Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d1f64edaca
Branches Tags
kea
/
tests
/
lettuce
/
features
/
nsec3_auth.feature

nsec3_auth.feature 11 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 
  1. Feature: NSEC3 Authoritative service
    2. 

  2.     This feature tests NSEC3 as defined in RFC5155, using the example
    3. 

  3.     zone from appendix A and testing responses appendix B.
    4. 

  4.     Additional tests can be added as well
    5. 

  5.     # Data is taken directly from RFC5155; with 1 changes:
    6. 

  6.     # inserted whitespace in base64 output where it is inserted by dig
    7. 

  7.     
    8. 

  8.     Scenario: B.1. Name Error
    9. 

  9.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    10. 

  10.         A dnssec query for a.c.x.w.example. should have rcode NXDOMAIN
    11. 

  11.         The last query response should have flags qr aa rd
    12. 

  12.         # TODO: check DO bit?
    13. 

  13.         The last query response should have ancount 0
    14. 

  14.         The last query response should have nscount 8
    15. 

  15.         The last query response should have adcount 1
    16. 

  16.         The authority section of the last query response should be
    17. 

  17.         """
    18. 

  18.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    19. 

  19.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    20. 

  20.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	NSEC3	1 1 12 aabbccdd  2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM 
    21. 

  21.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKLIBHYH6blRxK9rC0bMJPw Q4mLIuw85H2EY762BOCXJZMnpuwhpA==
    22. 

  22.         b4um86eghhds6nea196smvmlo4ors995.example.	3600	IN	NSEC3	1 1 12 aabbccdd  gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG 
    23. 

  23.         b4um86eghhds6nea196smvmlo4ors995.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh5u4m/CUiwtblEVOaAKKZ d7S959OeiX43aLX3pOv0TSTyiTxIZg==
    24. 

  24.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	NSEC3	1 1 12 aabbccdd  b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG 
    25. 

  25.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQAynzo8EUWH+z6hEIBlUT PGj15eZll6VhQqgZXtAIR3chwgW+SA==
    26. 

  26.         """
    27. 

  27. 

  28. 

  29.     Scenario: B.2. No Data Error
    30. 

  30.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    31. 

  31.         A dnssec query for ns1.example. type MX should have rcode NOERROR
    32. 

  32.         The last query response should have flags qr aa rd
    33. 

  33.         # TODO: check DO bit?
    34. 

  34.         The last query response should have ancount 0
    35. 

  35.         The last query response should have nscount 4
    36. 

  36.         The last query response should have adcount 1
    37. 

  37.         The authority section of the last query response should be
    38. 

  38.         """
    39. 

  39.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    40. 

  40.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    41. 

  41.         2t7b4g4vsa5smi47k61mv5bv1a22bojr.example.	3600	IN	NSEC3	1 1 12 aabbccdd  2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG 
    42. 

  42.         2t7b4g4vsa5smi47k61mv5bv1a22bojr.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN4TFoNxZuP03gAXEI634Y wOc4YBNITrj413iqNI6mRk/r1dOSUw==
    43. 

  43.         """
    44. 

  44. 

  45.     Scenario: B2.1. No Data Error, Empty Non-Terminal
    46. 

  46.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    47. 

  47.         A dnssec query for y.w.example. should have rcode NOERROR
    48. 

  48.         The last query response should have flags qr aa rd
    49. 

  49.         # TODO: check DO bit?
    50. 

  50.         The last query response should have ancount 0
    51. 

  51.         The last query response should have nscount 4
    52. 

  52.         The last query response should have adcount 1
    53. 

  53.         The authority section of the last query response should be
    54. 

  54.         """
    55. 

  55.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    56. 

  56.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    57. 

  57.         ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.	3600	IN	NSEC3	1 1 12 aabbccdd  k8udemvp1j2f7eg6jebps17vp3n8i58h
    58. 

  58.         ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj72F3kQ490fEdp7k1BUIfb cZtPbX3YCpE+sIt0MpzVSKfTwx4uYA==
    59. 

  59.         """
    60. 

  60. 

  61.     Scenario: B.3. Referral to an Opt-Out Unsigned Zone
    62. 

  62.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    63. 

  63.         A dnssec query for mc.c.example. type MX should have rcode NOERROR
    64. 

  64.         The last query response should have flags qr rd
    65. 

  65.         # TODO: check DO bit?
    66. 

  66.         The last query response should have ancount 0
    67. 

  67.         The last query response should have nscount 6
    68. 

  68.         The last query response should have adcount 3
    69. 

  69.         The authority section of the last query response should be
    70. 

  70.         """
    71. 

  71.         c.example.	3600	IN	NS	ns1.c.example.
    72. 

  72.         c.example.	3600	IN	NS	ns2.c.example.
    73. 

  73.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	NSEC3	1 1 12 aabbccdd  b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG 
    74. 

  74.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQAynzo8EUWH+z6hEIBlUT PGj15eZll6VhQqgZXtAIR3chwgW+SA==
    75. 

  75.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	NSEC3	1 1 12 aabbccdd  2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM 
    76. 

  76.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKLIBHYH6blRxK9rC0bMJPw Q4mLIuw85H2EY762BOCXJZMnpuwhpA==
    77. 

  77.         """
    78. 

  78.         The additional section of the last query response should be
    79. 

  79.         """
    80. 

  80.         ns1.c.example. 3600 IN A       192.0.2.7
    81. 

  81.         ns2.c.example. 3600 IN A       192.0.2.8
    82. 

  82.         """
    83. 

  83. 

  84.     Scenario: B.4. Wildcard Expansion
    85. 

  85.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    86. 

  86.         A dnssec query for a.z.w.example. type MX should have rcode NOERROR
    87. 

  87.         The last query response should have flags qr aa rd
    88. 

  88.         # TODO: check DO bit?
    89. 

  89.         # BUG: NO RRSIG IN WILDCARD RESPONSE!!!
    90. 

  90.         #The last query response should have ancount 2
    91. 

  91.         The last query response should have nscount 5
    92. 

  92.         The last query response should have adcount 9
    93. 

  93.         #The answer section of the last query response should be
    94. 

  94.         #"""
    95. 

  95.         #a.z.w.example.	3600	IN	MX	1 ai.example.
    96. 

  96.         #a.z.w.example.	3600	IN	RRSIG	MX 7 2 3600 20150420235959 20051021000000 40430 example. CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb9FcBTrmOoyQ4InoWVudh CWsh/URX3lc4WRUMivEBP6+4KS3ldA==
    97. 

  97.         #"""
    98. 

  98.         The authority section of the last query response should be
    99. 

  99.         """
    100. 

  100.         example.	3600	IN	NS	ns1.example.
    101. 

  101.         example.	3600	IN	NS	ns2.example.
    102. 

  102.         example.	3600	IN	RRSIG	NS 7 1 3600 20150420235959 20051021000000 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJqOtdEVgg+MA+ai4fWDEh u3qHJyLcQ9tbD2vvCnMXjtz6SyObxA==
    103. 

  103.         q04jkcevqvmu85r014c7dkba38o0ji5r.example.	3600	IN	NSEC3	1 1 12 aabbccdd  r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG 
    104. 

  104.         q04jkcevqvmu85r014c7dkba38o0ji5r.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3ZxlMKimoPAyqletMlEWw LfFia7sdpSzn+ZlNNlkxWcLsIlMmUg==
    105. 

  105.         """
    106. 

  106.         # This is slightly different from the example in RFC5155
    107. 

  107.         The additional section of the last query response should be
    108. 

  108.         """
    109. 

  109.         ai.example.		3600	IN	A	192.0.2.9
    110. 

  110.         ai.example.		3600	IN	AAAA	2001:db8::f00:baa9
    111. 

