xfrin_bind10.feature 9.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. Feature: Xfrin
  2. Tests for Xfrin, specific for BIND 10 behaviour.
  3. Scenario: Retransfer command
  4. # Standard check to test (non-)existence of a file.
  5. # This file is actually automatically created.
  6. The file data/test_nonexistent_db.sqlite3 should not exist
  7. Given I have bind10 running with configuration xfrin/retransfer_master.conf with cmdctl port 47804 as master
  8. And wait for master stderr message BIND10_STARTED_CC
  9. And wait for master stderr message CMDCTL_STARTED
  10. And wait for master stderr message AUTH_SERVER_STARTED
  11. And wait for master stderr message XFROUT_STARTED
  12. And wait for master stderr message ZONEMGR_STARTED
  13. And I have bind10 running with configuration xfrin/retransfer_slave.conf
  14. And wait for bind10 stderr message BIND10_STARTED_CC
  15. And wait for bind10 stderr message CMDCTL_STARTED
  16. And wait for bind10 stderr message AUTH_SERVER_STARTED
  17. And wait for bind10 stderr message XFRIN_STARTED
  18. And wait for bind10 stderr message ZONEMGR_STARTED
  19. # Now we use the first step again to see if the file has been created
  20. The file data/test_nonexistent_db.sqlite3 should exist
  21. A query for www.example.org to [::1]:47806 should have rcode REFUSED
  22. When I send bind10 the command Xfrin retransfer example.org IN ::1 47807
  23. # The data we receive contain a NS RRset that refers to three names in the
  24. # example.org. zone. All these three are nonexistent in the data, producing
  25. # 3 separate warning messages in the log.
  26. And wait for new bind10 stderr message XFRIN_ZONE_WARN
  27. And wait for new bind10 stderr message XFRIN_ZONE_WARN
  28. And wait for new bind10 stderr message XFRIN_ZONE_WARN
  29. # But after complaining, the zone data should be accepted.
  30. Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
  31. Then wait for new bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
  32. A query for www.example.org to [::1]:47806 should have rcode NOERROR
  33. # The transferred zone should have 11 non-NSEC3 RRs and 1 NSEC3 RR.
  34. # The following check will get these by AXFR, so the total # of RRs
  35. # should be 13, counting the duplicated SOA.
  36. # At this point we can confirm both in and out of AXFR for a zone
  37. # containing an NSEC3 RR.
  38. # We don't have to specify the address/port here; the defaults will work.
  39. When I do an AXFR transfer of example.org
  40. Then transfer result should have 13 rrs
  41. # Now try to offer another update. However, the validation of
  42. # data should fail. The old version shoud still be available.
  43. When I send bind10 the following commands with cmdctl port 47804:
  44. """
  45. config set data_sources/classes/IN[0]/params/database_file data/example.org-nons.sqlite3
  46. config set Auth/database_file data/example.org-nons.sqlite3
  47. config commit
  48. """
  49. Then I send bind10 the command Xfrin retransfer example.org IN ::1 47807
  50. And wait for new bind10 stderr message XFRIN_ZONE_INVALID
  51. And wait for new bind10 stderr message XFRIN_INVALID_ZONE_DATA
  52. Then wait for new bind10 stderr message ZONEMGR_RECEIVE_XFRIN_FAILED
  53. A query for example.org type NS to [::1]:47806 should have rcode NOERROR
  54. And transfer result should have 13 rrs
  55. Scenario: Transfer with TSIG
  56. # Similar setup to the test above, but this time, we add TSIG configuration
  57. # In order to check that the tests don't give false positives because config
  58. # happens to be right (like no TSIG on either side), we take an existing
  59. # non-TSIG config, add TSIG on the master side, see it fail, add TSIG
  60. # on the slave side, then check again.
  61. Given I have bind10 running with configuration xfrin/retransfer_master.conf with cmdctl port 47804 as master
  62. And wait for master stderr message AUTH_SERVER_STARTED
  63. And wait for master stderr message XFROUT_STARTED
  64. And I have bind10 running with configuration xfrin/retransfer_slave.conf
  65. And wait for bind10 stderr message CMDCTL_STARTED
  66. And wait for bind10 stderr message XFRIN_STARTED
  67. # Set slave config for 'automatic' xfrin
  68. When I set bind10 configuration Xfrin/zones to [{"master_port": 47806, "name": "example.org", "master_addr": "::1"}]
  69. # Make sure it is fully open
  70. When I send bind10 the command Xfrin retransfer example.org
  71. Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
  72. And wait for new bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
  73. # First to master, a transfer should then fail
  74. When I send bind10 the following commands with cmdctl port 47804:
  75. """
  76. config add tsig_keys/keys "example.key.:c2VjcmV0"
  77. config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "::1", "key": "example.key."}]
  78. config commit
  79. """
  80. # Transfer should fail
  81. When I send bind10 the command Xfrin retransfer example.org
  82. Then wait for new bind10 stderr message XFRIN_XFR_TRANSFER_PROTOCOL_VIOLATION not XFRIN_TRANSFER_SUCCESS
  83. # Set client to use TSIG as well
  84. When I send bind10 the following commands:
  85. """
  86. config add tsig_keys/keys "example.key.:c2VjcmV0"
  87. config set Xfrin/zones[0]/tsig_key "example.key."
