Commit 4e61ea0d authored by Grigorii Demidov's avatar Grigorii Demidov

nsec3 name error test

parent 720bcc48
......@@ -38,10 +38,14 @@ Next keys can be used
variable will be replaced by this address.
- **thrust-anchor** : ``string value``
Delegation Signer record, can be used for DNSSEC-related scenarios
- **val-override-date** : ``string value``
Trust anchor, can be used for DNSSEC-related scenarios
- **val-override-timestamp** : ``string value``
POSIX timestamp; the system time will be reported to binary under the test
- **val-override-date** : ``string value``
the system time to be reported to binary under the test; ``string value`` has format
``YYYYMMDDHHMMSS``, so ``20120420235959`` means ``Fri Apr 20 23:59:59 2012``
- **features** : jinja2_var1=v1;jinja2_var2=v2;...;jinja2_varN=vN
......
......@@ -16,6 +16,7 @@ from datetime import datetime
import random
import string
import itertools
import calendar
def str2bool(v):
""" Return conversion of JSON-ish string value to boolean. """
......@@ -221,9 +222,21 @@ def setup_env(scenario, child_env, config, config_name_list, j2template_list):
no_minimize = "false"
elif k == 'trust-anchor':
trust_anchor_str = v.strip('"\'')
elif k == 'val-override-timestamp':
override_timestamp_str = v.strip('"\'')
write_timestamp_file(child_env["FAKETIME_TIMESTAMP_FILE"], int(override_timestamp_str))
elif k == 'val-override-date':
override_date_str = v.strip('"\'')
write_timestamp_file(child_env["FAKETIME_TIMESTAMP_FILE"], int(override_date_str))
ovr_yr = override_date_str[0:4]
ovr_mnt = override_date_str[4:6]
ovr_day = override_date_str[6:8]
ovr_hr = override_date_str[8:10]
ovr_min = override_date_str[10:12]
ovr_sec = override_date_str[12:]
override_date_str_arg = '{0} {1} {2} {3} {4} {5}'.format(ovr_yr,ovr_mnt,ovr_day,ovr_hr,ovr_min,ovr_sec)
override_date = time.strptime(override_date_str_arg,"%Y %m %d %H %M %S")
override_date_timestamp = calendar.timegm(override_date)
write_timestamp_file(child_env["FAKETIME_TIMESTAMP_FILE"], override_date_timestamp)
elif k == 'stub-addr':
stub_addr = v.strip('"\'')
elif k == 'features':
......
; config options
server:
trust-anchor: ". 3600 IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
val-override-date: "1437625000"
val-override-timestamp: "1437625000"
stub-zone:
name: "."
......
; config options
server:
trust-anchor: ". 3600 IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
val-override-date: "1441892800"
val-override-timestamp: "1441892800"
stub-zone:
name: "."
......
; config options
server:
trust-anchor: ". 3600 IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
val-override-date: "1438783903"
val-override-timestamp: "1438783903"
stub-zone:
name: "."
......
; config options
server:
trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B"
val-override-date: "1442323400"
val-override-timestamp: "1442323400"
stub-zone:
name: "."
......
; config options
server:
trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B"
val-override-date: "1442489540"
val-override-timestamp: "1442489540"
stub-zone:
name: "."
......
......@@ -2,7 +2,7 @@
server:
stub-addr: 193.0.14.129
trust-anchor: ". 3600 IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5"
val-override-date: "1450794800"
val-override-timestamp: "1450794800"
CONFIG_END
SCENARIO_BEGIN Test validation of NSEC wildcard answer response.
......
; config options
server:
trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B"
val-override-date: "1442323400"
val-override-timestamp: "1442323400"
stub-zone:
name: "."
......
; config options
server:
trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B"
val-override-date: "1442839270"
val-override-timestamp: "1442839270"
stub-zone:
name: "."
......
; config options
server:
trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B"
val-override-date: "1442489440"
val-override-timestamp: "1442489440"
stub-zone:
name: "."
......
; config options
server:
trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B"
val-override-date: "1442839270"
val-override-timestamp: "1442839270"
stub-zone:
name: "."
......
; config options
server:
trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
val-override-date: "20120420235959"
target-fetch-policy: "0 0 0 0 0"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test validator NSEC3 B.1 name error.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
. IN A
SECTION AUTHORITY
example. IN NS ns1.example.
; leave out to make unbound take ns1
;example. IN NS ns2.example.
SECTION ADDITIONAL
ns1.example. IN A 192.0.2.1
; leave out to make unbound take ns1
;ns2.example. IN A 192.0.2.2
ENTRY_END
RANGE_END
; ns1.example.
RANGE_BEGIN 0 100
ADDRESS 192.0.2.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
example. IN NS
SECTION ANSWER
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example. IN DNSKEY
SECTION ANSWER
example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA DO NXDOMAIN
SECTION QUESTION
a.c.x.w.example. IN A
SECTION AUTHORITY
example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
;; NSEC3 RR that covers the "next closer" name (c.x.w.example)
;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
;; NSEC3 RR that matches the closest encloser (x.w.example)
;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example)
;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
SECTION ADDITIONAL
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
a.c.x.w.example. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD DO NXDOMAIN
SECTION QUESTION
a.c.x.w.example. IN A
SECTION ANSWER
SECTION AUTHORITY
example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 )
example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== )
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG )
b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )
SECTION ADDITIONAL
ENTRY_END
SCENARIO_END
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment