summaryrefslogtreecommitdiffstats
path: root/daemon/cache.test/insert_ns.test.integr
diff options
context:
space:
mode:
Diffstat (limited to 'daemon/cache.test/insert_ns.test.integr')
-rw-r--r--daemon/cache.test/insert_ns.test.integr/deckard.yaml14
-rw-r--r--daemon/cache.test/insert_ns.test.integr/kresd_config.j289
-rw-r--r--daemon/cache.test/insert_ns.test.integr/nondelegated_auth.rpl59
3 files changed, 162 insertions, 0 deletions
diff --git a/daemon/cache.test/insert_ns.test.integr/deckard.yaml b/daemon/cache.test/insert_ns.test.integr/deckard.yaml
new file mode 100644
index 0000000..7f99679
--- /dev/null
+++ b/daemon/cache.test/insert_ns.test.integr/deckard.yaml
@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+programs:
+- name: kresd
+ binary: kresd
+ additional:
+ - --noninteractive
+ templates:
+ - daemon/cache.test/insert_ns.test.integr/kresd_config.j2
+ - tests/integration/hints_zone.j2
+ configs:
+ - config
+ - hints
+noclean: True
diff --git a/daemon/cache.test/insert_ns.test.integr/kresd_config.j2 b/daemon/cache.test/insert_ns.test.integr/kresd_config.j2
new file mode 100644
index 0000000..6da4f4f
--- /dev/null
+++ b/daemon/cache.test/insert_ns.test.integr/kresd_config.j2
@@ -0,0 +1,89 @@
+-- SPDX-License-Identifier: GPL-3.0-or-later
+
+{% for TAF in TRUST_ANCHOR_FILES %}
+trust_anchors.add_file('{{TAF}}')
+{% endfor %}
+
+{% raw %}
+-- insert NS record pointing to a non-delegated DNS server
+cache.open(1*MB)
+cache.clear()
+trust_anchors.remove('.')
+
+local ffi = require('ffi')
+local c = kres.context().cache
+ns_name = todname('ns.example.com')
+local ns_addr = '\1\2\3\4'
+local rr = kres.rrset(ns_name, kres.type.A, kres.class.IN, 3600999999)
+assert(rr:add_rdata(ns_addr, #ns_addr))
+assert(c:insert(rr, nil, ffi.C.KR_RANK_SECURE))
+
+rr_ns = kres.rrset(todname('example.com'), kres.type.NS, kres.class.IN, 3600)
+assert(rr_ns:add_rdata(ns_name, #ns_name))
+assert(c:insert(rr_ns, nil, bit.bor(ffi.C.KR_RANK_AUTH, ffi.C.KR_RANK_INSECURE)))
+
+c:commit()
+assert(cache.count() > 0)
+
+-- from now on queries for domain example.com should go directly to IP addr 1.2.3.4
+
+-- Disable RFC5011 TA update
+if ta_update then
+ modules.unload('ta_update')
+end
+
+-- Disable RFC8145 signaling, scenario doesn't provide expected answers
+if ta_signal_query then
+ modules.unload('ta_signal_query')
+end
+
+-- Disable RFC8109 priming, scenario doesn't provide expected answers
+if priming then
+ modules.unload('priming')
+end
+
+-- Disable this module because it makes one priming query
+if detect_time_skew then
+ modules.unload('detect_time_skew')
+end
+
+_hint_root_file('hints')
+verbose(true)
+{% endraw %}
+
+net = { '{{SELF_ADDR}}' }
+
+{% if DO_IP6 == "true" %}
+net.ipv6 = true
+{% else %}
+net.ipv6 = false
+{% endif %}
+
+{% if DO_IP4 == "true" %}
+net.ipv4 = true
+{% else %}
+net.ipv4 = false
+{% endif %}
+
+{% if QMIN == "false" %}
+option('NO_MINIMIZE', true)
+{% else %}
+option('NO_MINIMIZE', false)
+{% endif %}
+
+
+-- Self-checks on globals
+assert(help() ~= nil)
+assert(worker.id ~= nil)
+-- Self-checks on facilities
+assert(cache.stats() ~= nil)
+assert(cache.backends() ~= nil)
+assert(worker.stats() ~= nil)
+assert(net.interfaces() ~= nil)
+-- Self-checks on loaded stuff
+assert(net.list()[1].transport.ip == '{{SELF_ADDR}}')
+assert(#modules.list() > 0)
+-- Self-check timers
+ev = event.recurrent(1 * sec, function (ev) return 1 end)
+event.cancel(ev)
+ev = event.after(0, function (ev) return 1 end)
diff --git a/daemon/cache.test/insert_ns.test.integr/nondelegated_auth.rpl b/daemon/cache.test/insert_ns.test.integr/nondelegated_auth.rpl
new file mode 100644
index 0000000..6a0a32a
--- /dev/null
+++ b/daemon/cache.test/insert_ns.test.integr/nondelegated_auth.rpl
@@ -0,0 +1,59 @@
+; SPDX-License-Identifier: GPL-3.0-or-later
+; config options
+; target-fetch-policy: "0 0 0 0 0"
+; name: "."
+ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+ do-ip6: no
+CONFIG_END
+
+SCENARIO_BEGIN Delegation explicitly added into cache must be followed
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH flags rcode question
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+ENTRY_END
+
+SCENARIO_END