Skip to content

Instantly share code, notes, and snippets.

@Habbie
Created April 26, 2013 11:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Habbie/5466803 to your computer and use it in GitHub Desktop.
Save Habbie/5466803 to your computer and use it in GitHub Desktop.
Index: modules/remotebackend/regression-tests/ns-at-delegation/command
===================================================================
--- modules/remotebackend/regression-tests/ns-at-delegation/command (revision 0)
+++ modules/remotebackend/regression-tests/ns-at-delegation/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig up.example.com NS
Index: modules/remotebackend/regression-tests/ns-at-delegation/expected_result
===================================================================
--- modules/remotebackend/regression-tests/ns-at-delegation/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/ns-at-delegation/expected_result (revision 0)
@@ -0,0 +1,6 @@
+0 up.example.com. IN NS 120 ns1.example.com.
+0 up.example.com. IN NS 120 ns2.example.com.
+2 ns1.example.com. IN A 120 192.168.2.2
+2 ns2.example.com. IN A 120 192.168.2.3
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='up.example.com.', qtype=NS
Index: modules/remotebackend/regression-tests/ns-at-delegation/description
===================================================================
--- modules/remotebackend/regression-tests/ns-at-delegation/description (revision 0)
+++ modules/remotebackend/regression-tests/ns-at-delegation/description (revision 0)
@@ -0,0 +1 @@
+Verify that asking for NS at a delegation point returns a referral.
Index: modules/remotebackend/regression-tests/dnsbackend.rb
===================================================================
--- modules/remotebackend/regression-tests/dnsbackend.rb (revision 2806)
+++ modules/remotebackend/regression-tests/dnsbackend.rb (working copy)
@@ -1,28 +1,60 @@
require 'json'
+require 'thread'
class DNSBackendHandler < WEBrick::HTTPServlet::AbstractServlet
def initialize(server, dnsbackend)
@dnsbackend = dnsbackend
+ @semaphore = Mutex.new
+ @f = File.open("/tmp/tmp.txt","a")
end
+ def parse_url(url)
+ url = url.split('/')
+ method = url.shift.downcase
+
+ # do some determining based on method names
+ args = case method
+ when "lookup"
+ {
+ "qname" => url.shift,
+ "qtype" => url.shift,
+ }
+ when "list"
+ {
+ "zonename" => url.shift
+ }
+ when "getbeforeandafternamesabsolute", "getbeforeandafternames"
+ {
+ "id" => url.shift.to_i,
+ "qname" => url.shift
+ }
+ when "getdomainmetadata", "setdomainmetadata", "getdomainkeys"
+ {
+ "name" => url.shift,
+ "kind" => url.shift
+ }
+ when "removedomainkey", "activatedomainkey", "deactivatedomainkey"
+ {
+ "id" => url.shift,
+ "name" => url.shift
+ }
+ when "adddomainkey", "gettsigkey", "getdomaininfo"
+ {
+ "name" => url.shift
+ }
+ end
+
+ [method, args]
+ end
+
def do_GET(req,res)
tmp = req.path[/dns\/(.*)/,1]
return 400, "Bad request" if (tmp.nil?)
- tmp = tmp.split("/")
- method = "do_#{tmp.shift}".downcase
- args = {}
- if tmp.size > 0
- args["qname"] = tmp[0]
- args["name"] = tmp[0]
- args["target"] = tmp.shift
- end
- if tmp.size > 0
- args["kind"] = tmp[0]
- args["qtype"] = tmp[0]
- args["id"] = tmp.shift
- end
+ method, args = parse_url(tmp)
+ method = "do_#{method}"
+
# get more arguments
req.each do |k,v|
attr = k[/X-RemoteBackend-(.*)/,1]
@@ -31,25 +63,40 @@
end
end
- if @dnsbackend.respond_to?(method.to_sym)
- result, log = @dnsbackend.send(method.to_sym, args)
- body = {:result => result, :log => log}
- res.status = 200
- res["Content-Type"] = "application/javascript; charset=utf-8"
- res.body = body.to_json
- else
- res.status = 404
- res["Content-Type"] = "application/javascript; charset=utf-8"
- res.body = ({:result => false, :log => ["Method not found"]}).to_json
+ args = args.merge req.query
+
+ if method == "do_adddomainkey"
+ args["key"] = {
+ "flags" => args.delete("flags").to_i,
+ "active" => args.delete("active").to_i,
+ "content" => args.delete("content")
+ }
end
+
+ @f.puts method
+ @f.puts args
+
+ @semaphore.synchronize do
+ if @dnsbackend.respond_to?(method.to_sym)
+ result, log = @dnsbackend.send(method.to_sym, args)
+ body = {:result => result, :log => log}
+ res.status = 200
+ res["Content-Type"] = "application/javascript; charset=utf-8"
+ res.body = body.to_json
+ else
+ res.status = 404
+ res["Content-Type"] = "application/javascript; charset=utf-8"
+ res.body = ({:result => false, :log => ["Method not found"]}).to_json
+ end
+ end
end
def do_DELETE(req,res)
+ do_GET(req,res)
end
def do_POST(req,res)
req.continue
-
- # get method name and args
+ do_GET(req,res)
end
end
Index: modules/remotebackend/regression-tests/example.com.ksk
===================================================================
--- modules/remotebackend/regression-tests/example.com.ksk (revision 0)
+++ modules/remotebackend/regression-tests/example.com.ksk (revision 0)
@@ -0,0 +1,11 @@
+Private-key-format: v1.2
+Algorithm: 8 (RSASHA256)
+Modulus: 50uFCCyl8CcSdUqOVHpbx38cL4yzRR4IULwnzMqjGkAQCZ/aMKJ6XzO1LUU/QIobJ5uO3r5GkLWAkW1ne+xEtuuj5CUuAG2lBifciNOVfrljmtuPRU1QahhzL48cZdiGjUvhcSKAo8ftwzH3NMLVzURZxT0C+JWvC18sZHs2w20+HVIZbZzCqwuTDpAsqPklxjflSZQRHrB3OI07hMRoWbAi2bIvjI6BgVUsMIUyNymfLPIROEMVj1fqQcygfzwAZcFWZSGU3Isxz8O4JTizGvaJ1E4Yh/QkHP1MMc6Kggbbd+KyYt1UfXLUFMDraiNFl8oNbOoJDdtA4oRX1bN8EQ==
+PublicExponent: AQAB
+PrivateExponent: Lsygh8Vk9AEr4nCp+NzjKiwFe3eIJHGNtCxGD1FnDB4vQItIHjQZ955iR90tjbUEBpEaqOYuKASZlZNh73igdLScLkL5mluVGvhAzqylIIWJamGHjTm2DimRUOuvjsnve7KBVJ9rEPiYmrjG8LWFhimQ0nBkZAEBcJcax+AIdiUHgR7SkyRIeuitZCbNiiJ7s2dkdN2JBxhEsZi+q13vDjGy1Ifu1M5nXXPjHsj3aoorSwmnOsR3AwSgC8nydL0OxNo2Fm54qdZC2EftX6KVaRYi3UWJd1lNt6wgBO6w2iDdLteg70P3XuzWyZe0CxHqG956LMQqvKSr59o5j2tYeQ==
+Prime1: +DWjjc/Z+u8UiLDBjDFNmM2wzEPoIAFkq86dj+n427jd72hFlAeuO2K6AgXekXSB7TA3JeBGKLyXzCoLN9C4wKLCMAcZs3uOmA43xEgL+cufKfFgKmrrq/mX0y34B17jtt6fL+oSYHuoryN9WxBeNfpz94lb9xE6cptoUopiJJ0=
+Prime2: 7o35Ayz2OhYeUkDsJCQ7Q38Vv5qdB8u8BXLYzEH3/fLiOViaHPUfg+jQ9TzEc3XCgQ212LI3yqwWsQ6nMnB+X9H1czW9OW9LJC9cS0mayIxdbYIa1HzUyYzCSiZfEFwzNXBPkfnmYjHqAPzCsAuBmrH9z3oo7c1rHcltrL84SQU=
+Exponent1: D1W5ChzqWb+FpEBPZOry4Vrr7mLPp5KOdrLoNyj8cA7G33Cww8mJsS+TUGaubowlLtNIxPVLQF8OfdWnJcamc3hayP7XTqh2kdxnA6Bz5PX4mm3IRDag4toj0C9J4KKzLOwqJ5qtkfpx3IgzyXmEaI9VtNhuryAIXWZOlrLoB10=
+Exponent2: zQxjmgMvskYI0hLT50ztU9sMyqEPkP/iIZzSFOAvVa1MHpa2AWYBLNUVp3YQNl5mTZ+HSzgFFMROzOoXdReUyLAkFl9+wruTDwtWfbBKx08/jz1h6ntSO9wttKa+18Uojyp2erce/BCDX03j2oZJZLrRu2D5hU4oYHYfO3kx3DE=
+Coefficient: 1lIUp+1hdC3zOULOkFpMqXFKp4QTkRLxffMnvH5jvfTaofGwYAFSFKIj289OQrmjJ0HXMJNEQ5vK0pW7K4newD1fefPYI3zyRE4zzew3hWlsGFgTqAsqEqk/gpPOMKJ0fWXJoFN4N5+3SOKYUthyRQHpxPI4IXKsL6Ckygf7Ydg=
+
Index: modules/remotebackend/regression-tests/up.example.com.zsk.1
===================================================================
--- modules/remotebackend/regression-tests/up.example.com.zsk.1 (revision 0)
