mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-01 06:55:30 +00:00
Drop use of dns.resolver.Resolver from "checkds"
The "checkds" system test only uses dns.resolver.Resolver objects to access their 'nameservers' and 'port' attributes. Instances of the NamedInstance class also expose that information via their attributes, so only pass NamedInstance objects around instead of needlessly depending on dns.resolver.Resolver.
This commit is contained in:
Michał Kępień
committed by
Štěpán Balážik
Štěpán Balážik
parent
2c35b839a5
commit
cf338a7ca3
@@ -26,7 +26,6 @@ import dns.query
|
|||||||
import dns.rcode
|
import dns.rcode
|
||||||
import dns.rdataclass
|
import dns.rdataclass
|
||||||
import dns.rdatatype
|
import dns.rdatatype
|
||||||
import dns.resolver
|
|
||||||
|
|
||||||
|
|
||||||
pytestmark = pytest.mark.skipif(
|
pytestmark = pytest.mark.skipif(
|
||||||
@@ -63,19 +62,11 @@ def do_query(server, qname, qtype, tcp=False):
|
|||||||
query = dns.message.make_query(qname, qtype, use_edns=True, want_dnssec=True)
|
query = dns.message.make_query(qname, qtype, use_edns=True, want_dnssec=True)
|
||||||
try:
|
try:
|
||||||
if tcp:
|
if tcp:
|
||||||
response = dns.query.tcp(
|
response = dns.query.tcp(query, server.ip, timeout=3, port=server.ports.dns)
|
||||||
query, server.nameservers[0], timeout=3, port=server.port
|
|
||||||
)
|
|
||||||
else:
|
else:
|
||||||
response = dns.query.udp(
|
response = dns.query.udp(query, server.ip, timeout=3, port=server.ports.dns)
|
||||||
query, server.nameservers[0], timeout=3, port=server.port
|
|
||||||
)
|
|
||||||
except dns.exception.Timeout:
|
except dns.exception.Timeout:
|
||||||
print(
|
print(f"error: query timeout for query {qname} {qtype} to {server.ip}")
|
||||||
"error: query timeout for query {} {} to {}".format(
|
|
||||||
qname, qtype, server.nameservers[0]
|
|
||||||
)
|
|
||||||
)
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
return response
|
return response
|
||||||
@@ -104,7 +95,7 @@ def verify_zone(zone, transfer):
|
|||||||
|
|
||||||
|
|
||||||
def read_statefile(server, zone):
|
def read_statefile(server, zone):
|
||||||
addr = server.nameservers[0]
|
addr = server.ip
|
||||||
count = 0
|
count = 0
|
||||||
keyid = 0
|
keyid = 0
|
||||||
state = {}
|
state = {}
|
||||||
@@ -160,7 +151,7 @@ def read_statefile(server, zone):
|
|||||||
|
|
||||||
|
|
||||||
def zone_check(server, zone):
|
def zone_check(server, zone):
|
||||||
addr = server.nameservers[0]
|
addr = server.ip
|
||||||
fqdn = "{}.".format(zone)
|
fqdn = "{}.".format(zone)
|
||||||
|
|
||||||
# wait until zone is fully signed.
|
# wait until zone is fully signed.
|
||||||
@@ -261,15 +252,6 @@ def rekey(zone):
|
|||||||
|
|
||||||
|
|
||||||
def checkds_dspublished(named_port, servers, checkds, addr):
|
def checkds_dspublished(named_port, servers, checkds, addr):
|
||||||
# We create resolver instances that will be used to send queries.
|
|
||||||
server = dns.resolver.Resolver()
|
|
||||||
server.nameservers = ["10.53.0.9"]
|
|
||||||
server.port = named_port
|
|
||||||
|
|
||||||
parent = dns.resolver.Resolver()
|
|
||||||
parent.nameservers = ["10.53.0.2"]
|
|
||||||
parent.port = named_port
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.1: DS is correctly published in parent.
|
# 1.1.1: DS is correctly published in parent.
|
||||||
# parental-agents: ns2
|
# parental-agents: ns2
|
||||||
@@ -277,29 +259,29 @@ def checkds_dspublished(named_port, servers, checkds, addr):
|
|||||||
|
|
||||||
# The simple case.
|
# The simple case.
|
||||||
zone = "good.{}.dspublish.ns2".format(checkds)
|
zone = "good.{}.dspublish.ns2".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from {addr}"
|
line = f"zone {zone}/IN (signed): checkds: DS response from {addr}"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSPublish")
|
keystate_check(servers["ns2"], zone, "DSPublish")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.2: DS is not published in parent.
|
# 1.1.2: DS is not published in parent.
|
||||||
# parental-agents: ns5
|
# parental-agents: ns5
|
||||||
#
|
#
|
||||||
zone = "not-yet.{}.dspublish.ns5".format(checkds)
|
zone = "not-yet.{}.dspublish.ns5".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.5"
|
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.5"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "!DSPublish")
|
keystate_check(servers["ns2"], zone, "!DSPublish")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.3: The parental agent is badly configured.
|
# 1.1.3: The parental agent is badly configured.
|
||||||
# parental-agents: ns6
|
# parental-agents: ns6
|
||||||
#
|
#
|
||||||
zone = "bad.{}.dspublish.ns6".format(checkds)
|
zone = "bad.{}.dspublish.ns6".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
if checkds == "explicit":
|
if checkds == "explicit":
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: bad DS response from 10.53.0.6"
|
line = f"zone {zone}/IN (signed): checkds: bad DS response from 10.53.0.6"
|
||||||
@@ -308,7 +290,7 @@ def checkds_dspublished(named_port, servers, checkds, addr):
|
|||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: error during parental-agents processing"
|
line = f"zone {zone}/IN (signed): checkds: error during parental-agents processing"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "!DSPublish")
|
keystate_check(servers["ns2"], zone, "!DSPublish")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.4: DS is published, but has bogus signature.
|
# 1.1.4: DS is published, but has bogus signature.
|
||||||
@@ -320,21 +302,21 @@ def checkds_dspublished(named_port, servers, checkds, addr):
|
|||||||
# parental-agents: ns2, ns4
|
# parental-agents: ns2, ns4
|
||||||
#
|
#
|
||||||
zone = "good.{}.dspublish.ns2-4".format(checkds)
|
zone = "good.{}.dspublish.ns2-4".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from {addr}"
|
line = f"zone {zone}/IN (signed): checkds: DS response from {addr}"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.4"
|
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.4"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSPublish")
|
keystate_check(servers["ns2"], zone, "DSPublish")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.2.2: DS is not published in some parents.
|
# 1.2.2: DS is not published in some parents.
|
||||||
# parental-agents: ns2, ns4, ns5
|
# parental-agents: ns2, ns4, ns5
|
||||||
#
|
#
|
||||||
zone = "incomplete.{}.dspublish.ns2-4-5".format(checkds)
|
zone = "incomplete.{}.dspublish.ns2-4-5".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from {addr}"
|
line = f"zone {zone}/IN (signed): checkds: DS response from {addr}"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
@@ -344,14 +326,14 @@ def checkds_dspublished(named_port, servers, checkds, addr):
|
|||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.5"
|
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.5"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "!DSPublish")
|
keystate_check(servers["ns2"], zone, "!DSPublish")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.2.3: One parental agent is badly configured.
|
# 1.2.3: One parental agent is badly configured.
|
||||||
# parental-agents: ns2, ns4, ns6
|
# parental-agents: ns2, ns4, ns6
|
||||||
#
|
#
|
||||||
zone = "bad.{}.dspublish.ns2-4-6".format(checkds)
|
zone = "bad.{}.dspublish.ns2-4-6".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from {addr}"
|
line = f"zone {zone}/IN (signed): checkds: DS response from {addr}"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
@@ -361,7 +343,7 @@ def checkds_dspublished(named_port, servers, checkds, addr):
|
|||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: bad DS response from 10.53.0.6"
|
line = f"zone {zone}/IN (signed): checkds: bad DS response from 10.53.0.6"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "!DSPublish")
|
keystate_check(servers["ns2"], zone, "!DSPublish")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.2.4: DS is completely published, bogus signature.
|
# 1.2.4: DS is completely published, bogus signature.
|
||||||
@@ -373,15 +355,6 @@ def checkds_dspublished(named_port, servers, checkds, addr):
|
|||||||
|
|
||||||
|
|
||||||
def checkds_dswithdrawn(named_port, servers, checkds, addr):
|
def checkds_dswithdrawn(named_port, servers, checkds, addr):
|
||||||
# We create resolver instances that will be used to send queries.
|
|
||||||
server = dns.resolver.Resolver()
|
|
||||||
server.nameservers = ["10.53.0.9"]
|
|
||||||
server.port = named_port
|
|
||||||
|
|
||||||
parent = dns.resolver.Resolver()
|
|
||||||
parent.nameservers = ["10.53.0.2"]
|
|
||||||
parent.port = named_port
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# 2.1.1: DS correctly withdrawn from the parent.
|
# 2.1.1: DS correctly withdrawn from the parent.
|
||||||
# parental-agents: ns5
|
# parental-agents: ns5
|
||||||
@@ -389,29 +362,29 @@ def checkds_dswithdrawn(named_port, servers, checkds, addr):
|
|||||||
|
|
||||||
# The simple case.
|
# The simple case.
|
||||||
zone = "good.{}.dsremoved.ns5".format(checkds)
|
zone = "good.{}.dsremoved.ns5".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: empty DS response from {addr}"
|
line = f"zone {zone}/IN (signed): checkds: empty DS response from {addr}"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSRemoved")
|
keystate_check(servers["ns2"], zone, "DSRemoved")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 2.1.2: DS is published in the parent.
|
# 2.1.2: DS is published in the parent.
|
||||||
# parental-agents: ns2
|
# parental-agents: ns2
|
||||||
#
|
#
|
||||||
zone = "still-there.{}.dsremoved.ns2".format(checkds)
|
zone = "still-there.{}.dsremoved.ns2".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.2"
|
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.2"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "!DSRemoved")
|
keystate_check(servers["ns2"], zone, "!DSRemoved")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 2.1.3: The parental agent is badly configured.
|
# 2.1.3: The parental agent is badly configured.
|
||||||
# parental-agents: ns6
|
# parental-agents: ns6
|
||||||
#
|
#
|
||||||
zone = "bad.{}.dsremoved.ns6".format(checkds)
|
zone = "bad.{}.dsremoved.ns6".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
if checkds == "explicit":
|
if checkds == "explicit":
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: bad DS response from 10.53.0.6"
|
line = f"zone {zone}/IN (signed): checkds: bad DS response from 10.53.0.6"
|
||||||
@@ -420,7 +393,7 @@ def checkds_dswithdrawn(named_port, servers, checkds, addr):
|
|||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: error during parental-agents processing"
|
line = f"zone {zone}/IN (signed): checkds: error during parental-agents processing"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "!DSRemoved")
|
keystate_check(servers["ns2"], zone, "!DSRemoved")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 2.1.4: DS is withdrawn, but has bogus signature.
|
# 2.1.4: DS is withdrawn, but has bogus signature.
|
||||||
@@ -432,21 +405,21 @@ def checkds_dswithdrawn(named_port, servers, checkds, addr):
|
|||||||
# parental-agents: ns5, ns7
|
# parental-agents: ns5, ns7
|
||||||
#
|
#
|
||||||
zone = "good.{}.dsremoved.ns5-7".format(checkds)
|
zone = "good.{}.dsremoved.ns5-7".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: empty DS response from {addr}"
|
line = f"zone {zone}/IN (signed): checkds: empty DS response from {addr}"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.7"
|
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.7"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSRemoved")
|
keystate_check(servers["ns2"], zone, "DSRemoved")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 2.2.2: DS is not withdrawn from some parents.