  111.         ns1.example.		3600	IN	A	192.0.2.1
    112. 

  112.         ns2.example.		3600	IN	A	192.0.2.2
    113. 

  113.         ai.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6FtfdAj5+FgYxyzPEjIzvK Wy00hWIl6wD3Vws+rznEn8sQ64UdqA==
    114. 

  114.         ai.example.		3600	IN	RRSIG	AAAA 7 2 3600 20150420235959 20051021000000 40430 example. LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6WuaHQZZfTUpb9Nf2nxFGe 2XRPfR5tpJT6GdRGcHueLuXkMjBArQ==
    115. 

  115.         ns1.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. bu6kx73n6XEunoVGuRfAgY7EF/AJqHy7hj0jkiqJjB0dOrx3wuz9SaBe GfqWIdn/uta3SavN4FRvZR9SCFHF5Q==
    116. 

  116.         ns2.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. ktQ3TqE0CfRfki0Rb/Ip5BM0VnxelbuejCC4zpLbFKA/7eD7UNAwxMgx JPtbdST+syjYSJaj4IHfeX6n8vfoGA==
    117. 

  117.         """
    118. 

  118. 

  119.     Scenario: B.5. Wildcard No Data Error
    120. 

  120.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    121. 

  121.         A dnssec query for a.z.w.example. type AAAA should have rcode NOERROR
    122. 

  122.         The last query response should have flags qr aa rd
    123. 

  123.         The last query response should have ancount 0
    124. 

  124.         The last query response should have nscount 8
    125. 

  125.         The last query response should have adcount 1
    126. 

  126.         The authority section of the last query response should be
    127. 

  127.         """
    128. 

  128.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    129. 

  129.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    130. 

  130.         k8udemvp1j2f7eg6jebps17vp3n8i58h.example.	3600	IN	NSEC3	1 1 12 aabbccdd  kohar7mbb8dc2ce8a9qvl8hon4k53uhi
    131. 

  131.         k8udemvp1j2f7eg6jebps17vp3n8i58h.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBKS6qCcftVtfH4yVzsEZqu J27NHR7ruxJWDNMtOtx7w9WfcIg62A==
    132. 

  132.         q04jkcevqvmu85r014c7dkba38o0ji5r.example.	3600	IN	NSEC3	1 1 12 aabbccdd  r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG 
    133. 

  133.         q04jkcevqvmu85r014c7dkba38o0ji5r.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3ZxlMKimoPAyqletMlEWw LfFia7sdpSzn+ZlNNlkxWcLsIlMmUg==
    134. 

  134.         r53bq7cc2uvmubfu5ocmm6pers9tk9en.example.	3600	IN	NSEC3	1 1 12 aabbccdd  t644ebqk9bibcna874givr6joj62mlhv MX RRSIG 
    135. 

  135.         r53bq7cc2uvmubfu5ocmm6pers9tk9en.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/CZFKulIGXXLj8B/fsDJar XVDA9bnUoRhEbKp+HF1FWKW7RIJdtQ==
    136. 

  136.         """
    137. 

  137. 

  138.     Scenario: B.6. DS Child Zone No Data Error
    139. 

  139.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    140. 

  140.         A dnssec query for example. type DS should have rcode NOERROR
    141. 

  141.         The last query response should have flags qr aa rd
    142. 

  142.         The last query response should have ancount 0
    143. 

  143.         The last query response should have nscount 4
    144. 

  144.         The last query response should have adcount 1
    145. 

  145.         The authority section of the last query response should be
    146. 

  146.         """
    147. 

  147.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    148. 

  148.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    149. 

  149.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	NSEC3	1 1 12 aabbccdd  2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM 
    150. 

  150.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKLIBHYH6blRxK9rC0bMJPw Q4mLIuw85H2EY762BOCXJZMnpuwhpA==
    151. 

  151.         """
    152.