1. 12 Aug, 2019 1 commit
    • Matthijs Mekking's avatar
      Make rbtdb maintain stale counters · a8b29e05
      Matthijs Mekking authored
      When updating the statistics for RRset types, if a header is marked
      stale or ancient, the appropriate statistic counters are decremented,
      then incremented.
      
      Also fix some out of date comments.
      
      (cherry picked from commit a3af2c57)
      a8b29e05
  2. 08 Aug, 2019 8 commits
  3. 02 Aug, 2019 1 commit
  4. 31 Jul, 2019 3 commits
    • Mark Andrews's avatar
      check that bits 64..71 in a dns64 prefix are zero · f0fa5ce3
      Mark Andrews authored
      (cherry picked from commit a7ec7eb6)
      f0fa5ce3
    • Michał Kępień's avatar
      Make root hints consistent with authoritative data · 558ee243
      Michał Kępień authored
      Multiple resolvers in the "wildcard" system test are configured with a
      single root hint: "ns.root-servers.nil", pointing to 10.53.0.1, which is
      inconsistent with authoritative data served by ns1.  This may cause
      intermittent resolution failures, triggering false positives for the
      "wildcard" system test.  Prevent this from happening by making ns2, ns3,
      and ns5 use root hints corresponding to the contents of ns1/root.db.in.
      
      (cherry picked from commit dd430c30)
      558ee243
    • Michał Kępień's avatar
      Make root hints consistent with authoritative data · df4d771e
      Michał Kępień authored
      The ns2 named instance in the "staticstub" system test is configured
      with a single root hint commonly used in BIND system tests
      (a.root-servers.nil with an address of 10.53.0.1), which is inconsistent
      with authoritative data served by ns1.  This may cause intermittent
      resolution failures, triggering false positives for the "staticstub"
      system test.  Prevent this from happening by making ns1 serve data
      corresponding to the contents of bin/tests/system/common/root.hint.
      
      (cherry picked from commit 4b5e1da0)
      df4d771e
  5. 30 Jul, 2019 4 commits
    • Michał Kępień's avatar
      Fix awk invocation in the "verify" system test · 5159597d
      Michał Kępień authored
      Appending output of a command to the same file as the one that command
      is reading from is a dangerous practice.  It seems to have accidentally
      worked with all the awk implementations we have tested against so far,
      but for BusyBox awk, doing this may result in the input/output file
      being written to in an infinite loop.  Prevent this from happening by
      redirect awk output to a temporary file and appending its contents to
      the original file in a separate shell pipeline.
      
      (cherry picked from commit bb9c1654)
      5159597d
    • Michał Kępień's avatar
      Extend prerequisites for the "xfer" system test · 61981b36
      Michał Kępień authored
      The Net::DNS Perl module needs the Digest::HMAC module to support TSIG.
      However, since the latter is not a hard requirement for the former, some
      packagers do not make Net::DNS depend on Digest::HMAC.  If Net::DNS is
      installed on a host but Digest::HMAC is not, the "xfer" system test
      breaks in a very hard-to-debug way (ans5 returns TSIG RRs with empty
      RDATA, which prevents TSIG-signed SOA queries and transfers from
      working).  Prevent this from happening by making the "xfer" system test
      explicitly require Digest::HMAC apart from Net::DNS.
      
      (cherry picked from commit b10d28d1)
      61981b36
    • Michał Kępień's avatar
      Make "digdelv" system test work with BusyBox sed · fe7dec85
      Michał Kępień authored
      The BusyBox version of sed treats leading '\+' in a regular expression
      to be matched as a syntax error ("Repetition not preceded by valid
      expression"), which triggers false positives for the "digdelv" system
      test.  Make the relevant sed invocations work portably across all sed
      implementations by removing the leading backslash.
      
      (cherry picked from commit 266e3ed5)
      fe7dec85
    • Michał Kępień's avatar
      Make "autosign" system test work with BusyBox awk · fdd926d7
      Michał Kępień authored
      The BusyBox version of awk treats some variables which other awk
      implementations consider to be decimal values as octal values.  This
      intermittently breaks key event interval calculations in the "autosign"
      system test, trigger false positives for it.  Prevent the problem from
      happening by stripping leading zeros from the affected awk variables.
      
