func TestZoneSigningDouble(t *testing.T) { d, rm1, rm2 := newDnssec(t, []string{"miek.nl."}) defer rm1() defer rm2() fPriv1, rmPriv1, _ := test.TempFile(t, ".", privKey1) fPub1, rmPub1, _ := test.TempFile(t, ".", pubKey1) defer rmPriv1() defer rmPub1() key1, err := ParseKeyFile(fPub1, fPriv1) if err != nil { t.Fatalf("failed to parse key: %v\n", err) } d.keys = append(d.keys, key1) m := testMsg() state := middleware.State{Req: m} m = d.Sign(state, "miek.nl.", time.Now().UTC()) if !section(m.Answer, 2) { t.Errorf("answer section should have 1 sig") } if !section(m.Ns, 2) { t.Errorf("authority section should have 1 sig") } t.Logf("%+v\n", m) }
func newKey(t *testing.T) (*DNSKEY, func(), func()) { fPriv, rmPriv, _ := test.TempFile(t, ".", privKey) fPub, rmPub, _ := test.TempFile(t, ".", pubKey) key, err := ParseKeyFile(fPub, fPriv) if err != nil { t.Fatalf("failed to parse key: %v\n", err) } return key, rmPriv, rmPub }
func BenchmarkLookupBalanceRewriteCache(b *testing.B) { t := new(testing.T) name, rm, err := test.TempFile(t, ".", exampleOrg) if err != nil { t.Fatalf("failed to created zone: %s", err) } defer rm() corefile := `example.org:0 { file ` + name + ` rewrite ANY HINFO loadbalance } ` ex, _, udp, err := Server(t, corefile) if err != nil { t.Fatalf("Could get server: %s", err) } defer ex.Stop() log.SetOutput(ioutil.Discard) c := new(dns.Client) m := new(dns.Msg) m.SetQuestion("example.org.", dns.TypeA) b.ResetTimer() for i := 0; i < b.N; i++ { c.Exchange(m, udp) } }
func TestCacheSet(t *testing.T) { fPriv, rmPriv, _ := test.TempFile(t, ".", privKey) fPub, rmPub, _ := test.TempFile(t, ".", pubKey) defer rmPriv() defer rmPub() dnskey, err := ParseKeyFile(fPub, fPriv) if err != nil { t.Fatalf("failed to parse key: %v\n", err) } m := testMsg() state := middleware.State{Req: m} k := key(m.Answer) // calculate *before* we add the sig d := NewDnssec([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil) m = d.Sign(state, "miek.nl.", time.Now().UTC()) _, ok := d.get(k) if !ok { t.Errorf("signature was not added to the cache") } }
// TestSigningDifferentZone tests if a key for miek.nl and be used for example.org. func TestSigningDifferentZone(t *testing.T) { fPriv, rmPriv, _ := test.TempFile(t, ".", privKey) fPub, rmPub, _ := test.TempFile(t, ".", pubKey) defer rmPriv() defer rmPub() key, err := ParseKeyFile(fPub, fPriv) if err != nil { t.Fatalf("failed to parse key: %v\n", err) } m := testMsgEx() state := middleware.State{Req: m} d := NewDnssec([]string{"example.org."}, []*DNSKEY{key}, nil) m = d.Sign(state, "example.org.", time.Now().UTC()) if !section(m.Answer, 1) { t.Errorf("answer section should have 1 sig") } if !section(m.Ns, 1) { t.Errorf("authority section should have 1 sig") } t.Logf("%+v\n", m) }
func TestLookupBalanceRewriteCacheDnssec(t *testing.T) { name, rm, err := test.TempFile(t, ".", exampleOrg) if err != nil { t.Fatalf("failed to created zone: %s", err) } defer rm() rm1 := createKeyFile(t) defer rm1() corefile := `example.org:0 { file ` + name + ` rewrite ANY HINFO dnssec { key file ` + base + ` } loadbalance } ` ex, _, udp, err := Server(t, corefile) if err != nil { t.Errorf("Could get server to start: %s", err) return } defer ex.Stop() log.SetOutput(ioutil.Discard) c := new(dns.Client) m := new(dns.Msg) m.SetQuestion("example.org.", dns.TypeA) m.SetEdns0(4096, true) res, _, err := c.Exchange(m, udp) if err != nil { t.Fatalf("Could not send query: %s", err) } sig := 0 for _, a := range res.Answer { if a.Header().Rrtype == dns.TypeRRSIG { sig++ } } if sig == 0 { t.Errorf("expected RRSIGs, got none") t.Logf("%v\n", res) } }
func TestZoneReload(t *testing.T) { fileName, rm, err := test.TempFile(t, ".", reloadZoneTest) if err != nil { t.Fatalf("failed to create zone: %s", err) } defer rm() reader, err := os.Open(fileName) if err != nil { t.Fatalf("failed to open zone: %s", err) } z, err := Parse(reader, "miek.nl", fileName) if err != nil { t.Fatalf("failed to parse zone: %s", err) } z.Reload(nil) if _, _, _, res := z.Lookup("miek.nl.", dns.TypeSOA, false); res != Success { t.Fatalf("failed to lookup, got %d", res) } if _, _, _, res := z.Lookup("miek.nl.", dns.TypeNS, false); res != Success { t.Fatalf("failed to lookup, got %d", res) } if len(z.All()) != 5 { t.Fatalf("expected 5 RRs, got %d", len(z.All())) } if err := ioutil.WriteFile(fileName, []byte(reloadZone2Test), 0644); err != nil { t.Fatalf("failed to write new zone data", err) } // Could still be racy, but we need to wait a bit for the event to be seen time.Sleep(1 * time.Second) if len(z.All()) != 3 { t.Fatalf("expected 3 RRs, got %d", len(z.All())) } }
func TestLookupProxy(t *testing.T) { name, rm, err := test.TempFile(t, ".", exampleOrg) if err != nil { t.Fatalf("failed to created zone: %s", err) } defer rm() corefile := `example.org:0 { file ` + name + ` } ` ex, _, udp, err := Server(t, corefile) if err != nil { t.Fatalf("Could get server: %s", err) } defer ex.Stop() log.SetOutput(ioutil.Discard) p := proxy.New([]string{udp}) state := middleware.State{W: &test.ResponseWriter{}, Req: new(dns.Msg)} resp, err := p.Lookup(state, "example.org.", dns.TypeA) if err != nil { t.Error("Expected to receive reply, but didn't") return } // expect answer section with A record in it if len(resp.Answer) == 0 { t.Error("Expected to at least one RR in the answer section, got none") } if resp.Answer[0].Header().Rrtype != dns.TypeA { t.Error("Expected RR to A, got: %d", resp.Answer[0].Header().Rrtype) } if resp.Answer[0].(*dns.A).A.String() != "127.0.0.1" { t.Error("Expected 127.0.0.1, got: %d", resp.Answer[0].(*dns.A).A.String()) } }