Merge pull request #51 from ferrous-systems/ja-hickory-name-server-take-2
support Hickory in the NameServer role
This commit is contained in:
commit
6189787d9f
@ -1,3 +1,4 @@
|
|||||||
#![cfg(test)]
|
#![cfg(test)]
|
||||||
|
|
||||||
|
mod name_server;
|
||||||
mod resolver;
|
mod resolver;
|
||||||
|
2
packages/conformance-tests/src/name_server.rs
Normal file
2
packages/conformance-tests/src/name_server.rs
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
mod rfc4035;
|
||||||
|
mod scenarios;
|
1
packages/conformance-tests/src/name_server/rfc4035.rs
Normal file
1
packages/conformance-tests/src/name_server/rfc4035.rs
Normal file
@ -0,0 +1 @@
|
|||||||
|
mod section_3;
|
@ -0,0 +1 @@
|
|||||||
|
mod section_3_1;
|
@ -0,0 +1 @@
|
|||||||
|
mod section_3_1_1;
|
@ -0,0 +1,64 @@
|
|||||||
|
use dns_test::client::{Client, DigSettings};
|
||||||
|
use dns_test::name_server::NameServer;
|
||||||
|
use dns_test::record::{Record, RecordType};
|
||||||
|
use dns_test::{Network, Result, FQDN};
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
#[ignore]
|
||||||
|
fn rrsig_in_answer_section() -> Result<()> {
|
||||||
|
let network = Network::new()?;
|
||||||
|
|
||||||
|
let ns = NameServer::new(&dns_test::subject(), FQDN::ROOT, &network)?
|
||||||
|
.sign()?
|
||||||
|
.start()?;
|
||||||
|
|
||||||
|
let client = Client::new(&network)?;
|
||||||
|
let ns_fqdn = ns.fqdn();
|
||||||
|
let ans = client.dig(
|
||||||
|
*DigSettings::default().dnssec(),
|
||||||
|
ns.ipv4_addr(),
|
||||||
|
RecordType::A,
|
||||||
|
ns_fqdn,
|
||||||
|
)?;
|
||||||
|
|
||||||
|
assert!(ans.status.is_noerror());
|
||||||
|
let [a, rrsig] = ans.answer.try_into().unwrap();
|
||||||
|
|
||||||
|
assert!(matches!(a, Record::A(..)));
|
||||||
|
let rrsig = rrsig.try_into_rrsig().unwrap();
|
||||||
|
assert_eq!(RecordType::A, rrsig.type_covered);
|
||||||
|
assert_eq!(ns_fqdn, &rrsig.fqdn);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
#[ignore]
|
||||||
|
fn rrsig_in_authority_section() -> Result<()> {
|
||||||
|
let network = Network::new()?;
|
||||||
|
|
||||||
|
let ns = NameServer::new(&dns_test::subject(), FQDN::ROOT, &network)?
|
||||||
|
.sign()?
|
||||||
|
.start()?;
|
||||||
|
|
||||||
|
let client = Client::new(&network)?;
|
||||||
|
let ans = client.dig(
|
||||||
|
*DigSettings::default().dnssec(),
|
||||||
|
ns.ipv4_addr(),
|
||||||
|
RecordType::SOA,
|
||||||
|
&FQDN::ROOT,
|
||||||
|
)?;
|
||||||
|
|
||||||
|
assert!(ans.status.is_noerror());
|
||||||
|
let [ns, rrsig] = ans.authority.try_into().unwrap();
|
||||||
|
|
||||||
|
assert!(matches!(ns, Record::NS(..)));
|
||||||
|
let rrsig = rrsig.try_into_rrsig().unwrap();
|
||||||
|
assert_eq!(RecordType::NS, rrsig.type_covered);
|
||||||
|
assert_eq!(FQDN::ROOT, rrsig.fqdn);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO Additional section
|
||||||
|
// TODO TC bit
|
23
packages/conformance-tests/src/name_server/scenarios.rs
Normal file
23
packages/conformance-tests/src/name_server/scenarios.rs
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
use dns_test::client::{Client, DigSettings};
|
||||||
|
use dns_test::name_server::NameServer;
|
||||||
|
use dns_test::record::RecordType;
|
||||||
|
use dns_test::{Network, Result, FQDN};
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn authoritative_answer() -> Result<()> {
|
||||||
|
let network = &Network::new()?;
|
||||||
|
let ns = NameServer::new(&dns_test::subject(), FQDN::ROOT, network)?.start()?;
|
||||||
|
|
||||||
|
