Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 2002e7a128
Branches Tags
kea
/
tests
/
lettuce
/
features
/
xfrin_bind10.feature

xfrin_bind10.feature 10 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 
  1. Feature: Xfrin
    2. 

  2.     Tests for Xfrin, specific for BIND 10 behaviour.
    3. 

  3. 

  4.     Scenario: Retransfer command
    5. 

  5.     # Standard check to test (non-)existence of a file.
    6. 

  6.     # This file is actually automatically created.
    7. 

  7.     The file data/test_nonexistent_db.sqlite3 should not exist
    8. 

  8. 

  9.     Given I have bind10 running with configuration xfrin/retransfer_master.conf with cmdctl port 56174 as master
    10. 

  10.     And wait for master stderr message BIND10_STARTED_CC
    11. 

  11.     And wait for master stderr message CMDCTL_STARTED
    12. 

  12.     And wait for master stderr message AUTH_SERVER_STARTED
    13. 

  13.     And wait for master stderr message XFROUT_STARTED
    14. 

  14.     And wait for master stderr message ZONEMGR_STARTED
    15. 

  15. 

  16.     And I have bind10 running with configuration xfrin/retransfer_slave.conf
    17. 

  17.     And wait for bind10 stderr message BIND10_STARTED_CC
    18. 

  18.     And wait for bind10 stderr message CMDCTL_STARTED
    19. 

  19.     And wait for bind10 stderr message AUTH_SERVER_STARTED
    20. 

  20.     And wait for bind10 stderr message XFRIN_STARTED
    21. 

  21.     And wait for bind10 stderr message ZONEMGR_STARTED
    22. 

  22. 

  23.     # Now we use the first step again to see if the file has been created.
    24. 

  24.     # The DB currently doesn't know anything about the zone, so we install
    25. 

  25.     # an empty zone for xfrin.
    26. 

  26.     The file data/test_nonexistent_db.sqlite3 should exist
    27. 

  27.     A query for www.example.org to [::1]:56176 should have rcode REFUSED
    28. 

  28.     Then make empty zone example.org in DB file data/test_nonexistent_db.sqlite3
    29. 

  29. 

  30.     When I send bind10 the command Xfrin retransfer example.org IN ::1 56177
    31. 

  31.     # The data we receive contain a NS RRset that refers to three names in the
    32. 

  32.     # example.org. zone. All these three are nonexistent in the data, producing
    33. 

  33.     # 3 separate warning messages in the log.
    34. 

  34.     And wait for new bind10 stderr message XFRIN_ZONE_WARN
    35. 

  35.     And wait for new bind10 stderr message XFRIN_ZONE_WARN
    36. 

  36.     And wait for new bind10 stderr message XFRIN_ZONE_WARN
    37. 

  37.     # But after complaining, the zone data should be accepted.
    38. 

  38.     Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
    39. 

  39.     # there's no guarantee this is logged before XFRIN_TRANSFER_SUCCESS, so
    40. 

  40.     # we can't reliably use 'wait for new'.  In this case this should be the
    41. 

  41.     # only occurrence of this message, so this should be okay.
    42. 

  42.     Then wait for bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
    43. 

  43.     A query for www.example.org to [::1]:56176 should have rcode NOERROR
    44. 

  44. 

  45.     # The transferred zone should have 11 non-NSEC3 RRs and 1 NSEC3 RR.
    46. 

  46.     # The following check will get these by AXFR, so the total # of RRs
    47. 

  47.     # should be 13, counting the duplicated SOA.
    48. 

  48.     # At this point we can confirm both in and out of AXFR for a zone
    49. 

  49.     # containing an NSEC3 RR.
    50. 

  50.     # We don't have to specify the address/port here; the defaults will work.
    51. 

  51.     When I do an AXFR transfer of example.org
    52. 

  52.     Then transfer result should have 13 rrs
    53. 

  53. 

  54.     # Now try to offer another update. However, the validation of
    55. 

  55.     # data should fail. The old version shoud still be available.
    56. 

  56.     When I send bind10 the following commands with cmdctl port 56174:
    57. 

  57.     """
    58. 

  58.     config set data_sources/classes/IN[0]/params/database_file data/example.org-nons.sqlite3
    59. 

  59.     config set Auth/database_file data/example.org-nons.sqlite3
    60. 

  60.     config commit
    61. 

  61.     """
    62. 

  62.     Then I send bind10 the command Xfrin retransfer example.org IN ::1 56177
    63. 

  63.     And wait for new bind10 stderr message XFRIN_ZONE_INVALID
    64. 

  64.     And wait for new bind10 stderr message XFRIN_INVALID_ZONE_DATA
    65. 

  65.     # We can't use 'wait for new' here; see above.
    66. 

