mirror of
https://github.com/coredns/coredns.git
synced 2025-10-31 18:23:13 -04:00
Add DNSSEC test already; but disable it
This commit is contained in:
Miek Gieben
298
middleware/file/dnssec_test.go
Normal file
298
middleware/file/dnssec_test.go
Normal file
@@ -0,0 +1,298 @@
|
||||
package file
|
||||
|
||||
import (
|
||||
"sort"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/miekg/coredns/middleware"
|
||||
coretest "github.com/miekg/coredns/middleware/testing"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
var dnssecTestCases = []coretest.Case{
|
||||
{
|
||||
Qname: "miek.nl.", Qtype: dns.TypeSOA,
|
||||
Answer: []dns.RR{
|
||||
coretest.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
|
||||
},
|
||||
},
|
||||
{
|
||||
Qname: "miek.nl.", Qtype: dns.TypeAAAA,
|
||||
Answer: []dns.RR{
|
||||
coretest.AAAA("miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
|
||||
},
|
||||
},
|
||||
{
|
||||
Qname: "miek.nl.", Qtype: dns.TypeMX,
|
||||
Answer: []dns.RR{
|
||||
coretest.MX("miek.nl. 1800 IN MX 1 aspmx.l.google.com."),
|
||||
coretest.MX("miek.nl. 1800 IN MX 10 aspmx2.googlemail.com."),
|
||||
coretest.MX("miek.nl. 1800 IN MX 10 aspmx3.googlemail.com."),
|
||||
coretest.MX("miek.nl. 1800 IN MX 5 alt1.aspmx.l.google.com."),
|
||||
coretest.MX("miek.nl. 1800 IN MX 5 alt2.aspmx.l.google.com."),
|
||||
},
|
||||
},
|
||||
{
|
||||
Qname: "www.miek.nl.", Qtype: dns.TypeA,
|
||||
Answer: []dns.RR{
|
||||
coretest.CNAME("www.miek.nl. 1800 IN CNAME a.miek.nl."),
|
||||
},
|
||||
|
||||
Extra: []dns.RR{
|
||||
coretest.A("a.miek.nl. 1800 IN A 139.162.196.78"),
|
||||
coretest.AAAA("a.miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
|
||||
},
|
||||
},
|
||||
{
|
||||
Qname: "a.miek.nl.", Qtype: dns.TypeSRV,
|
||||
Ns: []dns.RR{
|
||||
coretest.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
|
||||
},
|
||||
},
|
||||
{
|
||||
Qname: "b.miek.nl.", Qtype: dns.TypeA,
|
||||
Rcode: dns.RcodeNameError,
|
||||
Ns: []dns.RR{
|
||||
coretest.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
// TODO(miek): enable
|
||||
func testLookupDNSSEC(t *testing.T) {
|
||||
zone, err := Parse(strings.NewReader(dbMiekNL_signed), testzone, "stdin")
|
||||
if err != nil {
|
||||
t.Fatalf("expect no error when reading zone, got %q", err)
|
||||
}
|
||||
|
||||
fm := File{Next: coretest.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{testzone: zone}, Names: []string{testzone}}}
|
||||
ctx := context.TODO()
|
||||
|
||||
for _, tc := range dnssecTestCases {
|
||||
m := new(dns.Msg)
|
||||
m.SetQuestion(dns.Fqdn(tc.Qname), tc.Qtype)
|
||||
|
||||
rec := middleware.NewResponseRecorder(&middleware.TestResponseWriter{})
|
||||
_, err := fm.ServeDNS(ctx, rec, m)
|
||||
if err != nil {
|
||||
t.Errorf("expected no error, got %v\n", err)
