Jorge Aparicio
8b582baffc
resolver: test DO bit handling
...
this corresponds to section 3.2.1 of RFC4035
2024-05-22 14:47:06 +02:00
Jorge Aparicio
261b9f4428
resolver: test that DS query is sent to parent zone
2024-05-22 14:38:50 +02:00
Jorge Aparicio
fef26b7139
dns-test: add getters & make some fields public
2024-05-22 14:32:02 +02:00
Jorge Aparicio
5d15aa2228
explore
: generate bind.keys
w/o querying resolver
...
this avoids the resolver caching any query. that way `tshark` can
observe all the messages involved in DNSSEC validating a query "from
scratch"
2024-05-22 14:26:55 +02:00
Jorge Aparicio
1aab8812df
explore
: make DNSSEC opt-in
2024-05-22 14:26:55 +02:00
Jorge Aparicio
b840819998
hickory/resolver: drop _cache_size settings
...
they are not required as default values exist
2024-05-22 14:21:38 +02:00
Jorge Aparicio
49990d2530
fix previously undetected clippy warning
2024-05-22 14:16:53 +02:00
Jorge Aparicio
58239028f4
turn dns_test::{subject,peer} into immutable statics
...
using `std::env::set_var` to set or change the value of either
DNS_TEST_SUBJECT or DNS_TEST_PEER is A Bad Idea, specially so when
tests are running in parallel
we can't forbid the use of `env::set_var` _but_ at least we can ensure
that even in its presence the return value of `dns_test::{subject,peer}`
will not change
this is accomplished using a "lazy" static variable that gets
initialized at most once during the lifetime of the process instead of
reading the env var each time `{subject,peer}` is called
to better convey the fact that the return value of `{subject,peer}`
won't change, we present them as static variables instead
2024-05-22 14:03:18 +02:00
Sebastian Ziebell
2e46421927
Check hickory-dns is fully started
...
When starting `hickory-dns` there is no easy way to check the start
sequence has finished & its fully ready to accept connections. Other
tools, e.g. unbound, are designed as services, they will correctly
manage their `pidfile`. They also could be queried by the `servicectl`
inside the Docker container.
2024-05-21 15:05:29 +01:00
Jorge Aparicio
4f277c1dbb
implement terminate for Hickory
...
both in the NameServer and Resolver roles
2024-04-22 17:14:11 +02:00
Jorge Aparicio
74e4797061
add a DNSSEC-disabled NameServer scenario test
...
to ensure that hickory-dns is correctly configured to work in NameServer
mode
2024-04-22 16:40:56 +02:00
Jorge Aparicio
ce222b3de1
support Hickory in NameServer role
...
note that because Hickory does not support pre-signed zone files all the
DNSSEC tests fail with it
2024-04-22 16:40:56 +02:00
Jorge Aparicio
05ffecec45
add a few NameServer role DNSSEC tests
2024-04-22 16:40:56 +02:00
Jorge Aparicio
b96aa89da9
add more EDE tests
2024-04-22 16:23:03 +02:00
Jorge Aparicio
4d31eca533
use Graph to simplify tests
2024-04-22 16:23:03 +02:00
Jorge Aparicio
7bb6b9439c
add name_server::Graph
2024-04-22 16:23:03 +02:00
Jorge Aparicio
95f94e2c7b
add first EDE test
2024-04-22 16:23:03 +02:00
Jorge Aparicio
31048f5cd0
extend DNSKEY API
2024-04-22 16:23:03 +02:00
Jorge Aparicio
dc19776107
parse EDE info from dig's output
2024-04-22 16:23:03 +02:00
Jorge Aparicio
166863bcc4
allow enabling Extended DNS Errors (EDE)
2024-04-22 16:23:03 +02:00
Jorge Aparicio
70245e7ff8
refactor: use builder pattern in Resolver ctor
...
the `start` constructor's parameter list was getting long and we want to
add even more configuration options, like EDE, in the future.
using the builder pattern lets us introduce new settings without
breaking changes
2024-04-22 16:18:47 +02:00
Jorge Aparicio
9689568974
refactor Implementation branching into its own module
2024-04-22 16:07:36 +02:00
Jorge Aparicio
7aa9d543b4
support BIND in the NameServer role
2024-03-28 21:41:31 +00:00
Jorge Aparicio
2c4ef88a98
support using BIND in the Resolver role
2024-03-11 11:59:56 +01:00
Jorge Aparicio
ab9b1e68cc
also take Impl by ref in Resolver::new
...
