From 0d529d4f41f694a531252a29b7e032e83ad3551c Mon Sep 17 00:00:00 2001
From: Jorge Aparicio <jorge.aparicio@ferrous-systems.com>
Date: Wed, 29 May 2024 12:46:32 +0200
Subject: [PATCH] bump hickory-dns and unignore fixed tests

also build hickory-dns with dnssec support and enable security
awareness
---
 .github/workflows/ci.yml                                        | 2 +-
 .../dnssec/rfc4035/section_3/section_3_1/section_3_1_4.rs       | 1 -
 .../src/resolver/dnssec/rfc4035/section_3/section_3_2.rs        | 2 --
 .../src/resolver/dnssec/rfc4035/section_4/section_4_1.rs        | 1 -
 packages/dns-test/src/docker/hickory.Dockerfile                 | 2 +-
 packages/dns-test/src/templates/hickory.resolver.toml.jinja     | 2 +-
 6 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 62f05ddc..15fd455f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,7 +6,7 @@ on:
   merge_group:
 
 env:
-  HICKORY_REV: a3669bd80f3f7b97f0c301c15f1cba6368d97b63
+  HICKORY_REV: 107635c6c5934524894736f1b141198d0fa62fec
   DNS_TEST_VERBOSE_DOCKER_BUILD: 1
 
 jobs:
diff --git a/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_3/section_3_1/section_3_1_4.rs b/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_3/section_3_1/section_3_1_4.rs
index c3489208..8fca7308 100644
--- a/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_3/section_3_1/section_3_1_4.rs
+++ b/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_3/section_3_1/section_3_1_4.rs
@@ -7,7 +7,6 @@ use dns_test::{
 };
 
 #[test]
-#[ignore]
 fn on_clients_ds_query_it_queries_the_parent_zone() -> Result<()> {
     let network = Network::new()?;
 
diff --git a/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_3/section_3_2.rs b/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_3/section_3_2.rs
index 8d947214..e9a1fc53 100644
--- a/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_3/section_3_2.rs
+++ b/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_3/section_3_2.rs
@@ -9,7 +9,6 @@ use dns_test::{
 };
 
 #[test]
-#[ignore]
 fn do_bit_not_set_in_request() -> Result<()> {
     let network = &Network::new()?;
     let ns = NameServer::new(&dns_test::PEER, FQDN::ROOT, network)?
@@ -79,7 +78,6 @@ fn if_do_bit_not_set_in_request_then_requested_dnssec_record_is_not_stripped() -
 }
 
 #[test]
-#[ignore]
 fn do_bit_set_in_request() -> Result<()> {
     let network = &Network::new()?;
     let ns = NameServer::new(&dns_test::PEER, FQDN::ROOT, network)?
diff --git a/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_4/section_4_1.rs b/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_4/section_4_1.rs
index 56c4d8da..deec6fe6 100644
--- a/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_4/section_4_1.rs
+++ b/packages/conformance-tests/src/resolver/dnssec/rfc4035/section_4/section_4_1.rs
@@ -5,7 +5,6 @@ use dns_test::tshark::{Capture, Direction};
 use dns_test::{Network, Resolver, Result, FQDN};
 
 #[test]
-#[ignore]
 fn edns_support() -> Result<()> {
     let network = &Network::new()?;
     let ns = NameServer::new(&dns_test::PEER, FQDN::ROOT, network)?.start()?;
diff --git a/packages/dns-test/src/docker/hickory.Dockerfile b/packages/dns-test/src/docker/hickory.Dockerfile
index 18cd7555..9844d115 100644
--- a/packages/dns-test/src/docker/hickory.Dockerfile
+++ b/packages/dns-test/src/docker/hickory.Dockerfile
@@ -10,6 +10,6 @@ RUN apt-get update && \
 # a clone of the hickory repository. `./src` here refers to that clone; not to
 # any directory inside the `dns-test` repository
 COPY ./src /usr/src/hickory
-RUN cargo install --path /usr/src/hickory/bin --features recursor --debug && \
+RUN cargo install --path /usr/src/hickory/bin --features recursor,dnssec-ring --debug && \
     mkdir /etc/hickory
 env RUST_LOG=debug
diff --git a/packages/dns-test/src/templates/hickory.resolver.toml.jinja b/packages/dns-test/src/templates/hickory.resolver.toml.jinja
index bd4be69c..d32d8e4a 100644
--- a/packages/dns-test/src/templates/hickory.resolver.toml.jinja
+++ b/packages/dns-test/src/templates/hickory.resolver.toml.jinja
@@ -1,5 +1,5 @@
 [[zones]]
 zone = "."
 zone_type = "Hint"
-stores = { type = "recursor", roots = "/etc/root.hints" }
+stores = { type = "recursor", roots = "/etc/root.hints", security_aware = true }
 enable_dnssec = {{ use_dnssec }}