      (cherry picked from commit ad008f7d)
      fdd926d7
  6. 29 Jul, 2019 1 commit
    • Michał Kępień's avatar
      Make root hints consistent with authoritative data · 7bcb5a31
      Michał Kępień authored
      Resolvers in the "filter-aaaa" system test are configured with a single
      root hint: "ns.rootservers.net", pointing to 10.53.0.1.  However,
      querying ns1 for "ns.rootservers.net" results in NXDOMAIN answers.
      Since the TTL for the root hint is set to 0, it may happen that a
      resolver's ADB will be asked to return any known addresses for
      "ns.rootservers.net", but it will only have access to a cached NXDOMAIN
      answer for that name and an expired root hint, which will result in a
      resolution failure, triggering a false positive for the "filter-aaaa"
      system test.  Prevent this from happening by making all the root hints
      consistent with authoritative data served by ns1.
      
      (cherry picked from commit c19ebde1)
      7bcb5a31
  7. 25 Jul, 2019 1 commit
  8. 23 Jul, 2019 1 commit
  9. 22 Jul, 2019 1 commit
  10. 21 Jul, 2019 3 commits
  11. 04 Jul, 2019 1 commit
  12. 28 Jun, 2019 2 commits
    • Michał Kępień's avatar
      Add and use keyfile_to_key_id() helper function · 6045adbd
      Michał Kępień authored
      When trying to extract the key ID from a key file name, some test code
      incorrectly attempts to strip all leading zeros.  This breaks tests when
      keys with ID 0 are generated.  Add a new helper shell function,
      keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
      test code whenever a key ID needs to be extracted from a key file name.
      
      (cherry picked from commit 7d6eaad1)
      6045adbd
    • Michał Kępień's avatar
      dnstap-read: clear buffer before expanding it · 1a1e550f
      Michał Kępień authored
      When printing a packet, dnstap-read checks whether its text form takes
      up more than the 2048 bytes allocated for the output buffer by default.
      If that is the case, the output buffer is automatically expanded, but
      the truncated output is left in the buffer, resulting in malformed data
      being printed.  Clear the output buffer before expanding it to prevent
      this issue from occurring.
      
      (cherry picked from commit 3549abe8)
      1a1e550f
  13. 27 Jun, 2019 6 commits
    • Evan Hunt's avatar
      add geoip2 system test · 049d8a31
      Evan Hunt authored
      (cherry picked from commit 9a1caf99)
      049d8a31
    • Evan Hunt's avatar
      add HAVE_GEOIP2 #ifdef branches, without implementing yet · 7fc92bee
      Evan Hunt authored
      (cherry picked from commit fe46d5bc)
      7fc92bee
    • Evan Hunt's avatar
      add a search for GeoIP2 libraries in configure · 6a7e8057
      Evan Hunt authored
      - "--with-geoip" is used to enable the legacy GeoIP library.
      - "--with-geoip2" is used to enable the new GeoIP2 library
        (libmaxminddb), and is on by default if the library is found.
      - using both "--with-geoip" and "--with-geoip2" at the same time
        is an error.
      - an attempt is made to determine the default GeoIP2 database path at
        compile time if pkg-config is able to report the module prefix. if
        this fails, it will be necessary to set the path in named.conf with
        geoip-directory
      - Makefiles have been updated, and a stub lib/dns/geoip2.c has been
        added for the eventual GeoIP2 search implementation.
      
      (cherry picked from commit fea6b5bf)
      6a7e8057
    • Matthijs Mekking's avatar
      Also collect DNSSEC refresh signature statistics · 97041a38
      Matthijs Mekking authored
      In addition to gather how many times signatures are created per
      key in a zone, also count how many of those signature creations are
      because of DNSSEC maintenance.  These maintenance counters are
      incremented if a signature is refreshed (but the RRset did not
      changed), when the DNSKEY RRset is changed, and when that leads
      to additional RRset / RRSIG updates (for example SOA, NSEC).
      
      (cherry picked from commit 6f67546c)
      97041a38
    • Matthijs Mekking's avatar
      Add tests for DNSSEC sign statistics · 212db50e
      Matthijs Mekking authored
      This adds tests to the statschannel system test for testing if
      the dnskey sign operation counters are incremented correctly.
      