  66.     Then wait for bind10 stderr message ZONEMGR_RECEIVE_XFRIN_FAILED
    67. 

  67.     A query for example.org type NS to [::1]:56176 should have rcode NOERROR
    68. 

  68.     And transfer result should have 13 rrs
    69. 

  69. 

  70.     Scenario: Transfer with TSIG
    71. 

  71.     # Similar setup to the test above, but this time, we add TSIG configuration
    72. 

  72. 

  73.     # In order to check that the tests don't give false positives because config
    74. 

  74.     # happens to be right (like no TSIG on either side), we take an existing
    75. 

  75.     # non-TSIG config, add TSIG on the master side, see it fail, add TSIG
    76. 

  76.     # on the slave side, then check again.
    77. 

  77. 

  78.     Given I have bind10 running with configuration xfrin/retransfer_master.conf with cmdctl port 56174 as master
    79. 

  79.     And wait for master stderr message AUTH_SERVER_STARTED
    80. 

  80.     And wait for master stderr message XFROUT_STARTED
    81. 

  81. 

  82.     And I have bind10 running with configuration xfrin/retransfer_slave.conf
    83. 

  83.     And wait for bind10 stderr message CMDCTL_STARTED
    84. 

  84.     And wait for bind10 stderr message XFRIN_STARTED
    85. 

  85. 

  86.     # For xfrin make the data source aware of the zone (with empty data)
    87. 

  87.     Then make empty zone example.org in DB file data/test_nonexistent_db.sqlite3
    88. 

  88. 

  89.     # Set slave config for 'automatic' xfrin
    90. 

  90.     When I set bind10 configuration Xfrin/zones to [{"master_port": 56176, "name": "example.org", "master_addr": "::1"}]
    91. 

  91. 

  92.     # Make sure it is fully open
    93. 

  93.     When I send bind10 the command Xfrin retransfer example.org
    94. 

  94.     Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
    95. 

  95.     # this can't be 'wait for new'; see above.
    96. 

  96.     And wait for bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
    97. 

  97. 

  98.     # First to master, a transfer should then fail
    99. 

  99.     When I send bind10 the following commands with cmdctl port 56174:
    100. 

  100.     """
    101. 

  101.     config add tsig_keys/keys "example.key.:c2VjcmV0"
    102. 

  102.     config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "::1", "key": "example.key."}]
    103. 

  103.     config commit
    104. 

  104.     """
    105. 

  105. 

  106.     # Transfer should fail
    107. 

  107.     When I send bind10 the command Xfrin retransfer example.org
    108. 

  108.     Then wait for new bind10 stderr message XFRIN_XFR_TRANSFER_PROTOCOL_VIOLATION not XFRIN_TRANSFER_SUCCESS
    109. 

  109.     # Set client to use TSIG as well
    110. 

  110.     When I send bind10 the following commands:
    111. 

  111.     """
    112. 

  112.     config add tsig_keys/keys "example.key.:c2VjcmV0"
    113. 

  113.     config set Xfrin/zones[0]/tsig_key  "example.key."
    114. 

  114.     config commit
    115. 

  115.     """
    116. 

  116. 

  117.     # Transwer should succeed now
    118. 

  118.     When I send bind10 the command Xfrin retransfer example.org
    119. 

  119.     Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
    120. 

  120. 

  121.     Scenario: Validation fails
    122. 

  122.     # In this test, the source data of the XFR is invalid (missing NS record
    123. 

  123.     # at the origin). We check it is rejected after the transfer.
    124. 

  124.     #
    125. 

  125.     # We use abuse the fact that we do not check data when we read it from
    126. 

  126.     # the sqlite3 database (unless we load into in-memory, which we don't
    127. 

  127.     # do here).
    128. 

  128.     The file data/test_nonexistent_db.sqlite3 should not exist
    129. 

  129. 

  130.     Given I have bind10 running with configuration xfrin/retransfer_master_nons.conf with cmdctl port 56174 as master
    131. 

  131.     And wait for master stderr message BIND10_STARTED_CC
    132. 

  132.     And wait for master stderr message CMDCTL_STARTED
    133. 

  133.     And wait for master stderr message AUTH_SERVER_STARTED
    134. 

  134.     And wait for master stderr message XFROUT_STARTED
    135. 

  135.     And wait for master stderr message ZONEMGR_STARTED
    136. 

  136. 

