1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
const override = Cc["@mozilla.org/network/native-dns-override;1"].getService(
Ci.nsINativeDNSResolverOverride
);
function setup() {
trr_test_setup();
Services.prefs.setBoolPref("network.trr.temp_blocklist", true);
}
setup();
// Waits until a predicate returns true or re-tries the predicate calls
// |retry| times, we wait for 100ms between each calls.
async function waitUntil(predicate, retry = 20) {
let count = 0;
while (count++ < retry) {
if (await predicate()) {
return true;
}
// Wait for 100 milliseconds.
await new Promise(resolve => do_timeout(100, resolve));
}
// Timed out after trying too many times.
return false;
}
add_task(async function checkBlocklisting() {
let trrServer = new TRRServer();
registerCleanupFunction(async () => {
await trrServer.stop();
});
await trrServer.start();
info(`port = ${trrServer.port()}\n`);
Services.dns.clearCache(true);
Services.prefs.setCharPref(
"network.trr.uri",
`https://foo.example.com:${trrServer.port()}/dns-query`
);
Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRFIRST);
await trrServer.registerDoHAnswers("top.test.com", "NS", {});
override.addIPOverride("sub.top.test.com", "2.2.2.2");
override.addIPOverride("sub2.top.test.com", "2.2.2.2");
await new TRRDNSListener("sub.top.test.com", {
expectedAnswer: "2.2.2.2",
});
equal(await trrServer.requestCount("sub.top.test.com", "A"), 1);
// Clear the cache so that we need to consult the blocklist and not simply
// return the cached DNS record.
Services.dns.clearCache(true);
await new TRRDNSListener("sub.top.test.com", {
expectedAnswer: "2.2.2.2",
});
equal(
await trrServer.requestCount("sub.top.test.com", "A"),
1,
"Request should go directly to native because result is still in blocklist"
);
// XXX(valentin): if this ever starts intermittently failing we need to add
// a sleep here. But the check for the parent NS should normally complete
// before the second subdomain request.
equal(
await trrServer.requestCount("top.test.com", "NS"),
1,
"Should have checked parent domain"
);
await new TRRDNSListener("sub2.top.test.com", {
expectedAnswer: "2.2.2.2",
});
equal(await trrServer.requestCount("sub2.top.test.com", "A"), 0);
// The blocklist should instantly expire.
Services.prefs.setIntPref("network.trr.temp_blocklist_duration_sec", 0);
Services.dns.clearCache(true);
await new TRRDNSListener("sub.top.test.com", {
expectedAnswer: "2.2.2.2",
});
// blocklist expired. Do another check.
equal(
await trrServer.requestCount("sub.top.test.com", "A"),
2,
"We should do another TRR request because the bloclist expired"
);
});
add_task(async function test_blocklist_cname() {
let trrServer = new TRRServer();
registerCleanupFunction(async () => {
await trrServer.stop();
});
await trrServer.start();
info(`port = ${trrServer.port()}\n`);
Services.dns.clearCache(true);
Services.prefs.setCharPref(
"network.trr.uri",
`https://foo.example.com:${trrServer.port()}/dns-query`
);
Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRFIRST);
await trrServer.registerDoHAnswers(`top.test.com`, "NS", {
answers: [
{
name: "top.test.com",
ttl: 55,
type: "CNAME",
flush: false,
data: "other.foo",
},
],
});
await trrServer.registerDoHAnswers(`other.foo`, "NS", {
answers: [
{
name: "other.foo",
ttl: 55,
type: "NS",
flush: false,
data: "ns.other.foo",
},
],
});
override.addIPOverride("sub.top.test.com", "2.2.2.2");
await new TRRDNSListener("sub.top.test.com", {
expectedAnswer: "2.2.2.2",
});
await waitUntil(async () => {
return (await trrServer.requestCount("top.test.com", "NS")) == 1;
});
});
|
