Merge pull request #51 from ferrous-systems/ja-hickory-name-server-take-2
support Hickory in the NameServer role
This commit is contained in:
commit
6189787d9f
|
@ -1,3 +1,4 @@
|
|||
#![cfg(test)]
|
||||
|
||||
mod name_server;
|
||||
mod resolver;
|
||||
|
|
2
packages/conformance-tests/src/name_server.rs
Normal file
2
packages/conformance-tests/src/name_server.rs
Normal file
|
@ -0,0 +1,2 @@
|
|||
mod rfc4035;
|
||||
mod scenarios;
|
1
packages/conformance-tests/src/name_server/rfc4035.rs
Normal file
1
packages/conformance-tests/src/name_server/rfc4035.rs
Normal file
|
@ -0,0 +1 @@
|
|||
mod section_3;
|
|
@ -0,0 +1 @@
|
|||
mod section_3_1;
|
|
@ -0,0 +1 @@
|
|||
mod section_3_1_1;
|
|
@ -0,0 +1,64 @@
|
|||
use dns_test::client::{Client, DigSettings};
|
||||
use dns_test::name_server::NameServer;
|
||||
use dns_test::record::{Record, RecordType};
|
||||
use dns_test::{Network, Result, FQDN};
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn rrsig_in_answer_section() -> Result<()> {
|
||||
let network = Network::new()?;
|
||||
|
||||
let ns = NameServer::new(&dns_test::subject(), FQDN::ROOT, &network)?
|
||||
.sign()?
|
||||
.start()?;
|
||||
|
||||
let client = Client::new(&network)?;
|
||||
let ns_fqdn = ns.fqdn();
|
||||
let ans = client.dig(
|
||||
*DigSettings::default().dnssec(),
|
||||
ns.ipv4_addr(),
|
||||
RecordType::A,
|
||||
ns_fqdn,
|
||||
)?;
|
||||
|
||||
assert!(ans.status.is_noerror());
|
||||
let [a, rrsig] = ans.answer.try_into().unwrap();
|
||||
|
||||
assert!(matches!(a, Record::A(..)));
|
||||
let rrsig = rrsig.try_into_rrsig().unwrap();
|
||||
assert_eq!(RecordType::A, rrsig.type_covered);
|
||||
assert_eq!(ns_fqdn, &rrsig.fqdn);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn rrsig_in_authority_section() -> Result<()> {
|
||||
let network = Network::new()?;
|
||||
|
||||
let ns = NameServer::new(&dns_test::subject(), FQDN::ROOT, &network)?
|
||||
.sign()?
|
||||
.start()?;
|
||||
|
||||
let client = Client::new(&network)?;
|
||||
let ans = client.dig(
|
||||
*DigSettings::default().dnssec(),
|
||||
ns.ipv4_addr(),
|
||||
RecordType::SOA,
|
||||
&FQDN::ROOT,
|
||||
)?;
|
||||
|
||||
assert!(ans.status.is_noerror());
|
||||
let [ns, rrsig] = ans.authority.try_into().unwrap();
|
||||
|
||||
assert!(matches!(ns, Record::NS(..)));
|
||||
let rrsig = rrsig.try_into_rrsig().unwrap();
|
||||
assert_eq!(RecordType::NS, rrsig.type_covered);
|
||||
assert_eq!(FQDN::ROOT, rrsig.fqdn);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
// TODO Additional section
|
||||
// TODO TC bit
|
23
packages/conformance-tests/src/name_server/scenarios.rs
Normal file
23
packages/conformance-tests/src/name_server/scenarios.rs
Normal file
|
@ -0,0 +1,23 @@
|
|||
use dns_test::client::{Client, DigSettings};
|
||||
use dns_test::name_server::NameServer;
|
||||
use dns_test::record::RecordType;
|
||||
use dns_test::{Network, Result, FQDN};
|
||||
|
||||
#[test]
|
||||
fn authoritative_answer() -> Result<()> {
|
||||
let network = &Network::new()?;
|
||||
let ns = NameServer::new(&dns_test::subject(), FQDN::ROOT, network)?.start()?;
|
||||
|
||||
let client = Client::new(network)?;
|
||||
let ans = client.dig(
|
||||
DigSettings::default(),
|
||||
ns.ipv4_addr(),
|
||||
RecordType::SOA,
|
||||
&FQDN::ROOT,
|
||||
)?;
|
||||
|
||||
assert!(ans.status.is_noerror());
|
||||
assert!(ans.flags.authoritative_answer);
|
||||
|
||||
Ok(())
|
||||
}
|
|
@ -1,7 +1,9 @@
|
|||
FROM rust:1-slim-bookworm
|
||||
|
||||
# ldns-utils = ldns-{key2ds,keygen,signzone}
|
||||
RUN apt-get update && \
|
||||
apt-get install -y \
|
||||
ldnsutils \
|
||||
tshark
|
||||
|
||||
# `dns-test` will invoke `docker build` from a temporary directory that contains
|
||||
|
|
|
@ -34,13 +34,6 @@ pub enum Role {
|
|||
Resolver,
|
||||
}
|
||||
|
||||
impl Role {
|
||||
#[must_use]
|
||||
pub fn is_resolver(&self) -> bool {
|
||||
matches!(self, Self::Resolver)
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Clone)]
|
||||
pub enum Implementation {
|
||||
Bind,
|
||||
|
@ -112,7 +105,12 @@ impl Implementation {
|
|||
)
|
||||
}
|
||||
|
||||
Self::Hickory(_) => unimplemented!(),
|
||||
Self::Hickory(_) => {
|
||||
minijinja::render!(
|
||||
include_str!("templates/hickory.name-server.toml.jinja"),
|
||||
fqdn => origin.as_str()
|
||||
)
|
||||
}
|
||||
},
|
||||
}
|
||||
}
|
||||
|
@ -134,14 +132,7 @@ impl Implementation {
|
|||
match self {
|
||||
Implementation::Bind => &["named", "-g", "-d5"],
|
||||
|
||||
Implementation::Hickory(_) => {
|
||||
assert!(
|
||||
role.is_resolver(),
|
||||
"hickory acting in `NameServer` role is currently not supported"
|
||||
);
|
||||
|
||||
&["hickory-dns", "-d"]
|
||||
}
|
||||
Implementation::Hickory(_) => &["hickory-dns", "-d"],
|
||||
|
||||
Implementation::Unbound => match role {
|
||||
Role::NameServer => &["nsd", "-d"],
|
||||
|
|
|
@ -156,14 +156,6 @@ impl NameServer<Stopped> {
|
|||
/// - one NS record, with this name server's FQDN set as the only available name server for
|
||||
/// the zone
|
||||
pub fn new(implementation: &Implementation, zone: FQDN, network: &Network) -> Result<Self> {
|
||||
assert!(
|
||||
matches!(
|
||||
implementation,
|
||||
Implementation::Unbound | Implementation::Bind
|
||||
),
|
||||
"currently only `unbound` (`nsd`) and BIND can be used as a `NameServer`"
|
||||
);
|
||||
|
||||
let ns_count = ns_count();
|
||||
let nameserver = primary_ns(ns_count);
|
||||
let image = implementation.clone().into();
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
[[zones]]
|
||||
zone = "{{ fqdn }}"
|
||||
zone_type = "Primary"
|
||||
file = "/etc/zones/main.zone"
|
Loading…
Reference in New Issue
Block a user