Skip to content

Commit

Permalink
Inline local DNS tests
Browse files Browse the repository at this point in the history 
Signed-off-by: DL6ER <dl6er@dl6er.de>
  • Loading branch information
@DL6ER
DL6ER committed Oct 10, 2021
1 parent b618e1d commit e625d19
Show file tree
Hide file tree
Showing 5 changed files with 112 additions and 48 deletions.
28 changes: 0 additions & 28 deletions test/dig.sh
View file

This file was deleted.

2 changes: 1 addition & 1 deletion test/pdns/pdns.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,4 @@ any-to-tcp=false
launch=gsqlite3

# Database location
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
2 changes: 1 addition & 1 deletion test/pdns/recursor.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@
local-address=127.0.0.1:5555

# Use authorative server for ftl. and arpa. zones
forward-zones=ftl=127.0.0.1:5554,168.192.in-addr.arpa=127.0.0.1:5554,ip6.arpa=127.0.0.1:5554
forward-zones=ftl=127.0.0.1:5554,168.192.in-addr.arpa=127.0.0.1:5554,ip6.arpa=127.0.0.1:5554
10 changes: 8 additions & 2 deletions test/pdns/setup.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ else
fi
# Create zone ftl
pdnsutil create-zone ftl ns1.ftl
pdnsutil add-record ftl. . SOA "ns1.ftl. hostmaster.ftl. 1 10800 3600 604800 3600"

# Create A records
pdnsutil add-record ftl. a A 192.168.1.1
Expand All @@ -52,12 +53,14 @@ pdnsutil add-record ftl. regex-REPLYv6 A 192.168.2.6
pdnsutil add-record ftl. regex-REPLYv46 A 192.168.2.7
pdnsutil add-record ftl. regex-A A 192.168.2.8
pdnsutil add-record ftl. regex-notA A 192.168.2.9
pdnsutil add-record ftl. any A 192.168.3.1

# Create AAAA records
pdnsutil add-record ftl. aaaa AAAA fe80::1c01
pdnsutil add-record ftl. regex-REPLYv4 AAAA fe80::2c01
pdnsutil add-record ftl. regex-REPLYv6 AAAA fe80::2c02
pdnsutil add-record ftl. regex-REPLYv46 AAAA fe80::2c03
pdnsutil add-record ftl. any AAAA fe80::3c01

# Create CNAME records
pdnsutil add-record ftl. cname-1 CNAME gravity.ftl
Expand All @@ -67,6 +70,7 @@ pdnsutil add-record ftl. cname-4 CNAME cname-3.ftl
pdnsutil add-record ftl. cname-5 CNAME cname-4.ftl
pdnsutil add-record ftl. cname-6 CNAME cname-5.ftl
pdnsutil add-record ftl. cname-7 CNAME cname-6.ftl
pdnsutil add-record ftl. cname-ok CNAME a.ftl

# Create CNAME for SOA test domain
pdnsutil add-record ftl. soa CNAME ftl
Expand All @@ -87,13 +91,13 @@ pdnsutil add-record ftl. mx MX "50 ns1.ftl."
if ! pdnsutil add-record ftl. svcb SVCB '1 port="80"'; then
# see RFC3597: Handling of Unknown DNS Resource Record (RR) Types
# and https://ypcs.fi/howto/2020/09/30/announce-https-via-dns/
pdnsutil add-record ftl. svcb TYPE64 "\# 13 31202e20706f72743d22383022"
pdnsutil add-record ftl. svcb TYPE64 "\# 13 000109706F72743D2238302200"
fi

# HTTPS
if ! pdnsutil add-record ftl. https HTTPS '1 . alpn="h3,h2"'; then
# comment above applies
pdnsutil add-record ftl. https TYPE65 "\# 16 31202e20616c706e3d2268332c683222"
pdnsutil add-record ftl. https TYPE65 "\# 15 000100000100080322683303683222"
fi

# Create reverse lookup zone
Expand Down Expand Up @@ -121,8 +125,10 @@ if command -v service; then
service pdns-recursor restart
else
# Alpine
killall pdns_server
pdns_server --daemon
# Have to create the socketdir or the recursor will fails to start
mkdir -p /var/run/pdns-recursor
killall pdns_recursor
pdns_recursor --daemon
fi
118 changes: 102 additions & 16 deletions test/test_suite.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,9 +265,95 @@
[[ ${lines[0]} == "1" ]]
}

@test "Local DNS reply test" {
run bash -c "bash test/dig.sh | tee dig.log"
@test "Local DNS test: A a.ftl" {
run bash -c "dig A a.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "192.168.1.1" ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: AAAA aaaa.ftl" {
run bash -c "dig AAAA aaaa.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "fe80::1c01" ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: ANY any.ftl" {
run bash -c "dig ANY any.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[@]} == *"192.168.3.1"* ]]
[[ ${lines[@]} == *"fe80::3c01"* ]]
}

@test "Local DNS test: CNAME cname-ok.ftl" {
run bash -c "dig CNAME cname-ok.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "a.ftl." ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: SRV srv.ftl" {
run bash -c "dig SRV srv.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "0 1 80 a.ftl." ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: SOA ftl" {
run bash -c "dig SOA ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "ns1.ftl. hostmaster.ftl. 1 10800 3600 604800 3600" ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: PTR ptr.ftl" {
run bash -c "dig PTR ptr.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "ptr.ftl." ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: TXT txt.ftl" {
run bash -c "dig TXT txt.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "\"Some example text\"" ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: NAPTR naptr.ftl" {
run bash -c "dig NAPTR naptr.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[@]} == *'10 10 "u" "smtp+E2U" "!.*([^.]+[^.]+)$!mailto:postmaster@$1!i" .'* ]]
[[ ${lines[@]} == *'20 10 "s" "http+N2L+N2C+N2R" "" ftl.'* ]]
}

@test "Local DNS test: MX mx.ftl" {
run bash -c "dig MX mx.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "50 ns1.ftl." ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: NS ftl" {
run bash -c "dig NS ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "ns1.ftl." ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: SVCB svcb.ftl" {
run bash -c "dig TYPE64 svcb.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == '\# 13 000109706F72743D2238302200' ]]
[[ ${lines[1]} == "" ]]
}

@test "Local DNS test: HTTPS https.ftl" {
run bash -c "dig TYPE65 https.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == '\# 15 000100000100080322683303683222' ]]
[[ ${lines[1]} == "" ]]
}

@test "CNAME inspection: Shallow CNAME is blocked" {
Expand All @@ -278,7 +364,7 @@
}

@test "CNAME inspection: Deep CNAME is blocked" {
run bash -c "dig A cname-4.ftl @127.0.0.1 +short"
run bash -c "dig A cname-7.ftl @127.0.0.1 +short"
printf "%s\n" "${lines[@]}"
[[ ${lines[0]} == "0.0.0.0" ]]
[[ ${lines[1]} == "" ]]
Expand All @@ -303,7 +389,7 @@
[[ ${lines[2]} == "dns_queries_today 47" ]]
[[ ${lines[3]} == "ads_blocked_today 8" ]]
#[[ ${lines[4]} == "ads_percentage_today 7.792208" ]]
[[ ${lines[5]} == "unique_domains 34" ]]
[[ ${lines[5]} == "unique_domains 35" ]]
[[ ${lines[6]} == "queries_forwarded 26" ]]
[[ ${lines[7]} == "queries_cached 13" ]]
# Clients ever seen is commented out as CircleCI may have
Expand All @@ -313,7 +399,7 @@
#[[ ${lines[9]} == "unique_clients 8" ]]
[[ ${lines[10]} == "dns_queries_all_types 47" ]]
[[ ${lines[11]} == "reply_NODATA 0" ]]
[[ ${lines[12]} == "reply_NXDOMAIN 4" ]]
[[ ${lines[12]} == "reply_NXDOMAIN 1" ]]
[[ ${lines[13]} == "reply_CNAME 5" ]]
[[ ${lines[14]} == "reply_IP 23" ]]
[[ ${lines[15]} == "privacy_level 0" ]]
Expand Down Expand Up @@ -349,25 +435,25 @@
[[ "${lines[@]}" == *" 2 aaaa.ftl"* ]]
[[ "${lines[@]}" == *" 2 net"* ]]
[[ "${lines[@]}" == *" 2 verteiltesysteme.net"* ]]
[[ "${lines[@]}" == *" 2 ftl"* ]]
[[ "${lines[@]}" == *" 1 version.ftl"* ]]
[[ "${lines[@]}" == *" 1 whitelisted.ftl"* ]]
[[ "${lines[@]}" == *" 1 gravity-whitelisted.ftl"* ]]
[[ "${lines[@]}" == *" 1 regexa.ftl"* ]]
[[ "${lines[@]}" == *" 1 regex2.ftl"* ]]
[[ "${lines[@]}" == *" 1 use-application-dns.net"* ]]
[[ "${lines[@]}" == *" 1 any.ftl"* ]]
[[ "${lines[@]}" == *" 1 cname.ftl"* ]]
[[ "${lines[@]}" == *" 1 cname-ok.ftl"* ]]
[[ "${lines[@]}" == *" 1 srv.ftl"* ]]
[[ "${lines[@]}" == *" 1 soa.ftl"* ]]
[[ "${lines[@]}" == *" 1 any.ftl"* ]]
[[ "${lines[@]}" == *" 1 ptr.ftl"* ]]
[[ "${lines[@]}" == *" 1 txt.ftl"* ]]
[[ "${lines[@]}" == *" 1 naptr.ftl"* ]]
[[ "${lines[@]}" == *" 1 mx.ftl"* ]]
[[ "${lines[@]}" == *" 1 ns.ftl"* ]]
[[ "${lines[@]}" == *" 1 svcb.ftl"* ]]
[[ "${lines[@]}" == *" 1 https.ftl"* ]]
[[ "${lines[@]}" == *" 1 sigok.verteiltesysteme.net"* ]]
[[ "${lines[@]}" == *" 1 ."* ]]
[[ "${lines[@]}" == *" 1 sigok.verteiltesysteme.net"* ]]
[[ "${lines[@]}" == *" 1 sigfail.verteiltesysteme.net"* ]]
}

Expand All @@ -380,7 +466,7 @@
[[ "${lines[@]}" == *" 1 regex5.ftl"* ]]
[[ "${lines[@]}" == *" 1 regex1.ftl"* ]]
[[ "${lines[@]}" == *" 1 cname-1.ftl"* ]]
[[ "${lines[@]}" == *" 1 cname-4.ftl"* ]]
[[ "${lines[@]}" == *" 1 cname-7.ftl"* ]]
[[ ${lines[8]} == "" ]]
}

Expand Down Expand Up @@ -454,19 +540,19 @@
[[ ${lines[25]} == *" A use-application-dns.net 127.0.0.1 3 2 2 "*" N/A -1 N/A#0 \"\" \"24\""* ]]
[[ ${lines[26]} == *" A a.ftl 127.0.0.1 3 2 4 "*" N/A -1 N/A#0 \"\" \"25\""* ]]
[[ ${lines[27]} == *" AAAA aaaa.ftl 127.0.0.1 3 2 4 "*" N/A -1 N/A#0 \"\" \"26\""* ]]
[[ ${lines[28]} == *" ANY any.ftl 127.0.0.1 2 2 2 "*" N/A -1 127.0.0.1#5555 \"\" \"27\""* ]]
[[ ${lines[29]} == *" [CNAME] cname.ftl 127.0.0.1 2 2 2 "*" N/A -1 127.0.0.1#5555 \"\" \"28\""* ]]
[[ ${lines[28]} == *" ANY any.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"27\""* ]]
[[ ${lines[29]} == *" [CNAME] cname-ok.ftl 127.0.0.1 2 2 3 "*" N/A -1 127.0.0.1#5555 \"\" \"28\""* ]]
[[ ${lines[30]} == *" SRV srv.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"29\""* ]]
[[ ${lines[31]} == *" SOA soa.ftl 127.0.0.1 2 2 3 "*" N/A -1 127.0.0.1#5555 \"\" \"30\""* ]]
[[ ${lines[31]} == *" SOA ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"30\""* ]]
[[ ${lines[32]} == *" PTR ptr.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"31\""* ]]
[[ ${lines[33]} == *" TXT txt.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"32\""* ]]
[[ ${lines[34]} == *" NAPTR naptr.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"33\""* ]]
[[ ${lines[35]} == *" MX mx.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"34\""* ]]
[[ ${lines[36]} == *" NS ns.ftl 127.0.0.1 2 2 2 "*" N/A -1 127.0.0.1#5555 \"\" \"35\""* ]]
[[ ${lines[36]} == *" NS ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"35\""* ]]
[[ ${lines[37]} == *" SVCB svcb.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5554 \"\" \"36\""* ]]
[[ ${lines[38]} == *" HTTPS https.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5554 \"\" \"37\""* ]]
[[ ${lines[39]} == *" A cname-1.ftl 127.0.0.1 9 2 3 "*" gravity.ftl -1 127.0.0.1#5555 \"\" \"38\""* ]]
[[ ${lines[40]} == *" A cname-4.ftl 127.0.0.1 9 2 3 "*" gravity.ftl -1 127.0.0.1#5555 \"\" \"39\""* ]]
[[ ${lines[40]} == *" A cname-7.ftl 127.0.0.1 9 2 3 "*" gravity.ftl -1 127.0.0.1#5555 \"\" \"39\""* ]]
[[ ${lines[41]} == *" A sigok.verteiltesysteme.net 127.0.0.1 2 1 4 "*" N/A -1 127.0.0.1#5555 \"\" \"40\""* ]]
[[ ${lines[42]} == *" DS net :: 2 1 11 "*" N/A -1 127.0.0.1#5555 \"\" \"41\""* ]]
[[ ${lines[43]} == *" DNSKEY . :: 2 1 11 "*" N/A -1 127.0.0.1#5555 \"\" \"42\""* ]]
Expand All @@ -487,7 +573,7 @@
@test "Recent blocked shows expected content" {
run bash -c 'echo ">recentBlocked >quit" | nc -v 127.0.0.1 4711'
printf "%s\n" "${lines[@]}"
[[ ${lines[1]} == "cname-4.ftl" ]]
[[ ${lines[1]} == "cname-7.ftl" ]]
[[ ${lines[2]} == "" ]]
}

Expand Down

0 comments on commit e625d19

Please sign in to comment.