  137.     And I have bind10 running with configuration xfrin/retransfer_slave.conf
    138. 

  138.     And wait for bind10 stderr message BIND10_STARTED_CC
    139. 

  139.     And wait for bind10 stderr message CMDCTL_STARTED
    140. 

  140.     And wait for bind10 stderr message AUTH_SERVER_STARTED
    141. 

  141.     And wait for bind10 stderr message XFRIN_STARTED
    142. 

  142.     And wait for bind10 stderr message ZONEMGR_STARTED
    143. 

  143. 

  144.     # Now we use the first step again to see if the file has been created,
    145. 

  145.     # then install empty zone data
    146. 

  146.     The file data/test_nonexistent_db.sqlite3 should exist
    147. 

  147.     A query for www.example.org to [::1]:56176 should have rcode REFUSED
    148. 

  148.     Then make empty zone example.org in DB file data/test_nonexistent_db.sqlite3
    149. 

  149. 

  150.     When I send bind10 the command Xfrin retransfer example.org IN ::1 56177
    151. 

  151.     # It should complain once about invalid data, then again that the whole
    152. 

  152.     # zone is invalid and then reject it.
    153. 

  153.     And wait for new bind10 stderr message XFRIN_ZONE_INVALID
    154. 

  154.     And wait for new bind10 stderr message XFRIN_INVALID_ZONE_DATA
    155. 

  155.     # This can't be 'wait for new'
    156. 

  156.     Then wait for bind10 stderr message ZONEMGR_RECEIVE_XFRIN_FAILED
    157. 

  157.     # The zone still doesn't exist as it is rejected.
    158. 

  158.     # FIXME: This step fails. Probably an empty zone is created in the data
    159. 

  159.     # source :-|. This should be REFUSED, not SERVFAIL.
    160. 

  160.     A query for www.example.org to [::1]:56176 should have rcode SERVFAIL
    161. 

  161. 

  162.     # TODO:
    163. 

  163.     # * IXFR - generate an sqlite db that contains the journal. Check it was
    164. 

  164.     #   IXFR by logs.
    165. 

  165.     # * IXFR->AXFR fallback if IXFR is not available (even rejected or
    166. 

  166.     #   something, not just the differences missing).
    167. 

  167.     # * Retransfer with short refresh time (without notify).
    168. 

  168.     Scenario: With differences
    169. 

  169.     # We transfer from one bind10 to other, just like in the Retransfer command
    170. 

  170.     # scenario. Just this time, the master contains the differences table
    171. 

  171.     # and the slave has a previous version of the zone, so we use the IXFR.
    172. 

  172. 

  173.     Given I have bind10 running with configuration xfrin/retransfer_master_diffs.conf with cmdctl port 56174 as master
    174. 

  174.     And wait for master stderr message BIND10_STARTED_CC
    175. 

  175.     And wait for master stderr message CMDCTL_STARTED
    176. 

  176.     And wait for master stderr message AUTH_SERVER_STARTED
    177. 

  177.     And wait for master stderr message XFROUT_STARTED
    178. 

  178.     And wait for master stderr message ZONEMGR_STARTED
    179. 

  179. 

  180.     And I have bind10 running with configuration xfrin/retransfer_slave_diffs.conf
    181. 

  181.     And wait for bind10 stderr message BIND10_STARTED_CC
    182. 

  182.     And wait for bind10 stderr message CMDCTL_STARTED
    183. 

  183.     And wait for bind10 stderr message AUTH_SERVER_STARTED
    184. 

  184.     And wait for bind10 stderr message XFRIN_STARTED
    185. 

  185.     And wait for bind10 stderr message ZONEMGR_STARTED
    186. 

  186. 

  187.     A query for example. type SOA to [::1]:56176 should have rcode NOERROR
    188. 

  188.     The answer section of the last query response should be
    189. 

  189.     """
    190. 

  190.     example.    3600    IN      SOA     ns1.example. hostmaster.example. 94 3600 900 7200 300
    191. 

  191.     """
    192. 

  192. 

  193.     # To invoke IXFR we need to use refresh command
    194. 

  194.     When I send bind10 the command Xfrin refresh example. IN ::1 56177
    195. 

  195.     Then wait for new bind10 stderr message XFRIN_GOT_INCREMENTAL_RESP
    196. 

  196.     Then wait for new bind10 stderr message XFRIN_IXFR_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
    197. 

  197.     # This can't be 'wait for new'
    198. 

  198.     Then wait for bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
    199. 

  199. 

  200.     A query for example. type SOA to [::1]:56176 should have rcode NOERROR
    201. 

  201.     The answer section of the last query response should be
    202. 

  202.     """
    203. 

  203.     example.    3600    IN      SOA     ns1.example. hostmaster.example. 100 3600 900 7200 300
    204. 

  204.     """
    205.