move named to trust-dns bin crate
This commit is contained in:
parent
ee0413194d
commit
30f6254deb
42
Cargo.lock
generated
42
Cargo.lock
generated
@ -1367,6 +1367,48 @@ dependencies = [
|
||||
"spin 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "trust-dns"
|
||||
version = "0.18.0-alpha.1"
|
||||
dependencies = [
|
||||
"backtrace 0.3.40 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"bytes 0.4.12 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"chrono 0.4.9 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"clap 2.33.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"enum-as-inner 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"env_logger 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"failure 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"futures-preview 0.3.0-alpha.19 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"h2 0.2.0-alpha.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"http 0.1.19 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"native-tls 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"openssl 0.10.25 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"rand 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"rusqlite 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"rustls 0.16.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde 1.0.101 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"tokio 0.2.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"tokio-executor 0.2.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"tokio-io 0.2.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"tokio-net 0.2.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"tokio-openssl 0.4.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"tokio-rustls 0.12.0-alpha.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"tokio-timer 0.3.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"tokio-tls 0.3.0-alpha.6 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"toml 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"trust-dns-client 0.18.0-alpha.1",
|
||||
"trust-dns-https 0.18.0-alpha.1",
|
||||
"trust-dns-native-tls 0.18.0-alpha.1",
|
||||
"trust-dns-openssl 0.18.0-alpha.1",
|
||||
"trust-dns-proto 0.18.0-alpha.1",
|
||||
"trust-dns-resolver 0.18.0-alpha.1",
|
||||
"trust-dns-rustls 0.18.0-alpha.1",
|
||||
"trust-dns-server 0.18.0-alpha.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "trust-dns-client"
|
||||
version = "0.18.0-alpha.1"
|
||||
|
@ -9,4 +9,5 @@ members = ["crates/client",
|
||||
"crates/server",
|
||||
"tests/compatibility-tests",
|
||||
"tests/integration-tests",
|
||||
"bin",
|
||||
"util"]
|
||||
|
@ -97,7 +97,7 @@ Zone signing support is complete, to insert a key store a pem encoded rsa file
|
||||
|
||||
### DNS over TLS on the Server
|
||||
|
||||
Support of TLS on the Server is managed through a pkcs12 der file. The documentation is captured in the example test config file, [example.toml](https://github.com/bluejekyll/trust-dns/blob/master/crates/server/tests/named_test_configs/example.toml). A registered certificate to the server can be pinned to the Client with the `add_ca()` method. Alternatively, as the client uses the rust-native-tls library, it should work with certificate signed by any standard CA.
|
||||
Support of TLS on the Server is managed through a pkcs12 der file. The documentation is captured in the example test config file, [example.toml](https://github.com/bluejekyll/trust-dns/blob/master/crates/server/tests/test-data/named_test_configs/example.toml). A registered certificate to the server can be pinned to the Client with the `add_ca()` method. Alternatively, as the client uses the rust-native-tls library, it should work with certificate signed by any standard CA.
|
||||
|
||||
## DNSSec status
|
||||
|
||||
@ -244,7 +244,7 @@ so this should allow it to work with most internal loads.
|
||||
|
||||
```
|
||||
$ cd server
|
||||
$ ../target/release/named -c ./tests/named_test_configs/example.toml -z ./tests/named_test_configs/ -p 24141
|
||||
$ ../target/release/named -c ./tests/test-data/named_test_configs/example.toml -z ./tests/test-data/named_test_configs/ -p 24141
|
||||
```
|
||||
|
||||
- Query the just launched server with `dig`
|
||||
|
111
bin/Cargo.toml
Normal file
111
bin/Cargo.toml
Normal file
@ -0,0 +1,111 @@
|
||||
[package]
|
||||
name = "trust-dns"
|
||||
version = "0.18.0-alpha.1"
|
||||
authors = ["Benjamin Fry <benjaminfry@me.com>"]
|
||||
edition = "2018"
|
||||
|
||||
# A short blurb about the package. This is not rendered in any format when
|
||||
# uploaded to crates.io (aka this is not markdown)
|
||||
description = """
|
||||
Trust-DNS is a safe and secure DNS server with DNSec support.
|
||||
Eventually this could be a replacement for BIND9. The DNSSec support allows
|
||||
for live signing of all records, in it does not currently support
|
||||
records signed offline. The server supports dynamic DNS with SIG0 authenticated
|
||||
requests. Trust-DNS is based on the Tokio and Futures libraries, which means
|
||||
it should be easily integrated into other software that also use those
|
||||
libraries.
|
||||
"""
|
||||
|
||||
# These URLs point to more information about the repository
|
||||
documentation = "https://docs.rs/trust-dns-server"
|
||||
homepage = "http://www.trust-dns.org/index.html"
|
||||
repository = "https://github.com/bluejekyll/trust-dns"
|
||||
|
||||
# This points to a file in the repository (relative to this Cargo.toml). The
|
||||
# contents of this file are stored and indexed in the registry.
|
||||
readme = "README.md"
|
||||
|
||||
# This is a small list of keywords used to categorize and search for this
|
||||
# package.
|
||||
keywords = ["DNS", "BIND", "dig", "named", "dnssec"]
|
||||
categories = ["network-programming"]
|
||||
|
||||
# This is a string description of the license for this package. Currently
|
||||
# crates.io will validate the license provided against a whitelist of known
|
||||
# license identifiers from http://spdx.org/licenses/. Multiple licenses can
|
||||
# be separated with a `/`
|
||||
license = "MIT/Apache-2.0"
|
||||
|
||||
[badges]
|
||||
travis-ci = { repository = "bluejekyll/trust-dns" }
|
||||
appveyor = { repository = "bluejekyll/trust-dns", branch = "master", service = "github" }
|
||||
codecov = { repository = "bluejekyll/trust-dns", branch = "master", service = "github" }
|
||||
|
||||
[features]
|
||||
#default = ["sqlite", "resolver"]
|
||||
dnssec-openssl = ["dnssec", "openssl", "trust-dns-client/dnssec-openssl", "trust-dns-proto/dnssec-openssl", "trust-dns-resolver/dnssec-openssl", "trust-dns-server/dnssec-openssl"]
|
||||
dnssec-ring = ["dnssec", "trust-dns-client/dnssec-ring", "trust-dns-proto/dnssec-ring", "trust-dns-resolver/dnssec-ring", "trust-dns-server/dnssec-ring"]
|
||||
dnssec = []
|
||||
resolver = ["trust-dns-resolver", "trust-dns-server/resolver"]
|
||||
sqlite = ["rusqlite", "trust-dns-server/sqlite"]
