From e625d197d901da032d7a63fc28a2553a60dabf3d Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Sun, 10 Oct 2021 14:37:01 +0200
Subject: [PATCH] Inline local DNS tests

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 test/dig.sh             |  28 ----------
 test/pdns/pdns.conf     |   2 +-
 test/pdns/recursor.conf |   2 +-
 test/pdns/setup.sh      |  10 +++-
 test/test_suite.bats    | 118 ++++++++++++++++++++++++++++++++++------
 5 files changed, 112 insertions(+), 48 deletions(-)
 delete mode 100644 test/dig.sh

diff --git a/test/dig.sh b/test/dig.sh
deleted file mode 100644
index c08f93885..000000000
--- a/test/dig.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-# Test script to quickly test for arbitrary resource records
-# Originally written by Daxtorim, see
-# https://discourse.pi-hole.net/t/pi-hole-wont-cache-results-if-answer-doesnt-fit-known-reply-types-and-will-always-display-n-a-0-0ms-as-reply-in-query-log/49171/3
-
-pihole="127.0.0.1"
-for i in a aaaa any cname srv soa ptr txt naptr mx ns svcb https
-do
-    if [ "$i" = "ptr" ]; then
-        # Also test reverse address lookups in addition to PTR
-        # ptr.ftl below
-        ip4="$(dig +short a a.ftl)"
-        ip6="$(dig +short aaaa ftl)"
-        dig +noall +answer +retry=0 +timeout=30 "@${pihole}" -x "${ip4}"
-        dig +noall +answer +retry=0 +timeout=30 "@${pihole}" -x "${ip6}"
-    fi
-    if [ "$i" = "svcb" ]; then
-        j="TYPE64"
-    elif [ "$i" = "https" ]; then
-        j="TYPE65"
-    else
-        j="$i"
-    fi
-    echo "dig ${j} ${i}.ftl"
-    dig +noall +answer +retry=0 +timeout=30 "@${pihole}" ${j} "${i}.ftl"
-    echo ""
-done
-echo ""
diff --git a/test/pdns/pdns.conf b/test/pdns/pdns.conf
index d8d1aa10d..f556b763b 100644
--- a/test/pdns/pdns.conf
+++ b/test/pdns/pdns.conf
@@ -18,4 +18,4 @@ any-to-tcp=false
 launch=gsqlite3
 
 # Database location
-gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
\ No newline at end of file
+gsqlite3-database=/var/lib/powerdns/pdns.sqlite3
diff --git a/test/pdns/recursor.conf b/test/pdns/recursor.conf
index 3670191cc..2d2e136e3 100644
--- a/test/pdns/recursor.conf
+++ b/test/pdns/recursor.conf
@@ -11,4 +11,4 @@
 local-address=127.0.0.1:5555
 
 # Use authorative server for ftl. and arpa. zones
-forward-zones=ftl=127.0.0.1:5554,168.192.in-addr.arpa=127.0.0.1:5554,ip6.arpa=127.0.0.1:5554
\ No newline at end of file
+forward-zones=ftl=127.0.0.1:5554,168.192.in-addr.arpa=127.0.0.1:5554,ip6.arpa=127.0.0.1:5554
diff --git a/test/pdns/setup.sh b/test/pdns/setup.sh
index 3e767f0ca..9f2e12ba0 100644
--- a/test/pdns/setup.sh
+++ b/test/pdns/setup.sh
@@ -36,6 +36,7 @@ else
 fi
 # Create zone ftl
 pdnsutil create-zone ftl ns1.ftl
+pdnsutil add-record ftl. . SOA "ns1.ftl. hostmaster.ftl. 1 10800 3600 604800 3600"
 
 # Create A records
 pdnsutil add-record ftl. a A 192.168.1.1
@@ -52,12 +53,14 @@ pdnsutil add-record ftl. regex-REPLYv6 A 192.168.2.6
 pdnsutil add-record ftl. regex-REPLYv46 A 192.168.2.7
 pdnsutil add-record ftl. regex-A A 192.168.2.8
 pdnsutil add-record ftl. regex-notA A 192.168.2.9
+pdnsutil add-record ftl. any A 192.168.3.1
 
 # Create AAAA records
 pdnsutil add-record ftl. aaaa AAAA fe80::1c01
 pdnsutil add-record ftl. regex-REPLYv4 AAAA fe80::2c01
 pdnsutil add-record ftl. regex-REPLYv6 AAAA fe80::2c02
 pdnsutil add-record ftl. regex-REPLYv46 AAAA fe80::2c03
+pdnsutil add-record ftl. any AAAA fe80::3c01
 
 # Create CNAME records
 pdnsutil add-record ftl. cname-1 CNAME gravity.ftl
@@ -67,6 +70,7 @@ pdnsutil add-record ftl. cname-4 CNAME cname-3.ftl
 pdnsutil add-record ftl. cname-5 CNAME cname-4.ftl
 pdnsutil add-record ftl. cname-6 CNAME cname-5.ftl
 pdnsutil add-record ftl. cname-7 CNAME cname-6.ftl
+pdnsutil add-record ftl. cname-ok CNAME a.ftl
 
 # Create CNAME for SOA test domain
 pdnsutil add-record ftl. soa CNAME ftl
@@ -87,13 +91,13 @@ pdnsutil add-record ftl. mx MX "50 ns1.ftl."
 if ! pdnsutil add-record ftl. svcb SVCB '1 port="80"'; then
   # see RFC3597: Handling of Unknown DNS Resource Record (RR) Types
   # and https://ypcs.fi/howto/2020/09/30/announce-https-via-dns/
-  pdnsutil add-record ftl. svcb TYPE64 "\# 13 31202e20706f72743d22383022"
+  pdnsutil add-record ftl. svcb TYPE64 "\# 13 000109706F72743D2238302200"
 fi
 
 # HTTPS
 if ! pdnsutil add-record ftl. https HTTPS '1 . alpn="h3,h2"'; then
   # comment above applies
-  pdnsutil add-record ftl. https TYPE65 "\# 16 31202e20616c706e3d2268332c683222"
+  pdnsutil add-record ftl. https TYPE65 "\# 15 000100000100080322683303683222"
 fi
 
 # Create reverse lookup zone
@@ -121,8 +125,10 @@ if command -v service; then
   service pdns-recursor restart
 else
   # Alpine
+  killall pdns_server
   pdns_server --daemon
   # Have to create the socketdir or the recursor will fails to start
   mkdir -p /var/run/pdns-recursor
+  killall pdns_recursor
   pdns_recursor --daemon
 fi
diff --git a/test/test_suite.bats b/test/test_suite.bats
index 548bd932c..a3c1725de 100644
--- a/test/test_suite.bats
+++ b/test/test_suite.bats
@@ -265,9 +265,95 @@
   [[ ${lines[0]} == "1" ]]
 }
 
-@test "Local DNS reply test" {
-  run bash -c "bash test/dig.sh | tee dig.log"
+@test "Local DNS test: A a.ftl" {
+  run bash -c "dig A a.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "192.168.1.1" ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: AAAA aaaa.ftl" {
+  run bash -c "dig AAAA aaaa.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "fe80::1c01" ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: ANY any.ftl" {
+  run bash -c "dig ANY any.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[@]} == *"192.168.3.1"* ]]
+  [[ ${lines[@]} == *"fe80::3c01"* ]]
+}
+
+@test "Local DNS test: CNAME cname-ok.ftl" {
+  run bash -c "dig CNAME cname-ok.ftl @127.0.0.1 +short"
   printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "a.ftl." ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: SRV srv.ftl" {
+  run bash -c "dig SRV srv.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "0 1 80 a.ftl." ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: SOA ftl" {
+  run bash -c "dig SOA ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "ns1.ftl. hostmaster.ftl. 1 10800 3600 604800 3600" ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: PTR ptr.ftl" {
+  run bash -c "dig PTR ptr.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "ptr.ftl." ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: TXT txt.ftl" {
+  run bash -c "dig TXT txt.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "\"Some example text\"" ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: NAPTR naptr.ftl" {
+  run bash -c "dig NAPTR naptr.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[@]} == *'10 10 "u" "smtp+E2U" "!.*([^.]+[^.]+)$!mailto:postmaster@$1!i" .'* ]]
+  [[ ${lines[@]} == *'20 10 "s" "http+N2L+N2C+N2R" "" ftl.'* ]]
+}
+
+@test "Local DNS test: MX mx.ftl" {
+  run bash -c "dig MX mx.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "50 ns1.ftl." ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: NS ftl" {
+  run bash -c "dig NS ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == "ns1.ftl." ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: SVCB svcb.ftl" {
+  run bash -c "dig TYPE64 svcb.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == '\# 13 000109706F72743D2238302200' ]]
+  [[ ${lines[1]} == "" ]]
+}
+
+@test "Local DNS test: HTTPS https.ftl" {
+  run bash -c "dig TYPE65 https.ftl @127.0.0.1 +short"
+  printf "%s\n" "${lines[@]}"
+  [[ ${lines[0]} == '\# 15 000100000100080322683303683222' ]]
+  [[ ${lines[1]} == "" ]]
 }
 