let client = Client::new(network)?;
|
||||||
|
let ans = client.dig(
|
||||||
|
DigSettings::default(),
|
||||||
|
ns.ipv4_addr(),
|
||||||
|
RecordType::SOA,
|
||||||
|
&FQDN::ROOT,
|
||||||
|
)?;
|
||||||
|
|
||||||
|
assert!(ans.status.is_noerror());
|
||||||
|
assert!(ans.flags.authoritative_answer);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
@ -1,7 +1,9 @@
|
|||||||
FROM rust:1-slim-bookworm
|
FROM rust:1-slim-bookworm
|
||||||
|
|
||||||
|
# ldns-utils = ldns-{key2ds,keygen,signzone}
|
||||||
RUN apt-get update && \
|
RUN apt-get update && \
|
||||||
apt-get install -y \
|
apt-get install -y \
|
||||||
|
ldnsutils \
|
||||||
tshark
|
tshark
|
||||||
|
|
||||||
# `dns-test` will invoke `docker build` from a temporary directory that contains
|
# `dns-test` will invoke `docker build` from a temporary directory that contains
|
||||||
|
@ -34,13 +34,6 @@ pub enum Role {
|
|||||||
Resolver,
|
Resolver,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Role {
|
|
||||||
#[must_use]
|
|
||||||
pub fn is_resolver(&self) -> bool {
|
|
||||||
matches!(self, Self::Resolver)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Clone)]
|
#[derive(Clone)]
|
||||||
pub enum Implementation {
|
pub enum Implementation {
|
||||||
Bind,
|
Bind,
|
||||||
@ -112,7 +105,12 @@ impl Implementation {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
Self::Hickory(_) => unimplemented!(),
|
Self::Hickory(_) => {
|
||||||
|
minijinja::render!(
|
||||||
|
include_str!("templates/hickory.name-server.toml.jinja"),
|
||||||
|
fqdn => origin.as_str()
|
||||||
|
)
|
||||||
|
}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -134,14 +132,7 @@ impl Implementation {
|
|||||||
match self {
|
match self {
|
||||||
Implementation::Bind => &["named", "-g", "-d5"],
|
Implementation::Bind => &["named", "-g", "-d5"],
|
||||||
|
|
||||||
Implementation::Hickory(_) => {
|
Implementation::Hickory(_) => &["hickory-dns", "-d"],
|
||||||
assert!(
|
|
||||||
role.is_resolver(),
|
|
||||||
"hickory acting in `NameServer` role is currently not supported"
|
|
||||||
);
|
|
||||||
|
|
||||||
&["hickory-dns", "-d"]
|
|
||||||
}
|
|
||||||
|
|
||||||
Implementation::Unbound => match role {
|
Implementation::Unbound => match role {
|
||||||
Role::NameServer => &["nsd", "-d"],
|
Role::NameServer => &["nsd", "-d"],
|
||||||
|
@ -156,14 +156,6 @@ impl NameServer<Stopped> {
|
|||||||
/// - one NS record, with this name server's FQDN set as the only available name server for
|
/// - one NS record, with this name server's FQDN set as the only available name server for
|
||||||
/// the zone
|
/// the zone
|
||||||
pub fn new(implementation: &Implementation, zone: FQDN, network: &Network) -> Result<Self> {
|
pub fn new(implementation: &Implementation, zone: FQDN, network: &Network) -> Result<Self> {
|
||||||
assert!(
|
|
||||||
matches!(
|
|
||||||
implementation,
|
|
||||||
Implementation::Unbound | Implementation::Bind
|
|
||||||
),
|
|
||||||
"currently only `unbound` (`nsd`) and BIND can be used as a `NameServer`"
|
|
||||||
);
|
|
||||||
|
|
||||||
let ns_count = ns_count();
|
let ns_count = ns_count();
|
||||||
let nameserver = primary_ns(ns_count);
|
let nameserver = primary_ns(ns_count);
|
||||||
let image = implementation.clone().into();
|
let image = implementation.clone().into();
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
[[zones]]
|
||||||
|
zone = "{{ fqdn }}"
|
||||||
|
zone_type = "Primary"
|
||||||
|
file = "/etc/zones/main.zone"
|
Loading…
Reference in New Issue
Block a user