|
||||
|
||||
# TODO: Need to figure out how to be consistent with ring/openssl usage...
|
||||
# dns-over-https-openssl = ["dns-over-openssl", "trust-dns-client/dns-over-https-openssl", "dns-over-https"]
|
||||
dns-over-https-rustls = ["dns-over-https", "dns-over-rustls", "trust-dns-client/dns-over-https-rustls", "trust-dns-resolver/dns-over-https-rustls", "trust-dns-server/dns-over-https-rustls", "tokio-rustls"]
|
||||
dns-over-https = ["h2", "http", "trust-dns-https", "trust-dns-server/dns-over-https"]
|
||||
|
||||
# TODO: migrate all tls and tls-openssl features to dns-over-tls, et al
|
||||
dns-over-openssl = ["dns-over-tls", "dnssec-openssl", "trust-dns-openssl", "tokio-openssl", "trust-dns-client/dns-over-openssl", "trust-dns-resolver/dns-over-openssl", "trust-dns-server/dns-over-openssl"]
|
||||
dns-over-rustls = ["dns-over-tls", "dnssec-ring", "trust-dns-rustls", "rustls", "trust-dns-client/dns-over-rustls", "trust-dns-resolver/dns-over-rustls", "trust-dns-server/dns-over-rustls", "tokio-rustls"]
|
||||
dns-over-tls = []
|
||||
|
||||
# This is a deprecated feature...
|
||||
tls-openssl = ["dns-over-openssl"]
|
||||
tls = ["dns-over-openssl"]
|
||||
|
||||
# WARNING: there is a bug in the mutual tls auth code at the moment see issue #100
|
||||
# mtls = ["trust-dns-client/mtls"]
|
||||
|
||||
[[bin]]
|
||||
name = "named"
|
||||
path = "src/named.rs"
|
||||
|
||||
[dependencies]
|
||||
backtrace = "0.3"
|
||||
bytes = "0.4.9"
|
||||
chrono = "0.4"
|
||||
clap = "2.33"
|
||||
enum-as-inner = "0.3"
|
||||
env_logger = "0.7"
|
||||
failure = "0.1"
|
||||
futures-preview = "0.3.0-alpha"
|
||||
h2 = { version = "0.2.0-alpha", optional = true }
|
||||
http = { version = "0.1", optional = true }
|
||||
lazy_static = "1.0"
|
||||
log = "0.4.8"
|
||||
openssl = { version = "0.10", features = ["v102", "v110"], optional = true }
|
||||
rand = "0.7"
|
||||
rusqlite = { version = "0.20.0", features = ["bundled"], optional = true }
|
||||
rustls = { version = "0.16", optional = true }
|
||||
serde = { version = "1.0.100", features = ["derive"] }
|
||||
time = "0.1"
|
||||
tokio = "0.2.0-alpha"
|
||||
tokio-executor = "0.2.0-alpha"
|
||||
tokio-io = "0.2.0-alpha"
|
||||
tokio-net = "0.2.0-alpha"
|
||||
tokio-openssl = { version = "0.4.0-alpha", optional = true }
|
||||
tokio-rustls = { version = "0.12.0-alpha", optional = true }
|
||||
tokio-timer = "0.3.0-alpha"
|
||||
toml = "0.5"
|
||||
trust-dns-client= { version = "0.18.0-alpha", path = "../crates/client" }
|
||||
trust-dns-https = { version = "0.18.0-alpha", path = "../crates/https", optional = true }
|
||||
trust-dns-proto = { version = "0.18.0-alpha", path = "../crates/proto" }
|
||||
trust-dns-openssl = { version = "0.18.0-alpha", path = "../crates/openssl", optional = true }
|
||||
trust-dns-resolver = { version = "0.18.0-alpha", path = "../crates/resolver", features = ["serde-config"], optional = true }
|
||||
trust-dns-rustls = { version = "0.18.0-alpha", path = "../crates/rustls", optional = true }
|
||||
trust-dns-server = { version = "0.18.0-alpha", path = "../crates/server" }
|
||||
|
||||
[dev-dependencies]
|
||||
native-tls = "0.2"
|
||||
trust-dns-native-tls = { version = "0.18.0-alpha", path = "../crates/native-tls" }
|
||||
tokio-tls = "0.3.0-alpha"
|
31
bin/README.md
Normal file
31
bin/README.md
Normal file
@ -0,0 +1,31 @@
|
||||
# Overview
|
||||
|
||||
Trust-DNS provides a binary for hosting or forwarding DNS zones.
|
||||
|
||||
This a named implementation for DNS zone hosting. It is capable of performing signing all records in the zone for server DNSSec RRSIG records associated with all records in a zone. There is also a `named` binary that can be generated from the library with `cargo install trust-dns`. Dynamic updates are supported via `SIG0` (an mTLS authentication method is under development).
|
||||
|
||||
## Features
|
||||
|
||||
- Dynamic Update with sqlite journaling backend (SIG0)
|
||||
- DNSSEC online signing (NSEC not NSEC3)
|
||||
- DNS over TLS (DoT)
|
||||
- DNS over HTTPS (DoH)
|
||||
- Forwarding stub resolver
|
||||
- ANAME resolution, for zone mapping aliass to A and AAAA records
|
||||
- Additionals section generation for aliasing record types
|
||||
|
||||
## Future goals
|
||||
|
||||
- Distributed dynamic DNS updates, with consensus
|
||||
- mTLS based authorization for Dynamic Updates
|
||||
- Online NSEC creation for queries
|
||||
- Full hint based resolving
|
||||
- Maybe NSEC3 and/or NSEC5 support
|
||||
|
||||
## Minimum Rust Version
|
||||
|
||||
The current minimum rustc version for this project is `1.39`
|
||||
|
||||
## Versioning
|
||||
|
||||
Trust-DNS does it's best job to follow semver. Trust-DNS will be promoted to 1.0 upon stabilization of the publicly exposed APIs. This does not mean that Trust-DNS will necessarily break on upgrades between 0.x updates. Whenever possible, old APIs will be deprecated with notes on what replaced those deprecations. Trust-DNS will make a best effort to never break software which depends on it due to API changes, though this can not be guaranteed. Deprecated interfaces will be maintained for at minimum one major release after that in which they were deprecated (where possible), with the exception of the upgrade to 1.0 where all deprecated interfaces will be planned to be removed.
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
Trust-DNS bench setup:
|
||||
this is meant to mimic the trust-dns-server config
|
||||
which is in tests/named_test_configs/example.toml
|
||||
which is in tests/test-data/named_test_configs/example.toml
|
||||
*/
|
||||
|
||||
controls { /* empty */ };
|
||||
@ -15,30 +15,30 @@ options {
|
||||
|
||||
zone "localhost" {
|
||||
type master;
|
||||
file "../../server/tests/named_test_configs/default/localhost.zone";
|
||||
file "../../../tests/test-data/named_test_configs/default/localhost.zone";
|
||||
};
|
||||
|
||||
zone "0.0.127.in-addr.arpa" {
|
||||
type master;
|
||||
file "../../server/tests/named_test_configs/default/127.0.0.1.zone";
|
||||
file "../../../tests/test-data/named_test_configs/default/127.0.0.1.zone";
|
||||
};
|
||||
|
||||
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
|
||||
type master;
|
||||
file "../../server/tests/named_test_configs/default/ipv6_1.zone";
|
||||
file "../../../tests/test-data/named_test_configs/default/ipv6_1.zone";
|
||||
};
|
||||
|
||||
zone "255.in-addr.arpa" {
|
||||
type master;
|
||||
file "../../server/tests/named_test_configs/default/255.zone";
|
||||
file "../../../tests/test-data/named_test_configs/default/255.zone";
|
||||
};
|
||||
|
||||
zone "0.in-addr.arpa" {
|
||||
type master;
|
||||
file "../../server/tests/named_test_configs/default/0.zone";
|
||||
file "../../../tests/test-data/named_test_configs/default/0.zone";
|
||||
};
|
||||
|
||||
zone "example.com" {
|
||||
type master;
|
||||
file "../../server/tests/named_test_configs/example.com.zone";
|
||||
file "../../../tests/test-data/named_test_configs/example.com.zone";
|
||||
};
|
@ -96,11 +96,11 @@ fn trust_dns_process() -> (NamedProcess, u16) {
|
||||
.stdout(Stdio::null())
|
||||
.arg("-q") // TODO: need to rethink this one...