|
||||
return
|
||||
}
|
||||
resp := rec.Msg()
|
||||
|
||||
sort.Sort(coretest.RRSet(resp.Answer))
|
||||
sort.Sort(coretest.RRSet(resp.Ns))
|
||||
sort.Sort(coretest.RRSet(resp.Extra))
|
||||
|
||||
if resp.Rcode != tc.Rcode {
|
||||
t.Errorf("rcode is %q, expected %q", dns.RcodeToString[resp.Rcode], dns.RcodeToString[tc.Rcode])
|
||||
t.Logf("%v\n", resp)
|
||||
continue
|
||||
}
|
||||
|
||||
if len(resp.Answer) != len(tc.Answer) {
|
||||
t.Errorf("answer for %q contained %d results, %d expected", tc.Qname, len(resp.Answer), len(tc.Answer))
|
||||
t.Logf("%v\n", resp)
|
||||
continue
|
||||
}
|
||||
if len(resp.Ns) != len(tc.Ns) {
|
||||
t.Errorf("authority for %q contained %d results, %d expected", tc.Qname, len(resp.Ns), len(tc.Ns))
|
||||
t.Logf("%v\n", resp)
|
||||
continue
|
||||
}
|
||||
if len(resp.Extra) != len(tc.Extra) {
|
||||
t.Errorf("additional for %q contained %d results, %d expected", tc.Qname, len(resp.Extra), len(tc.Extra))
|
||||
t.Logf("%v\n", resp)
|
||||
continue
|
||||
}
|
||||
|
||||
if !coretest.CheckSection(t, tc, coretest.Answer, resp.Answer) {
|
||||
t.Logf("%v\n", resp)
|
||||
}
|
||||
if !coretest.CheckSection(t, tc, coretest.Ns, resp.Ns) {
|
||||
t.Logf("%v\n", resp)
|
||||
|
||||
}
|
||||
if !coretest.CheckSection(t, tc, coretest.Extra, resp.Extra) {
|
||||
t.Logf("%v\n", resp)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
const dbMiekNL_signed = `
|
||||
; File written on Sun Mar 27 04:13:01 2016
|
||||
; dnssec_signzone version 9.10.3-P4-Ubuntu
|
||||
miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. (
|
||||
1459051981 ; serial
|
||||
14400 ; refresh (4 hours)
|
||||
3600 ; retry (1 hour)
|
||||
604800 ; expire (1 week)
|
||||
14400 ; minimum (4 hours)
|
||||
)
|
||||
1800 RRSIG SOA 8 2 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
FIrzy07acBzrf6kNW13Ypmq/ahojoMqOj0qJ
|
||||
ixTevTvwOEcVuw9GlJoYIHTYg+hm1sZHtx9K
|
||||
RiVmYsm8SHKsJA1WzixtT4K7vQvM+T+qbeOJ
|
||||
xA6YTivKUcGRWRXQlOTUAlHS/KqBEfmxKgRS
|
||||
68G4oOEClFDSJKh7RbtyQczy1dc= )
|
||||
1800 NS ext.ns.whyscream.net.
|
||||
1800 NS omval.tednet.nl.
|
||||
1800 NS linode.atoom.net.
|
||||
1800 NS ns-ext.nlnetlabs.nl.
|
||||
1800 RRSIG NS 8 2 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
ZLtsQhwaz+CwrgzgFiEAqbqS/JH65MYjziA3
|
||||
6EXwlGDy41lcfGm71PpxA7cDzFhWNkJNk4QF
|
||||
q48wtpP4IGPPpHbnJHKDUXj6se7S+ylAGbS+
|
||||
VgVJ4YaVcE6xA9ZVhVpz8CSSjeH34vmqq9xj
|
||||
zmFjofuDvraZflHfNpztFoR1Vxs= )
|
||||
1800 A 139.162.196.78
|
||||
1800 RRSIG A 8 2 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
hl+6Q075tsCkxIqbop8zZ6U8rlFvooz7Izzx
|
||||
MgCZYVLcg75El28EXKIhBfRb1dPaKbd+v+AD
|
||||
wrJMHL131pY5sU2Ly05K+7CqmmyaXgDaVsKS
|
||||
rSw/TbhGDIItBemeseeuXGAKAbY2+gE7kNN9
|
||||
mZoQ9hRB3SrxE2jhctv66DzYYQQ= )