+++ modules/remotebackend/regression-tests/up.example.com.zsk.1 (revision 0)
@@ -0,0 +1,11 @@
+Private-key-format: v1.2
+Algorithm: 8 (RSASHA256)
+Modulus: 5rFrlB6aOKdmqATnpW42XOwbvmRFD2Bj7hprkZ5sx1UX9ZqRsml0ZUuPvzpXZlxDdOYbrJVR7OJXy/KTGSEaKtdBIE1sGqTqSmGuAjf1eKCDY3AQoLau/kVo+3f2TWhnKalm7PKWaHxJFgw6/fpMHipQPlEvpiqEnk0z1ioWKhk=
+PublicExponent: AQAB
+PrivateExponent: Agt7ZDgjjqeAi9zj7xiLlPtxy9hTMA2fF86g+qI1yCGLYWhcl2vYYIfQ2crVrf5Y3w8lb9GbWjcaZ0rP6NEyjGovtM+RjykBeSxlu4zaH2vuW+6MH8Ed6kpLMXAqewFf7mxodsom3RllXAA2ZLspZYdvO7QDageN7e6NWy1+FUE=
+Prime1: 57E4mG4RAqoyetlXPZaKhb9X/GASccIXv0zfH7I/KUpaySSUfzcxojIOkoAFb2Ur8YDemE3f6coXraVx+qXbYQ==
+Prime2: /uVcsoQDurkOJ0kH/4vLvooU98J9ozGKg0CyBMrUQBhhSkr/o4W8obNoLHlMGeJYWeSAs5QonMamlLS9V+dBuQ==
+Exponent1: G4TJHBG2o4JjjIPUANSoj0oywR8IEcrj1yziM3mQVu8l6U4W9SUxF/qqEGx0OM7jcUPFLIHTXolKVq2X5BVfAQ==
+Exponent2: m9uRX9KbGSyYe+sLCfXoAj0abxisjAH56SHA+G8xc3O04aGUSN+4pMM3uqH8p4MgdO7kx2mbn6lUKG+Pq1VLeQ==
+Coefficient: S1bcDTTRVPoGEv9Zun57TL654I+XO9HHCneacZYAyJC5jI1GDbbVQmfXknuuvoh9Z4YsFRoh0zANy9cHjusk2Q==
+
Index: modules/remotebackend/regression-tests/up.example.com.zsk.2
===================================================================
--- modules/remotebackend/regression-tests/up.example.com.zsk.2 (revision 0)
+++ modules/remotebackend/regression-tests/up.example.com.zsk.2 (revision 0)
@@ -0,0 +1,11 @@
+Private-key-format: v1.2
+Algorithm: 8 (RSASHA256)
+Modulus: wJQvmbajlCnSj5XsqgxC7kWpslPSMFjkt1Rn2zuriyup/WeQAGxcPwCVVCq0pGrEqAP0hRnxpe8hhWLVJSpRiaaSqISBbZ+ebCqcTXo7C3d10XyKxBE5qxBePjJz3CvK0ellmbocC+QkeZSxBSRXjMAlFwsTroanoFhOtvjizS0=
+PublicExponent: AQAB
+PrivateExponent: JIGS2nFAZhxdgYGauQuU/oUvK5JvNGINjWFPRMR1eu7ejR5+Mk5YWEscg7WKw+ZHfFAvoLGv2NRRhu8a165DgV8fd5m38P20PpxqqzP2z8K6YANv2CkxsvvIBSwOUmkB/HqL6/Nhy4xTlKCcQxpm1gq5+XM1hXFmrEtzLgMqBVE=
+Prime1: /mXttF4hg/BDGHqaAAaZ5J8EFvoPRZIpFz6UU/5v8Kxx2se/FH6GCyEEdIebaNvB0gyZsC7lf4yIOCx9jx2EVQ==
+Prime2: wcqb8PZpsgxtSLYifXM0iZgs5k4LH8AwrrRjnGKkGPycxbbZb2qLddqwdP01YRCxkAnq4g9f/V33ozBm7Ms9eQ==
+Exponent1: zm1xPAmh0ojUOPnLGrhAigYKcIaKe96FH0p1W867kKStYmTxBTVBmag6EEC1d5nSpZn537++FAi5xDM90zKVXQ==
+Exponent2: XbEcJaqsvTU+3MmZ8TbyrpdRFeOjgy1DHCQAiMoz9hSjov9dLn2/gTJC37zPwub0QeRZmAPA79kvcclj6ZX1WQ==
+Coefficient: Z19qS5JSev5auSgG4UdNqqd4t5MlxdRaiigOPOzkipYxFCJGmscgU6aZ6OsjjpTCOaqd9voEgEVIW5CKHAtBUQ==
+
Index: modules/remotebackend/regression-tests/basic-aaaa-resolution/command
===================================================================
--- modules/remotebackend/regression-tests/basic-aaaa-resolution/command (revision 0)
+++ modules/remotebackend/regression-tests/basic-aaaa-resolution/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+cleandig outpost.example.com AAAA
+
Index: modules/remotebackend/regression-tests/basic-aaaa-resolution/expected_result
===================================================================
--- modules/remotebackend/regression-tests/basic-aaaa-resolution/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/basic-aaaa-resolution/expected_result (revision 0)
@@ -0,0 +1,3 @@
+0 outpost.example.com. IN AAAA 120 fe80::1
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outpost.example.com.', qtype=AAAA
Index: modules/remotebackend/regression-tests/basic-aaaa-resolution/tmp.rb
===================================================================
--- modules/remotebackend/regression-tests/basic-aaaa-resolution/tmp.rb (revision 0)
+++ modules/remotebackend/regression-tests/basic-aaaa-resolution/tmp.rb (revision 0)
@@ -0,0 +1,46 @@
+qname = "node-b.dyn.example.com"
+
+def to32(number)
+ number.to_s(32).tr "0123456789abcdefghijklmnopqrstuv", "ybndrfg8ejkmcpqxot1uwisza345h769"
+end
+
+def from32(str)
+ str.tr("ybndrfg8ejkmcpqxot1uwisza345h769", "0123456789abcdefghijklmnopqrstuv").to_i(32)
+end
+
+def rr(qname, qtype, content, ttl, priority = 0, auth = 1)
+ {:qname => qname, :qtype => qtype, :content => content, :ttl => ttl, :priority => priority, :auth => auth}
+end
+
+def send_result(*params)
+
+end
+
+def main(qname,qtype)
+ if qname[/\.?dyn.example.com$/]
+ if qname == "dyn.example.com"
+ ret = []
+ if (qtype != "SOA")
+ ret << rr(qname, "NS", "ns1.example.com",300)
+ ret << rr(qname, "NS", "ns2.example.com",300)
+ ret << rr(qname, "NS", "ns3.example.com",300)
+ end
+ ret << rr(qname,"SOA","ns1.example.com hostmaster.example.com #{Time.now.strftime("%Y%m%d%H")} 28800 7200 1209600 300",300)
+ return send_result ret
+ elsif qtype == "ANY" or qtype == "AAAA"
+ name = qname.match(/^node-(.*)\.dyn.example.com$/)[1]
+ if name.empty?
+ return send_result false
+ end
+# if name.size < 16
+# pad = 15-name.size
+# (1..pad).each do |i| name = "y#{name}" end
+# end
+ puts from32(name)
+ return send_result [rr(qname, "AAAA", "", 300)]
+ end
+ end
+ send_result false
+end
+
+main qname,"AAAA"
Index: modules/remotebackend/regression-tests/basic-aaaa-resolution/description
===================================================================
--- modules/remotebackend/regression-tests/basic-aaaa-resolution/description (revision 0)
+++ modules/remotebackend/regression-tests/basic-aaaa-resolution/description (revision 0)
@@ -0,0 +1,2 @@
+This test tries to resolve a straight AAAA record that is directly available in
+the database backend.
Index: modules/remotebackend/regression-tests/http-backend.rb
===================================================================
--- modules/remotebackend/regression-tests/http-backend.rb (revision 2806)
+++ modules/remotebackend/regression-tests/http-backend.rb (working copy)
@@ -5,10 +5,17 @@
require "../modules/remotebackend/regression-tests/dnsbackend"
require "../modules/remotebackend/regression-tests/backend"
-server = WEBrick::HTTPServer.new :Port => 62434
+server = WEBrick::HTTPServer.new(
+ Port: 62434,
+ BindAddress: "localhost",
+# Logger: WEBrick::Log.new("remotebackend-server.log"),
+ AccessLog: [ [ File.open("remotebackend-access.log", "w"), WEBrick::AccessLog::COMBINED_LOG_FORMAT ] ]
+)
be = Handler.new("../modules/remotebackend/regression-tests/remote.sqlite3")
+server.mount "/dns", DNSBackendHandler, be
-server.mount "/dns", DNSBackendHandler, be
trap('INT') { server.stop }
+trap('TERM') { server.stop }
+
server.start
Index: modules/remotebackend/regression-tests/apex-test/command
===================================================================
--- modules/remotebackend/regression-tests/apex-test/command (revision 0)
+++ modules/remotebackend/regression-tests/apex-test/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig up.example.com NS
Index: modules/remotebackend/regression-tests/apex-test/expected_result
===================================================================
--- modules/remotebackend/regression-tests/apex-test/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/apex-test/expected_result (revision 0)
@@ -0,0 +1,6 @@
+0 up.example.com. IN NS 120 ns1.example.com.
