2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Commit Graph

43514 Commits

Author SHA1 Message Date
Štěpán Balážik
472459e171 chg: test: Use isctest.asyncserver in the "zero" test
The original `ans.pl` server was a copy of the one in `fetchlimit`, so
there are some changes:

- The server now only responds with A replies (which is the only thing
  needed).
- The incrementing of the IP address goes beyond the least significant
  octet (so, after 192.0.2.255 it will yield 192.0.3.0).

Merge branch 'stepan/zero-asyncserver' into 'main'

See merge request isc-projects/bind9!10597
2025-07-23 11:23:38 +00:00
Štěpán Balážik
ec5729bee3 Use isctest.asyncserver in the "zero" test
The original `ans.pl` server was based on a copy of the one in
`fetchlimit`, so there are some changes:

- The server now only responds with A replies (which is the only thing
  needed).
- The incrementing of the IP address goes beyond the least significant
  octet (so, after 192.0.2.255 it will yield 192.0.3.0).
2025-07-23 09:45:50 +00:00
Matthijs Mekking
315e234f20 fix: usr: Stale RRsets in a CNAME chain were not always refreshed
With serve-stale enabled, a CNAME chain that contains a stale RRset, the refresh query doesn't always properly refresh the stale RRsets. This has been fixed.

Closes #5243

Merge branch '5243-stale-refresh-as-prefetch' into 'main'

See merge request isc-projects/bind9!10720
2025-07-23 07:19:20 +00:00
Matthijs Mekking
dc649735ad Add reproducer as test case
The issue provided a reproducer that can be easily converted into a
test case.
2025-07-23 07:18:48 +00:00
Matthijs Mekking
7774f16ed5 Special case refresh stale ncache data
When refreshing stale ncache data, the qctx->rdataset is NULL and
requires special processing.
2025-07-23 07:18:48 +00:00
Matthijs Mekking
a66b04c8d4 Make serve-stale refresh behave as prefetch
A serve-stale refresh is similar to a prefetch, the only difference
is when it triggers. Where a prefetch is done when an RRset is about
to expire, a serve-stale refresh is done when the RRset is already
stale.

This means that the check for the stale-refresh window needs to
move into query_stale_refresh(). We need to clear the
DNS_DBFIND_STALEENABLED option at the same places as where we clear
DNS_DBFIND_STALETIMEOUT.

Now that serve-stale refresh acts the same as prefetch, there is no
worry that the same rdataset is added to the message twice. This makes
some code obsolete, specifically where we need to clear rdatasets from
the message.
2025-07-23 07:18:48 +00:00
Ondřej Surý
4750bae875 fix: nil: Disable clang-format for Local IPv6 Unicast Addresses strings
The LSP server (using clangd) was always complaining about:

    Suspicious string literal, probably missing a comma

for the two Local IPv6 Unicast Addresses strings that spanned
across multiple lines.  Disable clang-format for these two lines.

Merge branch 'ondrej/fix-suspicious-string-literal-probably-missing-comma' into 'main'

See merge request isc-projects/bind9!10764
2025-07-23 07:47:32 +02:00
Ondřej Surý
6b7c99027d Disable clang-format for Local IPv6 Unicast Addresses strings
The LSP server (using clangd) was always complaining about:

    Suspicious string literal, probably missing a comma

for the two Local IPv6 Unicast Addresses strings that spanned
across multiple lines.  Disable clang-format for these two lines.
2025-07-23 07:40:41 +02:00
Ondřej Surý
fc17f3fe2a fix: dev: Rename variable called 'free' to prevent the clash with free()
Merge branch 'ondrej/rename-variable-called-free' into 'main'

See merge request isc-projects/bind9!10756
2025-07-22 14:22:38 +02:00
Ondřej Surý
855960ce46 Rename 'free' variable to 'nfree' to not clash with free()
The beauty and horrors of the C - the compiler properly detects variable
shadowing, but you can freely shadow a standard function 'free()' with
variable called 'free'.  And if you reference 'free()' just as 'free'
you get the function pointer which means you can do also pointer
arithmetics, so 'free > 0' is always valid even when you delete the
local variable.

