From aaf81ca6ef0a4b3725de9f41efa3f442a6de1c85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 29 May 2019 11:05:01 +0200 Subject: [PATCH] Use +dnssec instead of separate TXT records When testing named instances which are configured to drop outgoing UDP responses larger than 512 bytes, querying with DO=1 may be used instead of querying for large TXT records as the effect achieved will be identical: an unsigned response for a SOA query will be below 512 bytes in size while a signed response for the same query will be over 512 bytes in size. Doing this makes all resolution checks in the "legacy" system test more similar. Add checks for the TC flag being set in UDP responses which are expected to be truncated to further make sure that tested named instances behave as expected. --- bin/tests/system/legacy/ns6/edns512.db.in | 12 ------------ bin/tests/system/legacy/ns7/edns512-notcp.db.in | 12 ------------ bin/tests/system/legacy/tests.sh | 16 +++++++++------- 3 files changed, 9 insertions(+), 31 deletions(-) diff --git a/bin/tests/system/legacy/ns6/edns512.db.in b/bin/tests/system/legacy/ns6/edns512.db.in index 6da723f180..8afe499c00 100644 --- a/bin/tests/system/legacy/ns6/edns512.db.in +++ b/bin/tests/system/legacy/ns6/edns512.db.in @@ -10,15 +10,3 @@ @ 60 SOA ns marka.isc.org. 1 0 0 0 0 @ 60 NS ns ns 60 A 10.53.0.6 -txt500 60 TXT ( "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" ) diff --git a/bin/tests/system/legacy/ns7/edns512-notcp.db.in b/bin/tests/system/legacy/ns7/edns512-notcp.db.in index 007eefca61..646d488e1a 100644 --- a/bin/tests/system/legacy/ns7/edns512-notcp.db.in +++ b/bin/tests/system/legacy/ns7/edns512-notcp.db.in @@ -10,15 +10,3 @@ @ 60 SOA ns marka.isc.org. 1 0 0 0 0 @ 60 NS ns ns 60 A 10.53.0.7 -txt500 60 TXT ( "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" - "01234567890123456789012345678901234567890123456789" ) diff --git a/bin/tests/system/legacy/tests.sh b/bin/tests/system/legacy/tests.sh index 742a6a43a1..5a7da20963 100755 --- a/bin/tests/system/legacy/tests.sh +++ b/bin/tests/system/legacy/tests.sh @@ -159,17 +159,18 @@ $DIG $DIGOPTS +edns @10.53.0.6 edns512 soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +edns +tcp @10.53.0.6 edns512 soa > dig.out.2.test$n || ret=1 grep "status: NOERROR" dig.out.2.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns @10.53.0.6 txt500.edns512 txt > dig.out.3.test$n +$DIG $DIGOPTS +edns +dnssec @10.53.0.6 edns512 soa > dig.out.3.test$n grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.6 txt500.edns512 txt > dig.out.4.test$n +$DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.6 edns512 soa > dig.out.4.test$n grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 +grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking recursive lookup to edns 512 server succeeds ($n)" ret=0 -$DIG $DIGOPTS +tcp @10.53.0.1 txt500.edns512 txt > dig.out.test$n || ret=1 +$DIG $DIGOPTS +tcp @10.53.0.1 edns512 soa > dig.out.test$n || ret=1 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -177,14 +178,15 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking edns 512 + no tcp server setup ($n)" ret=0 -$DIG $DIGOPTS +noedns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 +$DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.1.test$n || ret=1 grep "status: NOERROR" dig.out.1.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +noedns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n +$DIG $DIGOPTS +edns +tcp @10.53.0.7 edns512-notcp soa > dig.out.2.test$n grep "connection refused" dig.out.2.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns @10.53.0.7 edns512-notcp soa > dig.out.3.test$n +$DIG $DIGOPTS +edns +dnssec @10.53.0.7 edns512-notcp soa > dig.out.3.test$n grep "connection timed out; no servers could be reached" dig.out.3.test$n > /dev/null || ret=1 -$DIG $DIGOPTS +edns +bufsize=512 +ignor @10.53.0.7 edns512-notcp soa > dig.out.4.test$n +$DIG $DIGOPTS +edns +dnssec +bufsize=512 +ignore @10.53.0.7 edns512-notcp soa > dig.out.4.test$n grep "status: NOERROR" dig.out.4.test$n > /dev/null || ret=1 +grep "flags:.* tc[ ;]" dig.out.4.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret`