1. 30 Jul, 2020 1 commit
    • Michal Nowak's avatar
      Drop $SYSTEMTESTTOP from bin/tests/system/ · 093af1c0
      Michal Nowak authored
      The $SYSTEMTESTTOP shell variable if often set to .. in various shell
      scripts inside bin/tests/system/, but most of the time it is only
      used one line later, while sourcing conf.sh. This hardly improves
      code readability.
      
      $SYSTEMTESTTOP is also used for the purpose of referencing
      scripts/files living in bin/tests/system/, but given that the
      variable is always set to a short, relative path, we can drop it and
      replace all of its occurrences with the relative path without adversely
      affecting code readability.
      093af1c0
  2. 01 Jul, 2020 2 commits
    • Evan Hunt's avatar
      further tidying of primary/secondary terminology in system tests · e43b3c1f
      Evan Hunt authored
      this changes most visble uses of master/slave terminology in tests.sh
      and most uses of 'type master' or 'type slave' in named.conf files.
      files in the checkconf test were not updated in order to confirm that
      the old syntax still works. rpzrecurse was also left mostly unchanged
      to avoid interference with DNSRPS.
      e43b3c1f
    • Evan Hunt's avatar
      add "primaries" as a synonym for "masters" in named.conf · 16e14353
      Evan Hunt authored
      as "type primary" is preferred over "type master" now, it makes
      sense to make "primaries" available as a synonym too.
      
      added a correctness check to ensure "primaries" and "masters"
      cannot both be used in the same zone.
      16e14353
  3. 01 May, 2020 1 commit
  4. 21 Apr, 2020 1 commit
    • Ondřej Surý's avatar
      Complete rewrite the BIND 9 build system · 978c7b2e
      Ondřej Surý authored
      The rewrite of BIND 9 build system is a large work and cannot be reasonable
      split into separate merge requests.  Addition of the automake has a positive
      effect on the readability and maintainability of the build system as it is more
      declarative, it allows conditional and we are able to drop all of the custom
      make code that BIND 9 developed over the years to overcome the deficiencies of
      autoconf + custom Makefile.in files.
      
      This squashed commit contains following changes:
      
      - conversion (or rather fresh rewrite) of all Makefile.in files to Makefile.am
        by using automake
      
      - the libtool is now properly integrated with automake (the way we used it
        was rather hackish as the only official way how to use libtool is via
        automake
      
      - the dynamic module loading was rewritten from a custom patchwork to libtool's
        libltdl (which includes the patchwork to support module loading on different
        systems internally)
      
      - conversion of the unit test executor from kyua to automake parallel driver
      
      - conversion of the system test executor from custom make/shell to automake
        parallel driver
      
      - The GSSAPI has been refactored, the custom SPNEGO on the basis that
        all major KRB5/GSSAPI (mit-krb5, heimdal and Windows) implementations
        support SPNEGO mechanism.
      
      - The various defunct tests from bin/tests have been removed:
        bin/tests/optional and bin/tests/pkcs11
      
      - The text files generated from the MD files have been removed, the
        MarkDown has been designed to be readable by both humans and computers
      
      - The xsl header is now generated by a simple sed command instead of
        perl helper
      
      - The <irs/platform.h> header has been removed
      
      - cleanups of configure.ac script to make it more simpler, addition of multiple
        macros (there's still work to be done though)
      
      - the tarball can now be prepared with `make dist`
      
      - the system tests are partially able to run in oot build
      
      Here's a list of unfinished work that needs to be completed in subsequent merge
      requests:
      
      - `make distcheck` doesn't yet work (because of system tests oot run is not yet
        finished)
      
      - documentation is not yet built, there's a different merge request with docbook
        to sphinx-build rst conversion that needs to be rebased and adapted on top of
        the automake
      
      - msvc build is non functional yet and we need to decide whether we will just
        cross-compile bind9 using mingw-w64 or fix the msvc build
      
      - contributed dlz modules are not included neither in the autoconf nor automake
      978c7b2e
  5. 03 Mar, 2020 1 commit
  6. 27 Feb, 2020 1 commit
  7. 21 Feb, 2020 1 commit
  8. 21 Jan, 2020 1 commit
  9. 08 Jan, 2020 1 commit
  10. 07 Jan, 2020 1 commit
    • Mark Andrews's avatar
      Address timing issues in 'inline' system test. · 13fa80ed
      Mark Andrews authored
      "rndc signing -serial <value>" could take longer than a second to
      complete.  Loop waiting for update to succeed.
      
      For tests where "rndc signing -serial <value>" is supposed to not
      succeed, repeatedly test that we don't get the new serial, then
      test that we have the old value.  This should prevent false negatives.
      13fa80ed
  11. 06 Dec, 2019 1 commit
    • Michał Kępień's avatar
      Automatically run clean.sh from run.sh · d8905b7a
      Michał Kępień authored
      The first step in all existing setup.sh scripts is to call clean.sh.  To
      reduce code duplication and ensure all system tests added in the future
      behave consistently with existing ones, invoke clean.sh from run.sh
      before calling setup.sh.
      d8905b7a
  12. 15 Nov, 2019 1 commit
    • Evan Hunt's avatar
      use DS style trust anchors in all system tests · 54a682ea
      Evan Hunt authored
      this adds functions in conf.sh.common to create DS-style trust anchor
      files. those functions are then used to create nearly all of the trust
      anchors in the system tests.
      
      there are a few exceptions:
       - some tests in dnssec and mkeys rely on detection of unsupported
         algorithms, which only works with key-style trust anchors, so those
         are used for those tests in particular.
       - the mirror test had a problem with the use of a CSK without a
         SEP bit, which still needs addressing
      
      in the future, some of these tests should be changed back to using
      traditional trust anchors, so that both types will be exercised going
      forward.
      54a682ea
  13. 31 Jul, 2019 1 commit
  14. 26 Jun, 2019 1 commit
  15. 05 Jun, 2019 1 commit
  16. 19 Mar, 2019 1 commit
  17. 15 Mar, 2019 1 commit
  18. 04 Mar, 2019 1 commit
    • Matthijs Mekking's avatar
      Only perform test cleanups in clean.sh scripts · c64ed484
      Matthijs Mekking authored
      Temporary files created by a given system test should be removed by its
      clean.sh script, not its setup.sh script.  Remove redundant "rm"
      invocations from setup.sh scripts.  Move required "rm" invocations from
      setup.sh scripts to their corresponding clean.sh scripts.
      c64ed484
  19. 06 Feb, 2019 2 commits
  20. 25 Jan, 2019 1 commit
    • Evan Hunt's avatar
      fix inline test · 2ae3c975
      Evan Hunt authored
      use regex instead of exact string matching, to deal with CR at end of ine
      2ae3c975
  21. 19 Dec, 2018 1 commit
  22. 03 Dec, 2018 2 commits
  23. 05 Oct, 2018 1 commit
  24. 07 Sep, 2018 1 commit
  25. 24 Aug, 2018 1 commit
    • Michał Kępień's avatar
      Prevent a race in the "inline" system test · e36c869e
      Michał Kępień authored
      A short time window exists between logging the addition of an NSEC3PARAM
      record to a zone and committing it to the current version of the zone
      database.  If a query arrives during such a time window, an unsigned
      response will be returned.  One of the checks in the "inline" system
      test requires NSEC3 records to be present in an answer - that check
      would fail in the case described above.  Use rndc instead of log
      watching for checking whether zone signing and NSEC3 chain modifications
      are complete in order to prevent intermittent "inline" system test
      failures.
      e36c869e
  26. 22 Aug, 2018 2 commits
    • Michał Kępień's avatar
      Fix reloading inline-signed zones · 54315839
      Michał Kępień authored
      While "rndc reload" causes dns_zone_asyncload() to be called for the
      signed version of an inline-signed zone, the subsequent zone_load() call
      causes the raw version to be reloaded from storage.  This means that
      DNS_ZONEFLG_LOADPENDING gets set for the signed version of the zone by
      dns_zone_asyncload() before the reload is attempted, but zone_postload()
      is only called for the raw version and thus DNS_ZONEFLG_LOADPENDING is
      cleared for the raw version, but not for the signed version.  This in
      turn prevents zone maintenance from happening for the signed version of
      the zone.
      