|
||||
.arg(&format!(
|
||||
"--config={}/tests/named_test_configs/example.toml",
|
||||
"--config={}/tests/test-data/named_test_configs/example.toml",
|
||||
server_path
|
||||
))
|
||||
.arg(&format!(
|
||||
"--zonedir={}/tests/named_test_configs",
|
||||
"--zonedir={}/tests/test-data/named_test_configs",
|
||||
server_path
|
||||
))
|
||||
.arg(&format!("--port={}", test_port))
|
@ -56,7 +56,7 @@ use tokio_net::udp::UdpSocket;
|
||||
use trust_dns_client::rr::rdata::key::KeyUsage;
|
||||
use trust_dns_client::rr::Name;
|
||||
use trust_dns_server::authority::{AuthorityObject, Catalog, ZoneType};
|
||||
#[cfg(any(feature = "dns-over-tls", feature = "dnssec"))]
|
||||
#[cfg(feature = "dns-over-tls")]
|
||||
use trust_dns_server::config::dnssec::{self, TlsCertConfig};
|
||||
use trust_dns_server::config::{Config, ZoneConfig};
|
||||
use trust_dns_server::logger;
|
||||
@ -81,6 +81,7 @@ fn load_zone(
|
||||
let zone_path: Option<String> = zone_config.file.clone();
|
||||
let zone_type: ZoneType = zone_config.get_zone_type();
|
||||
let is_axfr_allowed = zone_config.is_axfr_allowed();
|
||||
#[allow(unused_variables)]
|
||||
let is_dnssec_enabled = zone_config.is_dnssec_enabled();
|
||||
|
||||
if zone_config.is_update_allowed() {
|
@ -52,17 +52,17 @@ where
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| ".".to_owned());
|
||||
println!("using server src path: {}", server_path);
|
||||
|
||||
let mut named = Command::new(&format!("{}/../../target/debug/named", server_path))
|
||||
let mut named = Command::new(&format!("{}/../target/debug/named", server_path))
|
||||
.stdout(Stdio::piped())
|
||||
.env(
|
||||
"RUST_LOG",
|
||||
"trust_dns_client=debug,trust_dns_https=debug,trust_dns_proto=debug,trust_dns_resolver=debug,trust_dns_server=debug",
|
||||
).arg("-d")
|
||||
.arg(&format!(
|
||||
"--config={}/tests/named_test_configs/{}",
|
||||
"--config={}/../tests/test-data/named_test_configs/{}",
|
||||
server_path, toml
|
||||
)).arg(&format!(
|
||||
"--zonedir={}/tests/named_test_configs",
|
||||
"--zonedir={}/../tests/test-data/named_test_configs",
|
||||
server_path
|
||||
)).arg(&format!("--port={}", test_port))
|
||||
.arg(&format!("--tls-port={}", test_tls_port))
|
@ -45,7 +45,7 @@ fn test_example_https_toml_startup() {
|
||||
println!("using server src path: {}", server_path);
|
||||
|
||||
File::open(&format!(
|
||||
"{}/tests/named_test_configs/sec/example.cert",
|
||||
"{}/../tests/test-data/named_test_configs/sec/example.cert",
|
||||
server_path
|
||||
))
|
||||
.expect("failed to open cert")
|
@ -54,7 +54,7 @@ fn test_startup(toml: &'static str) {
|
||||
println!("using server src path: {}", server_path);
|
||||
|
||||
File::open(&format!(
|
||||
"{}/tests/named_test_configs/sec/example.cert",
|
||||
"{}/../tests/test-data/named_test_configs/sec/example.cert",
|
||||
server_path
|
||||
))
|
||||
.expect("failed to open cert")
|
@ -46,7 +46,7 @@ fn test_example_tls_toml_startup() {
|
||||
println!("using server src path: {}", server_path);
|
||||
|
||||
File::open(&format!(
|
||||
"{}/tests/named_test_configs/sec/example.cert",
|
||||
"{}/../tests/test-data/named_test_configs/sec/example.cert",
|
||||
server_path
|
||||
))
|
||||
.expect("failed to open cert")
|
@ -120,7 +120,7 @@ fn generic_test(config_toml: &str, key_path: &str, key_format: KeyFormat, algori
|
||||
fn test_rsa_sha256() {
|
||||
generic_test(
|
||||
confg_toml(),
|
||||
"tests/named_test_configs/dnssec/rsa_2048.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::RSASHA256,
|
||||
);
|
||||
@ -131,7 +131,7 @@ fn test_rsa_sha256() {
|
||||
fn test_rsa_sha512() {
|
||||
generic_test(
|
||||
confg_toml(),
|
||||
"tests/named_test_configs/dnssec/rsa_2048.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::RSASHA512,
|
||||
);
|
||||
@ -142,7 +142,7 @@ fn test_rsa_sha512() {
|
||||
fn test_ecdsa_p256() {
|
||||
generic_test(
|
||||
confg_toml(),
|
||||
"tests/named_test_configs/dnssec/ecdsa_p256.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::ECDSAP256SHA256,
|
||||
);
|
||||
@ -153,7 +153,7 @@ fn test_ecdsa_p256() {
|
||||
fn test_ecdsa_p256_pkcs8() {
|
||||
generic_test(
|
||||
confg_toml(),
|
||||
"tests/named_test_configs/dnssec/ecdsa_p256.pk8",
|
||||
"../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pk8",
|
||||
KeyFormat::Pkcs8,
|
||||
Algorithm::ECDSAP256SHA256,
|
||||
);
|
||||
@ -164,7 +164,7 @@ fn test_ecdsa_p256_pkcs8() {
|
||||
fn test_ecdsa_p384() {
|
||||
generic_test(
|
||||
confg_toml(),
|
||||
"tests/named_test_configs/dnssec/ecdsa_p384.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::ECDSAP384SHA384,
|
||||
);
|
||||
@ -175,7 +175,7 @@ fn test_ecdsa_p384() {
|
||||
fn test_ecdsa_p384_pkcs8() {
|
||||
generic_test(
|
||||
confg_toml(),
|
||||
"tests/named_test_configs/dnssec/ecdsa_p384.pk8",
|
||||
"../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pk8",
|
||||
KeyFormat::Pkcs8,
|
||||
Algorithm::ECDSAP384SHA384,
|
||||
);
|
||||
@ -186,7 +186,7 @@ fn test_ecdsa_p384_pkcs8() {
|
||||
fn test_ed25519() {
|
||||
generic_test(
|
||||
confg_toml(),
|
||||
"tests/named_test_configs/dnssec/ed25519.pk8",
|
||||
"../tests/test-data/named_test_configs/dnssec/ed25519.pk8",
|
||||
KeyFormat::Pkcs8,
|
||||
Algorithm::ED25519,
|
||||
);
|
||||
@ -197,24 +197,26 @@ fn test_ed25519() {
|
||||
fn test_rsa_sha1_fails() {
|
||||
generic_test(
|
||||
confg_toml(),
|
||||
"tests/named_test_configs/dnssec/rsa_2048.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::RSASHA1,
|
||||
);
|
||||
}
|
||||
|
||||
#[cfg(feature = "dnssec-openssl")]
|
||||
#[cfg(feature = "sqlite")]
|
||||
#[test]
|
||||
fn test_dnssec_restart_with_update_journal() {
|
||||
// TODO: make journal path configurable, it should be in target/tests/...