mainly for symmetry. the existing tests don't clone the subject so the
code does not become any shorter
2024-02-26 14:48:48 +01:00
Jorge Aparicio
49b2abc6be
take Impl by ref in NameServer::new
...
this eliminates the need for cloning in tests that use more than one
name server, making the code more succint / less noisy
2024-02-26 14:48:48 +01:00
Jorge Aparicio
6fda01af00
parse authority section from dig's output
2024-02-26 14:40:33 +01:00
Андрей Листочкин (Andrei Listochkin)
eda8fd6ec3
Merge branch 'main' into ja-explicit-license
2024-02-26 13:13:45 +00:00
Jorge Aparicio
5f26698a51
make license more visible
...
it was already in the Cargo.toml metadata but add the files and mention
it in the README
2024-02-26 12:28:42 +01:00
Jorge Aparicio
a39afe6412
test a bogus DNSSEC scenario
2024-02-26 11:50:48 +01:00
Jorge Aparicio
b87ae21d2a
make dig
queries more configurable
...
switch from enum arguments like `Recurse` and `Dnssec` to a
build-pattern-based `Settings` struct
2024-02-26 11:50:48 +01:00
Jorge Aparicio
df344e57b1
fix integer types in RRSIG
2024-02-26 11:50:48 +01:00
Jorge Aparicio
16e83b1d6b
move secure DNSSEC scenarios into a module
2024-02-26 11:50:48 +01:00
Jorge Aparicio
1592454395
allow mutation of signed zone file
2024-02-26 11:50:48 +01:00
Jorge Aparicio
57a1fc9231
parse more record types
2024-02-26 11:50:48 +01:00
Jorge Aparicio
66d6061ffc
drop most zone_file entry types
...
instead use the record types in zone files
the main difference between e.g. zone_file::A and record::A was that the
latter had a TTL filed and the former didn't
to eliminate code duplication we make the `ZoneFile` API use the
`record` types and discard the zone_file entry types
2024-02-26 11:50:43 +01:00
Jorge Aparicio
a83b6629a3
drop generic lifetime parameters from types
...
none of the parsing we are doing requires a non-static lifetime
2024-02-26 11:43:25 +01:00
Jorge Aparicio
56a9613615
fix the explore example
2024-02-23 15:35:51 +01:00
Андрей Листочкин (Andrei Listochkin)
9f03274589
Merge pull request #19 from japaric/ja-dns-test-peer
...
add `dns_test::peer` and use it to initialize `NameServer`
2024-02-23 13:59:25 +00:00
Jorge Aparicio
98cb9ddaae
add a Client image
2024-02-23 13:21:07 +01:00
Jorge Aparicio
c0b681e0a3
add an Implementation
parameter to NameServer::new
...
use `dns_test::peer` for name servers in conformance tests
2024-02-23 12:48:34 +01:00
Jorge Aparicio
59dc60c5c4
enable verbose docker build
with any value of DNS_TEST_VERBOSE_DOCKER_BUILD
2024-02-20 16:36:52 +01:00
Jorge Aparicio
86284cce4b
add explore
example
2024-02-20 16:30:41 +01:00
Jorge Aparicio
709a8406b1
document what ./src refers to in hickory.Dockerfile
2024-02-20 10:28:13 +01:00
Jorge Aparicio
1cb7ee40fe
perform some validation of the repository argument
2024-02-20 10:28:11 +01:00
Jorge Aparicio
0afae4f042
don't include the .git directory in the context send to docker build
...
without this `DNS_TEST_SUBJECT="hickory $URL" cargo t` was re-building
hickory from scratch even when its source had not change
not including the `.git` directory in the hickory repository lets Docker
see that the source code has not changed
2024-02-20 10:26:33 +01:00
Jorge Aparicio
55184172e3
build hickory from a local/remote git source
...
DNS_TEST_SUBJECT now needs to contain the URL to the hickory source code
2024-02-20 10:26:33 +01:00
Jorge Aparicio
0e2b35699c
add mechanism to make docker build
visible
...
set the DNS_TEST_VERBOSE_DOCKER_BUILD env var to 1 to make the `docker
build` command print its output to the console
2024-02-20 10:26:33 +01:00
Jorge Aparicio
156e005ff2
RFC4035: test EDNS support
2024-02-19 13:22:15 +01:00
Jorge Aparicio
438af31340
Tshark: newtype the json::Value & add some getters
2024-02-19 12:56:40 +01:00