From bc10cda9cc353bdbff06f7511c95248ce7c2834c Mon Sep 17 00:00:00 2001
From: Jorge Aparicio <jorge.aparicio@ferrous-systems.com>
Date: Thu, 1 Feb 2024 18:06:05 +0100
Subject: [PATCH] WIP root & tld name server setup

---
 Cargo.lock                                    | 65 +++++++++++++++++++
 Cargo.toml                                    |  1 +
 README.md                                     | 12 ++--
 docker/nsd.Dockerfile                         |  2 +-
 docker/unbound.Dockerfile                     |  1 -
 src/lib.rs                                    | 65 +++++++++++++++++--
 src/templates/nsd.conf.jinja                  |  6 ++
 .../templates/root.hints.jinja                |  2 +-
 src/templates/root.zone.jinja                 | 12 ++++
 src/templates/tld.zone.jinja                  | 10 +++
 10 files changed, 160 insertions(+), 16 deletions(-)
 create mode 100644 src/templates/nsd.conf.jinja
 rename docker/files/etc/unbound/root.hints => src/templates/root.hints.jinja (50%)
 create mode 100644 src/templates/root.zone.jinja
 create mode 100644 src/templates/tld.zone.jinja

diff --git a/Cargo.lock b/Cargo.lock
index a2e24963..9b6bb82d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -24,6 +24,7 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 name = "dnssec-tests"
 version = "0.1.0"
 dependencies = [
+ "minijinja",
  "tempfile",
 ]
 
@@ -55,6 +56,33 @@ version = "0.4.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c"
 
+[[package]]
+name = "minijinja"
+version = "1.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fe0ff215195a22884d867b547c70a0c4815cbbcc70991f281dca604b20d10ce"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.78"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
+dependencies = [
+ "proc-macro2",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.4.1"
@@ -77,6 +105,37 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "serde"
+version = "1.0.196"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "870026e60fa08c69f064aa766c10f10b1d62db9ccd4d0abb206472bee0ce3b32"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.196"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33c85360c95e7d137454dc81d9a4ed2b8efd8fbe19cee57357b32b9771fccb67"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "syn"
+version = "2.0.48"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
 [[package]]
 name = "tempfile"
 version = "3.9.0"
@@ -90,6 +149,12 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "unicode-ident"
+version = "1.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
+
 [[package]]
 name = "windows-sys"
 version = "0.52.0"
diff --git a/Cargo.toml b/Cargo.toml
index b1f7ab22..91297a19 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,4 +7,5 @@ license = "MIT or Apache 2.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+minijinja = "1.0.12"
 tempfile = "3.9.0"
diff --git a/README.md b/README.md
index 08c23578..8e320a06 100644
--- a/README.md
+++ b/README.md
@@ -81,7 +81,7 @@ remote-control:
   control-enable: no
 
 zone:
-  name: .
+  name: main
   zonefile: /etc/nsd/zones/main.zone
 ```
 
@@ -91,11 +91,11 @@ zone:
 $ORIGIN com.
 $TTL 1800
 @       IN      SOA     primary.tld-server.com.    admin.tld-server.com. (
-                        2014080301
-                        3600
-                        900
-                        1209600
-                        1800
+                        2014010100 ; Serial
+                        10800      ; Refresh (3 hours)
+                        900        ; Retry (15 minutes)
+                        604800     ; Expire (1 week)
+                        86400      ; Minimum (1 day)
                         )
 @       IN      NS      primary.tld-server.com.
 ```
diff --git a/docker/nsd.Dockerfile b/docker/nsd.Dockerfile
index d9441e5a..2284ebb8 100644
--- a/docker/nsd.Dockerfile
+++ b/docker/nsd.Dockerfile
@@ -1,4 +1,4 @@
 FROM ubuntu:22.04
 
 RUN apt-get update && \
-  apt-get install -y nsd iputils-ping tshark vim
\ No newline at end of file
+  apt-get install -y nsd iputils-ping tshark vim
diff --git a/docker/unbound.Dockerfile b/docker/unbound.Dockerfile
index 78c14dcb..67e89404 100644
--- a/docker/unbound.Dockerfile
+++ b/docker/unbound.Dockerfile
@@ -4,4 +4,3 @@ RUN apt-get update && \
   apt-get install -y unbound iputils-ping tshark vim
 
 COPY ./files/etc/unbound/unbound.conf /etc/unbound/unbound.conf
-COPY ./files/etc/unbound/root.hints /etc/unbound/root.hints
diff --git a/src/lib.rs b/src/lib.rs
index 2422ee27..f26d7399 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,10 +1,10 @@
 use core::fmt;
-use std::process::Output;
+use std::process::{self, ExitStatus, Output};
 use std::sync::atomic;
 use std::{
     fs,
     path::Path,
-    process::{Command, ExitStatus, Stdio},
+    process::{Command, Stdio},
     sync::atomic::AtomicUsize,
 };
 