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| ".".to_owned());
|
||||
let server_path = Path::new(&server_path);
|
||||
let journal = server_path.join("tests/named_test_configs/example.com_dnsec_update.jrnl");
|
||||
let journal =
|
||||
server_path.join("../tests/test-data/named_test_configs/example.com_dnsec_update.jrnl");
|
||||
std::fs::remove_file(&journal).ok();
|
||||
|
||||
generic_test(
|
||||
"dnssec_with_update.toml",
|
||||
"tests/named_test_configs/dnssec/rsa_2048.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::RSASHA256,
|
||||
);
|
||||
@ -225,7 +227,7 @@ fn test_dnssec_restart_with_update_journal() {
|
||||
// and all dnssec tests should still pass
|
||||
generic_test(
|
||||
"dnssec_with_update.toml",
|
||||
"tests/named_test_configs/dnssec/rsa_2048.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::RSASHA256,
|
||||
);
|
||||
@ -239,17 +241,18 @@ fn test_dnssec_restart_with_update_journal() {
|
||||
}
|
||||
|
||||
#[cfg(feature = "dnssec-openssl")]
|
||||
#[cfg(feature = "sqlite")]
|
||||
#[test]
|
||||
fn test_dnssec_restart_with_update_journal_dep() {
|
||||
// TODO: make journal path configurable, it should be in target/tests/...
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| ".".to_owned());
|
||||
let server_path = Path::new(&server_path);
|
||||
let journal = server_path.join("tests/named_test_configs/example.com.jrnl");
|
||||
let journal = server_path.join("../tests/test-data/named_test_configs/example.com.jrnl");
|
||||
std::fs::remove_file(&journal).ok();
|
||||
|
||||
generic_test(
|
||||
"dnssec_with_update_deprecated.toml",
|
||||
"tests/named_test_configs/dnssec/rsa_2048.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::RSASHA256,
|
||||
);
|
||||
@ -260,7 +263,7 @@ fn test_dnssec_restart_with_update_journal_dep() {
|
||||
// and all dnssec tests should still pass
|
||||
generic_test(
|
||||
"dnssec_with_update_deprecated.toml",
|
||||
"tests/named_test_configs/dnssec/rsa_2048.pem",
|
||||
"../tests/test-data/named_test_configs/dnssec/rsa_2048.pem",
|
||||
KeyFormat::Pem,
|
||||
Algorithm::RSASHA256,
|
||||
);
|
@ -82,14 +82,14 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
|
||||
})
|
||||
.unwrap();
|
||||
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| "../server".to_owned());
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| "../../bin".to_owned());
|
||||
println!("using server src path: {}", server_path);
|
||||
|
||||
let root_cert_der = read_file(&format!("{}/../../tests/test-data/ca.der", server_path));
|
||||
let root_cert_der = read_file(&format!("{}/../tests/test-data/ca.der", server_path));
|
||||
|
||||
// Generate X509 certificate
|
||||
let dns_name = "ns.example.com";
|
||||
let server_pkcs12_der = read_file(&format!("{}/../../tests/test-data/cert.p12", server_path));
|
||||
let server_pkcs12_der = read_file(&format!("{}/../tests/test-data/cert.p12", server_path));
|
||||
|
||||
// TODO: need a timeout on listen
|
||||
let server = std::net::TcpListener::bind(SocketAddr::new(server_addr, 0)).unwrap();
|
||||
|
@ -415,7 +415,7 @@ mod tests {
|
||||
let mut decoder: BinDecoder = BinDecoder::new(bytes);
|
||||
let read_rdata = read(&mut decoder, Restrict::new(bytes.len() as u16));
|
||||
let read_rdata = read_rdata.expect("error decoding");
|
||||
|
||||
|
||||
assert_eq!(rdata, read_rdata);
|
||||
assert!(rdata
|
||||
.to_digest(
|
||||
|
@ -87,15 +87,15 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
|
||||
})
|
||||
.unwrap();
|
||||
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| "../server".to_owned());
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| "../../bin".to_owned());
|
||||
println!("using server src path: {}", server_path);
|
||||
|
||||
let root_cert_der = read_file(&format!("{}/../../tests/test-data/ca.der", server_path));
|
||||
let root_cert_der = read_file(&format!("{}/../tests/test-data/ca.der", server_path));
|
||||
let root_cert_der_copy = root_cert_der.clone();
|
||||
|
||||
// Generate X509 certificate
|
||||
let dns_name = "ns.example.com";
|
||||
let server_pkcs12_der = read_file(&format!("{}/../../tests/test-data/cert.p12", server_path));
|
||||
let server_pkcs12_der = read_file(&format!("{}/../tests/test-data/cert.p12", server_path));
|
||||
|
||||
// TODO: need a timeout on listen
|
||||
let server = std::net::TcpListener::bind(SocketAddr::new(server_addr, 0)).unwrap();
|
||||
|
@ -42,10 +42,10 @@ appveyor = { repository = "bluejekyll/trust-dns", branch = "master", service = "
|
||||
codecov = { repository = "bluejekyll/trust-dns", branch = "master", service = "github" }
|
||||
|
||||
[features]
|
||||
default = ["sqlite", "trust-dns-resolver"]
|
||||
dnssec-openssl = ["dnssec", "openssl", "trust-dns-client/dnssec-openssl", "trust-dns-proto/dnssec-openssl"]
|
||||
dnssec-ring = ["dnssec", "trust-dns-client/dnssec-ring", "trust-dns-proto/dnssec-ring"]
|
||||
dnssec-openssl = ["dnssec", "openssl", "trust-dns-client/dnssec-openssl", "trust-dns-proto/dnssec-openssl", "trust-dns-resolver/dnssec-openssl"]
|
||||
dnssec-ring = ["dnssec", "trust-dns-client/dnssec-ring", "trust-dns-proto/dnssec-ring", "trust-dns-resolver/dnssec-ring"]
|
||||
dnssec = []
|
||||
resolver = ["trust-dns-resolver"]
|
||||
sqlite = ["rusqlite"]
|
||||
|
||||
# TODO: Need to figure out how to be consistent with ring/openssl usage...
|
||||
@ -69,10 +69,6 @@ tls = ["dns-over-openssl"]
|
||||
name = "trust_dns_server"
|
||||
path = "src/lib.rs"
|
||||
|
||||
[[bin]]
|
||||
name = "named"
|
||||
path = "src/named.rs"
|
||||
|
||||
[dependencies]
|
||||
backtrace = "0.3"
|
||||
bytes = "0.4.9"
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
Trust-DNS Server is a library which implements the zone authoritory functionality.
|
||||
|
||||
This library contains basic implementations for DNS zone hosting. It is capable of performing signing all records in the zone for server DNSSec RRSIG records associated with all records in a zone. There is also a `named` binary that can be generated from the library with `cargo install trust-dns-server`. Dynamic updates are supported via `SIG0` (an mTLS authentication method is under development).
|
||||
This library contains basic implementations for DNS zone hosting. It is capable of performing signing all records in the zone for server DNSSec RRSIG records associated with all records in a zone. There is also a `named` binary that can be generated from the library with `cargo install trust-dns`. Dynamic updates are supported via `SIG0` (an mTLS authentication method is under development).
|
||||
|
||||
## Features
|
||||
|
||||
|
@ -258,7 +258,7 @@ mod tests {
|
||||
#[test]
|
||||
fn test_load_zone() {
|
||||
let config = FileConfig {
|
||||
zone_file_path: "tests/named_test_configs/example.com.zone".to_string(),
|
||||
zone_file_path: "../../tests/test-data/named_test_configs/example.com.zone".to_string(),
|
||||
};
|
||||
let authority = FileAuthority::try_from_config(
|
||||
Name::from_str("example.com.").unwrap(),
|
||||
|
@ -21,7 +21,9 @@ use trust_dns_client::rr::rdata::key::KEY;
|
||||
use trust_dns_client::rr::rdata::DNSSECRData;
|
||||
use trust_dns_client::rr::rdata::DNSSECRecordType;
|
||||
use trust_dns_client::rr::rdata::SOA;
|
||||
use trust_dns_client::rr::{DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey};
|
||||
use trust_dns_client::rr::{
|
||||
DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey,
|
||||
};
|
||||
|
||||
use crate::authority::{
|
||||
AnyRecords, AuthLookup, Authority, LookupError, LookupRecords, LookupResult, MessageRequest,
|
||||
@ -310,7 +312,7 @@ impl InMemoryAuthority {
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "sqlite")]
|
||||
#[cfg(any(feature = "dnssec", feature = "sqlite"))]
|
||||
pub(crate) fn increment_soa_serial(&mut self) -> u32 {
|
||||
// we'll remove the SOA and then replace it
|
||||
let rr_key = RrKey::new(self.origin.clone(), RecordType::SOA);
|
||||
|
@ -18,7 +18,9 @@ use trust_dns_client::op::LowerQuery;
|
||||
use trust_dns_client::op::ResponseCode;
|
||||
use trust_dns_client::proto::rr::dnssec::rdata::key::KEY;
|
||||
use trust_dns_client::rr::dnssec::{DnsSecResult, Signer, SupportedAlgorithms};
|
||||
use trust_dns_client::rr::{DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey};
|
||||
use trust_dns_client::rr::{
|
||||
DNSClass, LowerName, Name, RData, Record, RecordSet, RecordType, RrKey,
|
||||
};
|
||||
|
||||
#[cfg(feature = "dnssec")]
|
||||
use crate::authority::UpdateRequest;
|
||||
|
@ -563,7 +563,7 @@ macro_rules! define_basic_test {
|
||||
$(
|
||||
#[test]
|
||||
fn $f () {
|
||||
let authority = crate::$new("tests/named_test_configs/example.com.zone", module_path!(), stringify!($f));
|
||||
let authority = crate::$new("../../tests/test-data/named_test_configs/example.com.zone", module_path!(), stringify!($f));
|
||||
crate::authority_battery::basic::$f(authority);
|
||||
}
|
||||
)*
|
||||
|
@ -331,7 +331,7 @@ pub fn add_signers<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<
|
||||
// rsa
|
||||
{
|
||||
let key_config = KeyConfig {
|
||||
key_path: "tests/named_test_configs/dnssec/rsa_2048.pem".to_string(),
|
||||
key_path: "../../tests/test-data/named_test_configs/dnssec/rsa_2048.pem".to_string(),
|
||||
password: Some("123456".to_string()),
|
||||
algorithm: Algorithm::RSASHA512.to_string(),
|
||||
signer_name: Some(signer_name.clone().to_string()),
|
||||
@ -353,7 +353,7 @@ pub fn add_signers<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<
|
||||
// // ecdsa_p256
|
||||
// {
|
||||
// let key_config = KeyConfig {
|
||||
// key_path: "tests/named_test_configs/dnssec/ecdsa_p256.pem".to_string(),
|
||||
// key_path: "../../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem".to_string(),
|
||||
// password: None,
|
||||
// algorithm: Algorithm::ECDSAP256SHA256.to_string(),
|
||||
// signer_name: Some(signer_name.clone().to_string()),
|
||||
@ -370,7 +370,7 @@ pub fn add_signers<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<
|
||||
// // ecdsa_p384
|
||||
// {
|
||||
// let key_config = KeyConfig {
|
||||
// key_path: "tests/named_test_configs/dnssec/ecdsa_p384.pem".to_string(),
|
||||
// key_path: "../../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem".to_string(),
|
||||
// password: None,
|
||||
// algorithm: Algorithm::ECDSAP384SHA384.to_string(),
|
||||
// signer_name: Some(signer_name.clone().to_string()),
|
||||
@ -388,7 +388,7 @@ pub fn add_signers<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<
|
||||
#[cfg(feature = "dnssec-ring")]
|
||||
{
|
||||
let key_config = KeyConfig {
|
||||
key_path: "tests/named_test_configs/dnssec/ed25519.pk8".to_string(),
|
||||
key_path: "../../tests/test-data/named_test_configs/dnssec/ed25519.pk8".to_string(),
|
||||
password: None,
|
||||
algorithm: Algorithm::ED25519.to_string(),
|
||||
signer_name: Some(signer_name.clone().to_string()),
|
||||
@ -414,7 +414,7 @@ macro_rules! define_dnssec_test {
|
||||
$(
|
||||
#[test]
|
||||
fn $f () {
|
||||
let mut authority = crate::$new("tests/named_test_configs/example.com.zone", module_path!(), stringify!($f));
|
||||
let mut authority = crate::$new("../../tests/test-data/named_test_configs/example.com.zone", module_path!(), stringify!($f));
|
||||
let keys = crate::authority_battery::dnssec::add_signers(&mut authority);
|
||||
crate::authority_battery::dnssec::$f(authority, &keys);
|
||||
}
|
||||
|
@ -616,7 +616,7 @@ pub fn add_auth<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<Sig
|
||||
#[cfg(feature = "dnssec-openssl")]
|
||||
{
|
||||
let key_config = KeyConfig {
|
||||
key_path: "tests/named_test_configs/dnssec/rsa_2048.pem".to_string(),
|
||||
key_path: "../../tests/test-data/named_test_configs/dnssec/rsa_2048.pem".to_string(),
|
||||
password: Some("123456".to_string()),
|
