to + administer the top level domains and delegate subzones. + +[RFC-1033] M. Lottor, "Domain Administrators Operations Guide", + RFC-1033, November 1987. + + A cookbook for domain administrators. + +[Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET + Name Server", Computer Networks, vol 6, nr 3, July 1982. + + Describes a name service for CSNET which is independent + from the DNS and DNS use in the CSNET. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 53] + +RFC 1035 Domain Implementation and Specification November 1987 + + +Index + + * 13 + + ; 33, 35 + + <character-string> 35 + <domain-name> 34 + + @ 35 + + \ 35 + + A 12 + + Byte order 8 + + CH 13 + Character case 9 + CLASS 11 + CNAME 12 + Completion 42 + CS 13 + + Hesiod 13 + HINFO 12 + HS 13 + + IN 13 + IN-ADDR.ARPA domain 22 + Inverse queries 40 + + Mailbox names 47 + MB 12 + MD 12 + MF 12 + MG 12 + MINFO 12 + MINIMUM 20 + MR 12 + MX 12 + + NS 12 + NULL 12 + + Port numbers 32 + Primary server 5 + PTR 12, 18 + + + +Mockapetris [Page 54] + +RFC 1035 Domain Implementation and Specification November 1987 + + + QCLASS 13 + QTYPE 12 + + RDATA 12 + RDLENGTH 11 + + Secondary server 5 + SOA 12 + Stub resolvers 7 + + TCP 32 + TXT 12 + TYPE 11 + + UDP 32 + + WKS 12 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mockapetris [Page 55] + diff --git a/lib/dns/tests/testdata/dstrandom/random.data b/lib/dns/tests/testdata/dstrandom/random.data Binary files differnew file mode 100644 index 0000000..354add0 --- /dev/null +++ b/lib/dns/tests/testdata/dstrandom/random.data diff --git a/lib/dns/tests/testdata/master/master1.data b/lib/dns/tests/testdata/master/master1.data new file mode 100644 index 0000000..030bc68 --- /dev/null +++ b/lib/dns/tests/testdata/master/master1.data @@ -0,0 +1,11 @@ +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + in ns ns.vix.com. + in ns ns2.vix.com. + in ns ns3.vix.com. +b in a 1.2.3.4 diff --git a/lib/dns/tests/testdata/master/master10.data b/lib/dns/tests/testdata/master/master10.data new file mode 100644 index 0000000..9ee052f --- /dev/null +++ b/lib/dns/tests/testdata/master/master10.data @@ -0,0 +1,7 @@ +; +; the following black line contains spaces + +; +@ 300 IN A 10.0.0.1 + ; +; diff --git a/lib/dns/tests/testdata/master/master11.data b/lib/dns/tests/testdata/master/master11.data new file mode 100644 index 0000000..0aaec25 --- /dev/null +++ b/lib/dns/tests/testdata/master/master11.data @@ -0,0 +1,6 @@ +; +; The following serial number contains a leading 0 and a 9 so the +; we can catch cases where it is incorrectly treated as a octal +; number. +; +@ 300 IN SOA ns hostmaster 00090000 1200 3600 604800 300 diff --git a/lib/dns/tests/testdata/master/master12.data.in b/lib/dns/tests/testdata/master/master12.data.in new file mode 100644 index 0000000..3634388 --- /dev/null +++ b/lib/dns/tests/testdata/master/master12.data.in @@ -0,0 +1 @@ +00000002000000004ed7306600000051000100060000000003e80000000100060474657374000035096c6f63616c686f7374000a706f73746d6173746572096c6f63616c686f73740076cb8ab100000e100000070800093a8000000e1000000046000100020000000003e8000000030006047465737400000c026e730376697803636f6d00000d036e73320376697803636f6d00000d036e73330376697803636f6d0000000022000100010000000003e80000000100080162047465737400000401020304 diff --git a/lib/dns/tests/testdata/master/master13.data.in b/lib/dns/tests/testdata/master/master13.data.in new file mode 100644 index 0000000..d1c262f --- /dev/null +++ b/lib/dns/tests/testdata/master/master13.data.in @@ -0,0 +1 @@ +00000002000000014ed7337f00000000000000000000000000000051000100060000000003e80000000100060474657374000035096c6f63616c686f7374000a706f73746d6173746572096c6f63616c686f73740076cb8ab100000e100000070800093a8000000e1000000046000100020000000003e8000000030006047465737400000c026e730376697803636f6d00000d036e73320376697803636f6d00000d036e73330376697803636f6d0000000022000100010000000003e80000000100080162047465737400000401020304 diff --git a/lib/dns/tests/testdata/master/master14.data.in b/lib/dns/tests/testdata/master/master14.data.in new file mode 100644 index 0000000..149a25f --- /dev/null +++ b/lib/dns/tests/testdata/master/master14.data.in @@ -0,0 +1 @@ +00000002000000014ed7337f0000000277df41e50000000000000051000100060000000003e80000000100060474657374000035096c6f63616c686f7374000a706f73746d6173746572096c6f63616c686f73740076cb8ab100000e100000070800093a8000000e1000000046000100020000000003e8000000030006047465737400000c026e730376697803636f6d00000d036e73320376697803636f6d00000d036e73330376697803636f6d0000000022000100010000000003e80000000100080162047465737400000401020304 diff --git a/lib/dns/tests/testdata/master/master15.data b/lib/dns/tests/testdata/master/master15.data new file mode 100644 index 0000000..cf413ce --- /dev/null +++ b/lib/dns/tests/testdata/master/master15.data @@ -0,0 +1,1609 @@ +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + in ns ns.vix.com. + in ns ns2.vix.com. + in ns ns3.vix.com. +b in a 1.2.3.4 +c in txt ( TOOBIGTOOBIGTOOBIGTOOBIGTOOBIGTOOBI + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 ) diff --git a/lib/dns/tests/testdata/master/master16.data b/lib/dns/tests/testdata/master/master16.data new file mode 100644 index 0000000..e969bd3 --- /dev/null +++ b/lib/dns/tests/testdata/master/master16.data @@ -0,0 +1,1609 @@ +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + in ns ns.vix.com. + in ns ns2.vix.com. + in ns ns3.vix.com. +b in a 1.2.3.4 +c in txt ( MAXSIZSEMAXSIZSEMAXSIZSEMAXSIZSMAX + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 + 1234567890123456789012345678901234567890 ) diff --git a/lib/dns/tests/testdata/master/master17.data b/lib/dns/tests/testdata/master/master17.data new file mode 100644 index 0000000..4b2b63d --- /dev/null +++ b/lib/dns/tests/testdata/master/master17.data @@ -0,0 +1,14 @@ +$ORIGIN test. +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + in ns ns.test. + in ns ns2.test. + in ns ns3.test. +b in a 1.2.3.4 +$ORIGIN sub.test. + in a 4.3.2.1 diff --git a/lib/dns/tests/testdata/master/master18.data b/lib/dns/tests/testdata/master/master18.data new file mode 100644 index 0000000..dddf04e --- /dev/null +++ b/lib/dns/tests/testdata/master/master18.data @@ -0,0 +1,10 @@ +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + +$INCLUDE "testkeys/Kexample.+008+20386.key"; +$INCLUDE "testkeys/Kexample.+008+37464.key"; diff --git a/lib/dns/tests/testdata/master/master2.data b/lib/dns/tests/testdata/master/master2.data new file mode 100644 index 0000000..b8ca38d --- /dev/null +++ b/lib/dns/tests/testdata/master/master2.data @@ -0,0 +1,11 @@ +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum +a in ns +a in ns ns2vix.com. +a in ns ns3vix.com. +b in a 1.2.3.4 diff --git a/lib/dns/tests/testdata/master/master3.data b/lib/dns/tests/testdata/master/master3.data new file mode 100644 index 0000000..7283af6 --- /dev/null +++ b/lib/dns/tests/testdata/master/master3.data @@ -0,0 +1,11 @@ +$TTL 1000 + in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + in ns ns.vix.com + in ns ns2vix.com. +a in ns ns3vix.com. +b in a 1.2.3.4 diff --git a/lib/dns/tests/testdata/master/master4.data b/lib/dns/tests/testdata/master/master4.data new file mode 100644 index 0000000..3a694ea --- /dev/null +++ b/lib/dns/tests/testdata/master/master4.data @@ -0,0 +1,11 @@ + +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum +a in ns ns.vix.com. +a in ns ns2vix.com. +a in ns ns3vix.com. +b in a 1.2.3.4 diff --git a/lib/dns/tests/testdata/master/master5.data b/lib/dns/tests/testdata/master/master5.data new file mode 100644 index 0000000..95234bd --- /dev/null +++ b/lib/dns/tests/testdata/master/master5.data @@ -0,0 +1,11 @@ +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum +a any ns ns.vix.com. +a in ns ns2vix.com. +a in ns ns3vix.com. +b in a 1.2.3.4 diff --git a/lib/dns/tests/testdata/master/master6.data b/lib/dns/tests/testdata/master/master6.data