      It tests three cases:
      
      1. A zone maintenance event where all the signatures that are about
         to expire are resigned.
      2. A dynamic update event where the new RR and other relevant records
         (SOA, NSEC) are resigned.
      3. Adding a standby key, that means the DNSKEY and SOA RRset are
         resigned.
      
      (cherry picked from commit a8750a88)
      212db50e
    • Mark Andrews's avatar
      check xsl vs xml · 8573a1d7
      Mark Andrews authored
      (cherry picked from commit d5c79594)
      8573a1d7
  14. 26 Jun, 2019 3 commits
    • Evan Hunt's avatar
      add system test to confirm glue is returned in priming queries · e8ce85d0
      Evan Hunt authored
      (cherry picked from commit 9a1f0ea8)
      e8ce85d0
    • Evan Hunt's avatar
      add a test that reloading errors are not ignored · a049ce87
      Evan Hunt authored
      (cherry picked from commit e48b3f1a)
      a049ce87
    • Michał Kępień's avatar
      Prevent "idna" test failures with libidn2 2.2.0+ · e79362ea
      Michał Kępień authored
      libidn2 2.2.0+ parses Punycode more strictly than older versions and
      thus "dig +idnin +noidnout xn--19g" fails with libidn2 2.2.0+ but
      succeeds with older versions.
      
      We could preserve the old behavior by using the IDN2_NO_ALABEL_ROUNDTRIP
      flag available in libidn2 2.2.0+, but:
      
        - this change in behavior is considered a libidn2 bug fix [1],
        - we want to make sure dig behaves as expected, not libidn2,
        - implementing that would require additional configure.ac cruft.
      
      Removing the problematic check appears to be the simplest solution as it
      does not prevent the relevant block of checks in the "idna" system test
      from achieving its purpose, i.e. ensuring dig properly handles invalid
      U-labels.
      
      [1] see upstream commit 241e8f486134793cb0f4a5b0e5817a97883401f5
      
      (cherry picked from commit 60ce0ed4)
      e79362ea
  15. 25 Jun, 2019 1 commit
    • Michał Kępień's avatar
      Wait for outgoing transfer statistics to be logged · 8c1c47b2
      Michał Kępień authored
      Since the message confirming outgoing transfer completion is logged
      asynchronously, it may happen that transfer statistics may not yet be
      logged by the time the dig command triggering a given transfer returns.
      This causes false positives for the "ixfr" and "xfer" system tests.
      Prevent this from happening by checking outgoing transfer statistics up
      to 10 times, in 1-second intervals.
      
      (cherry picked from commit 9fc5e48b)
      8c1c47b2
  16. 24 Jun, 2019 1 commit
  17. 18 Jun, 2019 2 commits
    • Michał Kępień's avatar
      Always fail a system test if crashes are detected · 931357d8
      Michał Kępień authored
      In certain situations (e.g. a named instance crashing upon shutdown in a
      system test which involves shutting down a server and restarting it
      afterwards), a system test may succeed despite a named crash being
      triggered.  This must never be the case.  Extend run.sh to mark a test
      as failed if core dumps or log lines indicating assertion failures are
      detected (the latter is only an extra measure aimed at test environments
      in which core dumps are not generated; note that some types of crashes,
      e.g. segmentation faults, will not be detected using this method alone).
      
      (cherry picked from commit 7706f229)
      931357d8
    • Michał Kępień's avatar
      Fix transfer statistics extraction · aa54cc40
      Michał Kępień authored
      Make the get_named_xfer_stats() helper shell function more precise in
      order to prevent it from matching the wrong lines as that may trigger
      false positives for the "ixfr" and "xfer" system tests.  As an example,
      the regular expression responsible for extracting the number of bytes
      transmitted throughout an entire zone transfer could also match a line
      containing the following string:
      
          transfer of '<zone-name>/IN': sending TCP message of <integer> bytes
      
      However, such a line is not one summarizing a zone transfer.
      
      Also simplify both get_dig_xfer_stats() and get_named_xfer_stats() by
      eliminating the need for "echo" statements in them.
      
      (cherry picked from commit fab67c07)
      aa54cc40