||||
algorithm: Algorithm::RSASHA512.to_string(),
|
||||
signer_name: Some(update_name.clone().to_string()),
|
||||
@ -642,7 +642,7 @@ pub fn add_auth<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<Sig
|
||||
// // ecdsa_p256
|
||||
// {
|
||||
// let key_config = KeyConfig {
|
||||
// key_path: "tests/named_test_configs/dnssec/ecdsa_p256.pem".to_string(),
|
||||
// key_path: "tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem".to_string(),
|
||||
// password: None,
|
||||
// algorithm: Algorithm::ECDSAP256SHA256.to_string(),
|
||||
// signer_name: Some(signer_name.clone().to_string()),
|
||||
@ -659,7 +659,7 @@ pub fn add_auth<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<Sig
|
||||
// // ecdsa_p384
|
||||
// {
|
||||
// let key_config = KeyConfig {
|
||||
// key_path: "tests/named_test_configs/dnssec/ecdsa_p384.pem".to_string(),
|
||||
// key_path: "../../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem".to_string(),
|
||||
// password: None,
|
||||
// algorithm: Algorithm::ECDSAP384SHA384.to_string(),
|
||||
// signer_name: Some(signer_name.clone().to_string()),
|
||||
@ -677,7 +677,7 @@ pub fn add_auth<A: Authority<Lookup = AuthLookup>>(authority: &mut A) -> Vec<Sig
|
||||
#[cfg(feature = "dnssec-ring")]
|
||||
{
|
||||
let key_config = KeyConfig {
|
||||
key_path: "tests/named_test_configs/dnssec/ed25519.pk8".to_string(),
|
||||
key_path: "../../tests/test-data/named_test_configs/dnssec/ed25519.pk8".to_string(),
|
||||
password: None,
|
||||
algorithm: Algorithm::ED25519.to_string(),
|
||||
signer_name: Some(update_name.clone().to_string()),
|
||||
@ -707,7 +707,7 @@ macro_rules! define_update_test {
|
||||
$(
|
||||
#[test]
|
||||
fn $f () {
|
||||
let mut authority = crate::$new("tests/named_test_configs/example.com.zone", module_path!(), stringify!($f));
|
||||
let mut authority = crate::$new("../../tests/test-data/named_test_configs/example.com.zone", module_path!(), stringify!($f));
|
||||
let keys = crate::authority_battery::dynamic_update::add_auth(&mut authority);
|
||||
crate::authority_battery::dynamic_update::$f(authority, &keys);
|
||||
}
|
||||
|
@ -29,7 +29,8 @@ use trust_dns_server::config::*;
|
||||
#[test]
|
||||
fn test_read_config() {
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or_else(|_| ".".to_owned());
|
||||
let path: PathBuf = PathBuf::from(server_path).join("tests/named_test_configs/example.toml");
|
||||
let path: PathBuf =
|
||||
PathBuf::from(server_path).join("../../tests/test-data/named_test_configs/example.toml");
|
||||
|
||||
if !path.exists() {
|
||||
panic!("can't locate example.toml and other configs: {:?}", path)
|
||||
@ -254,7 +255,7 @@ tls_listen_port = 8853
|
||||
}
|
||||
|
||||
fn test_config(path: &str) {
|
||||
let path = PathBuf::from("tests/named_test_configs")
|
||||
let path = PathBuf::from("../../tests/test-data/named_test_configs")
|
||||
.join(path)
|
||||
.with_extension("toml");
|
||||
assert!(path.exists(), "does not exist: {}", path.display());
|
||||
|
@ -34,7 +34,8 @@ dnssec_battery!(file);
|
||||
#[test]
|
||||
fn test_all_lines_are_loaded() {
|
||||
let config = FileConfig {
|
||||
zone_file_path: "tests/named_test_configs/default/nonewline.zone".to_string(),
|
||||
zone_file_path: "../../tests/test-data/named_test_configs/default/nonewline.zone"
|
||||
.to_string(),
|
||||
};
|
||||
|
||||
let authority = FileAuthority::try_from_config(
|
||||
|
@ -5,7 +5,7 @@ set -x
|
||||
trust_dns_dir=$(dirname $0)/..
|
||||
cd ${trust_dns_dir:?}
|
||||
|
||||
packages_ordered="proto openssl native-tls rustls https client resolver server"
|
||||
packages_ordered="crates/proto crates/openssl crates/native-tls crates/rustls crates/https crates/client crates/resolver crates/server bin util"
|
||||
|
||||
## dry-run
|
||||
cargo check
|
||||
@ -14,13 +14,9 @@ for p in ${packages_ordered:?} ; do
|
||||
cargo update -p trust-dns-proto
|
||||
cargo update -p trust-dns-client
|
||||
cargo update -p trust-dns-resolver
|
||||
cargo update -p trust-dns-server
|
||||
echo "====> dry-run publish $p"
|
||||
cargo publish --verbose --locked --dry-run --manifest-path crates/${p:?}/Cargo.toml
|
||||
cargo publish --verbose --locked --dry-run --manifest-path ${p:?}/Cargo.toml
|
||||
echo "====> publishing $p"
|
||||
cargo publish --verbose --locked --manifest-path crates/${p:?}/Cargo.toml
|
||||
cargo publish --verbose --locked --manifest-path ${p:?}/Cargo.toml
|
||||
done
|
||||
|
||||
echo "====> dry-run publish util"
|
||||
cargo publish --verbose --locked --dry-run --manifest-path util/Cargo.toml
|
||||
echo "====> publishing util"
|
||||
cargo publish --verbose --locked --manifest-path util/Cargo.toml
|
@ -16,6 +16,7 @@ $CARGO clean -p trust-dns-rustls
|
||||
$CARGO clean -p trust-dns-openssl
|
||||
$CARGO clean -p trust-dns-https
|
||||
$CARGO clean -p trust-dns-native-tls
|
||||
$CARGO clean -p trust-dns
|
||||
$CARGO clean -p trust-dns-compatibility
|
||||
$CARGO clean -p trust-dns-integration
|
||||
|
||||
|
@ -41,7 +41,7 @@ TEST_PATH=${PROJECT:?}/target/debug
|
||||
mkdir -p ${KCOV_TARGET:?}
|
||||
|
||||
# needed to tell some config tests where the server root directory is
|
||||
export TDNS_SERVER_SRC_ROOT=${PROJECT:?}/crates/server
|
||||
export TDNS_SERVER_SRC_ROOT=${PROJECT:?}/bin
|
||||
export COVERALLS_PARALLEL=true
|
||||
|
||||
SRC_PATHS=\
|
||||
@ -52,7 +52,8 @@ ${PROJECT:?}/crates/proto/src,\
|
||||
${PROJECT:?}/crates/https/src,\
|
||||
${PROJECT:?}/crates/resolver/src,\
|
||||
${PROJECT:?}/crates/rustls/src,\
|
||||
${PROJECT:?}/crates/server/src
|
||||
${PROJECT:?}/crates/server/src,\
|
||||
${PROJECT:?}/bin/src
|
||||
|
||||
EXCLUDE_PATHS=\
|
||||
${PROJECT:?}/crates/client/src/error,\
|
||||
|
@ -15,4 +15,5 @@ cargo test --manifest-path crates/rustls/Cargo.toml --all-features
|
||||
cargo test --manifest-path crates/https/Cargo.toml --all-features
|
||||
cargo test --manifest-path crates/resolver/Cargo.toml --all-features
|
||||
cargo test --manifest-path crates/server/Cargo.toml --all-features
|
||||
cargo test --manifest-path bin/Cargo.toml --all-features