new file mode 100644 index 0000000..a9a37bb --- /dev/null +++ b/lib/dns/tests/testdata/master/master6.data @@ -0,0 +1,33 @@ + +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + +secure1 3600 IN DNSKEY ( + FLAG2|FLAG4|FLAG5|NTYP3|FLAG8|FLAG9|FLAG10|FLAG11|SIG15 + 3 3 + ArT0a8FtOZWEONG2YQVl9+RA34op30JPz4NPEroCxm2yImT2 + 2OYggnPIzrgayyepgKU1PfTTypnJDTwrSrtISyEsj7tjM7/n + 03DP8VWSn0aLwpUuc7Sx9vtM1Wi+YeiA4Bv2Oz1VB9de4qql + sIq+KLn8J4wz95bGnJ0mHUB7oTDJ3Hl1zeaCMdX69Kr46yAY + AvGJJdGGDYxYgxzx2zNdzypkYSkxpdsNqUt38tabSfdvCn12 + pnmSWjlVJsjHhsaYnrPhouN5acOXMNbxNVbGU5LZ8Es6EYbV + /7YMt8VUkA8/8UCszBBT7XAJ3OFjiMO8mvxrZZFzvwJlPBQ1 + oFq/TNZlSe+N ) + +secure2 3600 in DNSKEY ( + flag2|flag4|flag5|ntyp3|flag8|flag9|flag10|flag11|sig15 + 3 3 + ArT0a8FtOZWEONG2YQVl9+RA34op30JPz4NPEroCxm2yImT2 + 2OYggnPIzrgayyepgKU1PfTTypnJDTwrSrtISyEsj7tjM7/n + 03DP8VWSn0aLwpUuc7Sx9vtM1Wi+YeiA4Bv2Oz1VB9de4qql + sIq+KLn8J4wz95bGnJ0mHUB7oTDJ3Hl1zeaCMdX69Kr46yAY + AvGJJdGGDYxYgxzx2zNdzypkYSkxpdsNqUt38tabSfdvCn12 + pnmSWjlVJsjHhsaYnrPhouN5acOXMNbxNVbGU5LZ8Es6EYbV + /7YMt8VUkA8/8UCszBBT7XAJ3OFjiMO8mvxrZZFzvwJlPBQ1 + oFq/TNZlSe+N ) + diff --git a/lib/dns/tests/testdata/master/master7.data b/lib/dns/tests/testdata/master/master7.data new file mode 100644 index 0000000..2638b5d --- /dev/null +++ b/lib/dns/tests/testdata/master/master7.data @@ -0,0 +1,17 @@ + +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + +secure1 3600 IN DNSKEY ( + NOKEY|FLAG2|FLAG4|FLAG5|NTYP3|FLAG8|FLAG9|FLAG10|FLAG11|SIG15 + 3 3 ) + +secure2 3600 in DNSKEY ( + nokey|flag2|flag4|flag5|ntyp3|flag8|flag9|flag10|flag11|sig15 + 3 3 ) + diff --git a/lib/dns/tests/testdata/master/master8.data b/lib/dns/tests/testdata/master/master8.data new file mode 100644 index 0000000..d16b6f3 --- /dev/null +++ b/lib/dns/tests/testdata/master/master8.data @@ -0,0 +1,4 @@ +; +; master6.data contains a good zone file +; +$include testdata/master/master6.data diff --git a/lib/dns/tests/testdata/master/master9.data b/lib/dns/tests/testdata/master/master9.data new file mode 100644 index 0000000..b22688b --- /dev/null +++ b/lib/dns/tests/testdata/master/master9.data @@ -0,0 +1,4 @@ +; +; master5.data is bad +; +$include testdata/master/master5.data diff --git a/lib/dns/tests/testdata/nsec3/1024.db b/lib/dns/tests/testdata/nsec3/1024.db new file mode 100644 index 0000000..2576328 --- /dev/null +++ b/lib/dns/tests/testdata/nsec3/1024.db @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 0 +test. SOA . . 0 0 0 0 0 +test. NS . +; 1024 bit key. +test. IN DNSKEY 256 3 5 AwEAAd5oKx06HRE6NRrTDz49lljdRmxgp/4YB/cyMkpwUMkaLhDNCfTq hql84ab2LRbtUWLHFXGWENvxPGQzVHeleXu+3ThNfFOwIaySedxHmLGT lTtBRDhPc8iSb+2IYDemmA+ut8kwHhCVz/tDMbD/dgAswdOtmXCpQyJk Q1HqY3Xj diff --git a/lib/dns/tests/testdata/nsec3/2048.db b/lib/dns/tests/testdata/nsec3/2048.db new file mode 100644 index 0000000..26dd980 --- /dev/null +++ b/lib/dns/tests/testdata/nsec3/2048.db @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 0 +test. SOA . . 0 0 0 0 0 +test. NS . +; 2048 bits +test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00= diff --git a/lib/dns/tests/testdata/nsec3/4096.db b/lib/dns/tests/testdata/nsec3/4096.db new file mode 100644 index 0000000..d628c33 --- /dev/null +++ b/lib/dns/tests/testdata/nsec3/4096.db @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 0 +test. SOA . . 0 0 0 0 0 +test. NS . +; 4096 bits +test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3 diff --git a/lib/dns/tests/testdata/nsec3/min-1024.db b/lib/dns/tests/testdata/nsec3/min-1024.db new file mode 100644 index 0000000..360c282 --- /dev/null +++ b/lib/dns/tests/testdata/nsec3/min-1024.db @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 0 +test. SOA . . 0 0 0 0 0 +test. NS . +; 1024 bit key. +test. IN DNSKEY 256 3 5 AwEAAd5oKx06HRE6NRrTDz49lljdRmxgp/4YB/cyMkpwUMkaLhDNCfTq hql84ab2LRbtUWLHFXGWENvxPGQzVHeleXu+3ThNfFOwIaySedxHmLGT lTtBRDhPc8iSb+2IYDemmA+ut8kwHhCVz/tDMbD/dgAswdOtmXCpQyJk Q1HqY3Xj +; 2048 bits +test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00= +; 4096 bits +test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3 diff --git a/lib/dns/tests/testdata/nsec3/min-2048.db b/lib/dns/tests/testdata/nsec3/min-2048.db new file mode 100644 index 0000000..606264e --- /dev/null +++ b/lib/dns/tests/testdata/nsec3/min-2048.db @@ -0,0 +1,18 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 0 +test. SOA . . 0 0 0 0 0 +test. NS . +; 2048 bits +test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00= +; 4096 bits +test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3 diff --git a/lib/dns/tests/testdata/nsec3param/nsec3.db.signed b/lib/dns/tests/testdata/nsec3param/nsec3.db.signed new file mode 100644 index 0000000..aeced0e --- /dev/null +++ b/lib/dns/tests/testdata/nsec3param/nsec3.db.signed @@ -0,0 +1,73 @@ +; File written on Mon Nov 16 16:04:21 2020 +; dnssec_signzone version 9.16.8 +nsec3. 1000 IN SOA nsec3. postmaster.nsec3. ( + 1993050801 ; serial + 3600 ; refresh (1 hour) + 1800 ; retry (30 minutes) + 604800 ; expire (1 week) + 3600 ; minimum (1 hour) + ) + 1000 RRSIG SOA 13 1 1000 ( + 20201216140421 20201116140421 40382 nsec3. + qh61ZPgQaNLAoIQvAoTLbR3sLBY7XATaMGSS + fYOssQWvgAzpAzhalmF/cSXmQ/RZQOyIdpVg + v3rgyTxA2vGNnA== ) + 1000 NS ns1.nsec3. + 1000 NS ns2.nsec3. + 1000 RRSIG NS 13 1 1000 ( + 20201216140421 20201116140421 40382 nsec3. + 4Le+e5Lu/taEvrvrmBn/z+QP4zhzUqwO6v70 + WYrzCggUls8+fUd2unBHDPWag1oSKfNpGGWA + crihrs4RhMPfZA== ) + 1000 DNSKEY 257 3 13 ( + VKkttSi/v3lAyzUYnykwdwowXfDOQ7wdN9BT + +eb8fVfgRApvuun9hjUBlv7ogriU/GAb60B8 + juj9bXZADT+OGg== + ) ; KSK; alg = ECDSAP256SHA256 ; key id = 40382 + 1000 RRSIG DNSKEY 13 1 1000 ( + 20201216140421 20201116140421 40382 nsec3. + ZnBqGgWvHwjjQBSIRPXe2fx6+MsQp1QQdzJ0 + QaEyaOmud5JPatUXaV9eFRcPNCsi+2HZSZVp + vsAGUCge7w6u9A== ) + 0 NSEC3PARAM 1 0 5 FEDCBA98 + 0 RRSIG NSEC3PARAM 13 1 0 ( + 20201216140421 20201116140421 40382 nsec3. + WPTD+5vr54YtvGqCUJHPvGdF7Wd4piZYltcs + cztBRfdM7FRJ/zvrDS72rt6zm0TYSXzawqt/ + MiwOkYKv2vxfUg== ) +ns2.nsec3. 1000 IN A 1.2.3.5 + 1000 RRSIG A 13 2 1000 ( + 20201216140421 20201116140421 40382 nsec3. + l9Mc2Y5JFmllSxJj3GUdH6RtEsYfhjJU39sa + vAVa4zxv6S9vU+vLvTA05aQ+DPLvKTX+WNH7 + dDa+Yy5ffBs68g== ) +QVCH33BSJ0Q2C74FEDFDBCFQHO255NEB.nsec3. 3600 IN NSEC3 1 0 5 FEDCBA98 ( + STH5N5QDVC5DGEN5VGUC7JGALSM3R8AP + A RRSIG ) + 3600 RRSIG NSEC3 13 2 3600 ( + 20201216140421 20201116140421 40382 nsec3. + F/wKQtv+RlBHG1WCz0CkHlTSoUiRx0z+qBI1 + GTHoXSjgG1NSHqTI4C32AasZSMp+uuF2R8KW + 9z4gOLucl0Xmfg== ) +STH5N5QDVC5DGEN5VGUC7JGALSM3R8AP.nsec3. 3600 IN NSEC3 1 0 5 FEDCBA98 ( + A084TNR6VJ2ND5K1U0AI4HO4EPVKBG4U + NS SOA RRSIG DNSKEY NSEC3PARAM ) + 3600 RRSIG NSEC3 13 2 3600 ( + 20201216140421 20201116140421 40382 nsec3. + 9TgGFGY3vwkxMFlXy3oKMgHPqvcPozKDHZzc + Ny6eJn3TXNX5bLhiT5rw5+CCtyOEQmn3pf0X + njK7jZBAcBV+5Q== ) +A084TNR6VJ2ND5K1U0AI4HO4EPVKBG4U.nsec3. 3600 IN NSEC3 1 0 5 FEDCBA98 ( + QVCH33BSJ0Q2C74FEDFDBCFQHO255NEB + A RRSIG ) + 3600 RRSIG NSEC3 13 2 3600 ( + 20201216140421 20201116140421 40382 nsec3. + auf+5lrkMESIfdFK8bf4yg1a+NLGWzgUmohS + ydcKaJz0XcnULegatWdfE75jmZoDeqKNpwdL + 5lQ77GF4cEh1OQ== ) +ns1.nsec3. 1000 IN A 1.2.3.4 + 1000 RRSIG A 13 2 1000 ( + 20201216140421 20201116140421 40382 nsec3. + yAmr1EE8qe+Jl+wQXOdj/uSjMFUmns0D1lx6 + zAVe9BaQwvF3wR7ZUk/u9G0RrUBchmEj0+yq + KEsw32Tru4Romg== ) diff --git a/lib/dns/tests/testdata/zt/zone1.db b/lib/dns/tests/testdata/zt/zone1.db new file mode 100644 index 0000000..85e7951 --- /dev/null +++ b/lib/dns/tests/testdata/zt/zone1.db @@ -0,0 +1,22 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + in ns ns.vix.com. + in ns ns2.vix.com. + in ns ns3.vix.com. +a in a 1.2.3.4 diff --git a/lib/dns/tests/testkeys/Kexample.+008+20386.key b/lib/dns/tests/testkeys/Kexample.+008+20386.key new file mode 100644 index 0000000..3404dca --- /dev/null +++ b/lib/dns/tests/testkeys/Kexample.