示例#1
0
func TestZoneSigningDouble(t *testing.T) {
	d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
	defer rm1()
	defer rm2()

	fPriv1, rmPriv1, _ := test.TempFile(t, ".", privKey1)
	fPub1, rmPub1, _ := test.TempFile(t, ".", pubKey1)
	defer rmPriv1()
	defer rmPub1()

	key1, err := ParseKeyFile(fPub1, fPriv1)
	if err != nil {
		t.Fatalf("failed to parse key: %v\n", err)
	}
	d.keys = append(d.keys, key1)

	m := testMsg()
	state := middleware.State{Req: m}
	m = d.Sign(state, "miek.nl.", time.Now().UTC())
	if !section(m.Answer, 2) {
		t.Errorf("answer section should have 1 sig")
	}
	if !section(m.Ns, 2) {
		t.Errorf("authority section should have 1 sig")
	}
	t.Logf("%+v\n", m)
}
示例#2
0
func newKey(t *testing.T) (*DNSKEY, func(), func()) {
	fPriv, rmPriv, _ := test.TempFile(t, ".", privKey)
	fPub, rmPub, _ := test.TempFile(t, ".", pubKey)

	key, err := ParseKeyFile(fPub, fPriv)
	if err != nil {
		t.Fatalf("failed to parse key: %v\n", err)
	}
	return key, rmPriv, rmPub
}
示例#3
0
func BenchmarkLookupBalanceRewriteCache(b *testing.B) {
	t := new(testing.T)
	name, rm, err := test.TempFile(t, ".", exampleOrg)
	if err != nil {
		t.Fatalf("failed to created zone: %s", err)
	}
	defer rm()

	corefile := `example.org:0 {
    file ` + name + `
    rewrite ANY HINFO
    loadbalance
}
`
	ex, _, udp, err := Server(t, corefile)
	if err != nil {
		t.Fatalf("Could get server: %s", err)
	}
	defer ex.Stop()

	log.SetOutput(ioutil.Discard)
	c := new(dns.Client)
	m := new(dns.Msg)
	m.SetQuestion("example.org.", dns.TypeA)

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		c.Exchange(m, udp)
	}
}
示例#4
0
func TestCacheSet(t *testing.T) {
	fPriv, rmPriv, _ := test.TempFile(t, ".", privKey)
	fPub, rmPub, _ := test.TempFile(t, ".", pubKey)
	defer rmPriv()
	defer rmPub()

	dnskey, err := ParseKeyFile(fPub, fPriv)
	if err != nil {
		t.Fatalf("failed to parse key: %v\n", err)
	}

	m := testMsg()
	state := middleware.State{Req: m}
	k := key(m.Answer) // calculate *before* we add the sig
	d := NewDnssec([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil)
	m = d.Sign(state, "miek.nl.", time.Now().UTC())

	_, ok := d.get(k)
	if !ok {
		t.Errorf("signature was not added to the cache")
	}
}
示例#5
0
// TestSigningDifferentZone tests if a key for miek.nl and be used for example.org.
func TestSigningDifferentZone(t *testing.T) {
	fPriv, rmPriv, _ := test.TempFile(t, ".", privKey)
	fPub, rmPub, _ := test.TempFile(t, ".", pubKey)
	defer rmPriv()
	defer rmPub()

	key, err := ParseKeyFile(fPub, fPriv)
	if err != nil {
		t.Fatalf("failed to parse key: %v\n", err)
	}

	m := testMsgEx()
	state := middleware.State{Req: m}
	d := NewDnssec([]string{"example.org."}, []*DNSKEY{key}, nil)
	m = d.Sign(state, "example.org.", time.Now().UTC())
	if !section(m.Answer, 1) {
		t.Errorf("answer section should have 1 sig")
	}
	if !section(m.Ns, 1) {
		t.Errorf("authority section should have 1 sig")
	}
	t.Logf("%+v\n", m)
}
示例#6
0
func TestLookupBalanceRewriteCacheDnssec(t *testing.T) {
	name, rm, err := test.TempFile(t, ".", exampleOrg)
	if err != nil {
		t.Fatalf("failed to created zone: %s", err)
	}
	defer rm()
	rm1 := createKeyFile(t)
	defer rm1()

	corefile := `example.org:0 {
    file ` + name + `
    rewrite ANY HINFO
    dnssec {
        key file ` + base + `
    }
    loadbalance
}
`
	ex, _, udp, err := Server(t, corefile)
	if err != nil {
		t.Errorf("Could get server to start: %s", err)
		return
	}
	defer ex.Stop()

	log.SetOutput(ioutil.Discard)
	c := new(dns.Client)
	m := new(dns.Msg)
	m.SetQuestion("example.org.", dns.TypeA)
	m.SetEdns0(4096, true)
	res, _, err := c.Exchange(m, udp)
	if err != nil {
		t.Fatalf("Could not send query: %s", err)
	}
	sig := 0
	for _, a := range res.Answer {
		if a.Header().Rrtype == dns.TypeRRSIG {
			sig++
		}
	}
	if sig == 0 {
		t.Errorf("expected RRSIGs, got none")
		t.Logf("%v\n", res)
	}
}
示例#7
0
func TestZoneReload(t *testing.T) {
	fileName, rm, err := test.TempFile(t, ".", reloadZoneTest)
	if err != nil {
		t.Fatalf("failed to create zone: %s", err)
	}
	defer rm()
	reader, err := os.Open(fileName)
	if err != nil {
		t.Fatalf("failed to open zone: %s", err)
	}
	z, err := Parse(reader, "miek.nl", fileName)
	if err != nil {
		t.Fatalf("failed to parse zone: %s", err)
	}

	z.Reload(nil)

	if _, _, _, res := z.Lookup("miek.nl.", dns.TypeSOA, false); res != Success {
		t.Fatalf("failed to lookup, got %d", res)
	}

	if _, _, _, res := z.Lookup("miek.nl.", dns.TypeNS, false); res != Success {
		t.Fatalf("failed to lookup, got %d", res)
	}

	if len(z.All()) != 5 {
		t.Fatalf("expected 5 RRs, got %d", len(z.All()))
	}
	if err := ioutil.WriteFile(fileName, []byte(reloadZone2Test), 0644); err != nil {
		t.Fatalf("failed to write new zone data", err)
	}
	// Could still be racy, but we need to wait a bit for the event to be seen
	time.Sleep(1 * time.Second)

	if len(z.All()) != 3 {
		t.Fatalf("expected 3 RRs, got %d", len(z.All()))
	}
}
示例#8
0
func TestLookupProxy(t *testing.T) {
	name, rm, err := test.TempFile(t, ".", exampleOrg)
	if err != nil {
		t.Fatalf("failed to created zone: %s", err)
	}
	defer rm()

	corefile := `example.org:0 {
	file ` + name + `
}
`
	ex, _, udp, err := Server(t, corefile)
	if err != nil {
		t.Fatalf("Could get server: %s", err)
	}
	defer ex.Stop()

	log.SetOutput(ioutil.Discard)

	p := proxy.New([]string{udp})
	state := middleware.State{W: &test.ResponseWriter{}, Req: new(dns.Msg)}
	resp, err := p.Lookup(state, "example.org.", dns.TypeA)
	if err != nil {
		t.Error("Expected to receive reply, but didn't")
		return
	}
	// expect answer section with A record in it
	if len(resp.Answer) == 0 {
		t.Error("Expected to at least one RR in the answer section, got none")
	}
	if resp.Answer[0].Header().Rrtype != dns.TypeA {
		t.Error("Expected RR to A, got: %d", resp.Answer[0].Header().Rrtype)
	}
	if resp.Answer[0].(*dns.A).A.String() != "127.0.0.1" {
		t.Error("Expected 127.0.0.1, got: %d", resp.Answer[0].(*dns.A).A.String())
	}
}