|
||||
cargo test --manifest-path tests/integration-tests/Cargo.toml --all-features
|
||||
|
@ -15,6 +15,7 @@ cargo test --manifest-path crates/rustls/Cargo.toml
|
||||
cargo test --manifest-path crates/https/Cargo.toml
|
||||
cargo test --manifest-path crates/resolver/Cargo.toml
|
||||
cargo test --manifest-path crates/server/Cargo.toml
|
||||
cargo test --manifest-path bin/Cargo.toml
|
||||
cargo test --manifest-path tests/integration-tests/Cargo.toml
|
||||
|
||||
# All examples should go here
|
||||
|
@ -8,4 +8,5 @@ cd ${trust_dns_dir:?}
|
||||
# Build all tests
|
||||
cargo test --manifest-path crates/resolver/Cargo.toml --features dns-over-openssl
|
||||
cargo test --manifest-path crates/server/Cargo.toml --features dns-over-openssl
|
||||
cargo test --manifest-path bin/Cargo.toml --features dns-over-openssl
|
||||
cargo test --manifest-path tests/integration-tests/Cargo.toml --features dns-over-openssl
|
||||
|
@ -8,4 +8,5 @@ cd ${trust_dns_dir:?}
|
||||
# Build all tests
|
||||
cargo test --manifest-path crates/resolver/Cargo.toml --features dns-over-rustls,dns-over-https-rustls
|
||||
cargo test --manifest-path crates/server/Cargo.toml --features dns-over-https-rustls,dns-over-rustls
|
||||
cargo test --manifest-path bin/Cargo.toml --features dns-over-https-rustls,dns-over-rustls
|
||||
cargo test --manifest-path tests/integration-tests/Cargo.toml --features dns-over-https-rustls
|
||||
|
@ -10,4 +10,5 @@ cargo test --manifest-path crates/proto/Cargo.toml --features dnssec-openssl
|
||||
cargo test --manifest-path crates/client/Cargo.toml --features dnssec-openssl
|
||||
cargo test --manifest-path crates/resolver/Cargo.toml --features dnssec-openssl
|
||||
cargo test --manifest-path crates/server/Cargo.toml --features dnssec-openssl
|
||||
cargo test --manifest-path bin/Cargo.toml --features dnssec-openssl
|
||||
cargo test --manifest-path tests/integration-tests/Cargo.toml --features dnssec-openssl
|
||||
|
@ -10,4 +10,5 @@ cargo test --manifest-path crates/proto/Cargo.toml --features dnssec-ring
|
||||
cargo test --manifest-path crates/client/Cargo.toml --features dnssec-ring
|
||||
cargo test --manifest-path crates/resolver/Cargo.toml --features dnssec-ring
|
||||
cargo test --manifest-path crates/server/Cargo.toml --features dnssec-ring
|
||||
cargo test --manifest-path bin/Cargo.toml --features dnssec-ring
|
||||
cargo test --manifest-path tests/integration-tests/Cargo.toml --features dnssec-ring
|
||||
|
@ -15,4 +15,5 @@ cargo test --manifest-path crates/rustls/Cargo.toml --no-default-features
|
||||
cargo test --manifest-path crates/https/Cargo.toml --no-default-features
|
||||
cargo test --manifest-path crates/resolver/Cargo.toml --no-default-features --features tokio
|
||||
cargo test --manifest-path crates/server/Cargo.toml --no-default-features
|
||||
cargo test --manifest-path bin/Cargo.toml --no-default-features
|
||||
cargo test --manifest-path tests/integration-tests/Cargo.toml --no-default-features
|
||||
|
@ -13,6 +13,7 @@ if [%DEFAULT_SUITE%] EQU [1] (
|
||||
cargo test --manifest-path crates\server\Cargo.toml
|
||||
cargo test --manifest-path tests\integration-tests\Cargo.toml
|
||||
cargo run --manifest-path crates\resolver\Cargo.toml --example global_resolver
|
||||
cargo run --manifest-path bin\Cargo.toml --example global_resolver
|
||||
cargo run --manifest-path crates\resolver\Cargo.toml --example multithreaded_runtime
|
||||
)
|
||||
|
||||
@ -21,6 +22,7 @@ if [%ALL_FEATURES_SUITE%] EQU [1] (
|
||||
cargo test --manifest-path crates\client\Cargo.toml --all-features
|
||||
cargo test --manifest-path crates\resolver\Cargo.toml --all-features
|
||||
cargo test --manifest-path crates\server\Cargo.toml --all-features
|
||||
cargo test --manifest-path bin\Cargo.toml --all-features
|
||||
cargo test --manifest-path tests\integration-tests\Cargo.toml --all-features
|
||||
)
|
||||
|
||||
@ -29,6 +31,7 @@ if [%NO_DEFAULT_FEATURES_SUITE%] EQU [1] (
|
||||
cargo test --manifest-path crates\client\Cargo.toml --no-default-features
|
||||
cargo test --manifest-path crates\resolver\Cargo.toml --no-default-features --features tokio
|
||||
cargo test --manifest-path crates\server\Cargo.toml --no-default-features
|
||||
cargo test --manifest-path bin\Cargo.toml --no-default-features
|
||||
cargo test --manifest-path tests\integration-tests\Cargo.toml --no-default-features
|
||||
)
|
||||
|
||||
@ -37,6 +40,7 @@ if [%DNSSEC_OPENSSL_SUITE%] EQU [1] (
|
||||
cargo test --manifest-path crates\client\Cargo.toml --no-default-features --features=dnssec-openssl
|
||||
cargo test --manifest-path crates\resolver\Cargo.toml --no-default-features --features=dnssec-openssl
|
||||
cargo test --manifest-path crates\server\Cargo.toml --no-default-features --features=dnssec-openssl
|
||||
cargo test --manifest-path bin\Cargo.toml --no-default-features --features=dnssec-openssl
|
||||
cargo test --manifest-path tests\integration-tests\Cargo.toml --no-default-features --features=dnssec-openssl
|
||||
)
|
||||
|
||||
@ -45,6 +49,7 @@ if [%DNSSEC_RING_SUITE%] EQU [1] (
|
||||
cargo test --manifest-path crates\client\Cargo.toml --no-default-features --features=dnssec-ring
|
||||
cargo test --manifest-path crates\resolver\Cargo.toml --no-default-features --features=dnssec-ring
|
||||
cargo test --manifest-path crates\server\Cargo.toml --no-default-features --features=dnssec-ring
|
||||
cargo test --manifest-path bin\Cargo.toml --no-default-features --features=dnssec-ring
|
||||
cargo test --manifest-path tests\integration-tests\Cargo.toml --no-default-features --features=dnssec-ring
|
||||
)
|
||||
|
||||
@ -56,6 +61,7 @@ if [%DNS_OVER_TLS_SUITE%] EQU [1] (
|
||||
cargo test --manifest-path crates\resolver\Cargo.toml --features=dns-over-native-tls
|
||||
cargo test --manifest-path crates\resolver\Cargo.toml --features=dns-over-openssl
|
||||
cargo test --manifest-path crates\server\Cargo.toml --features=dns-over-openssl
|
||||
cargo test --manifest-path bin\Cargo.toml --features=dns-over-openssl
|
||||