@@ -49,7 +49,11 @@ impl Container {
         // `docker run --rm -it $IMAGE sleep infinity`
 
         let mut command = Command::new("docker");
-        let container_name = format!("{image}-{}", COUNT.fetch_add(1, atomic::Ordering::Relaxed));
+        let pid = process::id();
+        let container_name = format!(
+            "{image}-{pid}-{}",
+            COUNT.fetch_add(1, atomic::Ordering::Relaxed)
+        );
         command.args(&["run", "--rm", "--detach", "--name", &container_name]);
         let output = command
             .arg("-it")
@@ -97,6 +101,16 @@ impl Container {
         Ok(output)
     }
 
+    // FIXME
+    pub fn exec2(&self, cmd: &[&str]) -> Result<ExitStatus> {
+        let mut command = Command::new("docker");
+        command.args(&["exec", "-t", &self.id]).args(cmd);
+
+        let status = command.status()?;
+
+        Ok(status)
+    }
+
     pub fn ip_addr(&self) -> Result<String> {
         let mut command = Command::new("docker");
         command
@@ -193,14 +207,51 @@ mod tests {
         Ok(())
     }
 
-    #[ignore = "TODO"]
+    use minijinja::{context, Environment};
+
+    fn tld_zone(domain: &str) -> String {
+        assert!(domain.ends_with("."));
+
+        let mut env = Environment::new();
+        let name = "main.zone";
+        env.add_template(name, include_str!("templates/tld.zone.jinja"))
+            .unwrap();
+        let template = env.get_template(name).unwrap();
+        template.render(context! { tld => domain }).unwrap()
+    }
+
+    fn root_zone() -> String {
+        let mut env = Environment::new();
+        let name = "main.zone";
+        env.add_template(name, include_str!("templates/root.zone.jinja"))
+            .unwrap();
+        let template = env.get_template(name).unwrap();
+        template.render(context! {}).unwrap()
+    }
+
+    // TODO create `nsd.conf` file at runtime
     #[test]
     fn tld_setup() -> Result<()> {
-        let container = Container::run(Image::Nsd)?;
+        let tld_ns = Container::run(Image::Nsd)?;
 
-        container.cp("/etc/nsd/zones/main.zone", "TODO")?;
+        tld_ns.exec(&["mkdir", "-p", "/etc/nsd/zones"])?;
+        tld_ns.cp("/etc/nsd/zones/main.zone", &tld_zone("."))?;
 
-        container.exec(&["nsd", "-d"])?;
+        tld_ns.exec(&["nsd", "-d"])?;
+
+        Ok(())
+    }
+
+    #[test]
+    fn root_setup() -> Result<()> {
+        let tld_ns = Container::run(Image::Nsd)?;
+
+        tld_ns.exec(&["mkdir", "-p", "/etc/nsd/zones"])?;
+        let zone_path = "/etc/nsd/zones/main.zone";
+        tld_ns.cp(zone_path, &root_zone())?;
+        tld_ns.exec(&["chmod", "666", zone_path])?;
+
+        tld_ns.exec2(&["nsd", "-d"])?;
 
         Ok(())
     }
diff --git a/src/templates/nsd.conf.jinja b/src/templates/nsd.conf.jinja
new file mode 100644
index 00000000..d3af5808
--- /dev/null
+++ b/src/templates/nsd.conf.jinja
@@ -0,0 +1,6 @@
+remote-control:
+  control-enable: no
+
+zone:
+  name: {{ domain }}
+  zonefile: /etc/nsd/zones/main.zone
diff --git a/docker/files/etc/unbound/root.hints b/src/templates/root.hints.jinja
similarity index 50%
rename from docker/files/etc/unbound/root.hints
rename to src/templates/root.hints.jinja
index 5516fe71..d8e436aa 100644
--- a/docker/files/etc/unbound/root.hints
+++ b/src/templates/root.hints.jinja
@@ -1,2 +1,2 @@
 .                        3600000      NS    primary.root-server.com.
-primary.root-server.com. 3600000      A     172.17.0.2
+primary.root-server.com. 3600000      A     {{ root_ns_ip_addr }} 
diff --git a/src/templates/root.zone.jinja b/src/templates/root.zone.jinja
new file mode 100644
index 00000000..e5712ffd
--- /dev/null
+++ b/src/templates/root.zone.jinja
@@ -0,0 +1,12 @@
+$ORIGIN .
+$TTL 1800
+@       IN      SOA     primary.root-server.com    admin.root-server.com (
+                        2014010100 ; Serial
+                        10800      ; Refresh (3 hours)
+                        900        ; Retry (15 minutes)
+                        604800     ; Expire (1 week)
+                        86400      ; Minimum (1 day)
+                        )
+@       IN      NS      primary.root-server.com
+
+; TODO referral
diff --git a/src/templates/tld.zone.jinja b/src/templates/tld.zone.jinja
new file mode 100644
index 00000000..f6766615
--- /dev/null
+++ b/src/templates/tld.zone.jinja
@@ -0,0 +1,10 @@
+$ORIGIN {{ tld }}
+$TTL 1800
+@       IN      SOA     primary.tld-server.{{ tld }}    admin.tld-server.{{ tld }} (
+                        2014010100 ; Serial
+                        10800      ; Refresh (3 hours)
+                        900        ; Retry (15 minutes)
+                        604800     ; Expire (1 week)
+                        86400      ; Minimum (1 day)
+                        )
+@       IN      NS      primary.tld-server.{{ tld }}