test/tls_test.go

package test

import (
	"crypto/tls"
	"fmt"
	"testing"

	"github.com/miekg/dns"
)

func TestTLS(t *testing.T) {
	tempCorefile := `%s {
        tls ../plugin/tls/test_cert.pem ../plugin/tls/test_key.pem
        whoami
    }`

	dot, doh := ":1053", ":8443"
	m := new(dns.Msg)
	m.SetQuestion("example.com.", dns.TypeA)
	answerLength := 0

	tests := []struct {
		server    string
		tlsConfig *tls.Config
	}{
		{fmt.Sprintf("tls://.%s", dot),
			&tls.Config{InsecureSkipVerify: true},
		},
		{fmt.Sprintf("tls://.%s", dot),
			&tls.Config{InsecureSkipVerify: true, NextProtos: []string{"dot"}},
		},
		{fmt.Sprintf("tls://.%s https://.%s", dot, doh),
			&tls.Config{InsecureSkipVerify: true},
		},
		{fmt.Sprintf("tls://.%s https://.%s", dot, doh),
			&tls.Config{InsecureSkipVerify: true, NextProtos: []string{"dot"}},
		},
	}

	for _, tc := range tests {
		ex, _, _, err := CoreDNSServerAndPorts(fmt.Sprintf(tempCorefile, tc.server))
		if err != nil {
			t.Fatalf("Could not get CoreDNS serving instance: %s", err)
		}

		client := dns.Client{
			Net:       "tcp-tls",
			TLSConfig: tc.tlsConfig,
		}
		r, _, err := client.Exchange(m, dot)

		if err != nil {
			t.Fatalf("Could not exchange msg: %s", err)
		}

		if n := len(r.Answer); n != answerLength {
			t.Fatalf("Expected %v answers, got %v", answerLength, n)
		}
		if n := len(r.Extra); n != 2 {
			t.Errorf("Expected 2 RRs in additional section, but got %d", n)
		}
		if r.Rcode != dns.RcodeSuccess {
			t.Errorf("Expected success but got %d", r.Rcode)
		}
		ex.Stop()
	}
}
Add test for DNS over TLS (#5511) 2022-07-15 17:00:42 +02:00			`package test`

			`import (`
			`"crypto/tls"`
Fork TLSConfig for each encrypted connection (#5710) * Fork TLSConfig for each encrypted connection Signed-off-by: sanyo <sanyo0714@163.com> Co-authored-by: sanyo <yeshengan.ysa@alibaba-inc.com> 2022-10-29 00:55:41 +08:00			`"fmt"`
Add test for DNS over TLS (#5511) 2022-07-15 17:00:42 +02:00			`"testing"`

			`"github.com/miekg/dns"`
			`)`

Fork TLSConfig for each encrypted connection (#5710) * Fork TLSConfig for each encrypted connection Signed-off-by: sanyo <sanyo0714@163.com> Co-authored-by: sanyo <yeshengan.ysa@alibaba-inc.com> 2022-10-29 00:55:41 +08:00			`func TestTLS(t *testing.T) {`
			tempCorefile := `%s {
Add test for DNS over TLS (#5511) 2022-07-15 17:00:42 +02:00			`tls ../plugin/tls/test_cert.pem ../plugin/tls/test_key.pem`
			`whoami`
			}`
Fork TLSConfig for each encrypted connection (#5710) * Fork TLSConfig for each encrypted connection Signed-off-by: sanyo <sanyo0714@163.com> Co-authored-by: sanyo <yeshengan.ysa@alibaba-inc.com> 2022-10-29 00:55:41 +08:00
			`dot, doh := ":1053", ":8443"`
			`m := new(dns.Msg)`
			`m.SetQuestion("example.com.", dns.TypeA)`
Add test for DNS over TLS (#5511) 2022-07-15 17:00:42 +02:00			`answerLength := 0`

Fork TLSConfig for each encrypted connection (#5710) * Fork TLSConfig for each encrypted connection Signed-off-by: sanyo <sanyo0714@163.com> Co-authored-by: sanyo <yeshengan.ysa@alibaba-inc.com> 2022-10-29 00:55:41 +08:00			`tests := []struct {`
			`server string`
			`tlsConfig *tls.Config`
			`}{`
			`{fmt.Sprintf("tls://.%s", dot),`
			`&tls.Config{InsecureSkipVerify: true},`
			`},`
			`{fmt.Sprintf("tls://.%s", dot),`
			`&tls.Config{InsecureSkipVerify: true, NextProtos: []string{"dot"}},`
			`},`
			`{fmt.Sprintf("tls://.%s https://.%s", dot, doh),`
			`&tls.Config{InsecureSkipVerify: true},`
			`},`
			`{fmt.Sprintf("tls://.%s https://.%s", dot, doh),`
			`&tls.Config{InsecureSkipVerify: true, NextProtos: []string{"dot"}},`
			`},`
Add test for DNS over TLS (#5511) 2022-07-15 17:00:42 +02:00			`}`

Fork TLSConfig for each encrypted connection (#5710) * Fork TLSConfig for each encrypted connection Signed-off-by: sanyo <sanyo0714@163.com> Co-authored-by: sanyo <yeshengan.ysa@alibaba-inc.com> 2022-10-29 00:55:41 +08:00			`for _, tc := range tests {`
			`ex, _, _, err := CoreDNSServerAndPorts(fmt.Sprintf(tempCorefile, tc.server))`
			`if err != nil {`
			`t.Fatalf("Could not get CoreDNS serving instance: %s", err)`
			`}`
Add test for DNS over TLS (#5511) 2022-07-15 17:00:42 +02:00
Fork TLSConfig for each encrypted connection (#5710) * Fork TLSConfig for each encrypted connection Signed-off-by: sanyo <sanyo0714@163.com> Co-authored-by: sanyo <yeshengan.ysa@alibaba-inc.com> 2022-10-29 00:55:41 +08:00			`client := dns.Client{`
			`Net: "tcp-tls",`
			`TLSConfig: tc.tlsConfig,`
			`}`
			`r, _, err := client.Exchange(m, dot)`
Add test for DNS over TLS (#5511) 2022-07-15 17:00:42 +02:00
Fork TLSConfig for each encrypted connection (#5710) * Fork TLSConfig for each encrypted connection Signed-off-by: sanyo <sanyo0714@163.com> Co-authored-by: sanyo <yeshengan.ysa@alibaba-inc.com> 2022-10-29 00:55:41 +08:00			`if err != nil {`
			`t.Fatalf("Could not exchange msg: %s", err)`
			`}`

			`if n := len(r.Answer); n != answerLength {`
			`t.Fatalf("Expected %v answers, got %v", answerLength, n)`
			`}`
			`if n := len(r.Extra); n != 2 {`
			`t.Errorf("Expected 2 RRs in additional section, but got %d", n)`
			`}`
			`if r.Rcode != dns.RcodeSuccess {`
			`t.Errorf("Expected success but got %d", r.Rcode)`
			`}`
			`ex.Stop()`
Add test for DNS over TLS (#5511) 2022-07-15 17:00:42 +02:00			`}`
			`}`