func TestZoneSigningDouble(t *testing.T) {
d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
defer rm1()
defer rm2()
fPriv1, rmPriv1, _ := test.TempFile(t, ".", privKey1)
fPub1, rmPub1, _ := test.TempFile(t, ".", pubKey1)
defer rmPriv1()
defer rmPub1()
key1, err := ParseKeyFile(fPub1, fPriv1)
if err != nil {
t.Fatalf("failed to parse key: %v\n", err)
}
d.keys = append(d.keys, key1)
m := testMsg()
state := middleware.State{Req: m}
m = d.Sign(state, "miek.nl.", time.Now().UTC())
if !section(m.Answer, 2) {
t.Errorf("answer section should have 1 sig")
}
if !section(m.Ns, 2) {
t.Errorf("authority section should have 1 sig")
}
t.Logf("%+v\n", m)
}
func newKey(t *testing.T) (*DNSKEY, func(), func()) {
fPriv, rmPriv, _ := test.TempFile(t, ".", privKey)
fPub, rmPub, _ := test.TempFile(t, ".", pubKey)
key, err := ParseKeyFile(fPub, fPriv)
if err != nil {
t.Fatalf("failed to parse key: %v\n", err)
}
return key, rmPriv, rmPub
}
func BenchmarkLookupBalanceRewriteCache(b *testing.B) {
t := new(testing.T)
name, rm, err := test.TempFile(t, ".", exampleOrg)
if err != nil {
t.Fatalf("failed to created zone: %s", err)
}
defer rm()
corefile := `example.org:0 {
file ` + name + `
rewrite ANY HINFO
loadbalance
}
`
ex, _, udp, err := Server(t, corefile)
if err != nil {
t.Fatalf("Could get server: %s", err)
}
defer ex.Stop()
log.SetOutput(ioutil.Discard)
c := new(dns.Client)
m := new(dns.Msg)
m.SetQuestion("example.org.", dns.TypeA)
b.ResetTimer()
for i := 0; i < b.N; i++ {
c.Exchange(m, udp)
}
}
func TestCacheSet(t *testing.T) {
fPriv, rmPriv, _ := test.TempFile(t, ".", privKey)
fPub, rmPub, _ := test.TempFile(t, ".", pubKey)
defer rmPriv()
defer rmPub()
dnskey, err := ParseKeyFile(fPub, fPriv)
if err != nil {
t.Fatalf("failed to parse key: %v\n", err)
}
m := testMsg()
state := middleware.State{Req: m}
k := key(m.Answer) // calculate *before* we add the sig
d := NewDnssec([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil)
m = d.Sign(state, "miek.nl.", time.Now().UTC())
_, ok := d.get(k)
if !ok {
t.Errorf("signature was not added to the cache")
}
}
// TestSigningDifferentZone tests if a key for miek.nl and be used for example.org.
func TestSigningDifferentZone(t *testing.T) {
fPriv, rmPriv, _ := test.TempFile(t, ".", privKey)
fPub, rmPub, _ := test.TempFile(t, ".", pubKey)
defer rmPriv()
defer rmPub()
key, err := ParseKeyFile(fPub, fPriv)
if err != nil {
t.Fatalf("failed to parse key: %v\n", err)
}
m := testMsgEx()
state := middleware.State{Req: m}
d := NewDnssec([]string{"example.org."}, []*DNSKEY{key}, nil)
m = d.Sign(state, "example.org.", time.Now().UTC())
if !section(m.Answer, 1) {
t.Errorf("answer section should have 1 sig")
}
if !section(m.Ns, 1) {
t.Errorf("authority section should have 1 sig")
}
t.Logf("%+v\n", m)
}
func TestLookupBalanceRewriteCacheDnssec(t *testing.T) {
name, rm, err := test.TempFile(t, ".", exampleOrg)
if err != nil {
t.Fatalf("failed to created zone: %s", err)
}
defer rm()
rm1 := createKeyFile(t)
defer rm1()
corefile := `example.org:0 {
file ` + name + `
rewrite ANY HINFO
dnssec {
key file ` + base + `
}
loadbalance
}
`
ex, _, udp, err := Server(t, corefile)
if err != nil {
t.Errorf("Could get server to start: %s", err)
return
}
defer ex.Stop()
log.SetOutput(ioutil.Discard)
c := new(dns.Client)
m := new(dns.Msg)
m.SetQuestion("example.org.", dns.TypeA)
m.SetEdns0(4096, true)
res, _, err := c.Exchange(m, udp)
if err != nil {
t.Fatalf("Could not send query: %s", err)
}
sig := 0
for _, a := range res.Answer {
if a.Header().Rrtype == dns.TypeRRSIG {
sig++
}
}
if sig == 0 {
t.Errorf("expected RRSIGs, got none")
t.Logf("%v\n", res)
}
}
func TestZoneReload(t *testing.T) {
fileName, rm, err := test.TempFile(t, ".", reloadZoneTest)
if err != nil {
t.Fatalf("failed to create zone: %s", err)
}
defer rm()
reader, err := os.Open(fileName)
if err != nil {
t.Fatalf("failed to open zone: %s", err)
}
z, err := Parse(reader, "miek.nl", fileName)
if err != nil {
t.Fatalf("failed to parse zone: %s", err)
}
z.Reload(nil)
if _, _, _, res := z.Lookup("miek.nl.", dns.TypeSOA, false); res != Success {
t.Fatalf("failed to lookup, got %d", res)
}
if _, _, _, res := z.Lookup("miek.nl.", dns.TypeNS, false); res != Success {
t.Fatalf("failed to lookup, got %d", res)
}
if len(z.All()) != 5 {
t.Fatalf("expected 5 RRs, got %d", len(z.All()))
}
if err := ioutil.WriteFile(fileName, []byte(reloadZone2Test), 0644); err != nil {
t.Fatalf("failed to write new zone data", err)
}
// Could still be racy, but we need to wait a bit for the event to be seen
time.Sleep(1 * time.Second)
if len(z.All()) != 3 {
t.Fatalf("expected 3 RRs, got %d", len(z.All()))
}
}
func TestLookupProxy(t *testing.T) {
name, rm, err := test.TempFile(t, ".", exampleOrg)
if err != nil {
t.Fatalf("failed to created zone: %s", err)
}
defer rm()
corefile := `example.org:0 {
file ` + name + `
}
`
ex, _, udp, err := Server(t, corefile)
if err != nil {
t.Fatalf("Could get server: %s", err)
}
defer ex.Stop()
log.SetOutput(ioutil.Discard)
p := proxy.New([]string{udp})
state := middleware.State{W: &test.ResponseWriter{}, Req: new(dns.Msg)}
resp, err := p.Lookup(state, "example.org.", dns.TypeA)
if err != nil {
t.Error("Expected to receive reply, but didn't")
return
}
// expect answer section with A record in it
if len(resp.Answer) == 0 {
t.Error("Expected to at least one RR in the answer section, got none")
}
if resp.Answer[0].Header().Rrtype != dns.TypeA {
t.Error("Expected RR to A, got: %d", resp.Answer[0].Header().Rrtype)
}
if resp.Answer[0].(*dns.A).A.String() != "127.0.0.1" {
t.Error("Expected 127.0.0.1, got: %d", resp.Answer[0].(*dns.A).A.String())
}
}