Commit 01697b94 authored by Petr Špaček's avatar Petr Špaček

Deckard: add per test option harden-glue

The option is equivalent to Unbound's harden-glue.
For kresd it is translated as follows:
- "on"  = kresd mode "normal",
- "off" = kresd mode "permissive".
parent 096e609b
......@@ -109,6 +109,7 @@ def setup_env(scenario, child_env, config, args):
del child_env["SOCKET_WRAPPER_PCAP_FILE"]
qmin = args.qmin
do_not_query_localhost = True
harden_glue = False
trust_anchor_list = []
stub_addr = ""
features = {}
......@@ -119,6 +120,8 @@ def setup_env(scenario, child_env, config, args):
# Enable selectively for some tests
if k == 'do-not-query-localhost':
do_not_query_localhost = str2bool(v)
if k == 'harden-glue':
harden_glue = str2bool(v)
if k == 'query-minimization':
qmin = str2bool(v)
elif k == 'trust-anchor':
......@@ -188,6 +191,7 @@ def setup_env(scenario, child_env, config, args):
j2template_env = jinja2.Environment(loader=j2template_loader)
j2template_ctx = {
"DO_NOT_QUERY_LOCALHOST": str(do_not_query_localhost).lower(),
"HARDEN_GLUE": str(harden_glue).lower(),
"ROOT_ADDR": selfaddr,
"SELF_ADDR": childaddr,
"QMIN": str(qmin).lower(),
......
......@@ -12,8 +12,12 @@ option('ALLOW_LOCAL', true)
{% else %}
option('ALLOW_LOCAL', false)
{% endif %}
-- Run tests in permissive mode
option('PERMISSIVE', true)
{% if HARDEN_GLUE == "true" %}
mode('normal')
{% else %}
mode('permissive')
{% endif %}
-- Always retry failing resolver
option('NO_THROTTLE', true)
{% for TA in TRUST_ANCHORS %}
......
......@@ -339,7 +339,12 @@ server:
# harden-large-queries: no
# Harden against out of zone rrsets, to avoid spoofing attempts.
{% if HARDEN_GLUE == "true" %}
harden-glue: yes
{% else %}
harden-glue: no
{% endif %}
# Harden against receiving dnssec-stripped data. If you turn it
# off, failing to validate dnskey data for a trustanchor will
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment