示例#1
0
文件: test.py 项目: yuanlz/knot
EXPIRE_SLEEP = 15

master = t.server("knot")
slave = t.server("knot")
slave.tcp_remote_io_timeout = "1000"

t.link(zone, master, slave)

t.start()

master.zone_wait(zone)
slave.zone_wait(zone)

# expire by shutting down the master
master.stop()
t.sleep(EXPIRE_SLEEP);
test_expire(zone, slave)

# bring back master (notifies slave)
master.start()
master.zone_wait(zone)
slave.zone_wait(zone)

# expire by breaking AXFR
break_xfrout(master)
master.update_zonefile(zone, version=1)
master.reload()
t.sleep(EXPIRE_SLEEP);
test_expire(zone, slave)

t.stop()
示例#2
0
t.start()

# initial convenience check

master.zone_wait(zone)
slave.zone_wait(zone)

resp = slave.dig("added.example.", "A")
resp.check(rcode="NOERROR", rdata="1.2.3.4")

# check that slave ignored outdated master

master.update_zonefile(zone, version=1)
master.stop()
master.start()
t.sleep(2)
slave.ctl("zone-refresh") # the refresh should fail -> no blocking mode, no error
t.sleep(2)

resp = master.dig("added.example.", "A")
resp.check(rcode="NXDOMAIN")

resp = slave.dig("added.example.", "A")
resp.check(rcode="NOERROR", rdata="1.2.3.4")

# check that slave bootstrapped older zone

while not slave.log_search("zone expired"):
  t.sleep(2)
t.sleep(3)
示例#3
0
文件: test.py 项目: garyobrien/knot
child.dnssec(child_zone).propagation_delay = 11
child.dnssec(child_zone).ksk_sbm_check = [parent]
child.dnssec(child_zone).ksk_sbm_check_interval = 2
child.dnssec(child_zone).ksk_shared = True
child.dnssec(child_zone).cds_publish = "always"
if DOUBLE_DS:
    child.dnssec(child_zone).cds_publish = "double-ds"

# parameters
ZONE = "example.com."

t.start()
child.zone_wait(child_zone)

cds_submission()
t.sleep(5)

pregenerate_key(child, child_zone, "ECDSAP256SHA256")
watch_alg_rollover(t, child, child_zone, 2, 1, "KZSK to CSK alg",
                   "ECDSAP256SHA256", True, cds_submission)

pregenerate_key(child, child_zone, "ECDSAP256SHA256")
watch_ksk_rollover(t, child, child_zone, 1, 1, 2, "CSK rollover", True, 27,
                   cds_submission)

pregenerate_key(child, child_zone, "ECDSAP256SHA256")
watch_ksk_rollover(t, child, child_zone, 1, 2, 3, "CSK to KZSK", False, 0,
                   cds_submission)

pregenerate_key(child, child_zone, "ECDSAP256SHA256")
watch_ksk_rollover(t, child, child_zone, 2, 2, 3, "KSK rollover", False, 27,
示例#4
0
master.zones["catalog1."].catalog = True
slave.zones["catalog1."].catalog = True

if random.choice([True, False]):
    slave.dnssec(zone[1]).enable = True
else:
    slave.add_module(zone[1], ModOnlineSign(algorithm="ECDSAP256SHA256", single_type_signing=False))

for zf in glob.glob(t.data_dir + "/*.zone"):
    shutil.copy(zf, master.dir + "/master")

t.start()

# Basic: master a slave configure cataloged zone.
t.sleep(5)
resp = master.dig("cataloged1.", "SOA")
resp.check(rcode="NOERROR")
resp = slave.dig("cataloged1.", "DNSKEY", dnssec=True)
resp.check(rcode="NOERROR")
resp.check_count(2, "DNSKEY")
resp.check_count(1, "RRSIG")
resp = master.dig("not-cataloged1.", "SOA")
resp.check(rcode="REFUSED")

# Udating a cataloged zone
subprocess.run(["sed", "-i", "s/10001/10002/;$s/$/\\nxyz A 1.2.3.4/", master.dir + "/master/cataloged1.zone"])
master.ctl("zone-reload cataloged1.")
t.sleep(4)
resp = slave.dig("xyz.cataloged1.", "A", dnssec=True)
resp.check(rcode="NOERROR")
示例#5
0
文件: test.py 项目: derschultz/knot
    master.dnssec(zone).nsec3 = random.choice([True, False])
    master.dnssec(zone).nsec3_iters = 2
    master.dnssec(zone).nsec3_salt_len = random.choice([0, 1, 9, 64, 128, 255])
    master.dnssec(zone).nsec3_opt_out = (random.random() < 0.5)

t.start()
master.zones_wait(zones)
slave.ctl("zone-refresh")
slave.zones_wait(zones)

# initial convenience check
t.xfr_diff(master, slave, zones)

# update master
master.flush()
t.sleep(2)
for zone in zones1:
    master.random_ddns(zone)

up = master0.update(zone0)
up.add("dk.", "86400", "SOA", "a.nic.dk. mail.dk. 1666666666 600 300 1814400 7200")
up.delete("nextlevelinlife.dk.", "NS")
up.delete("nextlevelinlife.dk.", "DS")
up.add("nextlevelinlife.dk.", "86400", "NS", "test.com.")
up.send("NOERROR")

t.sleep(1)
master.ctl("zone-refresh")

t.sleep(4) # zones_wait fails if an empty update is generated
after_update = master.zones_wait(zones)
示例#6
0
文件: test.py 项目: shane-kerr/knot
zone = t.zone_rnd(1, dnssec=False, records=100)
t.link(zone, master, slave)

master.dnssec(zone).enable = True

master.zonefile_sync = 0
slave.zonefile_sync = 0

t.start()

m_zfpath = master.zones[zone[0].name].zfile.path
s_zfpath = slave.zones[zone[0].name].zfile.path

master.zones_wait(zone)
slave.zones_wait(zone)
t.sleep(2)

# check zonefile flushed after load and sign
master.zone_verify(zone)

# check zonefile flushed after AXFR
slave.zone_verify(zone)

m_mtime1 = os.stat(m_zfpath).st_mtime
s_mtime1 = os.stat(s_zfpath).st_mtime

up = master.update(zone)
up.add("djojdw", 3600, "TXT", "this wont sure be there yet")
up.send("NOERROR")

t.sleep(4)
示例#7
0
zone = t.zone_rnd(1, dnssec=False, records=10)
t.link(zone, master, slave, ixfr=True)

master.dnssec(zone).enable = True

master.zonefile_sync = 0
slave.zonefile_sync = 0

t.start()

m_zfpath = master.zones[zone[0].name].zfile.path
s_zfpath = slave.zones[zone[0].name].zfile.path

master.zones_wait(zone)
slave.zones_wait(zone)
t.sleep(2)

# check zonefile flushed after load and sign
master.zone_verify(zone)

# check zonefile flushed after AXFR
slave.zone_verify(zone)

# reload with re-sign (no additional serial increment)
master.ctl("zone-freeze")
master.zones[zone[0].name].zfile.update_soa()
m_mtime0 = os.stat(m_zfpath).st_mtime
t.sleep(1.5)
master.reload()
t.sleep(10)
master.ctl("zone-thaw")
示例#8
0
文件: test.py 项目: wujcheng/knot
child.zonefile_sync = 24 * 60 * 60

child.dnssec(child_zone).ksk_sbm_check = [parent]
child.add_module(
    child_zone,
    ModOnlineSign("ECDSAP384SHA384",
                  key_size="384",
                  prop_delay=11,
                  ksc=[parent],
                  ksci=2,
                  ksk_shared=True))

# parameters
ZONE = "example.com."

t.start()
child.zone_wait(child_zone)

cds_submission()  # pass initially generated key to active state
t.sleep(4)  # let the server accept the submission before forced reload

pregenerate_key(child, child_zone, "ECDSAP384SHA384")
watch_ksk_rollover(t, child, child_zone, 1, 1, 2, "CSK rollover", 22,
                   cds_submission)

pregenerate_key(child, child_zone, "ECDSAP256SHA256")
watch_alg_rollover(t, child, child_zone, 1, 1, "CSK to CSK alg",
                   "ECDSAP256SHA256", 256, cds_submission)

t.end()
示例#9
0
child.dnssec(child_zone).dnskey_ttl = 2
child.dnssec(child_zone).zsk_lifetime = 99999
child.dnssec(
    child_zone).ksk_lifetime = 300  # this can be possibly left also infinity
child.dnssec(child_zone).propagation_delay = 11
child.dnssec(child_zone).ksk_sbm_check = [parent]
child.dnssec(child_zone).ksk_sbm_check_interval = 2
child.dnssec(child_zone).ds_push = parent
child.dnssec(child_zone).ksk_shared = True
child.dnssec(child_zone).cds_publish = "always"

# parameters
ZONE = "example.com."

#t.start()
t.generate_conf()
parent.start()
t.sleep(2)
child.start()
child.zone_wait(child_zone)

t.sleep(5)

pregenerate_key(child, child_zone, "ECDSAP256SHA256")
watch_ksk_rollover(t, child, child_zone, 2, 2, 3, "KSK rollover", 27)

resp = parent.dig("example.com.", "DS")
resp.check_count(1, rtype="DS")

t.end()
示例#10
0
文件: test.py 项目: wujcheng/knot
             ZSK2,
             publish="+8",
             ready="+14",
             active="+14",
             retire="+31",
             remove="+36")
knot.key_set(ZONE,
             ZSK3,
             publish="+24",
             ready="+30",
             active="+30",
             retire="+1y",
             remove="+2y")

t.start()
t.sleep(4)

check_zone4(knot, 2, 1, "initial keys")

t.sleep(15)

check_zone4(knot, 2, 1, "standard rollover")

t.sleep(13)

for x in range(1, 8):
    check_zone4(knot, 2, 1, "conflicting rollover %i" % x)
    t.sleep(2)

t.end()
示例#11
0
文件: test.py 项目: yuanlz/knot
for z in zones:
    master.dnssec(z).enable = True

if master.valgrind:
    master.ctl_params_append = ["-t", "240"]

t.start()
serials_init = master.zones_wait(zones)

for i in range(10):
    try:
        master.ctl("zone-backup +backupdir %s" % backup_dir)
    except:
        pass
    t.sleep(i * 0.05)
t.sleep(10)

for z in zones:
    master.ctl("zone-key-rollover %s zsk" % z.name)

master.zones_wait(zones, serials_init, equal=False, greater=True)

master.ctl("zone-restore +backupdir %s" % backup_dir, wait=True)
if master.valgrind:
    t.sleep(45)

master.zones_wait(zones, serials_init, equal=True, greater=False)

master.ctl("zone-backup +backupdir %s" % backup_dir)
t.sleep(random.randint(0, 5))
示例#12
0
文件: test.py 项目: dnstap/knot
shutil.copytree(os.path.join(t.data_dir, "keys"), knot.keydir)

# parameters
key_file = os.path.join(knot.keydir, "test.private")
date_past = "19700101000001"
date_future = "20400101000000"
WAIT_SIGN = 0

#
# Common cases
#

# key not published, not active
key_settime(key_file, Publish=date_future, Activate=date_future)
t.start()
t.sleep(WAIT_SIGN)
check_zone(knot, False, False)

# key published, not active
key_settime(key_file, Publish=date_past)
knot.reload()
t.sleep(WAIT_SIGN)
check_zone(knot, True, False)

# key published, active
key_settime(key_file, Activate=date_past)
knot.reload()
t.sleep(WAIT_SIGN)
check_zone(knot, True, True)

# key published, inactive
示例#13
0
文件: test.py 项目: yuanlz/knot
slave.update_zonefile(zone, version="slave")

zfpath = slave.zones[zone[0].name].zfile.path
mtime0 = os.stat(zfpath).st_mtime

t.start()

serial_master = master.zone_wait(zone)
serial_slave = slave.zone_wait(zone)

# Check that the slave's serial is larger than master's
assert serial_master <= serial_slave

# Retransfer zone with lower serial
slave.ctl("zone-retransfer example.com.", wait=True)
t.sleep(2)  # allow zone file update

serial_slave = slave.zone_wait(zone)
compare(serial_slave, serial_master, "Serial after retransfer")

mtime1 = os.stat(zfpath).st_mtime
if mtime1 == mtime0:
    set_err("Not flushed after retransfer")

# Retransfer zone with the same serial
master.update_zonefile(zone, version="master")
master.reload()

slave.ctl("zone-retransfer example.com.", wait=True)
t.sleep(2)  # allow zone file update
示例#14
0
old_nsec3_serial = master.zone_wait(nsec3_zone)
old_static_serial = master.zone_wait(static_zone)

# Enable autosigning.
master.dnssec(nsec_zone).enable = True
master.dnssec(nsec3_zone).enable = True
master.dnssec(static_zone).enable = True
master.dnssec(nsec_zone).manual = True
master.dnssec(nsec3_zone).manual = True
master.dnssec(static_zone).manual = True
master.key_import_bind(nsec_zone[0].name)
master.key_import_bind(nsec3_zone[0].name)
master.gen_confile()
master.reload()

t.sleep(10)

new_nsec_serial = master.zone_wait(nsec_zone)
new_nsec3_serial = master.zone_wait(nsec3_zone)
new_static_serial = master.zone_wait(static_zone)

# Check if the zones are re-signed.
if old_nsec_serial != new_nsec_serial:
    if not only_nsec_changed(master, nsec_zone, old_nsec_serial):
        set_err("NSEC zone got re-signed")

compare(old_nsec3_serial, new_nsec3_serial, "NSEC3 zone got re-signed")
compare(old_static_serial, new_static_serial, "static zone got re-signed")

t.stop()
示例#15
0
master.semantic_check = False
master.zonefile_sync = "-1"
for zone in zones:
    master.dnssec(zone).enable = True

t.start()

ser1 = master.zones_wait(zones, serials_zfile=True, greater=True, equal=False)
slave.zones_wait(zones, ser1, greater=False, equal=True)

for zone in zones:
    slave.zone_backup(zone, flush=True)

master.flush()
t.sleep(3)

for zone in zones:
    master.update_zonefile(zone, random=True)
    master.ctl("zone-reload %s" % zone.name)

ser2 = master.zones_wait(zones, serials_zfile=True, greater=True, equal=False)
slave.zones_wait(zones, ser2, greater=False, equal=True)

master.stop()
t.sleep(3)
master.start()

master.zones_wait(zones, ser2, greater=False, equal=True)

t.xfr_diff(master, slave, zones)  # AXFR diff
示例#16
0
文件: test.py 项目: dnstap/knot
slave = t.server("bind")
zones = t.zone_rnd(5, records=50) + t.zone("wild.") + \
        t.zone("cname-loop.") + t.zone("records.")

t.link(zones, master, slave, ixfr=True)

t.start()

# Wait for AXFR to slave server.
serials_init = master.zones_wait(zones)
slave.zones_wait(zones)

serials_prev = serials_init
for i in range(4):
    # Update zone files on master.
    for zone in zones:
        master.update_zonefile(zone, random=True)

    master.reload()
    t.sleep(5)

    # Wait for IXFR to slave.
    serials = master.zones_wait(zones, serials_prev)
    slave.zones_wait(zones, serials_prev)
    serials_prev = serials

    # Compare IXFR between servers.
    t.xfr_diff(master, slave, zones, serials_init)

t.end()
示例#17
0
master = t.server("knot")
zone = t.zone("example.com.")
t.link(zone, master)

master.dnssec(zone).enable = True
master.dnssec(zone).rrsig_lifetime = 20
master.dnssec(zone).rrsig_refresh = 2
master.dnssec(zone).rrsig_prerefresh = 4

t.start()

serial_init = master.zone_wait(zone)

master.ctl("zone-sign")

t.sleep(2)

up = master.update(zone)
up.add("record1.example.com.", 3600, "A", "1.2.3.4")
up.send("NOERROR")

serial_updates = master.zone_wait(zone)

serial_refresh = master.zone_wait(zone, serial_updates)

t.sleep(10)

serial_wait = master.zone_wait(zone)

if serial_wait != serial_refresh:
    set_err("RRSIGs refreshed separately (%d != %d)" %
示例#18
0
t.link(zone, master, slave)
t.start()
slave.stop()
try:
	os.remove(zone_path)
except:
	pass
slave.start()
slave.zone_wait(zone)

#check that the zone file has not been flushed
if os.path.exists(zone_path):
    check_log("Zonefile created too soon: " + str(os.stat(zone_path).st_ctime))
    set_err("SOON FLUSH")

t.sleep(FLUSH_SLEEP) #point of first flush ~ 5s
#check that the zone file has been flushed
if not os.path.exists(zone_path):
    check_log("Zonefile not created")
    set_err("NOT FLUSHED")

prev_mtime = os.stat(zone_path).st_mtime

master.update_zonefile(zone, random=True)
master.reload()
t.sleep(FLUSH_SLEEP) #point of second flush ~ 10s

last_mtime = os.stat(zone_path).st_mtime

#check that the zone file has been flushed after transfer
if prev_mtime == last_mtime:
示例#19
0
#!/usr/bin/env python3
'''Test for unsiccessful creation of NSEC3 tree'''

from dnstest.test import Test

t = Test()

master = t.server("knot")
zone = t.zone_rnd(1, records=200)

t.link(zone, master)

master.journal_max_usage = 51200  # the creation of NSEC3 tree fails on ESPACE

t.start()
master.zone_wait(zone)

master.dnssec(zone).enable = True
master.dnssec(zone).nsec3 = True
master.gen_confile()
master.reload()

t.sleep(8)  # unfixed knotd will crash upon update reversal
master.flush(wait=True)

t.end()
示例#20
0
文件: test.py 项目: dnstap/knot
t.link(nsec3_zone, master)

t.start()

# Get zone serial.
old_nsec_serial = master.zone_wait(nsec_zone)
old_nsec3_serial = master.zone_wait(nsec3_zone)

# Enable autosigning.
master.dnssec_enable = True
master.use_keys(nsec_zone)
master.use_keys(nsec3_zone)
master.gen_confile()
master.reload()

t.sleep(4)

new_nsec_serial = master.zone_wait(nsec_zone)
new_nsec3_serial = master.zone_wait(nsec3_zone)

# Check if the zones are resigned.
if compare(old_nsec_serial, new_nsec_serial,
           "%s SOA serial (NSEC)" % nsec_zone[0].name):
    resp = master.dig(nsec_zone, "IXFR", serial=old_nsec_serial)
    for rr in resp.resp:
        detail_log(rr)

if compare(old_nsec3_serial, new_nsec3_serial,
           "%s SOA serial (NSEC3)" % nsec3_zone[0].name):
    resp = master.dig(nsec3_zone, "IXFR", serial=old_nsec3_serial)
    for rr in resp.resp:
示例#21
0
start_time = int(t.uptime())

for z in zones:
    if master.dnssec(z).enable:
        Keymgr.run_check(master.confile, z.name, "import-pub",
                         "%s/%skey" % (t.data_dir, z.name))
        master.ctl("zone-sign " + z.name)
        slave.zone_wait(z, serials_init[z.name])

master.ctl("zone-backup +backupdir %s" % backup_dir)
slave.ctl("zone-backup %s %s +journal +backupdir %s +nozonefile" % \
          (zones[0].name, zones[1].name, slave_bck_dir))

(dnskey1_1, dnskey2_1) = get_dnskeys(master, zones)

t.sleep(4)

for z in zones:
    up = master.update(z)
    up.delete("added.%s" % z.name, "A")
    up.send()

t.sleep(1)

slave.stop()
master.stop()
shutil.rmtree(master.keydir)  # let Knot generate new set of keys
master.start()
master.zones_wait(zones)

(dnskey1_2, dnskey2_2) = get_dnskeys(master, zones)
示例#22
0
slave = t.server("knot")

zone = t.zone("example.", storage=".")
t.link(zone, master, slave)

t.start()

master.zone_wait(zone)
slave.zone_wait(zone)

slave.ctl("zone-freeze")

master.update_zonefile(zone, version=1)
master.reload()
master.zone_wait(zone, serial=2, equal=True)
t.sleep(1)

# check that slave freezed transfer after obtained notify
resp = slave.dig("added.example.", "A")
resp.check(rcode="NXDOMAIN", nordata="1.2.3.4")

slave.ctl("zone-refresh")

# check that slave transferred when invoked from ctl
slave.zone_wait(zone, serial=2, equal=True)
resp = slave.dig("added.example.", "A")
resp.check(rcode="NOERROR", rdata="1.2.3.4")

# check that update is refused
up = slave.update(zone)
up.add("noddns", 3600, "A", "1.2.3.6")
示例#23
0
EXPIRE_SLEEP = 15

master = t.server("knot")
slave = t.server("knot")
slave.tcp_reply_timeout = "1s"

t.link(zone, master, slave)

t.start()

master.zone_wait(zone)
slave.zone_wait(zone)

# expire by shutting down the master
master.stop()
t.sleep(EXPIRE_SLEEP)
test_expire(zone, slave)

# bring back master (notifies slave)
master.start()
master.zone_wait(zone)
slave.zone_wait(zone)

# expire by breaking AXFR
break_xfrout(master)
master.update_zonefile(zone, version=1)
master.reload()
t.sleep(EXPIRE_SLEEP)
test_expire(zone, slave)

t.stop()
示例#24
0
t.start()

# initial convenience check

master.zone_wait(zone)
slave.zone_wait(zone)

resp = slave.dig("added.example.", "A")
resp.check(rcode="NOERROR", rdata="1.2.3.4")

# check that slave ignored outdated master

master.update_zonefile(zone, version=1)
master.stop()
master.start()
t.sleep(RESYNC_SLEEP - TEST_START_EXPECTED)

resp = master.dig("added.example.", "A")
resp.check(rcode="NXDOMAIN")

resp = slave.dig("added.example.", "A")
resp.check(rcode="NOERROR", rdata="1.2.3.4")

# check that slave bootstrapped older zone

t.sleep(EXPIRE_SLEEP - RESYNC_SLEEP)

resp = slave.dig("added.example.", "A")
resp.check(rcode="NXDOMAIN")

t.stop()
示例#25
0
# set journal limit for one of the slaves
slaves[0].ixfr_fslimit = "500k"

for s in slaves:
    t.link(zone, master, s, ddns=True, ixfr=True)

t.start()

for s in slaves + [master]:
    s.zone_wait(zone)

# flood server with updates
last_rr = flood(master, zone)

# wait for update and ixfr processing
t.sleep(10)

# restart servers and dig for last change
for s in slaves + [master]:
    s.stop()
    s.start()
    s.zone_wait(zone)
    resp = s.dig(last_rr[0], "TXT")
    resp.check(rdata = last_rr[3])

# check journal sizes
st = os.stat(master.dir + "/" + zone[0].name.lower() + "diff.db")
if st.st_size > 1050 * 1024:
    detail_log("Journal too big, should be max 800k, is: " + str(st.st_size // 1024) + "k")
    set_err("JOURNAL SIZE OVERFLOW")
示例#26
0
文件: test.py 项目: dnstap/knot
# Enable autosigning.
master.dnssec_enable = True
master.gen_key(zone, ksk=True, alg="NSEC3RSASHA1")
master.gen_key(zone, alg="NSEC3RSASHA1")
master.gen_key(zone, ksk=True, alg="RSASHA256")
master.gen_key(zone, alg="RSASHA256")
master.gen_confile()
master.start()

# Wait for changed zone and flush.
new_serial = master.zone_wait(zone, old_serial)
slave.zone_wait(zone, old_serial)
t.xfr_diff(master, slave, zone)
master.flush()
t.sleep(1)

# Check absence of NSEC3PARAM record.
resp = master.dig(zone, "NSEC3PARAM", dnssec=True)
compare(resp.count(), 0, "NSEC3PARAM count")

# Check presence of DNSKEYs.
resp = master.dig(zone, "DNSKEY", dnssec=True)
compare(resp.count(), 4, "DNSKEY count")

# Check NSEC presence.
master.check_nsec(zone)

master.backup_zone(zone)

# Verify signed zone file.
示例#27
0
文件: test.py 项目: yuanlz/knot
os.rmdir(slave2keydir)
shutil.copytree(slave1.keydir, slave2keydir)

# hide zonefile, in order to let servers start slowly
ZFILE=master.zones[zone[0].name].zfile.path
ZFILE_ = ZFILE + "_"
os.rename(ZFILE, ZFILE_)

t.start()

# now un-hide zonefile, invoke load and NOTIFY, and let both slaves sign in same second!
os.rename(ZFILE_, ZFILE)
master.ctl("zone-reload")

serial_orig = slave1.zone_wait(zone)
t.sleep(1)

t.xfr_diff(slave1, slave2, zone)

# now stop and start slave1 and check if it doesn't re-sign the zone
slave1.stop()
t.sleep(3)
slave1.start()

serial = slave1.zone_wait(zone)
if serial != serial_orig:
    set_err("zone was re-signed")

t.end()

示例#28
0
文件: test.py 项目: stirnim/knot
proto = random.choice([4, 6])

t = Test(stress=False, tsig=False, address=proto)

knot = t.server("knot")
zones = t.zone_rnd(2)

t.link(zones, knot)

knot.add_module(None, ModStats())
knot.add_module(zones[0], ModStats())
knot.add_module(zones[1], ModStats())

t.start()
t.sleep(4)

check_item(knot, "server", "zone-count", 2)

resp = knot.dig(zones[0].name, "SOA", tries=1, udp=True)
query_size1 = resp.query_size()
reply_size1 = resp.response_size()

resp = knot.dig(zones[0].name, "NS", tries=1, udp=False)
query_size2 = resp.query_size()
reply_size2 = resp.response_size()

resp = knot.dig(zones[1].name, "TYPE11", tries=1, udp=True)
query_size3 = resp.query_size()
reply_size3 = resp.response_size()
示例#29
0
文件: test.py 项目: yuanlz/knot
soa2 = slave.dig(zone[0].name, "SOA", dnssec=True, bufsize=4096)
soa2serial = str(soa2.resp.answer[0].to_rdataset()).split()[5]
detail_log("soa2serial " + soa2serial)
soa2rrsig_expire = str(soa2.resp.answer[1].to_rdataset()).split()[7]
detail_log("soa2rrsig_exp " + soa2rrsig_expire)

if soa2rrsig_expire == soa1rrsig_expire:
    set_err("Zone not re-signed, test error")

if soa2serial == soa1serial:
    set_err("Serial not incremented on AXFR")

up = master.update(zone)
up.add("hahahahahah", 3600, "A", "1.2.3.4")
up.send()
t.sleep(9)

msoa3 = master.dig(zone[0].name, "SOA", dnssec=False)
msoa3serial = str(msoa3.resp.answer[0].to_rdataset()).split()[5]
detail_log("msoa3serial " + msoa3serial)

soa4 = slave.dig(zone[0].name, "SOA", dnssec=True, bufsize=4096)
soa4serial = str(soa4.resp.answer[0].to_rdataset()).split()[5]
detail_log("soa4serial " + soa4serial)

if msoa3serial != soa2serial:
    set_err("Serial incremented unexpectedly, test error")

if soa4serial == soa2serial:
    set_err("Serial not incremented on IXFR")
示例#30
0
knot.gen_key(zones[1], ksk=True, zsk=True, alg="ECDSAP384SHA384", key_len="384")
knot.gen_key(zones[1], ksk=True, zsk=True, alg="ECDSAP256SHA256", key_len="256")

# different algorithms: KSK+ZSK pair, one KSK
knot.gen_key(zones[2], ksk=True, alg="ECDSAP256SHA256", key_len="256")
knot.gen_key(zones[2], ksk=False, alg="ECDSAP256SHA256", key_len="256")
knot.gen_key(zones[2], ksk=True, zsk=True, alg="ECDSAP384SHA384", key_len="384")

# one ZSK
knot.gen_key(zones[3], ksk=False, alg="ECDSAP256SHA256", key_len="256").change_role(ksk=True, zsk=True)

for zone in zones[:-1]:
    knot.dnssec(zone).enable = True
    knot.dnssec(zone).single_type_signing = True

# enable automatic Single-Type signing scheme with NSEC3 on the last zone
knot.dnssec(zones[-1]).enable = True
knot.dnssec(zones[-1]).nsec3 = True
knot.dnssec(zones[-1]).single_type_signing = True

knot.gen_confile()
knot.reload()
t.sleep(7)
knot.flush(wait=True)
knot.stop()

for zone in zones:
    knot.zone_verify(zone)

t.end()
示例#31
0
# parameters
ZONE = "example.com"
KEYID = "712d0d0d57fa0aa006b5e20cd84e23941e5f3ab2"
WAIT_SIGN = 2

#
# Common cases
#

check_log("Common cases")

# key not published, not active
key_set(knot, ZONE, KEYID, publish="+10y", active="+10y")
t.start()
t.sleep(WAIT_SIGN)
check_zone(knot, False, False, "not published, not active")

# key published, not active
key_set(knot, ZONE, KEYID, publish="-10y")
knot.reload()
t.sleep(WAIT_SIGN)
check_zone(knot, True, False, "published, not active")

# key published, active
key_set(knot, ZONE, KEYID, active="-10y")
knot.reload()
t.sleep(WAIT_SIGN)
check_zone(knot, True, True, "published, active")

# key published, inactive
示例#32
0
zone = t.zone("example.com.")

t.link(zone, master, slave, journal_content="all")
slave.zonefile_sync = "-1"

t.start()

master.zone_wait(zone)
slave.zone_wait(zone)

# Check if bootstrapped and unflushed zone is accessible without master available.

master.stop()
slave.stop()
t.sleep(2)
slave.start()
slave.zone_wait(zone)

resp = slave.dig("mail.example.com.", "A")
resp.check(rcode="NOERROR", rdata="192.0.2.3")

resp = slave.dig("node.example.com.", "A")
resp.check(rcode="NXDOMAIN", nordata="1.2.3.4")

# Update the master zone and wait for updated slave.

master.start()
serial = master.zone_wait(zone)

up = master.update(zone)
示例#33
0
文件: test.py 项目: idtek/knot
from dnstest.test import Test
from dnstest.utils import *

t = Test()

master = t.server("bind")
slave = t.server("knot")

zone = t.zone("example.com.", storage=".")
t.link(zone, master, slave)

# Load newer zone to the slave
slave.update_zonefile(zone, version=1)

t.start()

serial_master = master.zone_wait(zone)
serial_slave = slave.zone_wait(zone)

# Check that the slave's serial is larger than master's
assert serial_master <= serial_slave

# Force refresh
slave.ctl("zone-retransfer example.com.")
t.sleep(2)

serial_slave = slave.zone_wait(zone)
compare(serial_slave, serial_master, "Serial after retransfer")

t.end()
示例#34
0
t.link(zones, master)

master.dnssec(zones[0]).enable = True
master.dnssec(zones[0]).nsec3 = True
master.dnssec(zones[0]).nsec3_opt_out = True
master.dnssec(zones[0]).nsec3_iters = 1

t.start()

master.zones_wait(zones)

master.dnssec(zones[0]).nsec3_iters = 2
master.gen_confile()
master.reload()
t.sleep(8)

up = master.update(zones)
up.add("b.example.", 3600, "DS",
       "57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3636B")
up.send()
t.sleep(4)

resp = master.dig("b.example.", "NS", dnssec=True)
resp.check_count(0, rtype="NSEC3", section="authority")

if random.random() < 0.5:
    master.dnssec(zones[0]).nsec3_iters = 3
    master.gen_confile()
    master.reload()
    t.sleep(6)
示例#35
0
文件: test.py 项目: liumorgan/knot
                     ksk="false",
                     created="-2",
                     publish="-2",
                     ready="+14y",
                     active="+14y",
                     retire="+31y",
                     remove="+36y")
# ZSK2 only reason: prevents Knot from publishing another ZSK

t.start()
child.zone_wait(child_zone)

check_zone(child, child_zone, 4, 1, 1, "only first KSK")

CDS1 = str(child.dig(ZONE, "CDS").resp.answer[0].to_rdataset())
t.sleep(3)
while CDS1 == str(child.dig(ZONE, "CDS").resp.answer[0].to_rdataset()):
    t.sleep(1)

check_zone(child, child_zone, 4, 2, 1, "new KSK ready")

cds = child.dig(ZONE, "CDS")
cds_rdata = cds.resp.answer[0].to_rdataset()[0].to_text()
up = parent.update(parent_zone)
up.add(ZONE, 3600, "DS", cds_rdata)
up.send("NOERROR")

t.sleep(40)

check_zone(child, child_zone, 2, 1, 1, "old KSK retired")
示例#36
0
# Enable autosigning.
master.dnssec_enable = True
master.gen_key(zone, ksk=True, alg="NSEC3RSASHA1")
master.gen_key(zone, alg="NSEC3RSASHA1")
master.gen_key(zone, ksk=True, alg="RSASHA256")
master.gen_key(zone, alg="RSASHA256")
master.gen_confile()
master.start()

