#!/usr/bin/env python3
'''Test for AXFR from Knot to Bind'''
from dnstest.test import Test
t = Test()
master = t.server("knot")
slave = t.server("bind")
zones = t.zone_rnd(10) + t.zone(".") + t.zone("wild.") + \
t.zone("cname-loop.") + t.zone("records.")
t.link(zones, master, slave)
t.start()
master.zones_wait(zones)
slave.zones_wait(zones)
t.xfr_diff(master, slave, zones)
t.end()
#!/usr/bin/env python3
'''Test for IXFR from Knot to Bind'''
from dnstest.test import Test
t = Test()
master = t.server("knot")
slave = t.server("bind")
zones = t.zone_rnd(5, records=50) + t.zone("wild.") + \
t.zone("cname-loop.") + t.zone("records.")
t.link(zones, master, slave, ixfr=True)
t.start()
# Wait for AXFR to slave server.
serials_init = master.zones_wait(zones)
slave.zones_wait(zones)
serials_prev = serials_init
for i in range(4):
# Update zone files on master.
for zone in zones:
master.update_zonefile(zone, random=True)
master.reload()
t.sleep(5)
# Wait for IXFR to slave.
else:
data = int(stats.get(section).get(item).get(idx))
else:
data = int(stats.get(section).get(item))
compare(data, value, "%s.%s" % (section, item))
ModStats.check()
proto = random.choice([4, 6])
t = Test(stress=False, tsig=False, address=proto)
knot = t.server("knot")
zones = t.zone_rnd(2)
t.link(zones, knot)
knot.add_module(None, ModStats())
knot.add_module(zones[0], ModStats())
knot.add_module(zones[1], ModStats())
t.start()
t.sleep(4)
check_item(knot, "server", "zone-count", 2)
resp = knot.dig(zones[0].name, "SOA", tries=1, udp=True)
query_size1 = resp.query_size()
reply_size1 = resp.response_size()
#!/usr/bin/env python3
'''Test for loading of dumped zone'''
from dnstest.test import Test
t = Test()
master = t.server("bind")
slave = t.server("knot")
reference = t.server("bind")
zones = t.zone_rnd(4) + t.zone(".") + t.zone("records.")
t.link(zones, master, slave)
t.link(zones, reference)
t.start()
# Wait for servers.
master.zones_wait(zones)
slave.zones_wait(zones)
reference.zones_wait(zones)
# Dump zones on slave.
slave.flush(wait=True)
# Compare master with reference server
t.xfr_diff(reference, master, zones)
# Compare slave with reference server
t.xfr_diff(reference, slave, zones)
#!/usr/bin/env python3
"""Test for AXFR from Bind to Knot"""
from dnstest.test import Test
t = Test()
master = t.server("bind")
slave = t.server("knot")
zones = t.zone_rnd(10) + t.zone(".") + t.zone("records.")
t.link(zones, master, slave)
t.start()
master.zones_wait(zones)
slave.zones_wait(zones)
t.xfr_diff(master, slave, zones)
t.end()
#!/usr/bin/env python3
"""
Test of zone force reload.
"""
from dnstest.utils import *
from dnstest.test import Test
t = Test()
knot = t.server("knot")
zone = t.zone_rnd(1, records=450)
t.link(zone, knot)
knot.dnssec(zone).enable = True
if knot.valgrind:
knot.ctl_params_append = ["-t", "30"]
t.start()
serial = knot.zone_wait(zone)
knot.ctl(" zone-sign %s" % zone[0].name, wait=False)
knot.ctl("-f zone-reload %s" % zone[0].name, wait=True)
resp = knot.dig(zone[0].name, "SOA")
compare(resp.soa_serial(), serial + 1, "SOA serial")
t.end()
#!/usr/bin/env python3
'''Test zone backup of many zones with multiple background workers.'''
from dnstest.test import Test
from dnstest.utils import *
import random
t = Test()
zones = t.zone_rnd(40, records=10)
master = t.server("knot")
backup_dir = master.dir + "/backup"
t.link(zones, master)
for z in zones:
master.dnssec(z).enable = True
if master.valgrind:
master.ctl_params_append = ["-t", "240"]
t.start()
serials_init = master.zones_wait(zones)
for i in range(10):
try:
master.ctl("zone-backup +backupdir %s" % backup_dir)
except:
pass
t.sleep(i * 0.05)
#!/usr/bin/env python3
'''Test for Knot clean-up after interruption of AXFR from Bind'''
from dnstest.test import Test
from dnstest.utils import *
t = Test()
master = t.server("bind")
slave = t.server("knot")
zones = t.zone_rnd(1, dnssec=False, records=50000)
t.link(zones, master, slave)
t.start()
t.sleep(2)
check_log("Killing master %s" % master.name)
master.proc.kill()
t.sleep(5)
t.end()
#!/usr/bin/env python3
'''Test for NSEC and NSEC3 fix after zone update'''
from dnstest.utils import *
from dnstest.test import Test
import random
t = Test()
master = t.server("knot")
slave = t.server("knot")
zones = t.zone_rnd(5, dnssec=False, records=30) + t.zone("records.")
t.link(zones, master, slave)
master.disable_notify = True
slave.disable_notify = True
for zone in zones:
master.dnssec(zone).enable = True
master.dnssec(zone).nsec3 = random.choice([True, False])
master.dnssec(zone).nsec3_iters = 2
master.dnssec(zone).nsec3_salt_len = 8
t.start()
t.sleep(4)
slave.ctl("zone-refresh")
slave.zones_wait(zones)
# initial convenience check
#!/usr/bin/env python3
'''Test for IXFR of many zones from Bind to Knot'''
from dnstest.test import Test
t = Test()
master = t.server("bind")
slave = t.server("knot")
zones = t.zone_rnd(400, records=10, dnssec=False)
t.link(zones, master, slave, ixfr=True)
t.start()
# Wait for AXFR to slave server.
serials_init = master.zones_wait(zones)
slave.zones_wait(zones)
# Update zone files on master.
for zone in zones:
master.update_zonefile(zone, random=True)
master.reload()
# Wait for IXFR to slave.
master.zones_wait(zones, serials_init)
slave.zones_wait(zones, serials_init)
# Compare IXFR between servers.
#!/usr/bin/env python3
'''Test for IXFR of many zones from Bind to Knot'''
from dnstest.test import Test
t = Test()
master = t.server("bind")
slave = t.server("knot")
zones = t.zone_rnd(400, records=10, dnssec=False)
t.link(zones, master, slave, ixfr=True)
t.start()
# Wait for AXFR to slave server.
serials_init = master.zones_wait(zones)
slave.zones_wait(zones)
# Update zone files on master.
for zone in zones:
master.update_zonefile(zone, random=True)
master.reload()
# Wait for IXFR to slave.
master.zones_wait(zones, serials_init)
slave.zones_wait(zones, serials_init)
# Compare IXFR between servers.
t.xfr_diff(master, slave, zones, serials_init)
#!/usr/bin/env python3
'''Test for loading of dumped zone'''
from dnstest.test import Test
t = Test()
master = t.server("bind")
slave = t.server("knot")
reference = t.server("bind")
zones = t.zone_rnd(10) + t.zone(".") + t.zone("wild.") + t.zone("cname-loop.")
t.link(zones, master, slave)
t.link(zones, reference)
t.start()
# Wait for AXFR and dump zones.
master.zones_wait(zones)
slave.zones_wait(zones)
slave.flush()
# Stop master.
master.stop()