+0 up.example.com. IN NS 120 ns2.example.com.
+2 ns1.example.com. IN A 120 192.168.2.2
+2 ns2.example.com. IN A 120 192.168.2.3
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='up.example.com.', qtype=NS
Index: modules/remotebackend/regression-tests/apex-test/description
===================================================================
--- modules/remotebackend/regression-tests/apex-test/description (revision 0)
+++ modules/remotebackend/regression-tests/apex-test/description (revision 0)
@@ -0,0 +1 @@
+Verify that up.example.com NS records come out right
Index: modules/remotebackend/regression-tests/test-schema.sql
===================================================================
--- modules/remotebackend/regression-tests/test-schema.sql (revision 2806)
+++ modules/remotebackend/regression-tests/test-schema.sql (working copy)
@@ -20,12 +20,15 @@
content VARCHAR(65535) DEFAULT NULL,
ttl INTEGER DEFAULT NULL,
prio INTEGER DEFAULT NULL,
- change_date INTEGER DEFAULT NULL
+ change_date INTEGER DEFAULT NULL,
+ ordername VARCHAR(255) DEFAULT NULL,
+ auth BOOL DEFAULT 0
);
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
+create index orderindex on records(ordername);
create table supermasters (
ip VARCHAR(25) NOT NULL,
@@ -33,10 +36,6 @@
account VARCHAR(40) DEFAULT NULL
);
-alter table records add ordername VARCHAR(255);
-alter table records add auth bool;
-create index orderindex on records(ordername);
-
create table domainmetadata (
id INTEGER PRIMARY KEY,
domain_id INT NOT NULL,
@@ -64,11 +63,27 @@
);
create unique index namealgoindex on tsigkeys(name, algorithm);
-insert into domains (name,type) VALUES('delegated.dnssec-parent.com','NATIVE');
-insert into domains (name,type) VALUES('dnssec-parent.com','NATIVE');
+
insert into domains (name,type) VALUES('example.com','NATIVE');
-insert into domains (name,type) VALUES('minimal.com','NATIVE');
-insert into domains (name,type) VALUES('test.com','NATIVE');
-insert into domains (name,type) VALUES('wtest.com','NATIVE');
+insert into domains (name,type) VALUES('up.example.com','NATIVE');
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "example.com", "SOA", "120", "ns1.example.com hostmaster.example.com 2000010101 28800 7200 1209600 120", "", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "example.com", "NS", "120", "ns1.example.com", "", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "example.com", "NS", "120", "ns2.example.com", "", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "outpost.example.com", "A", "120", "192.168.2.1", "outpost", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "outpost.example.com", "AAAA", "120", "fe80::1", "outpost", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "www.example.com", "A", "120", "192.168.2.255", "www", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "up.example.com", "NS", "120", "ns1.example.com", "up", 0 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "up.example.com", "NS", "120", "ns2.example.com", "up", 0 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "ns1.example.com", "A", "120", "192.168.2.2", "ns1", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "ns2.example.com", "A", "120", "192.168.2.3", "ns2", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "up.example.com", "DS", "120", "38674 8 1 50ea84825288d03bf9ddda0b0b5f8964c6fbafa8", "up", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "up.example.com", "DS", "120", "38674 8 2 bf31ef7aea46f2adca7a61fbb0629fb5c24116df0f22ec0115dbc7ebdddee04e", "up", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "up.example.com", "DS", "120", "38674 8 3 6ed18dceaba6d2547f2fc82ba3801fdc919db51b0e44baa261b887c824dd9a2d", "up", 1 FROM domains WHERE name = "example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "up.example.com", "SOA", "120", "ns1.example.com hostmaster.example.com 2000010101 28800 7200 1209600 120", "", 1 FROM domains WHERE name = "up.example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "up.example.com", "NS", "120", "ns1.example.com", "", 1 FROM domains WHERE name = "up.example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "up.example.com", "NS", "120", "ns2.example.com", "", 1 FROM domains WHERE name = "up.example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "jump.up.example.com", "A", "120", "192.168.3.1", "jump", 1 FROM domains WHERE name = "up.example.com";
+insert into records (domain_id, name, type, ttl, content, ordername, auth) select id as domain_id, "jump.up.example.com", "TXT", "120", "a very very long indeed text string that should pass out clean and proper thru the entire chain of powerdns processing", "jump", 1 FROM domains WHERE name = "up.example.com";
+
commit;
Index: modules/remotebackend/regression-tests/nsec-wraparound-end/expected_result.nsec3
===================================================================
--- modules/remotebackend/regression-tests/nsec-wraparound-end/expected_result.nsec3 (revision 0)
+++ modules/remotebackend/regression-tests/nsec-wraparound-end/expected_result.nsec3 (revision 0)
@@ -0,0 +1,11 @@
+1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN NSEC3 86400 1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
+1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1 gnk5kv3h2h1h8ge405j6093608ukp3i5.example.com. IN NSEC3 86400 1 1 1 abcd GNO4LESKG6U7HKEJ9UL71SF1HD7F1P96 A RRSIG
+1 gnk5kv3h2h1h8ge405j6093608ukp3i5.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='zzz.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-wraparound-end/command
===================================================================
--- modules/remotebackend/regression-tests/nsec-wraparound-end/command (revision 0)
+++ modules/remotebackend/regression-tests/nsec-wraparound-end/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+cleandig zzz.example.com A dnssec
+
Index: modules/remotebackend/regression-tests/nsec-wraparound-end/expected_result
===================================================================
--- modules/remotebackend/regression-tests/nsec-wraparound-end/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/nsec-wraparound-end/expected_result (revision 0)
@@ -0,0 +1,9 @@
+1 example.com. IN NSEC 120 ns1.example.com. NS SOA RRSIG NSEC DNSKEY
+1 example.com. IN RRSIG 120 NSEC 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN RRSIG 120 SOA 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 120 ns1.example.com. hostmaster.example.com. 2000010101 28800 7200 1209600 120
+1 www.example.com. IN NSEC 120 example.com. A RRSIG NSEC
+1 www.example.com. IN RRSIG 120 NSEC 8 3 120 [expiry] [inception] [keytag] example.com. ...
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='zzz.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-wraparound-end/description
===================================================================
--- modules/remotebackend/regression-tests/nsec-wraparound-end/description (revision 0)
+++ modules/remotebackend/regression-tests/nsec-wraparound-end/description (revision 0)
@@ -0,0 +1,2 @@
+This test verifies that NXDOMAINS beyond the last record of a zone
+generate a correct wraparound NSEC.
Index: modules/remotebackend/regression-tests/basic-a-dnssec/command
===================================================================
--- modules/remotebackend/regression-tests/basic-a-dnssec/command (revision 0)
+++ modules/remotebackend/regression-tests/basic-a-dnssec/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig outpost.example.com A dnssec
Index: modules/remotebackend/regression-tests/basic-a-dnssec/expected_result
===================================================================
--- modules/remotebackend/regression-tests/basic-a-dnssec/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/basic-a-dnssec/expected_result (revision 0)
@@ -0,0 +1,5 @@
+0 outpost.example.com. IN A 120 192.168.2.1
+0 outpost.example.com. IN RRSIG 120 A 8 3 120 [expiry] [inception] [keytag] example.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outpost.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/basic-a-dnssec/description
===================================================================
--- modules/remotebackend/regression-tests/basic-a-dnssec/description (revision 0)
+++ modules/remotebackend/regression-tests/basic-a-dnssec/description (revision 0)
@@ -0,0 +1 @@
+Basic DNSSEC test
Index: modules/remotebackend/regression-tests/example.com.zsk.1
===================================================================
--- modules/remotebackend/regression-tests/example.com.zsk.1 (revision 0)
+++ modules/remotebackend/regression-tests/example.com.zsk.1 (revision 0)
@@ -0,0 +1,11 @@
+Private-key-format: v1.2
+Algorithm: 8 (RSASHA256)
+Modulus: yIrPfzxbh4ndcbY/Kv0pp5/wVDBkrNaPOJMRKmASPFP8tbBSsvk49ARQEdrTGtPg0tMdUCX1nPZPIVmJsrD2/xGcpW0A+CAOB4H7Akz+nHlhkgPtErM6zPktxoQXBVUWKkcddJjEO5gAgXHN3Y/Ji6fDmtiRTjFUPyNYrBzf7zc=
+PublicExponent: AQAB
+PrivateExponent: Aiff2CXNdBUK0NydLDiheIBTJIyKoIMD8h8+mX6D46shddCJ6wubzZ+4PqDkEQ9DBPEpCQIHdGL/ccPVI5scZJerFbEdZP12n+0ZRoAkhbuhgTYlUQh253y8w+CIOipgIMo9WAM66/F6Y8KBpPp2qq7OJHbbKGhEQMKrx/dsHeE=
+Prime1: 7MnlWpyUSc5vKcnZjo4Qj3OC+VQXiC3vXFSWFY3xF5dKc0tIbaznTwH+KQ35gFZ6ZBVPkHQP/v6VPv6t5V5h1w==
+Prime2: 2NATZQeCOwtPCuahak8pM2166PmTI84zUYmRWINf957KniyP44eM068HOm5RZeF7MwdnzrOV+tx3l3tftb/xoQ==
+Exponent1: hj40RHnO7EUX6sYgDFzocJuZXodZTABW2q6t5Axz6d8A+3pr1poXDUjg8h+VGzhr7P/T+t6CDxwAOxWiOw6WQw==
+Exponent2: ke78HvR+498oxN2XqEbAJK18HXRfZapVQHyoKDvFTJbFKtIzx6JlV9ZntxyqDTlIA4DojmiyergKhxuzwFICAQ==
+Coefficient: m0leC8nHk+4zytiraipFK2/WRzmDw9+pHLqWpCKnXkWSVCdbhw1tyNfS4WDKL8iBXcV774WL0oR/naOwU72IpA==
+
Index: modules/remotebackend/regression-tests/long-txt-resolution/command
===================================================================
--- modules/remotebackend/regression-tests/long-txt-resolution/command (revision 0)
+++ modules/remotebackend/regression-tests/long-txt-resolution/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+cleandig jump.up.example.com TXT
+
Index: modules/remotebackend/regression-tests/long-txt-resolution/expected_result
===================================================================
--- modules/remotebackend/regression-tests/long-txt-resolution/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/long-txt-resolution/expected_result (revision 0)
@@ -0,0 +1,3 @@
+0 jump.up.example.com. IN TXT 120 "a very very long indeed text string that should pass out clean and proper thru the entire chain of powerdns processing"
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='jump.up.example.com.', qtype=TXT
Index: modules/remotebackend/regression-tests/long-txt-resolution/tmp.rb
===================================================================
--- modules/remotebackend/regression-tests/long-txt-resolution/tmp.rb (revision 0)
+++ modules/remotebackend/regression-tests/long-txt-resolution/tmp.rb (revision 0)
@@ -0,0 +1,46 @@
+qname = "node-b.dyn.example.com"
+
+def to32(number)
+ number.to_s(32).tr "0123456789abcdefghijklmnopqrstuv", "ybndrfg8ejkmcpqxot1uwisza345h769"
+end
+
+def from32(str)
+ str.tr("ybndrfg8ejkmcpqxot1uwisza345h769", "0123456789abcdefghijklmnopqrstuv").to_i(32)
+end
+
+def rr(qname, qtype, content, ttl, priority = 0, auth = 1)
+ {:qname => qname, :qtype => qtype, :content => content, :ttl => ttl, :priority => priority, :auth => auth}
+end
+
+def send_result(*params)
+
+end
+
+def main(qname,qtype)
+ if qname[/\.?dyn.example.com$/]
+ if qname == "dyn.example.com"
+ ret = []
+ if (qtype != "SOA")
+ ret << rr(qname, "NS", "ns1.example.com",300)
+ ret << rr(qname, "NS", "ns2.example.com",300)
+ ret << rr(qname, "NS", "ns3.example.com",300)
+ end
+ ret << rr(qname,"SOA","ns1.example.com hostmaster.example.com #{Time.now.strftime("%Y%m%d%H")} 28800 7200 1209600 300",300)
+ return send_result ret
+ elsif qtype == "ANY" or qtype == "AAAA"
+ name = qname.match(/^node-(.*)\.dyn.example.com$/)[1]
+ if name.empty?
+ return send_result false
+ end
+# if name.size < 16
+# pad = 15-name.size
+# (1..pad).each do |i| name = "y#{name}" end
+# end
+ puts from32(name)
+ return send_result [rr(qname, "AAAA", "", 300)]
+ end
+ end
+ send_result false
+end
+
+main qname,"AAAA"
Index: modules/remotebackend/regression-tests/long-txt-resolution/description
===================================================================
--- modules/remotebackend/regression-tests/long-txt-resolution/description (revision 0)
+++ modules/remotebackend/regression-tests/long-txt-resolution/description (revision 0)
@@ -0,0 +1 @@
+Check that long TXT comes out clean
Index: modules/remotebackend/regression-tests/example.com.zsk.2
===================================================================
--- modules/remotebackend/regression-tests/example.com.zsk.2 (revision 0)
+++ modules/remotebackend/regression-tests/example.com.zsk.2 (revision 0)
@@ -0,0 +1,11 @@
+Private-key-format: v1.2
+Algorithm: 8 (RSASHA256)
+Modulus: r+vmQll38ndQqNSCx9eqRBUbSOLcH4PZFX824sGhY2NSQChqt1G4ZfndzRwgjXMUwiE7GkkqU2Vbt/g4iP67V/+MYecMV9YHkCRnEzb47nBXvs9JCf8AHMCnma567GQjPECh4HevPE9wmcOfpy/u7UN1oHKSKRWuZJadUwcjbp8=
+PublicExponent: AQAB
+PrivateExponent: CYC93UtVnOM6wrFJZ+qA9+Yx+p5yk0CSi0Q7c+/6EVMuABQ5gNyTuu0j65lU3X81bwUk2wHPx6smfgoVDRAW5jjO4jgIFV6nE4inzk5YQKycQSL8YG3Nm9GciLFya1KUXs81sHsQpkvK7MNaSbvkaHZQ6iv16bZ4t73Wascwa/E=
+Prime1: 6a165cIC0nNsGlTW/s2jRu7idq5+U203iE1HzSIddmWgx5KIKE/s3I+pwfmXYRUmq+4H9ASd/Yot1lSYW98szw==
+Prime2: wLoCPKxxnuxDx6/9IKOYz8t9ZNLY74iCeQ85koqvTctkFmB9jpOUHTU9BhecaFY2euP9CuHV7z3PLtCoO8s1MQ==
+Exponent1: CuzJaiR/7UboLvL4ekEy+QYCIHpX/Z6FkiHK0ZRevEJUGgCHzRqvgEBXN3Jr2WYbwL4IMShmGoxzSCn8VY9BkQ==
+Exponent2: LDR9/tyu0vzuLwc20B22FzNdd5rFF2wAQTQ0yF/3Baj5NAi9w84l0u07KgKQZX4g0N8qUyypnU5YDyzc6ZoagQ==
+Coefficient: 6S0vhIQITWzqfQSLj+wwRzs6qCvJckHb1+SD1XpwYjSgMTEUlZhf96m8WiaE1/fIt4Zl2PC3fF7YIBoFLln22w==
+
Index: modules/remotebackend/regression-tests/list-all-records/command
===================================================================
--- modules/remotebackend/regression-tests/list-all-records/command (revision 0)
+++ modules/remotebackend/regression-tests/list-all-records/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+dig example.com AXFR @$nameserver -p $port | grep "IN" | egrep -v "(NSEC|RRSIG|DNSKEY)" | LC_ALL=C sort
Index: modules/remotebackend/regression-tests/list-all-records/expected_result
===================================================================
--- modules/remotebackend/regression-tests/list-all-records/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/list-all-records/expected_result (revision 0)
@@ -0,0 +1,14 @@
+example.com. 120 IN NS ns1.example.com.
+example.com. 120 IN NS ns2.example.com.
+example.com. 120 IN SOA ns1.example.com. hostmaster.example.com. 2000010101 28800 7200 1209600 120
+example.com. 120 IN SOA ns1.example.com. hostmaster.example.com. 2000010101 28800 7200 1209600 120
+ns1.example.com. 120 IN A 192.168.2.2
+ns2.example.com. 120 IN A 192.168.2.3
+outpost.example.com. 120 IN A 192.168.2.1
+outpost.example.com. 120 IN AAAA fe80::1
+up.example.com. 120 IN DS 38674 8 1 50EA84825288D03BF9DDDA0B0B5F8964C6FBAFA8
+up.example.com. 120 IN DS 38674 8 2 BF31EF7AEA46F2ADCA7A61FBB0629FB5C24116DF0F22EC0115DBC7EB DDDEE04E
+up.example.com. 120 IN DS 38674 8 3 6ED18DCEABA6D2547F2FC82BA3801FDC919DB51B0E44BAA261B887C8 24DD9A2D
+up.example.com. 120 IN NS ns1.example.com.
+up.example.com. 120 IN NS ns2.example.com.