Replace the local variables 'free' with a name that doesn't shadow the
'free()' function to prevent future hard to detect bugs.
2025-07-22 09:32:56 +02:00
Štěpán Balážik
98148d8507 chg: test: Use isctest.asyncserver in the "fetchlimit" test
Replace the custom DNS server used in the "fetchlimit" system test
with new code based on the isctest.asyncserver module.

Merge branch 'stepan/fetchlimit-asyncserver' into 'main'

See merge request isc-projects/bind9!10614
2025-07-22 07:06:41 +00:00
Štěpán Balážik
9ffc833919 Use isctest.asyncserver in the "fetchlimit" test
Replace the custom DNS server used in the "fetchlimit" system test
with new code based on the isctest.asyncserver module.
2025-07-22 08:33:30 +02:00
Mark Andrews
0b19600bfe fix: usr: synth-from-dnssec was not working in some scenarios
Aggressive use of DNSSEC-Validated cache with NSEC was not working in scenarios when no parent NSEC was not in cache.  This has been fixed.

Closes #5422

Merge branch '5422-aggressive-nsec-not-working' into 'main'

See merge request isc-projects/bind9!10736
2025-07-22 01:42:54 +10:00
Mark Andrews
df04924209 test synth-from-dnssec with no cached parent NSECs
Add \007.no-apex-covering as an owner name so that the cache does
not get primed with a parent NSEC RRset to test the case where
dns_qp_lookup returns ISC_R_NOTFOUND.
2025-07-21 17:05:50 +02:00
Mark Andrews
7de4207cb6 Fix find_coveringnsec in qpcache.c
dns_qp_lookup was returning ISC_R_NOTFOUND rather than DNS_R_PARTIALMATCH
when there wasn't a parent with a NSEC record in the cache.  This was
causing find_coveringnsec to fail rather than returing the covering NSEC.
2025-07-21 17:05:50 +02:00
Nicki Křížek
918a37371b fix: test: Add wait_for_keymgr_done() util function to tests
The kasp test cases assume that keymgr operations on the zone under test
have been completed before the test is executed. These are typically
quite fast, but the logs need to be explicitly checked for the messages,
otherwise there's a possibility of race conditions causing the
kasp/rollover tests to become unstable.
    
Call the wait function in all the kasp/rollover tests where it is
expected (which is generally in each test, unless we're dealing with
unsigned zones).

Closes #5371

Merge branch '5371-wait-keymgr-done-rollover-kasp-tests' into 'main'

See merge request isc-projects/bind9!10717
2025-07-18 15:30:32 +02:00
Nicki Křížek
467b826162 Add wait_for_keymgr_done() util function to tests
The kasp test cases assume that keymgr operations on the zone under test
have been completed before the test is executed. These are typically
quite fast, but the logs need to be explicitly checked for the messages,
otherwise there's a possibility of race conditions causing the
kasp/rollover tests to become unstable.

Call the wait function in all the kasp/rollover tests where it is
expected (which is generally in each test, unless we're dealing with
unsigned zones).
2025-07-18 14:37:32 +02:00
Nicki Křížek
fe55342916 Add nsX fixtures to system tests
Many of our test cases only use a single NamedInstance from the
`servers` fixture. Introduce `nsX` helper fixtures to simplify these
tests and reduce boilterplate code further.

Specifically, the test no longer has to either define its own variable
to extract a single server from the list, or use the longer
servers["nsX"] syntax. While this may seem minor, the amount of times it
is repeated across the tests justifies the change. It also promotes
using more explicit server identification, i.e. `nsX`, rather than
generic `server`. This also improves the clarity of the tests and may be
helpful in traceback during debugging as well.
2025-07-18 14:37:32 +02:00
Nicki Křížek
53a3502090 chg: test: Split up rollover test cases
Prior to this change, there was a single `rollover` test directory, containing 8 tests. These contained even more test scenarios, that were mostly unrelated to each other. This made debugging or even comprehending the tests difficult, as you'd often have to grasp the importance (or rather lack of it) of thousands of lines of setup, configuration and test code, and debug logs.

Now the tests were split up into 14 different test directories, containing 67 tests in total. This makes it much more comprehensible to understand what's going on in any single of these test cases, as there is no unrelated code. It also allows better parallelization and debugging of individual test cases, because of the improved granularity.