# Wait for changed zone and flush.
new_serial = master.zone_wait(zone, old_serial)
slave.zone_wait(zone, old_serial)
t.xfr_diff(master, slave, zone)
master.flush()
t.sleep(1)

# Check absence of NSEC3PARAM record.
resp = master.dig(zone, "NSEC3PARAM", dnssec=True)
compare(resp.count(), 0, "NSEC3PARAM count")

# Check presence of DNSKEYs.
resp = master.dig(zone, "DNSKEY", dnssec=True)
compare(resp.count(), 4, "DNSKEY count")

# Check NSEC presence.
master.check_nsec(zone)

master.stop()
master.backup_zone(zone)
示例#37
0
文件: test.py 项目: stirnim/knot
# multiple KSKs
knot.gen_key(zones[2], ksk=True, alg="RSASHA512", key_len="1024")
knot.gen_key(zones[2], ksk=True, alg="RSASHA256", key_len="512")

# different algorithms: KSK+ZSK pair, one ZSK
knot.gen_key(zones[3], ksk=True, alg="RSASHA256", key_len="1024")
knot.gen_key(zones[3], ksk=False, alg="RSASHA256", key_len="1024")
knot.gen_key(zones[3], ksk=False, alg="RSASHA512", key_len="1024")

for zone in zones[:-1]:
    knot.dnssec(zone).enable = True
    knot.dnssec(zone).manual = True

# enable automatic Single-Type signing scheme with NSEC3 on the last zone
knot.dnssec(zones[-1]).enable = True
knot.dnssec(zones[-1]).nsec3 = True
knot.dnssec(zones[-1]).single_type_signing = True

knot.gen_confile()
knot.reload()
t.sleep(7)
knot.flush()
t.sleep(2)
knot.stop()

for zone in zones:
    knot.zone_verify(zone)

t.end()
示例#38
0
EXPIRE_SLEEP = 15

master = t.server("knot")
slave = t.server("knot")
slave.tcp_idle_timeout = "1s"

t.link(zone, master, slave)

t.start()

master.zone_wait(zone)
slave.zone_wait(zone)

# expire by shutting down the master
master.stop()
t.sleep(EXPIRE_SLEEP);
test_expire(zone, slave)

# bring back master (notifies slave)
master.start()
master.zone_wait(zone)
slave.zone_wait(zone)

# expire by breaking AXFR
break_xfrout(master)
master.update_zonefile(zone, version=1)
master.reload()
t.sleep(EXPIRE_SLEEP);
test_expire(zone, slave)

t.stop()
示例#39
0
文件: test.py 项目: dnstap/knot
#!/usr/bin/env python3

'''Test for Knot clean-up after interruption of AXFR from Bind'''

from dnstest.test import Test
from dnstest.utils import *

t = Test()

master = t.server("bind")
slave = t.server("knot")
zones = t.zone_rnd(1, dnssec=False, records=50000)

t.link(zones, master, slave)

t.start()

t.sleep(2)
check_log("Killing master %s" % master.name)
master.proc.kill()
t.sleep(5)

t.end()
示例#40
0
# parameters
key_file = os.path.join(knot.keydir, "test.private")
date_past = "19700101000001"
date_future = "20400101000000"
WAIT_SIGN = 2

#
# Common cases
#

check_log("Common cases")

# key not published, not active
key_settime(key_file, Publish=date_future, Activate=date_future)
t.start()
t.sleep(WAIT_SIGN)
check_zone(knot, False, False, "not published, not active")

# key published, not active
key_settime(key_file, Publish=date_past)
knot.reload()
t.sleep(WAIT_SIGN)
check_zone(knot, True, False, "published, not active")

# key published, active
key_settime(key_file, Activate=date_past)
knot.reload()
t.sleep(WAIT_SIGN)
check_zone(knot, True, True, "published, active")

# key published, inactive
示例#41
0
文件: test.py 项目: dnstap/knot
t = Test()

master = t.server("bind")
slave = t.server("knot")
zones = t.zone_rnd(400, records=10, dnssec=False)

t.link(zones, master, slave, ixfr=True)

t.start()

# Wait for AXFR to slave server.
serials_init = master.zones_wait(zones)
slave.zones_wait(zones)

# Update zone files on master.
for zone in zones:
    master.update_zonefile(zone, random=True)

master.reload()

t.sleep(30)

# Wait for IXFR to slave.
master.zones_wait(zones, serials_init)
slave.zones_wait(zones, serials_init)

# Compare IXFR between servers.
t.xfr_diff(master, slave, zones, serials_init)

t.end()