|
||||
1800 MX 1 aspmx.l.google.com.
|
||||
1800 MX 5 alt1.aspmx.l.google.com.
|
||||
1800 MX 5 alt2.aspmx.l.google.com.
|
||||
1800 MX 10 aspmx2.googlemail.com.
|
||||
1800 MX 10 aspmx3.googlemail.com.
|
||||
1800 RRSIG MX 8 2 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
kLqG+iOrKSzms1H9Et9me8Zts1rbyeCFSVQD
|
||||
G9is/u6ec3Lqg2vwJddf/yRsjVpVgadWSAkc
|
||||
GSDuD2dK8oBeP24axWc3Z1OY2gdMI7w+PKWT
|
||||
Z+pjHVjbjM47Ii/a6jk5SYeOwpGMsdEwhtTP
|
||||
vk2O2WGljifqV3uE7GshF5WNR10= )
|
||||
1800 AAAA 2a01:7e00::f03c:91ff:fef1:6735
|
||||
1800 RRSIG AAAA 8 2 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
SsRTHytW4YTAuHovHQgfIMhNwMtMp4gaAU/Z
|
||||
lgTO+IkBb9y9F8uHrf25gG6RqA1bnGV/gezV
|
||||
NU5negXm50bf1BNcyn3aCwEbA0rCGYIL+nLJ
|
||||
szlBVbBu6me/Ym9bbJlfgfHRDfsVy2ZkNL+B
|
||||
jfNQtGCSDoJwshjcqJlfIVSardo= )
|
||||
14400 NSEC a.miek.nl. A NS SOA MX AAAA RRSIG NSEC DNSKEY
|
||||
14400 RRSIG NSEC 8 2 14400 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
mFfc3r/9PSC1H6oSpdC+FDy/Iu02W2Tf0x+b
|
||||
n6Lpe1gCC1uvcSUrrmBNlyAWRr5Zm+ZXssEb
|
||||
cKddRGiu/5sf0bUWrs4tqokL/HUl10X/sBxb
|
||||
HfwNAeD7R7+CkpMv67li5AhsDgmQzpX2r3P6
|
||||
/6oZyLvODGobysbmzeWM6ckE8IE= )
|
||||
1800 DNSKEY 256 3 8 (
|
||||
AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6
|
||||
E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5EC
|
||||
IoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb
|
||||
2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXH
|
||||
Py7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz
|
||||
) ; ZSK; alg = RSASHA256; key id = 12051
|
||||
1800 DNSKEY 257 3 8 (
|
||||
AwEAAcWdjBl4W4wh/hPxMDcBytmNCvEngIgB
|
||||
9Ut3C2+QI0oVz78/WK9KPoQF7B74JQ/mjO4f
|
||||
vIncBmPp6mFNxs9/WQX0IXf7oKviEVOXLjct
|
||||
R4D1KQLX0wprvtUIsQFIGdXaO6suTT5eDbSd
|
||||
6tTwu5xIkGkDmQhhH8OQydoEuCwV245ZwF/8
|
||||
AIsqBYDNQtQ6zhd6jDC+uZJXg/9LuPOxFHbi
|
||||
MTjp6j3CCW0kHbfM/YHZErWWtjPj3U3Z7knQ
|
||||
SIm5PO5FRKBEYDdr5UxWJ/1/20SrzI3iztvP
|
||||
wHDsA2rdHm/4YRzq7CvG4N0t9ac/T0a0Sxba
|
||||
/BUX2UVPWaIVBdTRBtgHi0s=
|
||||
) ; KSK; alg = RSASHA256; key id = 33694
|
||||
1800 RRSIG DNSKEY 8 2 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
o/D6o8+/bNGQyyRvwZ2hM0BJ+3HirvNjZoko
|
||||
yGhGe9sPSrYU39WF3JVIQvNJFK6W3/iwlKir
|
||||
TPOeYlN6QilnztFq1vpCxwj2kxJaIJhZecig
|
||||
LsKxY/fOHwZlIbBLZZadQG6JoGRLHnImSzpf
|
||||
xtyVaXQtfnJFC07HHt9np3kICfE= )
|
||||
1800 RRSIG DNSKEY 8 2 1800 (
|
||||
20160426031301 20160327031301 33694 miek.nl.
|
||||
Ak/mbbQVQV+nUgw5Sw/c+TSoYqIwbLARzuNE
|
||||
QJvJNoRR4tKVOY6qSxQv+j5S7vzyORZ+yeDp
|
||||
NlEa1T9kxZVBMABoOtLX5kRqZncgijuH8fxb
|
||||
L57Sv2IzINI9+DOcy9Q9p9ygtwYzQKrYoNi1
|
||||
0hwHi6emGkVG2gGghruMinwOJASGgQy487Yd
|
||||
eIpcEKJRw73nxd2le/4/Vafy+mBpKWOczfYi
|
||||
5m9MSSxcK56NFYjPG7TvdIw0m70F/smY9KBP
|
||||
pGWEdzRQDlqfZ4fpDaTAFGyRX0mPFzMbs1DD
|
||||
3hQ4LHUSi/NgQakdH9eF42EVEDeL4cI69K98
|
||||
6NNk6X9TRslO694HKw== )
|
||||
a.miek.nl. 1800 IN A 139.162.196.78
|
||||
1800 RRSIG A 8 3 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
lxLotCjWZ3kikNNcePu6HOCqMHDINKFRJRD8
|
||||
laz2KQ9DKtgXPdnRw5RJvVITSj8GUVzw1ec1
|
||||
CYVEKu/eMw/rc953Zns528QBypGPeMNLe2vu
|
||||
C6a6UhZnGHA48dSd9EX33eSJs0MP9xsC9csv
|
||||
LGdzYmv++eslkKxkhSOk2j/hTxk= )
|
||||
1800 AAAA 2a01:7e00::f03c:91ff:fef1:6735
|
||||
1800 RRSIG AAAA 8 3 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
ji3QMlaUzlK85ppB5Pc+y2WnfqOi6qrm6dm1
|
||||
bXgsEov/5UV1Lmcv8+Y5NBbTbBlXGlWcpqNp
|
||||
uWpf9z3lbguDWznpnasN2MM8t7yxo/Cr7WRf
|
||||
QCzui7ewpWiA5hq7j0kVbM4nnDc6cO+U93hO
|
||||
mMhVbeVI70HM2m0HaHkziEyzVZk= )
|
||||
14400 NSEC archive.miek.nl. A AAAA RRSIG NSEC
|
||||
14400 RRSIG NSEC 8 3 14400 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
GqnF6cut/KCxbnJj27MCjjVGkjObV0hLhHOP
|
||||
E1/GXAUTEKG6BWxJq8hidS3p/yrOmP5PEL9T
|
||||
4FjBp0/REdVmGpuLaiHyMselES82p/uMMdY5
|
||||
QqRM6LHhZdO1zsRbyzOZbm5MsW6GR7K2kHlX
|
||||
9TdBIULiRRGPQ1QGQE1ipmSHEao= )
|
||||
archive.miek.nl. 1800 IN CNAME a.miek.nl.