  88. config commit
  89. """
  90. # Transwer should succeed now
  91. When I send bind10 the command Xfrin retransfer example.org
  92. Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
  93. Scenario: Validation fails
  94. # In this test, the source data of the XFR is invalid (missing NS record
  95. # at the origin). We check it is rejected after the transfer.
  96. #
  97. # We use abuse the fact that we do not check data when we read it from
  98. # the sqlite3 database (unless we load into in-memory, which we don't
  99. # do here).
  100. The file data/test_nonexistent_db.sqlite3 should not exist
  101. Given I have bind10 running with configuration xfrin/retransfer_master_nons.conf with cmdctl port 47804 as master
  102. And wait for master stderr message BIND10_STARTED_CC
  103. And wait for master stderr message CMDCTL_STARTED
  104. And wait for master stderr message AUTH_SERVER_STARTED
  105. And wait for master stderr message XFROUT_STARTED
  106. And wait for master stderr message ZONEMGR_STARTED
  107. And I have bind10 running with configuration xfrin/retransfer_slave.conf
  108. And wait for bind10 stderr message BIND10_STARTED_CC
  109. And wait for bind10 stderr message CMDCTL_STARTED
  110. And wait for bind10 stderr message AUTH_SERVER_STARTED
  111. And wait for bind10 stderr message XFRIN_STARTED
  112. And wait for bind10 stderr message ZONEMGR_STARTED
  113. # Now we use the first step again to see if the file has been created
  114. The file data/test_nonexistent_db.sqlite3 should exist
  115. A query for www.example.org to [::1]:47806 should have rcode REFUSED
  116. When I send bind10 the command Xfrin retransfer example.org IN ::1 47807
  117. # It should complain once about invalid data, then again that the whole
  118. # zone is invalid and then reject it.
  119. And wait for new bind10 stderr message XFRIN_ZONE_INVALID
  120. And wait for new bind10 stderr message XFRIN_INVALID_ZONE_DATA
  121. Then wait for new bind10 stderr message ZONEMGR_RECEIVE_XFRIN_FAILED
  122. # The zone still doesn't exist as it is rejected.
  123. # FIXME: This step fails. Probably an empty zone is created in the data
  124. # source :-|. This should be REFUSED, not SERVFAIL.
  125. A query for www.example.org to [::1]:47806 should have rcode SERVFAIL
  126. # TODO:
  127. # * IXFR - generate an sqlite db that contains the journal. Check it was
  128. # IXFR by logs.
  129. # * IXFR->AXFR fallback if IXFR is not available (even rejected or
  130. # something, not just the differences missing).
  131. # * Retransfer with short refresh time (without notify).
  132. Scenario: With differences
  133. # We transfer from one bind10 to other, just like in the Retransfer command
  134. # scenario. Just this time, the master contains the differences table
  135. # and the slave has a previous version of the zone, so we use the IXFR.
  136. Given I have bind10 running with configuration xfrin/retransfer_master_diffs.conf with cmdctl port 47804 as master
  137. And wait for master stderr message BIND10_STARTED_CC
  138. And wait for master stderr message CMDCTL_STARTED
  139. And wait for master stderr message AUTH_SERVER_STARTED
  140. And wait for master stderr message XFROUT_STARTED
  141. And wait for master stderr message ZONEMGR_STARTED
  142. And I have bind10 running with configuration xfrin/retransfer_slave_diffs.conf
  143. And wait for bind10 stderr message BIND10_STARTED_CC
  144. And wait for bind10 stderr message CMDCTL_STARTED
  145. And wait for bind10 stderr message AUTH_SERVER_STARTED
  146. And wait for bind10 stderr message XFRIN_STARTED
  147. And wait for bind10 stderr message ZONEMGR_STARTED
  148. A query for example. type SOA to [::1]:47806 should have rcode NOERROR
  149. The answer section of the last query response should be
  150. """
  151. example. 3600 IN SOA ns1.example. hostmaster.example. 94 3600 900 7200 300
  152. """
  153. When I send bind10 the command Xfrin retransfer example. IN ::1 47807
  154. Then wait for new bind10 stderr message XFRIN_GOT_INCREMENTAL_RESP
  155. Then wait for new bind10 stderr message XFRIN_IXFR_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
  156. Then wait for new bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
  157. A query for example. type SOA to [::1]:47806 should have rcode NOERROR
  158. The answer section of the last query response should be
  159. """
  160. example. 3600 IN SOA ns1.example. hostmaster.example. 100 3600 900 7200 300
  161. """