cargo test --manifest-path tests\integration-tests\Cargo.toml --features=dns-over-openssl
|
||||
cargo test --manifest-path crates\resolver\Cargo.toml --features=dns-over-rustls
|
||||
)
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
Trust-DNS bench setup:
|
||||
this is meant to mimic the trust-dns-server config
|
||||
which is in tests/named_test_configs/example.toml
|
||||
which is in tests/test-data/named_test_configs/example.toml
|
||||
*/
|
||||
|
||||
controls { /* empty */ };
|
||||
@ -17,27 +17,27 @@ options {
|
||||
|
||||
zone "localhost" {
|
||||
type master;
|
||||
file "../../crates/server/tests/named_test_configs/default/localhost.zone";
|
||||
file "../../crates/server/tests/test-data/named_test_configs/default/localhost.zone";
|
||||
};
|
||||
|
||||
zone "0.0.127.in-addr.arpa" {
|
||||
type master;
|
||||
file "../../crates/server/tests/named_test_configs/default/127.0.0.1.zone";
|
||||
file "../../crates/server/tests/test-data/named_test_configs/default/127.0.0.1.zone";
|
||||
};
|
||||
|
||||
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
|
||||
type master;
|
||||
file "../../crates/server/tests/named_test_configs/default/ipv6_1.zone";
|
||||
file "../../crates/server/tests/test-data/named_test_configs/default/ipv6_1.zone";
|
||||
};
|
||||
|
||||
zone "255.in-addr.arpa" {
|
||||
type master;
|
||||
file "../../crates/server/tests/named_test_configs/default/255.zone";
|
||||
file "../../crates/server/tests/test-data/named_test_configs/default/255.zone";
|
||||
};
|
||||
|
||||
zone "0.in-addr.arpa" {
|
||||
type master;
|
||||
file "../../crates/server/tests/named_test_configs/default/0.zone";
|
||||
file "../../crates/server/tests/test-data/named_test_configs/default/0.zone";
|
||||
};
|
||||
|
||||
zone "example.com" {
|
||||
|
@ -40,7 +40,7 @@ file = "example.com.zone"
|
||||
enable_dnssec = true
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
|
||||
## the password used to encrypt/decrypt the file (must be PEM), blank for none
|
||||
password = "123456"
|
||||
## specify the algorithm
|
||||
@ -53,37 +53,37 @@ is_zone_signing_key = true
|
||||
# create_if_absent = false
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
|
||||
password = "123456"
|
||||
algorithm = "RSASHA512"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem"
|
||||
# password = "123456"
|
||||
algorithm = "ECDSAP256SHA256"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem"
|
||||
# password = "123456"
|
||||
algorithm = "ECDSAP384SHA384"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
# Requires --features=ring
|
||||
key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pk8"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pk8"
|
||||
algorithm = "ECDSAP256SHA256"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
# Requires --features=ring
|
||||
key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pk8"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pk8"
|
||||
algorithm = "ECDSAP384SHA384"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
# Requires --features=ring
|
||||
key_path = "./tests/named_test_configs/dnssec/ed25519.pk8"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ed25519.pk8"
|
||||
algorithm = "ED25519"
|
||||
is_zone_signing_key = true
|
@ -46,7 +46,7 @@ enable_dnssec = true
|
||||
stores = { type = "sqlite", zone_file_path = "example.com.zone", journal_file_path = "example.com_dnsec_update.jrnl", allow_update = true }
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
|
||||
## the password used to encrypt/decrypt the file (must be PEM), blank for none
|
||||
password = "123456"
|
||||
## specify the algorithm
|
||||
@ -59,7 +59,7 @@ is_zone_signing_key = true
|
||||
# create_if_absent = false
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
|
||||
password = "123456"
|
||||
algorithm = "RSASHA512"
|
||||
is_zone_signing_key = false
|
@ -51,7 +51,7 @@ allow_update = true
|
||||
enable_dnssec = true
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
|
||||
## the password used to encrypt/decrypt the file (must be PEM), blank for none
|
||||
password = "123456"
|
||||
## specify the algorithm
|
||||
@ -64,7 +64,7 @@ is_zone_signing_key = true
|
||||
# create_if_absent = false
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
|
||||
password = "123456"
|
||||
algorithm = "RSASHA512"
|
||||
is_zone_signing_key = false
|
@ -40,7 +40,7 @@ file = "example.com.zone"
|
||||
enable_dnssec = true
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
|
||||
## the password used to encrypt/decrypt the file (must be PEM), blank for none
|
||||
password = "123456"
|
||||
## specify the algorithm
|
||||
@ -53,19 +53,19 @@ is_zone_signing_key = true
|
||||
# create_if_absent = false
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/rsa_2048.pem"
|
||||
password = "123456"
|
||||
algorithm = "RSASHA512"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pem"
|
||||
# password = "123456"
|
||||
algorithm = "ECDSAP256SHA256"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pem"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pem"
|
||||
# password = "123456"
|
||||
algorithm = "ECDSAP384SHA384"
|
||||
is_zone_signing_key = true
|
@ -41,18 +41,18 @@ enable_dnssec = true
|
||||
|
||||
[[zones.keys]]
|
||||
# Requires --features=ring
|
||||
key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pk8"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p256.pk8"
|
||||
algorithm = "ECDSAP256SHA256"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
# Requires --features=ring
|
||||
key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pk8"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ecdsa_p384.pk8"
|
||||
algorithm = "ECDSAP384SHA384"
|
||||
is_zone_signing_key = true
|
||||
|
||||
[[zones.keys]]
|
||||
# Requires --features=ring
|
||||
key_path = "./tests/named_test_configs/dnssec/ed25519.pk8"
|
||||
key_path = "../tests/test-data/named_test_configs/dnssec/ed25519.pk8"
|
||||
algorithm = "ED25519"
|
||||
is_zone_signing_key = true
|
Loading…
Reference in New Issue
Block a user