|
||||
1800 RRSIG CNAME 8 3 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
s4zVJiDrVuUiUFr8CNQLuXYYfpqpl8rovL50
|
||||
BYsub/xK756NENiOTAOjYH6KYg7RSzsygJjV
|
||||
YQwXolZly2/KXAr48SCtxzkGFxLexxiKcFaj
|
||||
vm7ZDl7Btoa5l68qmBcxOX5E/W0IKITi4PNK
|
||||
mhBs7dlaf0IbPGNgMxae72RosxM= )
|
||||
14400 NSEC go.dns.miek.nl. CNAME RRSIG NSEC
|
||||
14400 RRSIG NSEC 8 3 14400 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
jEp7LsoK++/PRFh2HieLzasA1jXBpp90NyDf
|
||||
RfpfOxdM69yRKfvXMc2bazIiMuDhxht79dGI
|
||||
Gj02cn1cvX60SlaHkeFtqTdJcHdK9rbI65EK
|
||||
YHFZFzGh9XVnuMJKpUsm/xS1dnUSAnXN8q+0
|
||||
xBlUDlQpsAFv/cx8lcp4do5fWXg= )
|
||||
go.dns.miek.nl. 1800 IN TXT "Hello!"
|
||||
1800 RRSIG TXT 8 4 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
O0uo1NsXTq2TTfgOmGbHQQEchrcpllaDAMMX
|
||||
dTDizw3t+vZ5SR32qJ8W7y6VXLgUqJgcdRxS
|
||||
Fou1pp+t5juRZSQ0LKgxMpZAgHorkzPvRf1b
|
||||
E9eBKrDSuLGagsQRwHeldFGFgsXtCbf07vVH
|
||||
zoKR8ynuG4/cAoY0JzMhCts+56U= )
|
||||
14400 NSEC www.miek.nl. TXT RRSIG NSEC
|
||||
14400 RRSIG NSEC 8 4 14400 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
BW6qo7kYe3Z+Y0ebaVTWTy1c3bpdf8WUEoXq
|
||||
WDQxLDEj2fFiuEBDaSN5lTWRg3wj8kZmr6Uk
|
||||
LvX0P29lbATFarIgkyiAdbOEdaf88nMfqBW8
|
||||
z2T5xrPQcN0F13uehmv395yAJs4tebRxErMl
|
||||
KdkVF0dskaDvw8Wo3YgjHUf6TXM= )
|
||||
www.miek.nl. 1800 IN CNAME a.miek.nl.
|
||||
1800 RRSIG CNAME 8 3 1800 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
MiQQh2lScoNiNVZmMJaypS+wDL2Lar4Zw1zF
|
||||
Uo4tL16BfQOt7yl8gXdAH2JMFqoKAoIdM2K6
|
||||
XwFOwKTOGSW0oNCOcaE7ts+1Z1U0H3O2tHfq
|
||||
FAzfg1s9pQ5zxk8J/bJgkVIkw2/cyB0y1/PK
|
||||
EmIqvChBSb4NchTuMCSqo63LJM8= )
|
||||
14400 NSEC miek.nl. CNAME RRSIG NSEC
|
||||
14400 RRSIG NSEC 8 3 14400 (
|
||||
20160426031301 20160327031301 12051 miek.nl.
|
||||
OPPZ8iaUPrVKEP4cqeCiiv1WLRAY30GRIhc/
|
||||
me0gBwFkbmTEnvB+rUp831OJZDZBNKv4QdZj
|
||||
Uyc26wKUOQeUyMJqv4IRDgxH7nq9GB5JRjYZ
|
||||
IVxtGD1aqWLXz+8aMaf9ARJjtYUd3K4lt8Wz
|
||||
LbJSo5Wdq7GOWqhgkY5n3XD0/FA= )`
|
||||
Reference in New Issue
Block a user