+008+20386.key @@ -0,0 +1,5 @@ +; This is a key-signing key, keyid 20386, for example. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example. IN DNSKEY 257 3 8 AwEAAZd7/hBRvMooz0sepkD/2r3Bp021f8lGzDj6sZEVbg1hcqZTzURc eGkS541wyOqjvJv2KBi5qLLE2HthmexmOBycjTQ7EiKd1P9bE8RgF8Et j73X/CHLiX6YL7cb93TXWiUvbRh4E6D2URgOmxMdMOXTuCvjvDaGVCOt Jc77UUosuBeurZzP8g8t/zccAUTzu2cdRyI5/ZxOBfJaDtc9TlRdWsaN Af+nT0C14ccH7QVlKjjaYV4lXueruDW3yTTzu9bQ1ikgegsCLi/tcD/1 dWTOI9whV06szs+ouhuJkZuhIjrGDtOHCpjPjIxOOrIZceU1YSY30kAR QNVzshJqyx8= diff --git a/lib/dns/tests/testkeys/Kexample.+008+20386.private b/lib/dns/tests/testkeys/Kexample.+008+20386.private new file mode 100644 index 0000000..d8cff93 --- /dev/null +++ b/lib/dns/tests/testkeys/Kexample.+008+20386.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: l3v+EFG8yijPSx6mQP/avcGnTbV/yUbMOPqxkRVuDWFyplPNRFx4aRLnjXDI6qO8m/YoGLmossTYe2GZ7GY4HJyNNDsSIp3U/1sTxGAXwS2Pvdf8IcuJfpgvtxv3dNdaJS9tGHgToPZRGA6bEx0w5dO4K+O8NoZUI60lzvtRSiy4F66tnM/yDy3/NxwBRPO7Zx1HIjn9nE4F8loO1z1OVF1axo0B/6dPQLXhxwftBWUqONphXiVe56u4NbfJNPO71tDWKSB6CwIuL+1wP/V1ZM4j3CFXTqzOz6i6G4mRm6EiOsYO04cKmM+MjE46shlx5TVhJjfSQBFA1XOyEmrLHw== +PublicExponent: AQAB +PrivateExponent: aSkynrGfldfuz/9e+xCjEcg2FMRDCb+UVpnyWv29gJx9sunKPgLTtF3jUVVSpVE1xi+EdmWsry3n+v8uk+YCXhpwDCpV1KItE3huqIzs8LZoaypdZjieIrwTo9JOX1aAxf++hJYXSk60zTaWgRZqs6He4Nkf99oY3wt8i8v8CrkfQy76K/qK9xUVv5GHrEZzCGLfLv77eqDab/J84ANxc0kUtQvgt2/JTHofXmcA6/YDh5PWB8KRw1PjQTck61/xIgfI6ky/yIF1riCQCYXwTv7jcmMV/QvQ+dfN+HZ2CSGp7xcH2Yxe9OhAY823ZkmkOQ2YZPjIj6dEoRMmSiaagQ== +Prime1: x2GMnpRPwvUhM+yPRa7nh5Jjl4mbofeOtVrxe1hEVy8l2UGFh+FDZCbyoLRNUTYDji00NHpGtmcAyoY9pLdOn7ci4zqGVnNJcIY75Ie4p6J7pPfDh9d+AGtJ5NpNhr1sjD0bFncJC2FGY9vj4eC0CkatMu/Qovrd2FwZ8VpDsAk= +Prime2: woB8MYsEfSYGD0hZGtmgK6UQ+Oo9smxdPmahLYXnLSAdqtqZbZX+ABk/kFduT+XwlHOXmp3HMmUtQTRZBaQyBrsFWfWjOGevByEsT9aLQSZOEgnqy4xrc9XNwDs4/WkrEgw/TOVnZYdaCyLxsFl4bpTX8Fj3yVqg/tJvuUMWG+c= +Exponent1: iQO7a9rF+VcVSyZ8yslIaL0r3Z5+Kk8CbhSiMD5XMIbA/sztI5SlCDVPtSpSm8V/qfvcjVeeMokUXRjlUcV6rX1f50F3wf8V79L/Y6v1NJYPXC273CU1fLo+HJv8fOS9rJ3teIGy4HQnuEYLE1WkxA8PxRpSiT3WqHGajmaWb2k= +Exponent2: elMWSI5Wz2KXkwr8Rz+xVWGl7/ZZwRoX9oPTQG8jeiTlo6uBrQMVUPiQGnZyQTuq96JPKYWrXs11DbofdsXSVJtQfUhYU8QZtxEs7jVPNTUjCoNEMKnqdlpz4T8d03pOBTbApNruEVNz1OcwO6m5bUqdGGLLy838zOaKL2i6wec= +Coefficient: q2mejAmT3A4H2C0rT1hm8XQFuISHjAAEyM9t09Q8tEeQ0lHi4gMVA3bXoAn9U21eBkFQDwvyB0vqlVSGgRqHovOKx9uXAU9eoDxGcJsFlGsM0aUsUjGVXv5kVmaw8a5PHBbvYAbgAZUmKqrVF0PWD3o+/DbzP9PCmlJcqxoAulU= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/testkeys/Kexample.+008+37464.key b/lib/dns/tests/testkeys/Kexample.+008+37464.key new file mode 100644 index 0000000..3dd0619 --- /dev/null +++ b/lib/dns/tests/testkeys/Kexample.+008+37464.key @@ -0,0 +1,5 @@ +; This is a zone-signing key, keyid 37464, for example. +; Created: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000) +; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000) +example. IN DNSKEY 256 3 8 AwEAAbxHOF8G0xw9ekCodhL8KivuZ3o0jmGlycLiXBjBN8c5R5fjLjUh D0gy3IDbDC+kLaPhHGF/MwrSEjrgSowxZ8nrxDzsq5ZdpeUsYaNrbQEY /mqf35T/9/Ulm4v06x58v/NTugWd05Xq04aAyfm7EViyGFzmVOVfPnll h9xQtvWEWoRWPseFw+dY5/nc/+xB/IsQMihoH2rO+cek/lsP3R9DsHCG RbQ/ks/+rrp6/O+QJZyZrzsONl7mlMDXNy3Pz9J4qMW2W6Mz702LN324 7/9UsetDGGbuZfrCLMpKWXzdsJm36DOk4aMooS9111plfXaXQgQNcL5G 021utpTau+8= diff --git a/lib/dns/tests/testkeys/Kexample.+008+37464.private b/lib/dns/tests/testkeys/Kexample.+008+37464.private new file mode 100644 index 0000000..ecc2ad0 --- /dev/null +++ b/lib/dns/tests/testkeys/Kexample.+008+37464.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 8 (RSASHA256) +Modulus: vEc4XwbTHD16QKh2EvwqK+5nejSOYaXJwuJcGME3xzlHl+MuNSEPSDLcgNsML6Qto+EcYX8zCtISOuBKjDFnyevEPOyrll2l5Sxho2ttARj+ap/flP/39SWbi/TrHny/81O6BZ3TlerThoDJ+bsRWLIYXOZU5V8+eWWH3FC29YRahFY+x4XD51jn+dz/7EH8ixAyKGgfas75x6T+Ww/dH0OwcIZFtD+Sz/6uunr875AlnJmvOw42XuaUwNc3Lc/P0nioxbZbozPvTYs3fbjv/1Sx60MYZu5l+sIsykpZfN2wmbfoM6ThoyihL3XXWmV9dpdCBA1wvkbTbW62lNq77w== +PublicExponent: AQAB +PrivateExponent: AhR3VvVoV6OGOjiiNUt728hidEMoX4PJWtHNWqinyRek5tSnqgaXeKC3NuU0mUIjDvBps9oH4lK3yNa5fBr/nodwP4wNyTd3obR/z6JcLersxJjHi4nYX2ju8vjdsBSIulNudqlrsPhLJe0+Tff3FRfClSQmQ/JtakHo4lIx8zxiOJY8aWFeHGdWJDkAf6NStt3eVYyOyAwISfv3muaGPZKShiIOfLyTvqFqzwYFgdTWmvFqTdwgjIMc5XAwqw73WP2BPCN+fdCiMtrw0fCrhWzw/gfMJBHdOPH0diUZysAJhM0vdVKQzEi/g3YOo00fahZiPzaxNtZnLNj2mA54YQ== +Prime1: 5YpfVjEtL1owW9gSFbIMx65POr+fiktxirgy1bc5fSsVqUgG6zhbaN/VpWcNZG0Zg5xd6S7C8V3djGlnJN8wZIyjIh7+Z3WWjqbOD9oY7rC1fR+W0OvbCmZiEzOpRJ5qoMOh1MzkkanhMy0/ICpaa8eQ9zEb80oTIQpFgoLn7K0= +Prime2: 0fs3ncL5/2qzq2dmPXLYcOfc1EGSuESO0VpREP8EpTkyPKeVw5LaF9TgZRqPWlRf2T0LPoZ766xLAn090u0pLQ5fWM96NMas7kS+rxtRssat6MiQo3YfoU3ysk3xuPzrMBHyn/N42CjSG+bJEToHR7V16KsCT6dBIPkI3tj/Yos= +Exponent1: Bdsp44ENrg+W/EDe9T69pLqFuvH4mAaktu1MHre198OJoe/8fTPK4ToUsUuXw+Akrn7mxnQy9QV4CYUG5KHtEiOkZdJ0mx8c4DbROwZNbImFl9OefWYHCJTkG6lNwDpqbf+PuWYgzraO0EdvPNrXw7grsqLGG8bgBg/FBjdgw2E= +Exponent2: uV1pxW0fwGhzX3aR/ODrTRCCEyYn3V84LHvsYHKfqTOKs5zFSrbSrIMR7G676ePeESogSPvzXSLlvLbO4urVlJ7BcOcHXJuegWBSbMZTItzdHUgg1wwp8/2Zp+nC36j1/aN6adVG8ptmj5b2HKz7TERWaCS+j454oiD1wbQSDu0= +Coefficient: JO6RxBIaoEd/Z4ITcsYT8TslP1KmIuAqdhMt3FSpqeogUDut7f3FZIEyNi4wsrSK5peIQSVmO2pQLupS+eRIPHXZ1vh5kcFAsgd7XBb7Fvsg26/WSjhB4wjx+wgWzVomK0519pfdtH854fePWPkdDKtLNL2zh0APne3GjwrbNEM= +Created: 20000101000000 +Publish: 20000101000000 +Activate: 20000101000000 diff --git a/lib/dns/tests/time_test.c b/lib/dns/tests/time_test.c new file mode 100644 index 0000000..a1e50f8 --- /dev/null +++ b/lib/dns/tests/time_test.c @@ -0,0 +1,218 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/util.h> + +#include <dns/time.h> + +#include "dnstest.h" + +#define TEST_ORIGIN "test" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/* value = 0xfffffffff <-> 19691231235959 */ +static void +epoch_minus_one_test(void **state) { + const char *test_text = "19691231235959"; + const uint32_t test_time = 0xffffffff; + isc_result_t result; + isc_buffer_t target; + uint32_t when; + char buf[128]; + + UNUSED(state); + + memset(buf, 0, sizeof(buf)); + isc_buffer_init(&target, buf, sizeof(buf)); + result = dns_time32_totext(test_time, &target); + assert_int_equal(result, ISC_R_SUCCESS); + assert_string_equal(buf, test_text); + result = dns_time32_fromtext(test_text, &when); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(when, test_time); +} + +/* value = 0x000000000 <-> 19700101000000*/ +static void +epoch_test(void **state) { + const char *test_text = "19700101000000"; + const uint32_t test_time = 0x00000000; + isc_result_t result; + isc_buffer_t target; + uint32_t when; + char buf[128]; + + UNUSED(state); + + memset(buf, 0, sizeof(buf)); + isc_buffer_init(&target, buf, sizeof(buf)); + result = dns_time32_totext(test_time, &target); + assert_int_equal(result, ISC_R_SUCCESS); + assert_string_equal(buf, test_text); + result = dns_time32_fromtext(test_text, &when); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(when, test_time); +} + +/* value = 0x7fffffff <-> 20380119031407 */ +static void +half_maxint_test(void **state) { + const char *test_text = "20380119031407"; + const uint32_t test_time = 0x7fffffff; + isc_result_t result; + isc_buffer_t target; + uint32_t when; + char buf[128]; + + UNUSED(state); + + memset(buf, 0, sizeof(buf)); + isc_buffer_init(&target, buf, sizeof(buf)); + result = dns_time32_totext(test_time, &target); + assert_int_equal(result, ISC_R_SUCCESS); + assert_string_equal(buf, test_text); + result = dns_time32_fromtext(test_text, &when); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(when, test_time); +} + +/* value = 0x80000000 <-> 20380119031408 */ +static void +half_plus_one_test(void **state) { + const char *test_text = "20380119031408"; + const uint32_t test_time = 0x80000000; + isc_result_t result; + isc_buffer_t target; + uint32_t when; + char buf[128]; + + UNUSED(state); + + memset(buf, 0, sizeof(buf)); + isc_buffer_init(&target, buf, sizeof(buf)); + result = dns_time32_totext(test_time, &target); + assert_int_equal(result, ISC_R_SUCCESS); + assert_string_equal(buf, test_text); + result = dns_time32_fromtext(test_text, &when); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(when, test_time); +} + +/* value = 0xef68f5d0 <-> 19610307130000 */ +static void +fifty_before_test(void **state) { + isc_result_t result; + const char *test_text = "19610307130000"; + const uint32_t test_time = 0xef68f5d0; + isc_buffer_t target; + uint32_t when; + char buf[128]; + + UNUSED(state); + + memset(buf, 0, sizeof(buf)); + isc_buffer_init(&target, buf, sizeof(buf)); + result = dns_time32_totext(test_time, &target); + assert_int_equal(result, ISC_R_SUCCESS); + assert_string_equal(buf, test_text); + result = dns_time32_fromtext(test_text, &when); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(when, test_time); +} + +/* value = 0x4d74d6d0 <-> 20110307130000 */ +static void +some_ago_test(void **state) { + const char *test_text = "20110307130000"; + const uint32_t test_time = 0x4d74d6d0; + isc_result_t result; + isc_buffer_t target; + uint32_t when; + char buf[128]; + + UNUSED(state); + + memset(buf, 0, sizeof(buf)); + isc_buffer_init(&target, buf, sizeof(buf)); + result = dns_time32_totext(test_time, &target); + assert_int_equal(result, ISC_R_SUCCESS); + assert_string_equal(buf, test_text); + result = dns_time32_fromtext(test_text, &when); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(when, test_time); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(epoch_minus_one_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(epoch_test, _setup, _teardown), + cmocka_unit_test_setup_teardown(half_maxint_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(half_plus_one_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(fifty_before_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(some_ago_test, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c new file mode 100644 index 0000000..1354ef7 --- /dev/null +++ b/lib/dns/tests/tsig_test.c @@ -0,0 +1,605 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/mem.h> +#include <isc/print.h> +#include <isc/util.h> + +#include <dns/rdatalist.h> +#include <dns/rdataset.h> +#include <dns/tsig.h> + +#include "../tsig_p.h" +#include "dnstest.h" + +#define CHECK(r) \ + do { \ + result = (r); \ + if (result != ISC_R_SUCCESS) { \ + goto cleanup; \ + } \ + } while (0) + +#define TEST_ORIGIN "test" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static int debug = 0; + +static isc_result_t +add_mac(dst_context_t *tsigctx, isc_buffer_t *buf) { + dns_rdata_any_tsig_t tsig; + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_buffer_t databuf; + isc_region_t r; + isc_result_t result; + unsigned char tsigbuf[1024]; + + isc_buffer_usedregion(buf, &r); + dns_rdata_fromregion(&rdata, dns_rdataclass_any, dns_rdatatype_tsig, + &r); + isc_buffer_init(&databuf, tsigbuf, sizeof(tsigbuf)); + CHECK(dns_rdata_tostruct(&rdata, &tsig, NULL)); + isc_buffer_putuint16(&databuf, tsig.siglen); + isc_buffer_putmem(&databuf, tsig.signature, tsig.siglen); + isc_buffer_usedregion(&databuf, &r); + result = dst_context_adddata(tsigctx, &r); + dns_rdata_freestruct(&tsig); +cleanup: + return (result); +} + +static isc_result_t +add_tsig(dst_context_t *tsigctx, dns_tsigkey_t *key, isc_buffer_t *target) { + dns_compress_t cctx; + dns_rdata_any_tsig_t tsig; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdatalist_t rdatalist; + dns_rdataset_t rdataset; + isc_buffer_t *dynbuf = NULL; + isc_buffer_t databuf; + isc_buffer_t sigbuf; + isc_region_t r; + isc_result_t result = ISC_R_SUCCESS; + isc_stdtime_t now; + unsigned char tsigbuf[1024]; + unsigned int count; + unsigned int sigsize = 0; + bool invalidate_ctx = false; + + memset(&tsig, 0, sizeof(tsig)); + + CHECK(dns_compress_init(&cctx, -1, dt_mctx)); + invalidate_ctx = true; + + tsig.common.rdclass = dns_rdataclass_any; + tsig.common.rdtype = dns_rdatatype_tsig; + ISC_LINK_INIT(&tsig.common, link); + dns_name_init(&tsig.algorithm, NULL); + dns_name_clone(key->algorithm, &tsig.algorithm); + + isc_stdtime_get(&now); + tsig.timesigned = now; + tsig.fudge = DNS_TSIG_FUDGE; + tsig.originalid = 50; + tsig.error = dns_rcode_noerror; + tsig.otherlen = 0; + tsig.other = NULL; + + isc_buffer_init(&databuf, tsigbuf, sizeof(tsigbuf)); + isc_buffer_putuint48(&databuf, tsig.timesigned); + isc_buffer_putuint16(&databuf, tsig.fudge); + isc_buffer_usedregion(&databuf, &r); + CHECK(dst_context_adddata(tsigctx, &r)); + + CHECK(dst_key_sigsize(key->key, &sigsize)); + tsig.signature = isc_mem_get(dt_mctx, sigsize); + isc_buffer_init(&sigbuf, tsig.signature, sigsize); + CHECK(dst_context_sign(tsigctx, &sigbuf)); + tsig.siglen = isc_buffer_usedlength(&sigbuf); + assert_int_equal(sigsize, tsig.siglen); + + isc_buffer_allocate(dt_mctx, &dynbuf, 512); + CHECK(dns_rdata_fromstruct(&rdata, dns_rdataclass_any, + dns_rdatatype_tsig, &tsig, dynbuf)); + dns_rdatalist_init(&rdatalist); + rdatalist.rdclass = dns_rdataclass_any; + rdatalist.type = dns_rdatatype_tsig; + ISC_LIST_APPEND(rdatalist.rdata, &rdata, link); + dns_rdataset_init(&rdataset); + CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset)); + CHECK(dns_rdataset_towire(&rdataset, &key->name, &cctx, target, 0, + &count)); + + /* + * Fixup additional record count. + */ + ((unsigned char *)target->base)[11]++; + if (((unsigned char *)target->base)[11] == 0) { + ((unsigned char *)target->base)[10]++; + } +cleanup: + if (tsig.signature != NULL) { + isc_mem_put(dt_mctx, tsig.signature, sigsize); + } + if (dynbuf != NULL) { + isc_buffer_free(&dynbuf); + } + if (invalidate_ctx) { + dns_compress_invalidate(&cctx); + } + + return (result); +} + +static void +printmessage(dns_message_t *msg) { + isc_buffer_t b; + char *buf = NULL; + int len = 1024; + isc_result_t result = ISC_R_SUCCESS; + + if (!debug) { + return; + } + + do { + buf = isc_mem_get(dt_mctx, len); + + isc_buffer_init(&b, buf, len); + result = dns_message_totext(msg, &dns_master_style_debug, 0, + &b); + if (result == ISC_R_NOSPACE) { + isc_mem_put(dt_mctx, buf, len); + len *= 2; + } else if (result == ISC_R_SUCCESS) { + printf("%.*s\n", (int)isc_buffer_usedlength(&b), buf); + } + } while (result == ISC_R_NOSPACE); + + if (buf != NULL) { + isc_mem_put(dt_mctx, buf, len); + } +} + +static void +render(isc_buffer_t *buf, unsigned flags, dns_tsigkey_t *key, + isc_buffer_t **tsigin, isc_buffer_t **tsigout, dst_context_t *tsigctx) { + dns_message_t *msg = NULL; + dns_compress_t cctx; + isc_result_t result; + + dns_message_create(dt_mctx, DNS_MESSAGE_INTENTRENDER, &msg); + assert_non_null(msg); + + msg->id = 50; + msg->rcode = dns_rcode_noerror; + msg->flags = flags; + + /* + * XXXMPA: this hack needs to be replaced with use of + * dns_message_reply() at some point. + */ + if ((flags & DNS_MESSAGEFLAG_QR) != 0) { + msg->verified_sig = 1; + } + + if (tsigin == tsigout) { + msg->tcp_continuation = 1; + } + + if (tsigctx == NULL) { + result = dns_message_settsigkey(msg, key); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_message_setquerytsig(msg, *tsigin); + assert_int_equal(result, ISC_R_SUCCESS); + } + + result = dns_compress_init(&cctx, -1, dt_mctx); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_message_renderbegin(msg, &cctx, buf); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_message_renderend(msg); + assert_int_equal(result, ISC_R_SUCCESS); + + if (tsigctx != NULL) { + isc_region_t r; + + isc_buffer_usedregion(buf, &r); + result = dst_context_adddata(tsigctx, &r); + assert_int_equal(result, ISC_R_SUCCESS); + } else { + if (tsigin == tsigout && *tsigin != NULL) { + isc_buffer_free(tsigin); + } + + result = dns_message_getquerytsig(msg, dt_mctx, tsigout); + assert_int_equal(result, ISC_R_SUCCESS); + } + + dns_compress_invalidate(&cctx); + dns_message_detach(&msg); +} + +/* + * Test tsig tcp-continuation validation: + * Check that