# Reload dumped zone files.
slave.stop()
slave.start()
#!/usr/bin/env python3
'''Test for DNSSEC validation of Bind9 master by Knot slave'''
from dnstest.test import Test
t = Test()
master = t.server("bind")
slave = t.server("knot")
zones_nsec = t.zone_rnd(3, records=40, dnssec=False)
zones_nsec3 = t.zone_rnd(3, records=40, dnssec=False)
zones = zones_nsec + zones_nsec3
t.link(zones, master, slave, ixfr=True, ddns=True)
for z in zones:
master.dnssec(z).enable = True
slave.dnssec(z).validate = True
for z in zones_nsec3:
master.dnssec(z).nsec3 = True
master.dnssec(z).nsec3_opt_out = True
slave.dnssec(z).nsec3 = True
t.start()
serials_init = master.zones_wait(zones)
slave.zones_wait(zones)
serials_prev = serials_init
for i in range(4):
#!/usr/bin/env python3
'''Test for transition from NSEC to NSEC3 on auto-signed zone.'''
from dnstest.utils import *
from dnstest.test import Test
t = Test()
master = t.server("knot")
slave = t.server("bind")
zone = t.zone_rnd(1, dnssec=False)
t.link(zone, master, slave)
t.start()
# Wait for listening server with unsigned zone.
old_serial = master.zone_wait(zone)
slave.zone_wait(zone)
t.xfr_diff(master, slave, zone)
# Check NSEC absence.
master.check_nsec(zone, nonsec=True)
master.stop()
# Enable autosigning.
master.dnssec_enable = True
master.gen_key(zone, ksk=True, alg="NSEC3RSASHA1")
master.gen_key(zone, alg="NSEC3RSASHA1")
master.gen_key(zone, ksk=True, alg="RSASHA256")
master.gen_key(zone, alg="RSASHA256")
#!/usr/bin/env python3
"""
DNSSEC Single-Type Signing Scheme, RFC 6781
"""
from dnstest.utils import *
from dnstest.test import Test
t = Test()
knot = t.server("knot")
zones = t.zone_rnd(4, dnssec=False, records=10)
t.link(zones, knot)
t.start()
# one KSK
knot.gen_key(zones[0], ksk=True, alg="RSASHA256", key_len="512")
# one ZSK
knot.gen_key(zones[1], ksk=False, alg="RSASHA512", key_len="1024")
# multiple KSKs
knot.gen_key(zones[2], ksk=True, alg="RSASHA512", key_len="1024")
knot.gen_key(zones[2], ksk=True, alg="RSASHA256", key_len="512")
# different algorithms: KSK+ZSK pair, one ZSK
knot.gen_key(zones[3], ksk=True, alg="RSASHA256", key_len="1024")
knot.gen_key(zones[3], ksk=False, alg="RSASHA256", key_len="1024")
knot.gen_key(zones[3], ksk=False, alg="RSASHA512", key_len="1024")
knot.dnssec_enable = True
knot.gen_confile()
#!/usr/bin/env python3
"""
Multi-master failover tests.
"""
from dnstest.test import Test
t = Test()
# testing zone
zone = t.zone_rnd(1, dnssec=False, records=1)[0]
zone.update_soa(serial=1, refresh=600, retry=600, expire=3600)
# +---------+ +---------+
# | master1 <-------+ master2 |
# +----^----+ +----^----+
# | |
# | +---------+ |
# +---+ slave +---+
# +---------+
master1 = t.server("knot")
master2 = t.server("bind")
slave = t.server("knot")
# flush zones immediatelly
for server in [master1, master2, slave]:
slave.zonefile_sync = "0"
t.link([zone], master1, master2)
t.link([zone], master1, slave)
resp = master.dig(nsec_zone, "IXFR", serial=serial)
for msg in resp.resp:
for rr in msg.answer:
if rr.rdtype not in [dns.rdatatype.SOA, dns.rdatatype.NSEC, dns.rdatatype.RRSIG]:
return False
if rr.rdtype == dns.rdatatype.RRSIG:
if (not rr.match(rr.name, rr.rdclass, dns.rdatatype.RRSIG, dns.rdatatype.NSEC)) and \
(not rr.match(rr.name, rr.rdclass, dns.rdatatype.RRSIG, dns.rdatatype.SOA)):
# RRSIG covering something else than NSEC or SOA.
return False
return True
t = Test()
master = t.server("knot")
nsec_zone = t.zone_rnd(1, dnssec=True, nsec3=False)
nsec3_zone = t.zone_rnd(1, dnssec=True, nsec3=True)
static_zone = t.zone("example.", storage=".")
t.link(nsec_zone, master)
t.link(nsec3_zone, master)
t.link(static_zone, master)
t.start()
# Get zone serial.
old_nsec_serial = master.zone_wait(nsec_zone)
old_nsec3_serial = master.zone_wait(nsec3_zone)
old_static_serial = master.zone_wait(static_zone)
# Enable autosigning.
master.dnssec_enable = True
#!/usr/bin/env python3
''' Check 'dnsproxy' query module functionality. '''
from dnstest.test import Test
from dnstest.module import ModDnsproxy
import dnstest.keys
t = Test(tsig=False)
ModDnsproxy.check()
# Initialize server configuration
zone_common1 = t.zone("test", storage=".", file_name="test.local_zone")
zone_common2 = t.zone("test", storage=".", file_name="test.remote_zone")
zone_local = t.zone_rnd(1)
zone_remote = t.zone_rnd(1)
key1 = dnstest.keys.Tsig(name="key1", alg="hmac-sha1", key="Zm9v")
local = t.server("knot", tsig=key1)
t.link(zone_common1, local)
t.link(zone_local, local)
key2 = dnstest.keys.Tsig(name="key2", alg="hmac-sha1", key="YmFy")
remote = t.server("knot", tsig=key2)
t.link(zone_common2, remote)
t.link(zone_remote, remote)
def fallback_checks(server, zone_local, zone_remote):
# Local preferred OK, try with local TSIG.
resp = server.dig("dns1.test", "A", tsig=key1)
#!/usr/bin/env python3
'''Check online DNSSEC signing module (just basic checks).'''
import dns.rdatatype
from dnstest.test import Test
from dnstest.utils import *
from dnstest.module import ModOnlineSign
t = Test(stress=False)
ModOnlineSign.check()
knot = t.server("knot")
zones = t.zone_rnd(4, dnssec=False, records=5)
t.link(zones, knot, journal_content="none")
knot.add_module(zones[0], ModOnlineSign())
knot.add_module(zones[1], ModOnlineSign("ECDSAP384SHA384", key_size="384"))
knot.dnssec(zones[2]).enable = True
knot.dnssec(zones[3]).enable = True
knot.dnssec(zones[3]).nsec3 = True
def check_zone(zone, dnskey_rdata_start):
# Check SOA record.
soa1 = knot.dig(zone.name, "SOA", dnssec=True)
soa1.check(rcode="NOERROR", flags="QR AA")
soa1.check_count(1, "RRSIG")
t.sleep(1) # Ensure different RRSIGs.
soa2 = knot.dig(zone.name, "SOA", dnssec=True)
#!/usr/bin/env python3
'''Test for Knot clean-up after interruption of AXFR from Bind'''
from dnstest.test import Test
from dnstest.utils import *
t = Test()
master = t.server("bind")
slave = t.server("knot")
zones = t.zone_rnd(1, dnssec=False, records=50000)
t.link(zones, master, slave)
t.start()
t.sleep(2)
check_log("Killing master %s" % master.name)
master.proc.kill()
t.sleep(5)
t.end()
#!/usr/bin/env python3
'''Test IXFR-from-diff with DNSSEC'''
from dnstest.test import Test
t = Test(stress=False)
master = t.server("knot")
slave = t.server("knot")
if not master.valgrind:
zones = t.zone_rnd(12)
else:
zones = t.zone_rnd(4, records=100)
t.link(zones, master, slave, ixfr=True)
master.semantic_check = False
master.zonefile_sync = "-1"
for zone in zones:
master.dnssec(zone).enable = True
t.start()
ser1 = master.zones_wait(zones, serials_zfile=True, greater=True, equal=False)
slave.zones_wait(zones, ser1, greater=False, equal=True)
for zone in zones:
slave.zone_backup(zone, flush=True)
#!/usr/bin/env python3
'''Test for transition from NSEC to NSEC3 on auto-signed zone using DDNS.'''
from dnstest.utils import *
from dnstest.test import Test
t = Test()
master = t.server("knot")
slave = t.server("bind")
zone = t.zone_rnd(1, dnssec=False)
t.link(zone, master, slave, ddns=True)
t.start()
# Wait for listening server with unsigned zone.
old_serial = master.zone_wait(zone)
slave.zone_wait(zone)
t.xfr_diff(master, slave, zone)
# Check NSEC absence.
master.check_nsec(zone, nonsec=True)
master.stop()
# Enable autosigning.
master.dnssec_enable = True
master.gen_key(zone, ksk=True, alg="NSEC3RSASHA1")
master.gen_key(zone, alg="NSEC3RSASHA1")
master.gen_key(zone, ksk=True, alg="RSASHA256")
#!/usr/bin/env python3
'''Test for unsiccessful creation of NSEC3 tree'''
from dnstest.test import Test
t = Test()
master = t.server("knot")
zone = t.zone_rnd(1, records=200)
t.link(zone, master)
master.journal_max_usage = 51200 # the creation of NSEC3 tree fails on ESPACE
t.start()
master.zone_wait(zone)
master.dnssec(zone).enable = True
master.dnssec(zone).nsec3 = True
master.gen_confile()
master.reload()
t.sleep(8) # unfixed knotd will crash upon update reversal
master.flush(wait=True)
t.end()
#!/usr/bin/env python3
"""
DNSSEC Single-Type Signing Scheme, RFC 6781
"""
from dnstest.utils import *
from dnstest.test import Test
t = Test()
knot = t.server("knot")
zones = t.zone_rnd(5, dnssec=False, records=10)
t.link(zones, knot)
t.start()
# one KSK
knot.gen_key(zones[0], ksk=True, zsk=True, alg="ECDSAP256SHA256", key_len="256")
# multiple KSKs
knot.gen_key(zones[1], ksk=True, zsk=True, alg="ECDSAP384SHA384", key_len="384")
knot.gen_key(zones[1], ksk=True, zsk=True, alg="ECDSAP256SHA256", key_len="256")
# different algorithms: KSK+ZSK pair, one KSK
knot.gen_key(zones[2], ksk=True, alg="ECDSAP256SHA256", key_len="256")
knot.gen_key(zones[2], ksk=False, alg="ECDSAP256SHA256", key_len="256")
knot.gen_key(zones[2], ksk=True, zsk=True, alg="ECDSAP384SHA384", key_len="384")
# one ZSK
knot.gen_key(zones[3], ksk=False, alg="ECDSAP256SHA256", key_len="256").change_role(ksk=True, zsk=True)
for zone in zones[:-1]:
knot.dnssec(zone).enable = True
#!/usr/bin/env python3
'''Test for IXFR from Knot to Knot'''
from dnstest.test import Test
t = Test()
master = t.server("knot")
slave = t.server("knot")
zones = t.zone_rnd(5, records=50) + t.zone("records.")
t.link(zones, master, slave, ixfr=True)
t.start()
# Wait for AXFR to slave server.
serials_init = master.zones_wait(zones)
slave.zones_wait(zones)
serials_prev = serials_init
for i in range(4):
# Update zone files on master.
for zone in zones:
master.update_zonefile(zone, random=True)
master.reload()
# Wait for IXFR to slave.
serials = master.zones_wait(zones, serials_prev)
slave.zones_wait(zones, serials_prev)
serials_prev = serials
dns.rdatatype.SOA, dns.rdatatype.NSEC, dns.rdatatype.RRSIG
]:
return False
if rr.rdtype == dns.rdatatype.RRSIG:
if (not rr.match(rr.name, rr.rdclass, dns.rdatatype.RRSIG, dns.rdatatype.NSEC)) and \
(not rr.match(rr.name, rr.rdclass, dns.rdatatype.RRSIG, dns.rdatatype.SOA)):
# RRSIG covering something else than NSEC or SOA.
return False
return True
t = Test()
master = t.server("knot")
nsec_zone = t.zone_rnd(1, dnssec=True, nsec3=False)
nsec3_zone = t.zone_rnd(1, dnssec=True, nsec3=0)
static_zone = t.zone("example.", storage=".")
t.link(nsec_zone, master)
t.link(nsec3_zone, master)
t.link(static_zone, master)
master.dnssec(nsec_zone).alg = "rsasha1"
master.dnssec(nsec3_zone).alg = "rsasha1"
master.dnssec(nsec3_zone).nsec3 = True
master.dnssec(static_zone).alg = "rsasha1"
master.dnssec(nsec_zone).cds_publish = "rollover"
master.dnssec(nsec3_zone).cds_publish = "rollover"
master.dnssec(static_zone).cds_publish = "rollover"
# install KASP db
#!/usr/bin/env python3
'''Test for the queryacl module'''
from dnstest.utils import *
from dnstest.test import Test
from dnstest.module import ModQueryacl
import random
t = Test(address=4)
knot = t.server("knot")
zones = t.zone_rnd(3)
t.link(zones, knot)
knot.addr_extra = ["127.0.0.2", "127.0.0.3"]
knot.add_module(zones[0],
ModQueryacl(address=["127.0.0.1/32", "127.0.0.2/32"]))
knot.add_module(zones[1],
ModQueryacl(interface=["127.0.0.1/32", "127.0.0.2/32"]))
knot.add_module(
zones[2],
ModQueryacl(address=["127.0.0.1/32", "127.0.0.2/32"],
interface=["127.0.0.1/32", "127.0.0.2/32"]))
t.start()
knot.zones_wait(zones)
# Test just address ACL.
import os
import time
from dnstest.libknot import libknot
from dnstest.test import Test
from dnstest.module import ModRRL
from dnstest.utils import *
ctl = libknot.control.KnotCtl()
t = Test(stress=False)
ModRRL.check()
knot = t.server("knot")
zones = t.zone_rnd(2, dnssec=False, records=1)
t.link(zones, knot)
def send_queries(server, name, run_time=1.0, query_time=0.05):
"""
Send UDP queries to the server for certain time and get replies statistics.
"""
replied, slipped, dropped = 0, 0, 0
start = time.time()
while time.time() < start + run_time:
try:
query = dns.message.make_query(name, "SOA", want_dnssec=False)
response = dns.query.udp(query,
server.addr,
port=server.port,
#!/usr/bin/env python3
"""
Multi-master failover tests.
"""
from dnstest.test import Test
t = Test()
# testing zone
zone = t.zone_rnd(1, dnssec=False, records=1)[0]
zone.update_soa(serial=1, refresh=600, retry=600, expire=3600)
# +---------+ +---------+
# | master1 <-------+ master2 |
# +----^----+ +----^----+
# | |
# | +---------+ |
# +---+ slave +---+
# +---------+
master1 = t.server("knot")
master2 = t.server("bind")
slave = t.server("knot")
# flush zones immediatelly
for server in [master1, master2, slave]:
slave.zonefile_sync = "0"
t.link([zone], master1, master2)
#!/usr/bin/env python3
'''Test for NSEC transitions with autosigning.
zone1: none->nsec->nsec3->none
zone2: none->nsec3->nsec->none'''
from dnstest.utils import *
from dnstest.test import Test
t = Test()
master = t.server("knot")
slave = t.server("bind")
zone1 = t.zone_rnd(1, dnssec=False, records=5)
zone2 = t.zone_rnd(1, dnssec=False, records=5)
zones = zone1 + zone2
t.link(zones, master, slave)
t.start()
# Wait for listening server with unsigned zones.
master.zones_wait(zones)
old_serials = slave.zones_wait(zones)
t.xfr_diff(master, slave, zones)
# Check NSEC absence.
master.check_nsec(zone1, nonsec=True)
master.check_nsec(zone2, nonsec=True)
### First change ##############################################################
# Enable autosigning.
#!/usr/bin/env python3
'''Test for IXFR from Knot to Knot'''
from dnstest.test import Test
t = Test()
master = t.server("knot")
slave = t.server("knot")
zones = t.zone_rnd(5, records=50) + t.zone("records.")
t.link(zones, master, slave, ixfr=True)
if master.valgrind:
master.tcp_io_timeout = 2000
slave.tcp_remote_io_timeout = 8000
t.start()
# Wait for AXFR to slave server.
serials_init = master.zones_wait(zones)
slave.zones_wait(zones)
serials_prev = serials_init
for i in range(4):
# Update zone files on master.
for zone in zones:
master.update_zonefile(zone, random=True)
master.reload()
# Wait for IXFR to slave.
#!/usr/bin/env python3
'''Test for NSEC and NSEC3 fix after zone update (ddns, ixfr)'''
from dnstest.utils import *
from dnstest.test import Test
from dnstest.keys import Keymgr
import random
t = Test()
master0 = t.server("knot")
master = t.server("knot")
slave = t.server("knot")
zones1 = t.zone_rnd(20, dnssec=False, records=1) + \
t.zone_rnd(20, dnssec=False, records=10) + \
t.zone_rnd(5, dnssec=False, records=100) + \
t.zone("records.")
zone0 = t.zone("dk.", storage=".")
zones = zones1 + zone0
t.link(zone0, master0, master)
t.link(zones, master, slave)
master.disable_notify = True
slave.disable_notify = True
for zone in zones:
master.dnssec(zone).enable = True
master.dnssec(zone).nsec3 = random.choice([True, False])
master.dnssec(zone).nsec3_iters = 2
#!/usr/bin/env python3
'''Test for chain IXFR with middle man being frozen'''
from dnstest.test import Test
from dnstest.utils import *
t = Test()
s1 = t.server("knot")
s2 = t.server("knot")
s3 = t.server("knot")
zones = t.zone_rnd(5)
t.link(zones, s1, s2, ixfr=True)
t.link(zones, s2, s3, ixfr=True)
s2.tcp_remote_io_timeout = 8000
s3.tcp_remote_io_timeout = 8000
for zone in zones:
s1.dnssec(zone).enable = True
t.start()
serials_init = s3.zones_wait(zones)
s2.ctl("zone-freeze")
t.sleep(1)
s1.ctl("zone-sign")
t.sleep(2)
#!/usr/bin/env python3
'''Test of freeze-thaw feature'''
from dnstest.test import Test
from dnstest.utils import *
t = Test(tsig=False)
master = t.server("knot")
zone = t.zone_rnd(1, records=300, dnssec=False)
t.link(zone, master)
master.dnssec(zone[0]).enable = True
def soa_rrsig(server, zones):
resp = server.dig(zones[0].name, "SOA", dnssec=True)
return resp.resp.answer[1].to_rdataset()[0].to_text()
master.ctl_params_append = ["-t", "35"]
t.start()
master.zone_wait(zone)
rrsig0 = soa_rrsig(master, zone)
master.ctl("zone-sign") # non-blocking
#!/usr/bin/env python3
'''Test for slave zone refresh when loading.'''
from dnstest.test import Test
from dnstest.utils import *
t = Test()
master = t.server("knot")
slave = t.server("knot")
slave.disable_notify = True
zone_del = t.zone_rnd(1, dnssec=False)
zone_upd = t.zone_rnd(1, dnssec=False)
zones = zone_del + zone_upd
t.link(zones, master, slave)
t.start()
serial_del_init = master.zone_wait(zone_del)
serial_upd_init = master.zone_wait(zone_upd)
slave.zones_wait(zones)
slave.stop()
# Update a zonefile on the master.
master.update_zonefile(zone_upd, random=True)
master.reload()
# Remove a zonefile on the slave.
slave.clean(zone=zone_del, timers=False)