+www.example.com. 120 IN A 192.168.2.255
Index: modules/remotebackend/regression-tests/list-all-records/description
===================================================================
--- modules/remotebackend/regression-tests/list-all-records/description (revision 0)
+++ modules/remotebackend/regression-tests/list-all-records/description (revision 0)
@@ -0,0 +1 @@
+Makes sure listing works
Index: modules/remotebackend/regression-tests/up.example.com.ksk
===================================================================
--- modules/remotebackend/regression-tests/up.example.com.ksk (revision 0)
+++ modules/remotebackend/regression-tests/up.example.com.ksk (revision 0)
@@ -0,0 +1,11 @@
+Private-key-format: v1.2
+Algorithm: 8 (RSASHA256)
+Modulus: uJPhQJzTPtwYCo/e9p+bIVB+JqSm79/3dcAdbrl5hMC4GFpdsqNbrhgzxrnic5Te0Kgt5ewWm9uXirq9eYFHmOmdwYKvbEjeEpBo2/HhDCRtRpuTHYsfqsJqbNAR5j0cMmjYq9UicZmrBR0rg8nqfZIMuTSAhAyTKd96ntA4Q1MS/XKd6tzeaeRjBAm263toW22C+c7A233NH3Q+DQIBul0vO9gKMRcdDGTmrjJleHzYRWGETZx9/OJwhroV4XH3z3gs0pBIEbGM4vKzrN3ER9lfQ/hn9ZSo6ksjawOY4NleVO4PofM8PlF0Hjg4Qzjqow2IgyL0Y3kVbSWpx7caNw==
+PublicExponent: AQAB
+PrivateExponent: COSdg1ULAiOG+2gX857La3BK/UzZlJ0gRlaA4VQJlgSjDULtWMbXvl+ai9MEJVJHs5rAYcX3B0z61DHphyOPcfKiwy9EvHbjHD0Q9rS36+alZs2AHRN8hxtIfWc/aLrXbPMlEI8uuNwQ8I7wCP1/Hf9RCNHBKQH7sfzIFhBgmMqG63bVhaFI3Dae3R8mbRPurNCQqqpQRnY6QCo+MT4oCcPtUhknNdrMfiXk1OIlKXQy5fcF1CcKM9SseL2OQ6BSR5zmzvuPtr214F0Nsx3jl9zw9Dq29fDEQRuxmITJNeXeBkTc0S87CVIc9wX4Xke9S4t0cYEcIFaFLAf5nDk5gQ==
+Prime1: 4Ff95nOa40oewS0KgKvbPTd9ZT7bqXBqvUNYV4t+oAtsA01qikrg13FlEDOgGn65LpWPia3WAOj3x+RNKqSs2lDn1DcRiY5QIVUtvGYicJfoNW9XAZC8qb6shhzxdQto8s0g8Q2M+i6vFNG+buAY/1h0FopNRIvMSC+rpFDl06c=
+Prime2: 0p9pWeanOBmnB00B6GYXNJ04xK0FysGnRdLLSJ1wd++9SxggVy7i3fLBVMtW6RIKho1alu/vnPNRkOk3ns1TliNfgVk2E+BF/9lJoXQaD7PKT62tRSH+7dSluW/MmakFNrlQeAylFsFSFepdbXYODWaOzyl7qNmZziLKksbRlvE=
+Exponent1: Uo9POt3UZEzEoKaotM2J8y9WkEnfoK1kOp5sBlupj9BkQZrd2GLR97cdUCcPhnCYSZJ0rmAw30jc1s0nsMfFbNpVVn2lkI+04W9tU2XqyrC8nd2JkWPoajdnWjuQiFhYmPHwa4VnGjLP78N4Z2lFCcNNhXYEFXO1C+OvMNssmQU=
+Exponent2: YG+69f3E/MvKDW61++maoG2IS40JRN/MLg0pJLNphpDPdC20yRZfq831tVRxE8A974OTQd7UMGG8LASMgfpzViAWH4xwVUNv6YhczT7ym9PvQvI7jpbVOaIOy0wkOwsHpxnMfVsUz8luQziO1IqkPoCBzNqqkxIm+Ro29GNyHZE=
+Coefficient: CEAJV5fxzzRBxE5Sjwk1cCycIRc4knBywzI0+SKiwGjnieCuJY3VDU0c9kkXfJPL6CydhQg7w4d/uOzKv4UY74Pt3a7JgfhSmRpl9pEGS3vytcc5rRl/VYN9a+S6iUU2YbpWziQZt6tujA+WuvXmr5RsgvqnFYAwYYGav1cogMc=
+
Index: modules/remotebackend/regression-tests/nsec-middle/command
===================================================================
--- modules/remotebackend/regression-tests/nsec-middle/command (revision 0)
+++ modules/remotebackend/regression-tests/nsec-middle/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+cleandig outerpost.example.com A dnssec
+
Index: modules/remotebackend/regression-tests/nsec-middle/expected_result
===================================================================
--- modules/remotebackend/regression-tests/nsec-middle/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/nsec-middle/expected_result (revision 0)
@@ -0,0 +1,9 @@
+1 example.com. IN NSEC 120 ns1.example.com. NS SOA RRSIG NSEC DNSKEY
+1 example.com. IN RRSIG 120 NSEC 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN RRSIG 120 SOA 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 120 ns1.example.com. hostmaster.example.com. 2000010101 28800 7200 1209600 120
+1 ns2.example.com. IN NSEC 120 outpost.example.com. A RRSIG NSEC
+1 ns2.example.com. IN RRSIG 120 NSEC 8 3 120 [expiry] [inception] [keytag] example.com. ...
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outerpost.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-middle/description
===================================================================
--- modules/remotebackend/regression-tests/nsec-middle/description (revision 0)
+++ modules/remotebackend/regression-tests/nsec-middle/description (revision 0)
@@ -0,0 +1,2 @@
+This test verifies that an NXDOMAIN in the middle of a zone
+generates a correct NSEC(3).
Index: modules/remotebackend/regression-tests/nsec-middle/expected_result.narrow
===================================================================
--- modules/remotebackend/regression-tests/nsec-middle/expected_result.narrow (revision 0)
+++ modules/remotebackend/regression-tests/nsec-middle/expected_result.narrow (revision 0)
@@ -0,0 +1,7 @@
+1 example.com. IN NSEC 120 outpost.example.com. NS SOA RRSIG NSEC DNSKEY
+1 example.com. IN RRSIG 120 NSEC 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN RRSIG 120 SOA 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 120 ns1.example.com. hostmaster.example.com. 2000010101 28800 7200 1209600 120
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outerpost.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-middle/expected_result.nsec3
===================================================================
--- modules/remotebackend/regression-tests/nsec-middle/expected_result.nsec3 (revision 0)
+++ modules/remotebackend/regression-tests/nsec-middle/expected_result.nsec3 (revision 0)
@@ -0,0 +1,7 @@
+1 example.com. IN NSEC 120 outpost.example.com. NS SOA RRSIG NSEC DNSKEY
+1 example.com. IN RRSIG 120 NSEC 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN RRSIG 120 SOA 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 120 ns1.example.com. hostmaster.example.com. 2000010101 28800 7200 1209600 120
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outerpost.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/pipe-backend.rb
===================================================================
--- modules/remotebackend/regression-tests/pipe-backend.rb (revision 2806)
+++ modules/remotebackend/regression-tests/pipe-backend.rb (working copy)
@@ -5,9 +5,12 @@
h = Handler.new("../modules/remotebackend/regression-tests/remote.sqlite3")
+f = File.open "/tmp/tmp.txt","a"
+
STDOUT.sync = true
begin
STDIN.each_line do |line|
+ f.puts line
# expect json
input = {}
line = line.strip
@@ -26,7 +29,7 @@
end
puts ({:result => res, :log => log}).to_json
rescue JSON::ParserError
- send_failure "Cannot parse input #{line}"
+ puts ({:result => false, :log => "Cannot parse input #{line}"}).to_json
next
end
end
Index: modules/remotebackend/regression-tests/00dnssec-grabkeys/command
===================================================================
--- modules/remotebackend/regression-tests/00dnssec-grabkeys/command (revision 0)
+++ modules/remotebackend/regression-tests/00dnssec-grabkeys/command (revision 0)
@@ -0,0 +1,16 @@
+#!/bin/sh -e
+set pipefail
+rm -f trustedkeys
+rm -f unbound-host.conf
+for zone in example.com
+do
+ drill -p $port -o rd -D dnskey $zone @$nameserver | grep -v '^;' | grep -v AwEAAarTiHhPgvD28WCN8UBXcEcf8f >> trustedkeys
+ echo "stub-zone:" >> unbound-host.conf
+ echo " name: $zone" >> unbound-host.conf
+ echo " stub-addr: $nameserver@$port" >> unbound-host.conf
+ echo "" >> unbound-host.conf
+done
+
+echo "server:" >> unbound-host.conf
+echo " do-not-query-address: 192.168.0.0/16" >> unbound-host.conf
+echo ' trust-anchor-file: "trustedkeys"' >> unbound-host.conf
Index: modules/remotebackend/regression-tests/00dnssec-grabkeys/description
===================================================================
--- modules/remotebackend/regression-tests/00dnssec-grabkeys/description (revision 0)
+++ modules/remotebackend/regression-tests/00dnssec-grabkeys/description (revision 0)
@@ -0,0 +1 @@
+Grab DNSKEY records for validation testing.
Index: modules/remotebackend/regression-tests/dnssec-keys/command
===================================================================
--- modules/remotebackend/regression-tests/dnssec-keys/command (revision 0)
+++ modules/remotebackend/regression-tests/dnssec-keys/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig example.com DNSKEY
Index: modules/remotebackend/regression-tests/dnssec-keys/expected_result
===================================================================
--- modules/remotebackend/regression-tests/dnssec-keys/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/dnssec-keys/expected_result (revision 0)
@@ -0,0 +1,4 @@
+0 example.com. IN DNSKEY 120 256 3 8 ...
+0 example.com. IN DNSKEY 120 257 3 8 ...
+Rcode: 0, RD: 0, QR: 1, TC: 1, AA: 1, opcode: 0
+Reply to question for qname='example.com.', qtype=DNSKEY
Index: modules/remotebackend/regression-tests/dnssec-keys/description
===================================================================
--- modules/remotebackend/regression-tests/dnssec-keys/description (revision 0)
+++ modules/remotebackend/regression-tests/dnssec-keys/description (revision 0)
@@ -0,0 +1 @@
+Check that pdns can read keys from backend
Index: modules/remotebackend/regression-tests/backend.rb
===================================================================
--- modules/remotebackend/regression-tests/backend.rb (revision 2806)
+++ modules/remotebackend/regression-tests/backend.rb (working copy)
@@ -8,34 +8,62 @@
end
class Handler
- attr :db
-
def initialize(dbpath)
- @db = SQLite3::Database.new dbpath
+ @dbpath = dbpath
end
+ def db
+ d = SQLite3::Database.new @dbpath
+ if block_given?
+ d.transaction
+ begin
+ yield d
+ rescue
+ d.rollback
+ return
+ end
+ d.commit
+ else
+ d
+ end
+ end
+
def do_initialize(*args)
return true, "Test bench initialized"
end
+ def getbeforename(qname, id)
+ before = db.get_first_value("SELECT ordername FROM records WHERE ordername < ? AND domain_id = ? ORDER BY ordername DESC", qname, id)
+ if (before.nil?)
+ before = db.get_first_value("SELECT ordername FROM records WHERE domain_id = ? ORDER by ordername DESC LIMIT 1", id)
+ end
+ before
+ end
+
+ def getaftername(qname, id)
+ after = db.get_first_value("SELECT ordername FROM records WHERE ordername > ? AND domain_id = ? ORDER BY ordername", qname, id)
+ if (after.nil?)
+ after = db.get_first_value("SELECT ordername FROM records WHERE domain_id = ? ORDER by ordername LIMIT 1", id)
+ end
+ after
+ end
+
+
def do_getbeforeandafternamesabsolute(args)
- before = @db.get_first_value("SELECT ordername FROM records WHERE ordername < ? AND domain_id = ?", args["qname"], args["id"])
- after = @db.get_first_value("SELECT ordername FROM records WHERE ordername > ? AND domain_id = ?", args["qname"], args["id"])
- return [{:before => before, :after => after, :unhashed => args["qname"]}, nil]
+ args["qname"] = "" if args["qname"].nil?
+ return [{:before => getbeforename(args["qname"],args["id"]), :after => getaftername(args["qname"],args["id"]), :unhashed => args["qname"]}, nil]
end
def do_getbeforeandafternames(args)
- before = @db.get_first_value("SELECT ordername FROM records WHERE ordername < ? AND domain_id = ?", args["qname"], args["id"])
- after = @db.get_first_value("SELECT ordername FROM records WHERE ordername > ? AND domain_id = ?", args["qname"], args["id"])
- return [{:before => before, :after => after, :unhashed => args["qname"]}, nil]
+ args["qname"] = "" if args["qname"].nil?
+ return [{:before => getbeforename(args["qname"],args["id"]), :after => getaftername(args["qname"],args["id"]), :unhashed => args["qname"]}, nil]
end
def do_getdomainkeys(args)
ret = []
- @db.execute("SELECT flags,active,content FROM domains JOIN cryptokeys ON domains.id = cryptokeys.domain_id WHERE domains.name = ?", args["name"]) do |row|
- ret << {:flags => row[0].to_i, :active => !(row[1].to_i.zero?), :content => row[2]}
+ db.execute("SELECT cryptokeys.id,flags,active,content FROM domains JOIN cryptokeys ON domains.id = cryptokeys.domain_id WHERE domains.name = ?", [args["name"]]) do |row|
+ ret << {:id => row[0].to_i, :flags => row[1].to_i, :active => !(row[2].to_i.zero?), :content => row[3]}
end
-
return false if ret.empty?
return [ret,nil]
end
@@ -45,13 +73,25 @@
loop do
begin
sargs = {}
- if (args["qtype"] == "ANY")
- sql = "SELECT domain_id,name,type,content,ttl,prio,auth FROM records WHERE name = :qname"
- sargs["qname"] = args["qname"]
+ if (args["zone-id"].to_i > 0)
+ sargs["domain_id"] = args["zone-id"].to_i
+ if (args["qtype"] == "ANY")
+ sql = "SELECT domain_id,name,type,content,ttl,prio,auth FROM records WHERE name = :qname AND domain_id = :domain_id"
+ sargs["qname"] = args["qname"]
+ else
+ sql = "SELECT domain_id,name,type,content,ttl,prio,auth FROM records WHERE name = :qname AND type = :qtype AND domain_id = :domain_id"
+ sargs["qname"] = args["qname"]
+ sargs["qtype"] = args["qtype"]
+ end
else
- sql = "SELECT domain_id,name,type,content,ttl,prio,auth FROM records WHERE name = :qname AND type = :qtype"
- sargs["qname"] = args["qname"]
- sargs["qtype"] = args["qtype"]
+ if (args["qtype"] == "ANY")
+ sql = "SELECT domain_id,name,type,content,ttl,prio,auth FROM records WHERE name = :qname"
+ sargs["qname"] = args["qname"]
+ else
+ sql = "SELECT domain_id,name,type,content,ttl,prio,auth FROM records WHERE name = :qname AND type = :qtype"
+ sargs["qname"] = args["qname"]
+ sargs["qtype"] = args["qtype"]
+ end
end
db.execute(sql, sargs) do |row|
ret << rr(row[1], row[2], row[3], row[4], row[5], row[6], row[0])
@@ -64,9 +104,21 @@
return false unless ret.size > 0
return [ret,nil]
end
-
+
+ def do_getdomaininfo(args)
+ ret = {}
+ sql = "SELECT name,content FROM records WHERE name = :name AND type = 'SOA'"
+ db.execute(sql, args) do |row|
+ ret[:zone] = row[0]
+ ret[:serial] = row[1].split(' ')[2].to_i
+ ret[:kind] = "native"
+ end
+ return [ret,nil] if ret.has_key?(:zone)
+ return false
+ end
+
def do_list(args)
- target = args["target"]
+ target = args["zonename"]
ret = []
loop do
begin
@@ -77,6 +129,7 @@
end
rescue Exception => e
e.backtrace
+ return false, [e.message]
end
break
end
@@ -84,11 +137,63 @@
return [ret,nil]
end
+ def do_adddomainkey(args)
+ d_id = db.get_first_value("SELECT id FROM domains WHERE name = ?", args["name"])
+ return false if d_id.nil?
+ sql = "INSERT INTO cryptokeys (domain_id, flags, active, content) VALUES(?,?,?,?)"
+ active = args["key"]["active"]
+ if (active)
+ active = 1
+ else
+ active = 0
+ end
+ db do |tx|
+ tx.execute(sql, [d_id, args["key"]["flags"].to_i, active, args["key"]["content"]])
+ end
+ return db.get_first_value("SELECT last_insert_rowid()")
+ end
+
+ def do_deactivatedomainkey(args)
+ d_id = db.get_first_value("SELECT id FROM domains WHERE name = ?", args["name"])
+ return false if d_id.nil?
+ db do |tx|
+ tx.execute("UPDATE cryptokeys SET active = 0 WHERE domain_id = ? AND id = ?", [d_id, args["id"]])
+ end
+ return true
+ end
+
+ def do_activatedomainkey(args)
+ d_id = db.get_first_value("SELECT id FROM domains WHERE name = ?", args["name"])
+ return false if d_id.nil?
+ db do |tx|
+ db.execute("UPDATE cryptokeys SET active = 1 WHERE domain_id = ? AND id = ?", [d_id, args["id"]])
+ end
+ return true
+ end
+
def do_getdomainmetadata(args)
- return false
+ ret = []
+ sql = "SELECT content FROM domainmetadata JOIN domains WHERE name = :name AND kind = :kind"
+ sargs = {:name => args["name"], :kind => args["kind"]}
+ db.execute(sql,sargs) do |row|
+ ret << row[0]
+ end
+ return false unless ret.size > 0
+ return [ret,nil]
end
def do_setdomainmetadata(args)
- return false
+ d_id = db.get_first_value("SELECT id FROM domains WHERE name = ?", args["name"])
+ return false if d_id.nil?
+ db do |tx|
+ sql = "DELETE FROM domainmetadata WHERE domain_id = ?"
+ tx.execute(sql, [d_id])
+ break if args["value"].nil?
+ sql = "INSERT INTO domainmetadata (domain_id,kind,content) VALUES(?,?,?)"
+ args["value"].each do |value|
+ tx.execute(sql,[d_id, args["kind"], value])
+ end
+ end
+ return true
end
end
Index: modules/remotebackend/regression-tests/nsec-wraparound-begin/expected_result.nsec3
===================================================================
--- modules/remotebackend/regression-tests/nsec-wraparound-begin/expected_result.nsec3 (revision 0)
+++ modules/remotebackend/regression-tests/nsec-wraparound-begin/expected_result.nsec3 (revision 0)
@@ -0,0 +1,11 @@
+1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN NSEC3 86400 1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
+1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1 gnk5kv3h2h1h8ge405j6093608ukp3i5.example.com. IN NSEC3 86400 1 1 1 abcd GNO4LESKG6U7HKEJ9UL71SF1HD7F1P96 A RRSIG
+1 gnk5kv3h2h1h8ge405j6093608ukp3i5.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='zzz.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-wraparound-begin/command
===================================================================
--- modules/remotebackend/regression-tests/nsec-wraparound-begin/command (revision 0)
+++ modules/remotebackend/regression-tests/nsec-wraparound-begin/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+cleandig a.example.com A dnssec
+
Index: modules/remotebackend/regression-tests/nsec-wraparound-begin/expected_result
===================================================================
--- modules/remotebackend/regression-tests/nsec-wraparound-begin/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/nsec-wraparound-begin/expected_result (revision 0)
@@ -0,0 +1,7 @@
+1 example.com. IN NSEC 120 ns1.example.com. NS SOA RRSIG NSEC DNSKEY
+1 example.com. IN RRSIG 120 NSEC 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN RRSIG 120 SOA 8 2 120 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 120 ns1.example.com. hostmaster.example.com. 2000010101 28800 7200 1209600 120
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='a.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-wraparound-begin/description
===================================================================
--- modules/remotebackend/regression-tests/nsec-wraparound-begin/description (revision 0)
+++ modules/remotebackend/regression-tests/nsec-wraparound-begin/description (revision 0)
@@ -0,0 +1,2 @@
+This test verifies that NXDOMAINS beyond the last record of a zone
+generate a correct wraparound NSEC.
Index: modules/remotebackend/regression-tests/nsec-sibling-test/expected_result.narrow
===================================================================
--- modules/remotebackend/regression-tests/nsec-sibling-test/expected_result.narrow (revision 0)
+++ modules/remotebackend/regression-tests/nsec-sibling-test/expected_result.narrow (revision 0)
@@ -0,0 +1,6 @@
+0 jump.up.example.com. IN A 120 192.168.3.1
+0 jump.up.example.com. IN RRSIG 120 A 8 4 120 [expiry] [inception] [keytag] up.example.com. ...
+0 jump.up.example.com. IN RRSIG 120 A 8 4 120 [expiry] [inception] [keytag] up.example.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='jump.up.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-sibling-test/expected_result.nsec3
===================================================================
--- modules/remotebackend/regression-tests/nsec-sibling-test/expected_result.nsec3 (revision 0)
+++ modules/remotebackend/regression-tests/nsec-sibling-test/expected_result.nsec3 (revision 0)
@@ -0,0 +1,6 @@
+0 jump.up.example.com. IN A 120 192.168.3.1
+0 jump.up.example.com. IN RRSIG 120 A 8 4 120 [expiry] [inception] [keytag] up.example.com. ...
+0 jump.up.example.com. IN RRSIG 120 A 8 4 120 [expiry] [inception] [keytag] up.example.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='jump.up.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-sibling-test/command
===================================================================
--- modules/remotebackend/regression-tests/nsec-sibling-test/command (revision 0)
+++ modules/remotebackend/regression-tests/nsec-sibling-test/command (revision 0)
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig jump.up.example.com A dnssec
Index: modules/remotebackend/regression-tests/nsec-sibling-test/expected_result
===================================================================
--- modules/remotebackend/regression-tests/nsec-sibling-test/expected_result (revision 0)
+++ modules/remotebackend/regression-tests/nsec-sibling-test/expected_result (revision 0)
@@ -0,0 +1,6 @@
+0 jump.up.example.com. IN A 120 192.168.3.1
+0 jump.up.example.com. IN RRSIG 120 A 8 4 120 [expiry] [inception] [keytag] up.example.com. ...
+0 jump.up.example.com. IN RRSIG 120 A 8 4 120 [expiry] [inception] [keytag] up.example.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='jump.up.example.com.', qtype=A
Index: modules/remotebackend/regression-tests/nsec-sibling-test/description
===================================================================
--- modules/remotebackend/regression-tests/nsec-sibling-test/description (revision 0)
+++ modules/remotebackend/regression-tests/nsec-sibling-test/description (revision 0)
@@ -0,0 +1 @@
+Tests that DS delegation comes out right
Index: modules/remotebackend/remotebackend.hh
===================================================================
--- modules/remotebackend/remotebackend.hh (revision 2806)
+++ modules/remotebackend/remotebackend.hh (working copy)
@@ -88,6 +88,8 @@
virtual int addDomainKey(const string& name, const KeyData& key);
virtual bool activateDomainKey(const string& name, unsigned int id);
virtual bool deactivateDomainKey(const string& name, unsigned int id);
+ virtual bool getDomainInfo(const string&, DomainInfo&);
+ virtual bool doesDNSSEC();
static DNSBackend *maker();
Index: modules/remotebackend/unixconnector.cc
===================================================================
--- modules/remotebackend/unixconnector.cc (revision 2806)
+++ modules/remotebackend/unixconnector.cc (working copy)
@@ -50,18 +50,22 @@
};
ssize_t write(const std::string &data) {
- ssize_t nwrite, nbuf;
+ ssize_t nwrite, nbuf, pos;
char buf[1500];
Lock scoped_lock(&unix_mutex);
reconnect();
if (!connected) return -1;
- nbuf = data.copy(buf, sizeof buf); // copy data and write
- nwrite = ::write(fd, buf, nbuf);
- if (nwrite == -1) {
- connected = false;
- close(fd);
- return -1;
+ pos = 0;
+ while(pos < data.size()) {
+ nbuf = data.copy(buf, sizeof buf, pos); // copy data and write
+ nwrite = ::write(fd, buf, nbuf);
+ pos = pos + sizeof(buf);
+ if (nwrite == -1) {
+ connected = false;
+ close(fd);
+ return -1;
+ }
}
return nwrite;
};
Index: modules/remotebackend/remotebackend.cc
===================================================================
--- modules/remotebackend/remotebackend.cc (revision 2806)
+++ modules/remotebackend/remotebackend.cc (working copy)
@@ -352,6 +352,10 @@
return answer.asBool();
}