Merge branch 'nicki/split-rollover-test-cases' into 'main'

See merge request isc-projects/bind9!10581
2025-07-18 14:37:08 +02:00
Nicki Křížek
42b034460f Clean up rollover test case 2025-07-18 13:43:53 +02:00
Nicki Křížek
86c3c1da77 Isolate rollover-multisigner test case 2025-07-18 13:43:51 +02:00
Nicki Křížek
e294177312 Isolate rollover-enable-dnssec test case 2025-07-18 13:37:58 +02:00
Nicki Křížek
64199e062d Isolate rollover-zsk-prepub test case 2025-07-18 13:37:58 +02:00
Nicki Křížek
bc7be041e1 Isolate rollover-ksk-3crowd test case 2025-07-18 13:37:58 +02:00
Nicki Křížek
d6dffe6603 Use common test functions for three-is-a-crowd test
Previously, a lot of the checking was re-implemented and duplicated from
check_rollover_step(). Use that function where possible and only
override the needed checks.
2025-07-18 13:37:58 +02:00
Nicki Křížek
bd5a55c5b7 Isolate rollover-ksk-doubleksk test case 2025-07-18 13:37:58 +02:00
Nicki Křížek
296cfc8363 Isolate rollover-csk-roll1 test case 2025-07-18 13:37:58 +02:00
Nicki Křížek
9d2bd1b646 Isolate rollover-csk-roll2 test case 2025-07-18 13:37:58 +02:00
Nicki Křížek
fdecef5378 Isolate rollover-algo-csk test 2025-07-18 13:37:58 +02:00
Nicki Křížek
8be9a8b52a Isolate rollover-algo-ksk-zsk test 2025-07-18 13:37:58 +02:00
Nicki Křížek
519f9082df Isolate rollover-straight2none test 2025-07-18 13:37:58 +02:00
Nicki Křížek
a9c70c3e26 Isolate rollover-lifetime test 2025-07-18 13:37:58 +02:00
Nicki Křížek
7001056eab Isolate rollover-going-insecure test case 2025-07-18 13:37:58 +02:00
Nicki Křížek
8503a218c3 Isolate rollover-dynamic2inline test 2025-07-18 13:37:58 +02:00
Nicki Křížek
44dd5b3240 Separate common templates and test code for rollover tests
This is a preparation to split up and further isolate the various
rollover tests in a subsequent commits.
2025-07-18 13:37:58 +02:00
Nicki Křížek
b410710354 Move shared test code into isctest.kasp module
Move key calculations and rollover step checks into the shared
isctest.kasp module. Deduplicate the key interval calculations.
2025-07-18 13:37:58 +02:00
Nicki Křížek
784a252425 Use a single named.conf template in rollover test
Rather than using multiple slightly modified named.conf files, use a
single template which can be rendered differently based on an input
argument -- in this case, csk_roll.
2025-07-18 13:37:58 +02:00
Nicki Křížek
b2bb605143 chg: test: Refactor configloading test
- Use WatchLog.wait_for_sequence() for the configloading test.
- Omit artifacts check, as it seems quite useless for this test case.
- Join all the tests together. The test case is fairly simple here and
  this is the easiest way to ensure the log will be in a predictable
  state for all tests. Previously, there was no way to ensure
  test_configloading_loading() won't be executed after the other tests,
  which would render the check moot. It could also be separated into
  its own module, but that seems excessive for a simple test case like
  this.
- Use jinja2 template for named.conf and remove setup.sh.
- Remove README and put the relevent comment directly next to the test.
- Remove _sh_ from the test filename to uphold the naming convention.

Merge branch 'nicki/refactor-configloading-test' into 'main'