 @test "CNAME inspection: Shallow CNAME is blocked" {
@@ -278,7 +364,7 @@
 }
 
 @test "CNAME inspection: Deep CNAME is blocked" {
-  run bash -c "dig A cname-4.ftl @127.0.0.1 +short"
+  run bash -c "dig A cname-7.ftl @127.0.0.1 +short"
   printf "%s\n" "${lines[@]}"
   [[ ${lines[0]} == "0.0.0.0" ]]
   [[ ${lines[1]} == "" ]]
@@ -303,7 +389,7 @@
   [[ ${lines[2]} == "dns_queries_today 47" ]]
   [[ ${lines[3]} == "ads_blocked_today 8" ]]
   #[[ ${lines[4]} == "ads_percentage_today 7.792208" ]]
-  [[ ${lines[5]} == "unique_domains 34" ]]
+  [[ ${lines[5]} == "unique_domains 35" ]]
   [[ ${lines[6]} == "queries_forwarded 26" ]]
   [[ ${lines[7]} == "queries_cached 13" ]]
   # Clients ever seen is commented out as CircleCI may have
@@ -313,7 +399,7 @@
   #[[ ${lines[9]} == "unique_clients 8" ]]
   [[ ${lines[10]} == "dns_queries_all_types 47" ]]
   [[ ${lines[11]} == "reply_NODATA 0" ]]
-  [[ ${lines[12]} == "reply_NXDOMAIN 4" ]]
+  [[ ${lines[12]} == "reply_NXDOMAIN 1" ]]
   [[ ${lines[13]} == "reply_CNAME 5" ]]
   [[ ${lines[14]} == "reply_IP 23" ]]
   [[ ${lines[15]} == "privacy_level 0" ]]
@@ -349,6 +435,7 @@
   [[ "${lines[@]}" == *" 2 aaaa.ftl"* ]]
   [[ "${lines[@]}" == *" 2 net"* ]]
   [[ "${lines[@]}" == *" 2 verteiltesysteme.net"* ]]
+  [[ "${lines[@]}" == *" 2 ftl"* ]]
   [[ "${lines[@]}" == *" 1 version.ftl"* ]]
   [[ "${lines[@]}" == *" 1 whitelisted.ftl"* ]]
   [[ "${lines[@]}" == *" 1 gravity-whitelisted.ftl"* ]]
@@ -356,18 +443,17 @@
   [[ "${lines[@]}" == *" 1 regex2.ftl"* ]]
   [[ "${lines[@]}" == *" 1 use-application-dns.net"* ]]
   [[ "${lines[@]}" == *" 1 any.ftl"* ]]
-  [[ "${lines[@]}" == *" 1 cname.ftl"* ]]
+  [[ "${lines[@]}" == *" 1 cname-ok.ftl"* ]]
   [[ "${lines[@]}" == *" 1 srv.ftl"* ]]
-  [[ "${lines[@]}" == *" 1 soa.ftl"* ]]
+  [[ "${lines[@]}" == *" 1 any.ftl"* ]]
   [[ "${lines[@]}" == *" 1 ptr.ftl"* ]]
   [[ "${lines[@]}" == *" 1 txt.ftl"* ]]
   [[ "${lines[@]}" == *" 1 naptr.ftl"* ]]
   [[ "${lines[@]}" == *" 1 mx.ftl"* ]]
-  [[ "${lines[@]}" == *" 1 ns.ftl"* ]]
   [[ "${lines[@]}" == *" 1 svcb.ftl"* ]]
   [[ "${lines[@]}" == *" 1 https.ftl"* ]]
-  [[ "${lines[@]}" == *" 1 sigok.verteiltesysteme.net"* ]]
   [[ "${lines[@]}" == *" 1 ."* ]]
+  [[ "${lines[@]}" == *" 1 sigok.verteiltesysteme.net"* ]]
   [[ "${lines[@]}" == *" 1 sigfail.verteiltesysteme.net"* ]]
 }
 
@@ -380,7 +466,7 @@
   [[ "${lines[@]}" == *" 1 regex5.ftl"* ]]
   [[ "${lines[@]}" == *" 1 regex1.ftl"* ]]
   [[ "${lines[@]}" == *" 1 cname-1.ftl"* ]]
-  [[ "${lines[@]}" == *" 1 cname-4.ftl"* ]]
+  [[ "${lines[@]}" == *" 1 cname-7.ftl"* ]]
   [[ ${lines[8]} == "" ]]
 }
 
@@ -454,19 +540,19 @@
   [[ ${lines[25]} == *" A use-application-dns.net 127.0.0.1 3 2 2 "*" N/A -1 N/A#0 \"\" \"24\""* ]]
   [[ ${lines[26]} == *" A a.ftl 127.0.0.1 3 2 4 "*" N/A -1 N/A#0 \"\" \"25\""* ]]
   [[ ${lines[27]} == *" AAAA aaaa.ftl 127.0.0.1 3 2 4 "*" N/A -1 N/A#0 \"\" \"26\""* ]]
-  [[ ${lines[28]} == *" ANY any.ftl 127.0.0.1 2 2 2 "*" N/A -1 127.0.0.1#5555 \"\" \"27\""* ]]
-  [[ ${lines[29]} == *" [CNAME] cname.ftl 127.0.0.1 2 2 2 "*" N/A -1 127.0.0.1#5555 \"\" \"28\""* ]]
+  [[ ${lines[28]} == *" ANY any.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"27\""* ]]
+  [[ ${lines[29]} == *" [CNAME] cname-ok.ftl 127.0.0.1 2 2 3 "*" N/A -1 127.0.0.1#5555 \"\" \"28\""* ]]
   [[ ${lines[30]} == *" SRV srv.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"29\""* ]]
-  [[ ${lines[31]} == *" SOA soa.ftl 127.0.0.1 2 2 3 "*" N/A -1 127.0.0.1#5555 \"\" \"30\""* ]]
+  [[ ${lines[31]} == *" SOA ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"30\""* ]]
   [[ ${lines[32]} == *" PTR ptr.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"31\""* ]]
   [[ ${lines[33]} == *" TXT txt.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"32\""* ]]
   [[ ${lines[34]} == *" NAPTR naptr.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"33\""* ]]
   [[ ${lines[35]} == *" MX mx.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"34\""* ]]
-  [[ ${lines[36]} == *" NS ns.ftl 127.0.0.1 2 2 2 "*" N/A -1 127.0.0.1#5555 \"\" \"35\""* ]]
+  [[ ${lines[36]} == *" NS ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5555 \"\" \"35\""* ]]
   [[ ${lines[37]} == *" SVCB svcb.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5554 \"\" \"36\""* ]]
   [[ ${lines[38]} == *" HTTPS https.ftl 127.0.0.1 2 2 13 "*" N/A -1 127.0.0.1#5554 \"\" \"37\""* ]]
   [[ ${lines[39]} == *" A cname-1.ftl 127.0.0.1 9 2 3 "*" gravity.ftl -1 127.0.0.1#5555 \"\" \"38\""* ]]
-  [[ ${lines[40]} == *" A cname-4.ftl 127.0.0.1 9 2 3 "*" gravity.ftl -1 127.0.0.1#5555 \"\" \"39\""* ]]
+  [[ ${lines[40]} == *" A cname-7.ftl 127.0.0.1 9 2 3 "*" gravity.ftl -1 127.0.0.1#5555 \"\" \"39\""* ]]
   [[ ${lines[41]} == *" A sigok.verteiltesysteme.net 127.0.0.1 2 1 4 "*" N/A -1 127.0.0.1#5555 \"\" \"40\""* ]]
   [[ ${lines[42]} == *" DS net :: 2 1 11 "*" N/A -1 127.0.0.1#5555 \"\" \"41\""* ]]
   [[ ${lines[43]} == *" DNSKEY . :: 2 1 11 "*" N/A -1 127.0.0.1#5555 \"\" \"42\""* ]]
@@ -487,7 +573,7 @@
 @test "Recent blocked shows expected content" {
   run bash -c 'echo ">recentBlocked >quit" | nc -v 127.0.0.1 4711'
   printf "%s\n" "${lines[@]}"
-  [[ ${lines[1]} == "cname-4.ftl" ]]
+  [[ ${lines[1]} == "cname-7.ftl" ]]
   [[ ${lines[2]} == "" ]]
 }