|
# 2.2.2: DS is not withdrawn from some parents.
|
||||||
# parental-agents: ns2, ns5, ns7
|
# parental-agents: ns2, ns5, ns7
|
||||||
#
|
#
|
||||||
zone = "incomplete.{}.dsremoved.ns2-5-7".format(checkds)
|
zone = "incomplete.{}.dsremoved.ns2-5-7".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.2"
|
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.2"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
@@ -456,14 +429,14 @@ def checkds_dswithdrawn(named_port, servers, checkds, addr):
|
|||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.7"
|
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.7"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "!DSRemoved")
|
keystate_check(servers["ns2"], zone, "!DSRemoved")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 2.2.3: One parental agent is badly configured.
|
# 2.2.3: One parental agent is badly configured.
|
||||||
# parental-agents: ns5, ns6, ns7
|
# parental-agents: ns5, ns6, ns7
|
||||||
#
|
#
|
||||||
zone = "bad.{}.dsremoved.ns5-6-7".format(checkds)
|
zone = "bad.{}.dsremoved.ns5-6-7".format(checkds)
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: empty DS response from {addr}"
|
line = f"zone {zone}/IN (signed): checkds: empty DS response from {addr}"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
@@ -473,7 +446,7 @@ def checkds_dswithdrawn(named_port, servers, checkds, addr):
|
|||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: bad DS response from 10.53.0.6"
|
line = f"zone {zone}/IN (signed): checkds: bad DS response from 10.53.0.6"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "!DSRemoved")
|
keystate_check(servers["ns2"], zone, "!DSRemoved")
|
||||||
|
|
||||||
#
|
#
|
||||||
# 2.2.4:: DS is removed completely, bogus signature.
|
# 2.2.4:: DS is removed completely, bogus signature.
|
||||||
@@ -482,74 +455,47 @@ def checkds_dswithdrawn(named_port, servers, checkds, addr):
|
|||||||
|
|
||||||
|
|
||||||
def test_checkds_reference(named_port, servers):
|
def test_checkds_reference(named_port, servers):
|
||||||
# We create resolver instances that will be used to send queries.
|
|
||||||
server = dns.resolver.Resolver()
|
|
||||||
server.nameservers = ["10.53.0.9"]
|
|
||||||
server.port = named_port
|
|
||||||
|
|
||||||
parent = dns.resolver.Resolver()
|
|
||||||
parent.nameservers = ["10.53.0.2"]
|
|
||||||
parent.port = named_port
|
|
||||||
|
|
||||||
# Using a reference to parental-agents.
|
# Using a reference to parental-agents.
|
||||||
zone = "reference.explicit.dspublish.ns2"
|
zone = "reference.explicit.dspublish.ns2"
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.8"
|
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.8"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSPublish")
|
keystate_check(servers["ns2"], zone, "DSPublish")
|
||||||
|
|
||||||
|
|
||||||
def test_checkds_resolver(named_port, servers):
|
def test_checkds_resolver(named_port, servers):
|
||||||
# We create resolver instances that will be used to send queries.
|
|
||||||
server = dns.resolver.Resolver()
|
|
||||||
server.nameservers = ["10.53.0.9"]
|
|
||||||
server.port = named_port
|
|
||||||
|
|
||||||
parent = dns.resolver.Resolver()
|
|
||||||
parent.nameservers = ["10.53.0.2"]
|
|
||||||
parent.port = named_port
|
|
||||||
|
|
||||||
# Using a resolver as parental-agent (ns3).
|
# Using a resolver as parental-agent (ns3).
|
||||||
zone = "resolver.explicit.dspublish.ns2"
|
zone = "resolver.explicit.dspublish.ns2"
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.3"
|
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.3"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSPublish")
|
keystate_check(servers["ns2"], zone, "DSPublish")
|
||||||
|
|
||||||
# Using a resolver as parental-agent (ns3).
|
# Using a resolver as parental-agent (ns3).
|
||||||
zone = "resolver.explicit.dsremoved.ns5"
|
zone = "resolver.explicit.dsremoved.ns5"
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.3"
|
line = f"zone {zone}/IN (signed): checkds: empty DS response from 10.53.0.3"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSRemoved")
|
keystate_check(servers["ns2"], zone, "DSRemoved")
|
||||||
|
|
||||||
|
|
||||||
def test_checkds_no_ent(named_port, servers):
|
def test_checkds_no_ent(named_port, servers):
|
||||||
# We create resolver instances that will be used to send queries.
|
|
||||||
server = dns.resolver.Resolver()
|
|
||||||
server.nameservers = ["10.53.0.9"]
|
|
||||||
server.port = named_port
|
|
||||||
|
|
||||||
parent = dns.resolver.Resolver()
|
|
||||||
parent.nameservers = ["10.53.0.2"]
|
|
||||||
parent.port = named_port
|
|
||||||
|
|
||||||
zone = "no-ent.ns2"
|
zone = "no-ent.ns2"
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.2"
|
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.2"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSPublish")
|
keystate_check(servers["ns2"], zone, "DSPublish")
|
||||||
|
|
||||||
zone = "no-ent.ns5"
|
zone = "no-ent.ns5"
|
||||||
zone_check(server, zone)
|
zone_check(servers["ns9"], zone)
|
||||||
with servers["ns9"].watch_log_from_start() as watcher:
|
with servers["ns9"].watch_log_from_start() as watcher:
|
||||||
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.5"
|
line = f"zone {zone}/IN (signed): checkds: DS response from 10.53.0.5"
|
||||||
watcher.wait_for_line(line)
|
watcher.wait_for_line(line)
|
||||||
keystate_check(parent, zone, "DSRemoved")
|
keystate_check(servers["ns2"], zone, "DSRemoved")
|
||||||
|
|
||||||
|
|
||||||
def test_checkds_dspublished(named_port, servers):
|
def test_checkds_dspublished(named_port, servers):
|
||||||
@@ -562,24 +508,15 @@ def test_checkds_dswithdrawn(named_port, servers):
|
|||||||
checkds_dswithdrawn(named_port, servers, "yes", "10.53.0.5")
|
checkds_dswithdrawn(named_port, servers, "yes", "10.53.0.5")
|
||||||
|
|
||||||
|
|
||||||
def test_checkds_no(named_port):
|
def test_checkds_no(named_port, servers):
|
||||||
# We create resolver instances that will be used to send queries.
|
zone_check(servers["ns9"], "good.no.dspublish.ns2")
|
||||||
server = dns.resolver.Resolver()
|
keystate_check(servers["ns2"], "good.no.dspublish.ns2", "!DSPublish")
|
||||||
server.nameservers = ["10.53.0.9"]
|
|
||||||
server.port = named_port
|
|
||||||
|
|
||||||
parent = dns.resolver.Resolver()
|
zone_check(servers["ns9"], "good.no.dspublish.ns2-4")
|
||||||
parent.nameservers = ["10.53.0.2"]
|
keystate_check(servers["ns2"], "good.no.dspublish.ns2-4", "!DSPublish")
|
||||||
parent.port = named_port
|
|
||||||
|
|
||||||
zone_check(server, "good.no.dspublish.ns2")
|
zone_check(servers["ns9"], "good.no.dsremoved.ns5")
|
||||||
keystate_check(parent, "good.no.dspublish.ns2", "!DSPublish")
|
keystate_check(servers["ns2"], "good.no.dsremoved.ns5", "!DSRemoved")
|
||||||
|
|
||||||
zone_check(server, "good.no.dspublish.ns2-4")
|
zone_check(servers["ns9"], "good.no.dsremoved.ns5-7")
|
||||||
keystate_check(parent, "good.no.dspublish.ns2-4", "!DSPublish")
|
keystate_check(servers["ns2"], "good.no.dsremoved.ns5-7", "!DSRemoved")
|
||||||
|
|
||||||
zone_check(server, "good.no.dsremoved.ns5")
|
|
||||||
keystate_check(parent, "good.no.dsremoved.ns5", "!DSRemoved")
|
|
||||||
|
|
||||||
zone_check(server, "good.no.dsremoved.ns5-7")
|
|
||||||
keystate_check(parent, "good.no.dsremoved.ns5-7", "!DSRemoved")
|
|
||||||
|
|||||||
Reference in New Issue
Block a user