See merge request isc-projects/bind9!10748
2025-07-18 13:27:41 +02:00
Nicki Křížek
f076d0d619 Refactor configloading test
- Use WatchLog.wait_for_sequence() for the configloading test.
- Omit artifacts check, as it seems quite useless for this test case.
- Join all the tests together. The test case is fairly simple here and
  this is the easiest way to ensure the log will be in a predictable
  state for all tests. Previously, there was no way to ensure
  test_configloading_loading() won't be executed after the other tests,
  which would render the check moot. It could also be separated into
  its own module, but that seems excessive for a simple test case like
  this.
- Use jinja2 template for named.conf and remove setup.sh.
- Remove README and put the relevent comment directly next to the test.
- Remove _sh_ from the test filename to uphold the naming convention.
2025-07-18 12:13:30 +02:00
Nicki Křížek
cf77bfacce chg: test: Improve WatchLog API for pytest
- Refactor and extend the `WatchLog.wait_for_line()` API:
    1. To allow for usage of one or more FlexPatterns, i.e. either plain
       strings to be matched verbatim, or regular expressions. Both can be
       used interchangeably to provide the caller to write simple and
       readable test code, while allowing for increased complexity to allow
       special cases.
    2. Always return the regex match, which allows the caller to identify
       which line was matched, as well as to extract any additional
       information, such as individual regex groups.
- Add `WatchLog.wait_for_sequence()` and `WatchLog.wait_for_all()` helper functions

Merge branch 'nicki/watchlog-improvements' into 'main'

See merge request isc-projects/bind9!10618
2025-07-18 12:13:12 +02:00
Nicki Křížek
d737986ea2 Turn on doctest in CI
Run doctests for the isctest module in a dedicated CI job.
2025-07-18 11:32:41 +02:00
Nicki Křížek
dcfb6c23da Change NamedInstance.rndc() doctest into doc example
The test is troublesome, because NamedInstance(identifier) expects that
a directory with such a name exists. While it'd be possible to mock
those directories as well, it'd make the doctest overly long and
complex, which isn't justified, given that it's only testing a couple of
options. Turn it into regular documentation instead.
2025-07-18 11:32:41 +02:00
Nicki Křížek
ee782fb4b1 Separate LineReader functionality from WatchLog
The buffered reading of finished lines deserves its own class to make
its function clearer, rather than bundling it within the WatchLog class.

Co-Authored-By: Michał Kępień <michal@isc.org>
2025-07-18 11:32:41 +02:00
Nicki Křížek
3c8432d196 Refactor WatchLog for better readability
Various improvements for typing, naming, code deduplication and better
code organization to make the code easier to read.
2025-07-18 11:32:41 +02:00
Nicki Křížek
628b47dd30 Use custom WatchLog timeout exception
The TimeoutError is raised when system functions time out. Define a
custom WatchLogTimeout to improve clarity.
2025-07-18 11:32:41 +02:00
Nicki Křížek
0a839cd0bd Add wait_for_all() and wait_for_sequence() to WatchLog
Extend the WatchLog API with a couple of new matching options.

wait_for_sequence() can be used to check a specific sequence of lines
appears in the log file in the given order.

wait_for_all() ensure that all the provided patterns appear in the log
at least once.

Co-authored-by: Colin Vidal <colin@isc.org>
2025-07-18 11:32:41 +02:00
Nicki Křížek
365f8b6af6 Split up waiting for match to a separate WatchLog method
To allow re-use in upcoming functions, isolate the line matching logic
into a separate function. Use an instance-wide deadline attribute, which
is set by the calling function.
2025-07-18 11:32:41 +02:00
Nicki Křížek
2afb3755b2 Allow WatchLog.wait_for_line() to be called more than once
In some cases, it can be useful to be able to re-use the same WatchLog
to wait for another line.
2025-07-18 11:32:41 +02:00
Nicki Křížek
5840908ead Unify the WatchLog.wait_for_line/s() API
Rather than using two distinct functions for matching either one pattern
(wait_for_line()), or any of multiple patterns (wait_for_lines()), use a
single function that handles both in the same way.

Extend the wait_for_line() API:
1. To allow for usage of one or more FlexPatterns, i.e. either plain
   strings to be matched verbatim, or regular expressions. Both can be
   used interchangeably to provide the caller to write simple and
   readable test code, while allowing for increased complexity to allow
   special cases.
2. Always return the regex match, which allows the caller to identify
   which line was matched, as well as to extract any additional
   information, such as individual regex groups.
2025-07-18 11:32:41 +02:00
Nicki Křížek
f2679bff19 Set timeout for WatchLog per-instance rather than per-call
To simplify usage of multiple wait_for_*() calls, configure the timeout
value for the WatchLog instance, rather than specifying it for each
call.

This is a preparation/cleanup for implementing multiple wait_for_*()
calls in subsequent commits.
2025-07-18 11:32:41 +02:00