a simulated three message TCP sequence where the first + * and last messages contain TSIGs but the intermediate message doesn't + * correctly verifies. + */ +static void +tsig_tcp_test(void **state) { + const dns_name_t *tsigowner = NULL; + dns_fixedname_t fkeyname; + dns_message_t *msg = NULL; + dns_name_t *keyname; + dns_tsig_keyring_t *ring = NULL; + dns_tsigkey_t *key = NULL; + isc_buffer_t *buf = NULL; + isc_buffer_t *querytsig = NULL; + isc_buffer_t *tsigin = NULL; + isc_buffer_t *tsigout = NULL; + isc_result_t result; + unsigned char secret[16] = { 0 }; + dst_context_t *tsigctx = NULL; + dst_context_t *outctx = NULL; + + UNUSED(state); + + /* isc_log_setdebuglevel(lctx, 99); */ + + keyname = dns_fixedname_initname(&fkeyname); + result = dns_name_fromstring(keyname, "test", 0, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_tsigkeyring_create(dt_mctx, &ring); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_tsigkey_create(keyname, dns_tsig_hmacsha256_name, secret, + sizeof(secret), false, NULL, 0, 0, dt_mctx, + ring, &key); + assert_int_equal(result, ISC_R_SUCCESS); + assert_non_null(key); + + /* + * Create request. + */ + isc_buffer_allocate(dt_mctx, &buf, 65535); + render(buf, 0, key, &tsigout, &querytsig, NULL); + isc_buffer_free(&buf); + + /* + * Create response message 1. + */ + isc_buffer_allocate(dt_mctx, &buf, 65535); + render(buf, DNS_MESSAGEFLAG_QR, key, &querytsig, &tsigout, NULL); + assert_non_null(tsigout); + + /* + * Process response message 1. + */ + dns_message_create(dt_mctx, DNS_MESSAGE_INTENTPARSE, &msg); + assert_non_null(msg); + + result = dns_message_settsigkey(msg, key); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_message_parse(msg, buf, 0); + assert_int_equal(result, ISC_R_SUCCESS); + + printmessage(msg); + + result = dns_message_setquerytsig(msg, querytsig); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_tsig_verify(buf, msg, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(msg->verified_sig, 1); + assert_int_equal(msg->tsigstatus, dns_rcode_noerror); + + /* + * Check that we have a TSIG in the first message. + */ + assert_non_null(dns_message_gettsig(msg, &tsigowner)); + + result = dns_message_getquerytsig(msg, dt_mctx, &tsigin); + assert_int_equal(result, ISC_R_SUCCESS); + + tsigctx = msg->tsigctx; + msg->tsigctx = NULL; + isc_buffer_free(&buf); + dns_message_detach(&msg); + + result = dst_context_create(key->key, dt_mctx, DNS_LOGCATEGORY_DNSSEC, + false, 0, &outctx); + assert_int_equal(result, ISC_R_SUCCESS); + assert_non_null(outctx); + + /* + * Start digesting. + */ + result = add_mac(outctx, tsigout); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Create response message 2. + */ + isc_buffer_allocate(dt_mctx, &buf, 65535); + + assert_int_equal(result, ISC_R_SUCCESS); + render(buf, DNS_MESSAGEFLAG_QR, key, &tsigout, &tsigout, outctx); + + /* + * Process response message 2. + */ + dns_message_create(dt_mctx, DNS_MESSAGE_INTENTPARSE, &msg); + assert_non_null(msg); + + msg->tcp_continuation = 1; + msg->tsigctx = tsigctx; + tsigctx = NULL; + + result = dns_message_settsigkey(msg, key); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_message_parse(msg, buf, 0); + assert_int_equal(result, ISC_R_SUCCESS); + + printmessage(msg); + + result = dns_message_setquerytsig(msg, tsigin); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_tsig_verify(buf, msg, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(msg->verified_sig, 0); + assert_int_equal(msg->tsigstatus, dns_rcode_noerror); + + /* + * Check that we don't have a TSIG in the second message. + */ + tsigowner = NULL; + assert_true(dns_message_gettsig(msg, &tsigowner) == NULL); + + tsigctx = msg->tsigctx; + msg->tsigctx = NULL; + isc_buffer_free(&buf); + dns_message_detach(&msg); + + /* + * Create response message 3. + */ + isc_buffer_allocate(dt_mctx, &buf, 65535); + render(buf, DNS_MESSAGEFLAG_QR, key, &tsigout, &tsigout, outctx); + + result = add_tsig(outctx, key, buf); + assert_int_equal(result, ISC_R_SUCCESS); + + /* + * Process response message 3. + */ + dns_message_create(dt_mctx, DNS_MESSAGE_INTENTPARSE, &msg); + assert_non_null(msg); + + msg->tcp_continuation = 1; + msg->tsigctx = tsigctx; + tsigctx = NULL; + + result = dns_message_settsigkey(msg, key); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_message_parse(msg, buf, 0); + assert_int_equal(result, ISC_R_SUCCESS); + + printmessage(msg); + + /* + * Check that we had a TSIG in the third message. + */ + assert_non_null(dns_message_gettsig(msg, &tsigowner)); + + result = dns_message_setquerytsig(msg, tsigin); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_tsig_verify(buf, msg, NULL, NULL); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(msg->verified_sig, 1); + assert_int_equal(msg->tsigstatus, dns_rcode_noerror); + + if (tsigin != NULL) { + isc_buffer_free(&tsigin); + } + + result = dns_message_getquerytsig(msg, dt_mctx, &tsigin); + assert_int_equal(result, ISC_R_SUCCESS); + + isc_buffer_free(&buf); + dns_message_detach(&msg); + + if (outctx != NULL) { + dst_context_destroy(&outctx); + } + if (querytsig != NULL) { + isc_buffer_free(&querytsig); + } + if (tsigin != NULL) { + isc_buffer_free(&tsigin); + } + if (tsigout != NULL) { + isc_buffer_free(&tsigout); + } + dns_tsigkey_detach(&key); + if (ring != NULL) { + dns_tsigkeyring_detach(&ring); + } +} + +/* Tests the dns__tsig_algvalid function */ +static void +algvalid_test(void **state) { + UNUSED(state); + + assert_true(dns__tsig_algvalid(DST_ALG_HMACMD5)); + + assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA1)); + assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA224)); + assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA256)); + assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA384)); + assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA512)); + + assert_false(dns__tsig_algvalid(DST_ALG_GSSAPI)); +} + +/* Tests the dns__tsig_algfromname function */ +static void +algfromname_test(void **state) { + UNUSED(state); + + assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACMD5_NAME), + DST_ALG_HMACMD5); + assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA1_NAME), + DST_ALG_HMACSHA1); + assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA224_NAME), + DST_ALG_HMACSHA224); + assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA256_NAME), + DST_ALG_HMACSHA256); + assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA384_NAME), + DST_ALG_HMACSHA384); + assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA512_NAME), + DST_ALG_HMACSHA512); + + assert_int_equal(dns__tsig_algfromname(DNS_TSIG_GSSAPI_NAME), + DST_ALG_GSSAPI); + assert_int_equal(dns__tsig_algfromname(DNS_TSIG_GSSAPIMS_NAME), + DST_ALG_GSSAPI); + + assert_int_equal(dns__tsig_algfromname(dns_rootname), 0); +} + +/* Tests the dns__tsig_algnamefromname function */ + +/* + * Helper function to create a dns_name_t from a string and see if + * the dns__tsig_algnamefromname function can correctly match it against the + * static table of known algorithms. + */ +static void +test_name(const char *name_string, const dns_name_t *expected) { + dns_name_t name; + dns_name_init(&name, NULL); + assert_int_equal(dns_name_fromstring(&name, name_string, 0, dt_mctx), + ISC_R_SUCCESS); + assert_ptr_equal(dns__tsig_algnamefromname(&name), expected); + dns_name_free(&name, dt_mctx); +} + +static void +algnamefromname_test(void **state) { + UNUSED(state); + + /* test the standard algorithms */ + test_name("hmac-md5.sig-alg.reg.int", DNS_TSIG_HMACMD5_NAME); + test_name("hmac-sha1", DNS_TSIG_HMACSHA1_NAME); + test_name("hmac-sha224", DNS_TSIG_HMACSHA224_NAME); + test_name("hmac-sha256", DNS_TSIG_HMACSHA256_NAME); + test_name("hmac-sha384", DNS_TSIG_HMACSHA384_NAME); + test_name("hmac-sha512", DNS_TSIG_HMACSHA512_NAME); + + test_name("gss-tsig", DNS_TSIG_GSSAPI_NAME); + test_name("gss.microsoft.com", DNS_TSIG_GSSAPIMS_NAME); + + /* try