WIP root & tld name server setup

Cargo.lock

@@ -24,6 +24,7 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 name = "dnssec-tests"
 version = "0.1.0"
 dependencies = [
+ "minijinja",
  "tempfile",
 ]
 
@@ -55,6 +56,33 @@ version = "0.4.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c"
 
+[[package]]
+name = "minijinja"
+version = "1.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fe0ff215195a22884d867b547c70a0c4815cbbcc70991f281dca604b20d10ce"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.78"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
+dependencies = [
+ "proc-macro2",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.4.1"
@@ -77,6 +105,37 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "serde"
+version = "1.0.196"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "870026e60fa08c69f064aa766c10f10b1d62db9ccd4d0abb206472bee0ce3b32"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.196"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33c85360c95e7d137454dc81d9a4ed2b8efd8fbe19cee57357b32b9771fccb67"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "syn"
+version = "2.0.48"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
 [[package]]
 name = "tempfile"
 version = "3.9.0"
@@ -90,6 +149,12 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "unicode-ident"
+version = "1.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
+
 [[package]]
 name = "windows-sys"
 version = "0.52.0"

Cargo.toml

@@ -7,4 +7,5 @@ license = "MIT or Apache 2.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+minijinja = "1.0.12"
 tempfile = "3.9.0"

README.md

@@ -81,7 +81,7 @@ remote-control:
   control-enable: no
 
 zone:
-  name: .
+  name: main
   zonefile: /etc/nsd/zones/main.zone
 ```
 
@@ -91,11 +91,11 @@ zone:
 $ORIGIN com.
 $TTL 1800
 @       IN      SOA     primary.tld-server.com.    admin.tld-server.com. (
-                        2014080301
-                        3600
-                        900
-                        1209600
-                        1800
+                        2014010100 ; Serial
+                        10800      ; Refresh (3 hours)
+                        900        ; Retry (15 minutes)
+                        604800     ; Expire (1 week)
+                        86400      ; Minimum (1 day)
                         )
 @       IN      NS      primary.tld-server.com.
 ```

docker/nsd.Dockerfile

@@ -1,4 +1,4 @@
 FROM ubuntu:22.04
 
 RUN apt-get update && \
-  apt-get install -y nsd iputils-ping tshark vim
+  apt-get install -y nsd iputils-ping tshark vim

docker/unbound.Dockerfile

@@ -4,4 +4,3 @@ RUN apt-get update && \
   apt-get install -y unbound iputils-ping tshark vim
 
 COPY ./files/etc/unbound/unbound.conf /etc/unbound/unbound.conf
-COPY ./files/etc/unbound/root.hints /etc/unbound/root.hints

src/lib.rs

@@ -1,10 +1,10 @@
 use core::fmt;
-use std::process::Output;
+use std::process::{self, ExitStatus, Output};
 use std::sync::atomic;
 use std::{
     fs,
     path::Path,
-    process::{Command, ExitStatus, Stdio},
+    process::{Command, Stdio},
     sync::atomic::AtomicUsize,
 };
 
@@ -49,7 +49,11 @@ impl Container {
         // `docker run --rm -it $IMAGE sleep infinity`
 
         let mut command = Command::new("docker");
-        let container_name = format!("{image}-{}", COUNT.fetch_add(1, atomic::Ordering::Relaxed));
+        let pid = process::id();
+        let container_name = format!(
+            "{image}-{pid}-{}",
+            COUNT.fetch_add(1, atomic::Ordering::Relaxed)
+        );
         command.args(&["run", "--rm", "--detach", "--name", &container_name]);
         let output = command
             .arg("-it")
@@ -97,6 +101,16 @@ impl Container {
         Ok(output)
     }
 
+    // FIXME
+    pub fn exec2(&self, cmd: &[&str]) -> Result<ExitStatus> {
+        let mut command = Command::new("docker");
+        command.args(&["exec", "-t", &self.id]).args(cmd);
+
+        let status = command.status()?;
+
+        Ok(status)
+    }
+
     pub fn ip_addr(&self) -> Result<String> {
         let mut command = Command::new("docker");
         command
@@ -193,14 +207,51 @@ mod tests {
         Ok(())
     }
 
-    #[ignore = "TODO"]
+    use minijinja::{context, Environment};
+
+    fn tld_zone(domain: &str) -> String {
+        assert!(domain.ends_with("."));
+
+        let mut env = Environment::new();
+        let name = "main.zone";
+        env.add_template(name, include_str!("templates/tld.zone.jinja"))
+            .unwrap();
+        let template = env.get_template(name).unwrap();
+        template.render(context! { tld => domain }).unwrap()
+    }
+
+    fn root_zone() -> String {
+        let mut env = Environment::new();
+        let name = "main.zone";
+        env.add_template(name, include_str!("templates/root.zone.jinja"))
+            .unwrap();
+        let template = env.get_template(name).unwrap();
+        template.render(context! {}).unwrap()
+    }
+
+    // TODO create `nsd.conf` file at runtime
     #[test]
     fn tld_setup() -> Result<()> {
-        let container = Container::run(Image::Nsd)?;
+        let tld_ns = Container::run(Image::Nsd)?;
 
-        container.cp("/etc/nsd/zones/main.zone", "TODO")?;
+        tld_ns.exec(&["mkdir", "-p", "/etc/nsd/zones"])?;
+        tld_ns.cp("/etc/nsd/zones/main.zone", &tld_zone("."))?;
 
-        container.exec(&["nsd", "-d"])?;
+        tld_ns.exec(&["nsd", "-d"])?;
+
+        Ok(())
+    }
+
+    #[test]
+    fn root_setup() -> Result<()> {
+        let tld_ns = Container::run(Image::Nsd)?;
+
+        tld_ns.exec(&["mkdir", "-p", "/etc/nsd/zones"])?;
+        let zone_path = "/etc/nsd/zones/main.zone";
+        tld_ns.cp(zone_path, &root_zone())?;
+        tld_ns.exec(&["chmod", "666", zone_path])?;
+
+        tld_ns.exec2(&["nsd", "-d"])?;
 
         Ok(())
     }

src/templates/nsd.conf.jinja

@@ -0,0 +1,6 @@
+remote-control:
+  control-enable: no
+
+zone:
+  name: {{ domain }}
+  zonefile: /etc/nsd/zones/main.zone

src/templates/root.hints.jinja

@@ -1,2 +1,2 @@
 .                        3600000      NS    primary.root-server.com.
-primary.root-server.com. 3600000      A     172.17.0.2
+primary.root-server.com. 3600000      A     {{ root_ns_ip_addr }} 

src/templates/root.zone.jinja

@@ -0,0 +1,12 @@
+$ORIGIN .
+$TTL 1800
+@       IN      SOA     primary.root-server.com    admin.root-server.com (
+                        2014010100 ; Serial
+                        10800      ; Refresh (3 hours)
+                        900        ; Retry (15 minutes)
+                        604800     ; Expire (1 week)
+                        86400      ; Minimum (1 day)
+                        )
+@       IN      NS      primary.root-server.com
+
+; TODO referral

src/templates/tld.zone.jinja

@@ -0,0 +1,10 @@
+$ORIGIN {{ tld }}
+$TTL 1800
+@       IN      SOA     primary.tld-server.{{ tld }}    admin.tld-server.{{ tld }} (
+                        2014010100 ; Serial
+                        10800      ; Refresh (3 hours)
+                        900        ; Retry (15 minutes)
+                        604800     ; Expire (1 week)
+                        86400      ; Minimum (1 day)
+                        )
+@       IN      NS      primary.tld-server.{{ tld }}