      Until commit 29b7efdd, this problem
      remained dormant because DNS_ZONEFLG_LOADPENDING was previously
      immediately, unconditionally cleared after zone loading was started
      (whereas it should only be cleared when zone loading is finished or an
      error occurs).  This behavior caused other issues [1] and thus had to be
      changed.
      
      Fix reloading inline-signed zones by clearing DNS_ZONEFLG_LOADPENDING
      for the signed version of the zone once the raw version reload
      completes.  Take care not to clear it prematurely during initial zone
      load.  Also make sure that DNS_ZONEFLG_LOADPENDING gets cleared when
      zone_postload() encounters an error or returns early, to prevent other
      scenarios from resulting in the same problem.  Add comments aiming to
      help explain code flow.
      
      [1] see RT #47076
      54315839
    • Michał Kępień's avatar
      Set DNS_JOURNALOPT_RESIGN when loading the secure journal for an inline-signed zone · 8db550c4
      Michał Kępień authored
      When an inline-signed zone is loaded, the master file for its signed
      version is loaded and then a rollforward of the journal for the signed
      version of the zone is performed.  If DNS_JOURNALOPT_RESIGN is not set
      during the latter phase, signatures loaded from the journal for the
      signed version of the zone will not be scheduled for refresh.  Fix the
      conditional expression determining which flags should be used for the
      dns_journal_rollforward() call so that DNS_JOURNALOPT_RESIGN is set when
      zone_postload() is called for the signed version of an inline-signed
      zone.
      
      Extend bin/tests/system/stop.pl so that it can use "rndc halt" instead
      of "rndc stop" as the former allows master file flushing upon shutdown
      to be suppressed.
      8db550c4
  27. 14 Aug, 2018 2 commits
    • Michał Kępień's avatar
      Make the "inline" system test more lightweight · 24dd865b
      Michał Kępień authored
      Each zone used in the "inline" system test contains a few dozen records.
      Over a dozen of these zones are used in the test.  Most records present
      in these zones are not subsequently used in the test itself, but all of
      them need to be signed by the named instances launched by the test,
      which puts quite a bit of strain on lower-end machines, leading to
      intermittent failures of the "inline" system test.  Remove all redundant
      records from the zones used in the "inline" system test in order to
      stabilize it.
      24dd865b
    • Michał Kępień's avatar
      Queue "rndc signing -nsec3param ..." requests if needed · cb40c522
      Michał Kępień authored
      If "rndc signing -nsec3param ..." is ran for a zone which has not yet
      been loaded or transferred (i.e. its "db" field is NULL), it will be
      silently ignored by named despite rndc logging an "nsec3param request
      queued" message, which is misleading.  Prevent this by keeping a
      per-zone queue of NSEC3PARAM change requests which arrive before a zone
      is loaded or transferred and processing that queue once the raw version
      of an inline-signed zone becomes available.
      cb40c522
  28. 19 Jul, 2018 1 commit
  29. 13 Jun, 2018 1 commit
  30. 05 Jun, 2018 1 commit
  31. 31 May, 2018 1 commit
    • Evan Hunt's avatar
      update system tests so validation won't fail when using IANA key · a7a2fa29
      Evan Hunt authored
      - all tests with "recursion yes" now also specify "dnssec-validation yes",
        and all tests with "recursion no" also specify "dnssec-validation no".
        this must be maintained in all new tests, or else validation will fail
        when we use local root zones for testing.
      - clean.sh has been modified where necessary to remove managed-keys.bind
        and viewname.mkeys files.
      a7a2fa29
  32. 16 May, 2018 1 commit
  33. 11 May, 2018 1 commit
  34. 25 Apr, 2018 1 commit
    • Michał Kępień's avatar
      Apply raw zone deltas to yet unsigned secure zones · 6acf3269
      Michał Kępień authored
      When inline signing is enabled for a zone without creating signing keys
      for it, changes subsequently applied to the raw zone will not be
      reflected in the secure zone due to the dns_update_signaturesinc() call
      inside receive_secure_serial() failing.  Given that an inline zone will
      be served (without any signatures) even with no associated signing keys
      being present, keep applying raw zone deltas to the secure zone until
      keys become available in an attempt to follow the principle of least
      astonishment.
      6acf3269
  35. 23 Feb, 2018 1 commit