another name that isn't a standard algorithm name */ + assert_null(dns__tsig_algnamefromname(dns_rootname)); +} + +/* Tests the dns__tsig_algallocated function */ +static void +algallocated_test(void **state) { + UNUSED(state); + + /* test the standard algorithms */ + assert_false(dns__tsig_algallocated(DNS_TSIG_HMACMD5_NAME)); + assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA1_NAME)); + assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA224_NAME)); + assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA256_NAME)); + assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA384_NAME)); + assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA512_NAME)); + + assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA512_NAME)); + assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA512_NAME)); + + /* try another name that isn't a standard algorithm name */ + assert_true(dns__tsig_algallocated(dns_rootname)); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(tsig_tcp_test, _setup, + _teardown), + cmocka_unit_test(algvalid_test), + cmocka_unit_test(algfromname_test), + cmocka_unit_test_setup_teardown(algnamefromname_test, _setup, + _teardown), + cmocka_unit_test(algallocated_test), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/update_test.c b/lib/dns/tests/update_test.c new file mode 100644 index 0000000..bc792a1 --- /dev/null +++ b/lib/dns/tests/update_test.c @@ -0,0 +1,381 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <inttypes.h> +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <time.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/serial.h> +#include <isc/stdtime.h> +#include <isc/util.h> + +#include <dns/update.h> + +#include "dnstest.h" + +/* + * Fix the linking order problem for overridden isc_stdtime_get() by making + * everything local. This also allows static functions from update.c to be + * tested. + */ +#include "../update.c" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + setenv("TZ", "", 1); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static uint32_t mystdtime; + +static void +set_mystdtime(int year, int month, int day) { + struct tm tm; + + memset(&tm, 0, sizeof(tm)); + tm.tm_year = year - 1900; + tm.tm_mon = month - 1; + tm.tm_mday = day; + mystdtime = timegm(&tm); +} + +/* + * Override isc_stdtime_get() from lib/isc/[unix/win32]/stdtime.c + * with our own for testing purposes. + */ +void +isc_stdtime_get(isc_stdtime_t *now) { + *now = mystdtime; +} + +/* + * Because update_test.o requires dns_update_*() symbols, the linker is able + * to resolve them using libdns.a(update.o). That object has other symbol + * dependencies (dst_key_*()), so it pulls libdns.a(dst_api.o). + * That object file requires the isc_stdtime_tostring() symbol. + * + * Define a local version here so that we don't have to depend on + * libisc.a(stdtime.o). If isc_stdtime_tostring() would be left undefined, + * the linker has to get the required object file, and that will result in a + * multiple definition error because the isc_stdtime_get() symbol exported + * there is already in the exported list. + */ +void +isc_stdtime_tostring(isc_stdtime_t t, char *out, size_t outlen) { + UNUSED(t); + UNUSED(out); + UNUSED(outlen); +} + +/* simple increment by 1 */ +static void +increment_test(void **state) { + uint32_t old = 50; + uint32_t serial; + + UNUSED(state); + + serial = dns_update_soaserial(old, dns_updatemethod_increment, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, 51); +} + +/* increment past zero, 0xfffffffff -> 1 */ +static void +increment_past_zero_test(void **state) { + uint32_t old = 0xffffffffu; + uint32_t serial; + + UNUSED(state); + + serial = dns_update_soaserial(old, dns_updatemethod_increment, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, 1u); +} + +/* past to unixtime */ +static void +past_to_unix_test(void **state) { + uint32_t old; + uint32_t serial; + + UNUSED(state); + + set_mystdtime(2011, 6, 22); + old = mystdtime - 1; + + serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, mystdtime); +} + +/* now to unixtime */ +static void +now_to_unix_test(void **state) { + uint32_t old; + uint32_t serial; + + UNUSED(state); + + set_mystdtime(2011, 6, 22); + old = mystdtime; + + serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, old + 1); +} + +/* future to unixtime */ +static void +future_to_unix_test(void **state) { + uint32_t old; + uint32_t serial; + + UNUSED(state); + + set_mystdtime(2011, 6, 22); + old = mystdtime + 1; + + serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, old + 1); +} + +/* undefined plus 1 to unixtime */ +static void +undefined_plus1_to_unix_test(void **state) { + uint32_t old; + uint32_t serial; + + UNUSED(state); + + set_mystdtime(2011, 6, 22); + old = mystdtime ^ 0x80000000u; + old += 1; + + serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, mystdtime); +} + +/* undefined minus 1 to unixtime */ +static void +undefined_minus1_to_unix_test(void **state) { + uint32_t old; + uint32_t serial; + + UNUSED(state); + + set_mystdtime(2011, 6, 22); + old = mystdtime ^ 0x80000000u; + old -= 1; + + serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, old + 1); +} + +/* undefined to unixtime */ +static void +undefined_to_unix_test(void **state) { + uint32_t old; + uint32_t serial; + + UNUSED(state); + + set_mystdtime(2011, 6, 22); + old = mystdtime ^ 0x80000000u; + + serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, old + 1); +} + +/* handle unixtime being zero */ +static void +unixtime_zero_test(void **state) { + uint32_t old; + uint32_t serial; + + UNUSED(state); + + mystdtime = 0; + old = 0xfffffff0; + + serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, old + 1); +} + +/* past to date */ +static void +past_to_date_test(void **state) { + uint32_t old, serial; + dns_updatemethod_t used = dns_updatemethod_none; + + UNUSED(state); + + set_mystdtime(2014, 3, 31); + old = dns_update_soaserial(0, dns_updatemethod_date, NULL); + set_mystdtime(2014, 4, 1); + + serial = dns_update_soaserial(old, dns_updatemethod_date, &used); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, 2014040100); + assert_int_equal(dns_updatemethod_date, used); +} + +/* now to date */ +static void +now_to_date_test(void **state) { + uint32_t old; + uint32_t serial; + dns_updatemethod_t used = dns_updatemethod_none; + + UNUSED(state); + + set_mystdtime(2014, 4, 1); + old = dns_update_soaserial(0, dns_updatemethod_date, NULL); + + serial = dns_update_soaserial(old, dns_updatemethod_date, &used); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, 2014040101); + assert_int_equal(dns_updatemethod_date, used); + + old = 2014040198; + serial = dns_update_soaserial(old, dns_updatemethod_date, &used); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, 2014040199); + assert_int_equal(dns_updatemethod_date, used); + + /* + * Stealing from "tomorrow". + */ + old = 2014040199; + serial = dns_update_soaserial(old, dns_updatemethod_date, &used); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, 2014040200); + assert_int_equal(dns_updatemethod_increment, used); +} + +/* future to date */ +static void +future_to_date_test(void **state) { + uint32_t old; + uint32_t serial; + dns_updatemethod_t used = dns_updatemethod_none; + + UNUSED(state); + + set_mystdtime(2014, 4, 1); + old = dns_update_soaserial(0, dns_updatemethod_date, NULL); + set_mystdtime(2014, 3, 31); + + serial = dns_update_soaserial(old, dns_updatemethod_date, &used); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, 2014040101); + assert_int_equal(dns_updatemethod_increment, used); + + old = serial; + serial = dns_update_soaserial(old, dns_updatemethod_date, &used); + assert_true(isc_serial_lt(old, serial)); + assert_int_not_equal(serial, 0); + assert_int_equal(serial, 2014040102); + assert_int_equal(dns_updatemethod_increment, used); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(increment_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(increment_past_zero_test, + _setup, _teardown), + cmocka_unit_test_setup_teardown(past_to_unix_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(now_to_unix_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(future_to_unix_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(undefined_to_unix_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(undefined_plus1_to_unix_test, + _setup, _teardown), + cmocka_unit_test_setup_teardown(undefined_minus1_to_unix_test, + _setup, _teardown), + cmocka_unit_test_setup_teardown(unixtime_zero_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(past_to_date_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(now_to_date_test, _setup, + _teardown), + cmocka_unit_test_setup_teardown(future_to_date_test, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/zonemgr_test.c b/lib/dns/tests/zonemgr_test.c new file mode 100644 index 0000000..3424342 --- /dev/null +++ b/lib/dns/tests/zonemgr_test.c @@ -0,0 +1,265 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/buffer.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <dns/name.h> +#include <dns/view.h> +#include <dns/zone.h> + +#include "dnstest.h" + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, true); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +/* create zone manager */ +static void +zonemgr_create(void **state) { + dns_zonemgr_t *myzonemgr = NULL; + isc_result_t result; + + UNUSED(state); + + result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr, + &myzonemgr); + assert_int_equal(result, ISC_R_SUCCESS); + + dns_zonemgr_shutdown(myzonemgr); + dns_zonemgr_detach(&myzonemgr); + assert_null(myzonemgr); +} + +/* manage and release a zone */ +static void +zonemgr_managezone(void **state) { + dns_zonemgr_t *myzonemgr = NULL; + dns_zone_t *zone = NULL; + isc_result_t result; + + UNUSED(state); + + result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr, + &myzonemgr); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_test_makezone("foo", &zone, NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + /* This should not succeed until the dns_zonemgr_setsize() is run */ + result = dns_zonemgr_managezone(myzonemgr, zone); + assert_int_equal(result, ISC_R_FAILURE); + + assert_int_equal(dns_zonemgr_getcount(myzonemgr, DNS_ZONESTATE_ANY), 0); + + result = dns_zonemgr_setsize(myzonemgr, 1); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Now it should succeed */ + result = dns_zonemgr_managezone(myzonemgr, zone); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_int_equal(dns_zonemgr_getcount(myzonemgr, DNS_ZONESTATE_ANY), 1); + + dns_zonemgr_releasezone(myzonemgr, zone); + dns_zone_detach(&zone); + + assert_int_equal(dns_zonemgr_getcount(myzonemgr, DNS_ZONESTATE_ANY), 0); + + dns_zonemgr_shutdown(myzonemgr); + dns_zonemgr_detach(&myzonemgr); + assert_null(myzonemgr); +} + +/* create and release a zone */ +static void +zonemgr_createzone(void **state) { + dns_zonemgr_t *myzonemgr = NULL; + dns_zone_t *zone = NULL; + isc_result_t result; + + UNUSED(state); + + result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr, + &myzonemgr); + assert_int_equal(result, ISC_R_SUCCESS); + + /* This should not succeed until the dns_zonemgr_setsize() is run */ + result = dns_zonemgr_createzone(myzonemgr, &zone); + assert_int_equal(result, ISC_R_FAILURE); + + result = dns_zonemgr_setsize(myzonemgr, 1); + assert_int_equal(result, ISC_R_SUCCESS); + + /* Now it should succeed */ + result = dns_zonemgr_createzone(myzonemgr, &zone); + assert_int_equal(result, ISC_R_SUCCESS); + assert_non_null(zone); + + if (zone != NULL) { + dns_zone_detach(&zone); + } + + dns_zonemgr_shutdown(myzonemgr); + dns_zonemgr_detach(&myzonemgr); + assert_null(myzonemgr); +} + +/* manage and release a zone */ +static void +zonemgr_unreachable(void **state) { + dns_zonemgr_t *myzonemgr = NULL; + dns_zone_t *zone = NULL; + isc_sockaddr_t addr1, addr2; + struct in_addr in; + isc_result_t result; + isc_time_t now; + + UNUSED(state); + + TIME_NOW(&now); + + result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr, + &myzonemgr); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_test_makezone("foo", &zone, NULL, false); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_zonemgr_setsize(myzonemgr, 1); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_zonemgr_managezone(myzonemgr, zone); + assert_int_equal(result, ISC_R_SUCCESS); + + in.s_addr = inet_addr("10.53.0.1"); + isc_sockaddr_fromin(&addr1, &in, 2112); + in.s_addr = inet_addr("10.53.0.2"); + isc_sockaddr_fromin(&addr2, &in, 5150); + assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now)); + /* + * We require multiple unreachableadd calls to mark a server as + * unreachable. + */ + dns_zonemgr_unreachableadd(myzonemgr, &addr1, &addr2, &now); + assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now)); + dns_zonemgr_unreachableadd(myzonemgr, &addr1, &addr2, &now); + assert_true(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now)); + + in.s_addr = inet_addr("10.53.0.3"); + isc_sockaddr_fromin(&addr2, &in, 5150); + assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now)); + /* + * We require multiple unreachableadd calls to mark a server as + * unreachable. + */ + dns_zonemgr_unreachableadd(myzonemgr, &addr1, &addr2, &now); + dns_zonemgr_unreachableadd(myzonemgr, &addr1, &addr2, &now); + assert_true(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now)); + + dns_zonemgr_unreachabledel(myzonemgr, &addr1, &addr2); + assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now)); + + in.s_addr = inet_addr("10.53.0.2"); + isc_sockaddr_fromin(&addr2, &in, 5150); + assert_true(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now)); + dns_zonemgr_unreachabledel(myzonemgr, &addr1, &addr2); + assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now)); + + dns_zonemgr_releasezone(myzonemgr, zone); + dns_zone_detach(&zone); + dns_zonemgr_shutdown(myzonemgr); + dns_zonemgr_detach(&myzonemgr); + assert_null(myzonemgr); +} + +/* + * XXX: + * dns_zonemgr API calls that are not yet part of this unit test: + * + * - dns_zonemgr_attach + * - dns_zonemgr_forcemaint + * - dns_zonemgr_resumexfrs + * - dns_zonemgr_shutdown + * - dns_zonemgr_setsize + * - dns_zonemgr_settransfersin + * - dns_zonemgr_getttransfersin + * - dns_zonemgr_settransfersperns + * - dns_zonemgr_getttransfersperns + * - dns_zonemgr_setiolimit + * - dns_zonemgr_getiolimit + * - dns_zonemgr_dbdestroyed + * - dns_zonemgr_setserialqueryrate + * - dns_zonemgr_getserialqueryrate + */ + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(zonemgr_create, _setup, + _teardown), + cmocka_unit_test_setup_teardown(zonemgr_managezone, _setup, + _teardown), + cmocka_unit_test_setup_teardown(zonemgr_createzone, _setup, + _teardown), + cmocka_unit_test_setup_teardown(zonemgr_unreachable, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ diff --git a/lib/dns/tests/zt_test.c b/lib/dns/tests/zt_test.c new file mode 100644 index 0000000..e79adb2 --- /dev/null +++ b/lib/dns/tests/zt_test.c @@ -0,0 +1,376 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#if HAVE_CMOCKA + +#include <sched.h> /* IWYU pragma: keep */ +#include <setjmp.h> +#include <stdarg.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define UNIT_TESTING +#include <cmocka.h> + +#include <isc/app.h> +#include <isc/atomic.h> +#include <isc/buffer.h> +#include <isc/print.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <dns/db.h> +#include <dns/name.h> +#include <dns/view.h> +#include <dns/zone.h> +#include <dns/zt.h> + +#include "dnstest.h" + +struct args { + void *arg1; + void *arg2; + bool arg3; +}; + +static int +_setup(void **state) { + isc_result_t result; + + UNUSED(state); + + result = dns_test_begin(NULL, true); + assert_int_equal(result, ISC_R_SUCCESS); + + return (0); +} + +static int +_teardown(void **state) { + UNUSED(state); + + dns_test_end(); + + return (0); +} + +static isc_result_t +count_zone(dns_zone_t *zone, void *uap) { + int *nzones = (int *)uap; + + UNUSED(zone); + + *nzones += 1; + return (ISC_R_SUCCESS); +} + +static isc_result_t +load_done(dns_zt_t *zt, dns_zone_t *zone, isc_task_t *task) { + /* We treat zt as a pointer to a boolean for testing purposes */ + atomic_bool *done = (atomic_bool *)zt; + + UNUSED(zone); + UNUSED(task); + + atomic_store(done, true); + isc_app_shutdown(); + return (ISC_R_SUCCESS); +} + +static isc_result_t +all_done(void *arg) { + atomic_bool *done = (atomic_bool *)arg; + + atomic_store(done, true); + isc_app_shutdown(); + return (ISC_R_SUCCESS); +} + +static void +start_zt_asyncload(isc_task_t *task, isc_event_t *event) { + struct args *args = (struct args *)(event->ev_arg); + + UNUSED(task); + + dns_zt_asyncload(args->arg1, false, all_done, args->arg2); + + isc_event_free(&event); +} + +static void +start_zone_asyncload(isc_task_t *task, isc_event_t *event) { + struct args *args = (struct args *)(event->ev_arg); + + UNUSED(task); + + dns_zone_asyncload(args->arg1, args->arg3, load_done, args->arg2); + isc_event_free(&event); +} + +/* apply a function to a zone table */ +static void +apply(void **state) { + isc_result_t result; + dns_zone_t *zone = NULL; + dns_view_t *view = NULL; + int nzones = 0; + + UNUSED(state); + + result = dns_test_makezone("foo", &zone, NULL, true); + assert_int_equal(result, ISC_R_SUCCESS); + + view = dns_zone_getview(zone); + assert_non_null(view->zonetable); + + assert_int_equal(nzones, 0); + result = dns_zt_apply(view->zonetable, isc_rwlocktype_read, false, NULL, + count_zone, &nzones); + assert_int_equal(result, ISC_R_SUCCESS); + assert_int_equal(nzones, 1); + + /* These steps are necessary so the zone can be detached properly */ + result = dns_test_setupzonemgr(); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_test_managezone(zone); + assert_int_equal(result, ISC_R_SUCCESS); + dns_test_releasezone(zone); + dns_test_closezonemgr(); + + /* The view was left attached in dns_test_makezone() */ + dns_view_detach(&view); + dns_zone_detach(&zone); +} + +/* asynchronous zone load */ +static void +asyncload_zone(void **state) { + isc_result_t result; + int n; + dns_zone_t *zone = NULL; + dns_view_t *view = NULL; + dns_db_t *db = NULL; + FILE *zonefile, *origfile; + char buf[4096]; + atomic_bool done; + int i = 0; + struct args args; + + UNUSED(state); + + atomic_init(&done, false); + + result = dns_test_makezone("foo", &zone, NULL, true); + assert_int_equal(result, ISC_R_SUCCESS); + + result = dns_test_setupzonemgr(); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_test_managezone(zone); + assert_int_equal(result, ISC_R_SUCCESS); + + view = dns_zone_getview(zone); + assert_non_null(view->zonetable); + + assert_false(dns__zone_loadpending(zone)); + assert_false(atomic_load(&done)); + zonefile = fopen("./zone.data", "wb"); + assert_non_null(zonefile); + origfile = fopen("./testdata/zt/zone1.db", "r+b"); + assert_non_null(origfile); + n = fread(buf, 1, 4096, origfile); + fclose(origfile); + fwrite(buf, 1, n, zonefile); + fflush(zonefile); + + dns_zone_setfile(zone, "./zone.data", dns_masterformat_text, + &dns_master_style_default); + + args.arg1 = zone; + args.arg2 = &done; + args.arg3 = false; + isc_app_onrun(dt_mctx, maintask, start_zone_asyncload, &args); + + isc_app_run(); + while (dns__zone_loadpending(zone) && i++ < 5000) { + dns_test_nap(1000); + } + assert_true(atomic_load(&done)); + /* The zone should now be loaded; test it */ + result = dns_zone_getdb(zone, &db); + assert_int_equal(result, ISC_R_SUCCESS); + dns_db_detach(&db); + /* + * Add something to zone file, reload zone with newonly - it should + * not be reloaded. + */ + fprintf(zonefile, "\nb in b 1.2.3.4\n"); + fflush(zonefile); + fclose(zonefile); + + args.arg1 = zone; + args.arg2 = &done; + args.arg3 = true; + isc_app_onrun(dt_mctx, maintask, start_zone_asyncload, &args); + + isc_app_run(); + + while (dns__zone_loadpending(zone) && i++ < 5000) { + dns_test_nap(1000); + } + assert_true(atomic_load(&done)); + /* The zone should now be loaded; test it */ + result = dns_zone_getdb(zone, &db); + assert_int_equal(result, ISC_R_SUCCESS); + dns_db_detach(&db); + + /* Now reload it without newonly - it should be reloaded */ + args.arg1 = zone; + args.arg2 = &done; + args.arg3 = false; + isc_app_onrun(dt_mctx, maintask, start_zone_asyncload, &args); + + isc_app_run(); + + while (dns__zone_loadpending(zone) && i++ < 5000) { + dns_test_nap(1000); + } + assert_true(atomic_load(&done)); + /* The zone should now be loaded; test it */ + result = dns_zone_getdb(zone, &db); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_non_null(db); + if (db != NULL) { + dns_db_detach(&db); + } + + dns_test_releasezone(zone); + dns_test_closezonemgr(); + + dns_zone_detach(&zone); + dns_view_detach(&view); +} + +/* asynchronous zone table load */ +static void +asyncload_zt(void **state) { + isc_result_t result; + dns_zone_t *zone1 = NULL, *zone2 = NULL, *zone3 = NULL; + dns_view_t *view; + dns_zt_t *zt = NULL; + dns_db_t *db = NULL; + atomic_bool done; + int i = 0; + struct args args; + + UNUSED(state); + + atomic_init(&done, false); + + result = dns_test_makezone("foo", &zone1, NULL, true); + assert_int_equal(result, ISC_R_SUCCESS); + dns_zone_setfile(zone1, "testdata/zt/zone1.db", dns_masterformat_text, + &dns_master_style_default); + view = dns_zone_getview(zone1); + + result = dns_test_makezone("bar", &zone2, view, false); + assert_int_equal(result, ISC_R_SUCCESS); + dns_zone_setfile(zone2, "testdata/zt/zone1.db", dns_masterformat_text, + &dns_master_style_default); + + /* This one will fail to load */ + result = dns_test_makezone("fake", &zone3, view, false); + assert_int_equal(result, ISC_R_SUCCESS); + dns_zone_setfile(zone3, "testdata/zt/nonexistent.db", + dns_masterformat_text, &dns_master_style_default); + + zt = view->zonetable; + assert_non_null(zt); + + result = dns_test_setupzonemgr(); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_test_managezone(zone1); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_test_managezone(zone2); + assert_int_equal(result, ISC_R_SUCCESS); + result = dns_test_managezone(zone3); + assert_int_equal(result, ISC_R_SUCCESS); + + assert_false(dns__zone_loadpending(zone1)); + assert_false(dns__zone_loadpending(zone2)); + assert_false(atomic_load(&done)); + + args.arg1 = zt; + args.arg2 = &done; + isc_app_onrun(dt_mctx, maintask, start_zt_asyncload, &args); + + isc_app_run(); + while (!atomic_load(&done) && i++ < 5000) { + dns_test_nap(1000); + } + assert_true(atomic_load(&done)); + + /* Both zones should now be loaded; test them */ + result = dns_zone_getdb(zone1, &db); + assert_int_equal(result, ISC_R_SUCCESS); + assert_non_null(db); + if (db != NULL) { + dns_db_detach(&db); + } + + result = dns_zone_getdb(zone2, &db); + assert_int_equal(result, ISC_R_SUCCESS); + assert_non_null(db); + if (db != NULL) { + dns_db_detach(&db); + } + + dns_test_releasezone(zone3); + dns_test_releasezone(zone2); + dns_test_releasezone(zone1); + dns_test_closezonemgr(); + + dns_zone_detach(&zone1); + dns_zone_detach(&zone2); + dns_zone_detach(&zone3); + dns_view_detach(&view); +} + +int +main(void) { + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(apply, _setup, _teardown), + cmocka_unit_test_setup_teardown(asyncload_zone, _setup, + _teardown), + cmocka_unit_test_setup_teardown(asyncload_zt, _setup, + _teardown), + }; + + return (cmocka_run_group_tests(tests, NULL, NULL)); +} + +#else /* HAVE_CMOCKA */ + +#include <stdio.h> + +int +main(void) { + printf("1..0 # Skipped: cmocka not available\n"); + return (SKIPPED_TEST_EXIT_CODE); +} + +#endif /* if HAVE_CMOCKA */ |