+bool RemoteBackend::doesDNSSEC() {
+ return d_dnssec;
+}
+
bool RemoteBackend::getTSIGKey(const std::string& name, std::string* algorithm, std::string* content) {
Json::Value query,answer;
query["method"] = "getTSIGKey";
@@ -369,6 +373,45 @@
return true;
}
+bool RemoteBackend::getDomainInfo(const string &domain, DomainInfo &di) {
+ Json::Value query,answer;
+ std::string kind;
+ query["method"] = "getDomainInfo";
+ query["parameters"] = Json::Value();
+ query["parameters"]["name"] = domain;
+
+ if (connector->send(query) == false || connector->recv(answer) == false)
+ return false;
+
+ // make sure we got zone & kind
+ if (!answer.isMember("zone")) {
+ L<<Logger::Error<<kBackendId<<"Missing zone in getDomainInfo return value"<<endl;
+ throw new AhuException();
+ }
+ // parse return value. we need at least zone,serial,kind
+ di.id = answer.get("id", Json::Value(-1)).asInt();
+ di.zone = answer["zone"].asString();
+ if (answer.isMember("masters") && answer["masters"].isArray()) {
+ Json::Value value = answer["masters"];
+ for(Json::Value::iterator i = value.begin(); i != value.end(); i++) {
+ di.masters.push_back((*i).asString());
+ }
+ }
+ di.notified_serial = -1;
+ di.serial = answer.get("serial", Json::Value(0)).asInt();
+ di.last_check = 0;
+ kind = answer.get("kind", Json::Value("native")).asString();
+ if (kind == "master") {
+ di.kind = DomainInfo::Master;
+ } else if (kind == "slave") {
+ di.kind = DomainInfo::Slave;
+ } else {
+ di.kind = DomainInfo::Native;
+ }
+ di.backend = this;
+ return true;
+}
+
DNSBackend *RemoteBackend::maker()
{
try {
Index: modules/remotebackend/test_backend.rb
===================================================================
--- modules/remotebackend/test_backend.rb (revision 2806)
+++ modules/remotebackend/test_backend.rb (working copy)
@@ -1,199 +0,0 @@
-#!/usr/bin/ruby
-
-require 'json'
-
-prefix = "2001:06e8:0500:0000"
-
-# domain keys
-
-$domain_keys = [
- {
- :id => 8,
- :flags => 257,
- :active => true,
- :content => "Private-key-format: v1.2
-Algorithm: 8 (RSASHA256)
-Modulus: nFfl3jgFE+KET9PFPVmRCVmGZ+o+Stnqq7AZPAmhSYf96BPqK3t22vKHJhmVla+td94if2XUSggRUDz8YSeIybVNDTCmhF4xNyhAYAeh+HxJQU7CL8jQLs0b86Hd/Ua/s2pmSFSX4vzoAg+1lucLT3AiGYWjrvciFFpWnMyYftqcfTy3Vu/TMA9Kr7tr75CsJ2mzu1rywHsvOErCY8xH6dGd2LCY9ozuOwsgAlou+rOF5W71UPIuomM9QcIdVD2nq8+aHSsKeWk8gabLEsKU0SFFutO/R41lYXiUaFv+zY7r7NmP+d0Wmr0rgnzq2vlV0USQhlDPAsPSVstAuMrjgw==
-PublicExponent: AQAB
-PrivateExponent: kSdnrMbKe7dqfcpDG9WMgYp6BS88A5/a2F2ysv+Ds+Q9cAENXTpPn2yNDd4+sd3pgcmYsjsS6deTr9/YFRXw9bKBKLI80JFdZhKng5hMvYqnBGQmt/Dz4/RE87PVLNIC4/mrFE4Bn2vStnRTu3WY/wURXf3YkgI+IdXsfQTsBNloLiRoVV1QmB4kkHtRXsr02dg4kMhaXA13kT7lsrquCvGoxP++keVJ88AaQA8si30/E+CSgrbCHThUXeL6ErYz6myI5O2RJqodlcEQeXYi2cNkzQJnO3yjXcaSJy2u3tVNE2wXCXf1pwHXyTA4YT1qMbMIABq9TiVW8Q2Kg4sN
-Prime1: wrNo1cyyL/LpO+Das2EQzMbX0ctdy0OPvg3kWZqt2ZEwJjcVe1Vav5ZzSWKQWuT0IytUst7qdTE7lKpWWKDAbxJ4IMcMiMN2iQqE9V/dhIJluIrshupQzdhnXR46MfbazkDuvMTM1Fk4ZOgm3lrJoRvl6EOxl7e9veTwCjKqrA8=
-Prime2: zZDvTPq/Ea7aKa+CNmP7oOYxpvE1fpPV8MRjQ+IMi8VIDHpE72NoSSVoVuSL7fgl7qAFlbJMEtQGIlqUFQkC0sbI6ddb1/Ane+xhH4aPaljtIJQs0GlM/ECz30qZCreyHqaVzXlk9ZrN7HlnIOQ//DV3lCsS8EE1djeQxFThrU0=
-Exponent1: S9uW1uX/7sqXsKq0yvrgjshSQf0YOB/Em2nSNE8duQzmU51Wk0z4JHk7xbXPRHq73A//2gkcFDjwW8XaCoHnN99cSnkDGy38uvwMPYXySrR7aWFHMnGMtgbAjvk990WUjpOh8I5Et99jJ32D11JMCKdT9iCZyuDd3mSaWX7QHGU=
-Exponent2: hiaslG8a3B5gz01zS62KHCG9i3XkdDtkJeDz6uwNRfW0JDhy3krgVsPryLETxHPpxUV2/49A6BSoACledC/SQN1rZnedv1lBWzUS2PEGjN+FuHoamNPvYruS5wiWwZDJ1AjgwBwVz9Z7xnQf4i4yt5Po+q/1hwb3LbPrbMT8Fg0=
-Coefficient: zZDvTPq/Ea7aKa+CNmP7oOYxpvE1fpPV8MRjQ+IMi8VIDHpE72NoSSVoVuSL7fgl7qAFlbJMEtQGIlqUFQkC0sbI6ddb1/Ane+xhH4aPaljtIJQs0GlM/ECz30qZCreyHqaVzXlk9ZrN7HlnIOQ//DV3lCsS8EE1djeQxFThrU0="
- },
- {
- :id => 9,
- :flags => 256,
- :active => true,
- :content => "Private-key-format: v1.2
-Algorithm: 8 (RSASHA256)
-Modulus: 0fcOKzIHcE5K3B3zwu0iAm4Z/cRBH9JX0mMhl9h58i0C8QEK3fK+425MEI/q4P7qGkwB9hJ9TefC5ny3b+F2iSIDTqcrMoRr6/lJO2YH7MyeuAv1T5HMsC7DoCkdaq0xuoOkOtKaVz5/FwSFmCIlCNeboFX3Fq4kCoWsa1m63AE=
-PublicExponent: AQAB
-PrivateExponent: BWc0q6LlcxvorEJvD/CXQ/W+YHvo6x84GFdpuWUeOj+zSC1tMKn7BJJFjdWOR0z4DEYxdLokFFmm99R0ygHE0ZWh7WS1OX5AzqoFczeC0BDLvoAYu6XMvwlYp78ffqlI2qv4ohfew5TYzWCugxIufFsC55i2FoworGBLSFUloaM=
-Prime1: +aIMyvDUAzL/JZDHsPLnawLhy7sfZB4BbtARAYxZ6HSE9MAnFKbQhXQ9yRdGLSZEhe8g5b9tXBvxT8TPIGhwcw==
-Prime2: 11H/gYNtYkloQuRcL2xd3ElxosgncgFvXKY0y4sGyJuEhHJfttaxXCmNfVN9fg5lX18kfxCv4s8rqI+M+rZouw==
-Exponent1: SmrNp34NpfqA52D2tsBizproVwSsgfsT8EXkm/KMJuj9bb0OqXBlPzN868Kdb/41dTvpMbRUVJ4b3OzN1lpsEw==
-Exponent2: zPRiTzd48SuKsNGJ5iIynbLTFe2LjntLM1eJvY2SYXWXCDOOZA2sOVvcMEU+mLS/Ta7UoJaTtUMZ/ZLW0Pa8bQ==
-Coefficient: 11H/gYNtYkloQuRcL2xd3ElxosgncgFvXKY0y4sGyJuEhHJfttaxXCmNfVN9fg5lX18kfxCv4s8rqI+M+rZouw=="
- },
- {
- :id => 10,
- :flags => 256,
- :active => false,
- :content => "Private-key-format: v1.2
-Algorithm: 8 (RSASHA256)
-Modulus: rzJLZNmV+xQLkYWT3PytSYDeE8SovXi9+WCp9MVkWcSj1BgrBbugregqsSQLvz+rGsgc2nK3kqygDhypRMExmd2TRHeIrtcLHZ3nq+mmL/GfE0K6KWS2FJx06ol7v9xG8esLe+TUSAENo2xFR0BFmkiJN+R5hq06Rb0Y7OMSBs8=
-PublicExponent: AQAB
-PrivateExponent: FwH6jMABG6bCQ4DQrlDbS6/felEf/TdXcOHqRU7houMEG4fLqUZpZO1Rzfmh4U0x4fktxjJn5pyXrcLDKAMHHv+DjtPSC4B+49HFOZEHl/522VYw6NyJ+Firk41hbFxIStSFYh47qxKyAwbI/LuyTJE0Au8D+4dl8oFwfh0x+aE=
-Prime1: 0sDZukxVtL4zI9JPvEdBUAXLu4I98GS7xhxiLNeb+iF2+Vvw06igV7+CccMldz/r3gqr9y+NdAloErFvkieLRQ==
-Prime2: 1M822AT25uYwdKiiYuBPQlUIKVuP1paa8y4rh+uDuoHpm9E29hwHr2uLXESOO5YxB0oc8yauNOdH+HGTg8GhAw==
-Exponent1: IOq2Fv7tM/mxCxtCEOogLVt6YqMJAY76NQsh2lciqYKojnHpv2VLBemHejU8mM+HC3snOMhYk5MUijbkcjNy8Q==
-Exponent2: V0LUkUWP3GQ9MEjJtVOXDHMDkrnZxDsjNF4VOXmoHT0SBnOGXupleFfX4DC4RdSzK/MG5elRe53ulAA2Zctq8w==
-Coefficient: 1M822AT25uYwdKiiYuBPQlUIKVuP1paa8y4rh+uDuoHpm9E29hwHr2uLXESOO5YxB0oc8yauNOdH+HGTg8GhAw=="
- }
-]
-
-def to32(number)
- number.to_s(32).tr "0123456789abcdefghijklmnopqrstuv", "ybndrfg8ejkmcpqxot1uwisza345h769"
-end
-
-def from32(str)
- str.tr("0123456789abcdefghijklmnopqrstuv", "ybndrfg8ejkmcpqxot1uwisza345h769").to_i(32)
-end
-
-def rr(qname, qtype, content, ttl, priority = 0, auth = 1)
- {:qname => qname, :qtype => qtype, :content => content, :ttl => ttl, :priority => priority, :auth => auth}
-end
-
-def send_result(result, log = nil)
- out = {:result => result}
- if log.class != Array
- log = [log]
- end
- out[:log] = log unless log.nil?
- print out.to_json
- print "\n"
-end
-
-def send_failure(msg)
- send_result false, [msg]
-end
-
-class Handler
- attr :prefix, :plen, :suffix, :domain
-
- def initialize(prefix)
- @prefix = prefix
- end
-
- def do_initialize(*args)
- # precalculate some things
- tmp = self.prefix.gsub(/[^0-9a-f]/,'')
- @plen = tmp.size
- @suffix = tmp.split(//).reverse.join('.')+".ip6.arpa"
- @domain = "dyn.example.com"
- send_result true, "Autorev v6 backend initialized"
- end
-
- def do_getbeforeandafternamesabsolute(args)
- qname = args["qname"]
- # assume prefix
- name = qname.gsub(/ /,'')
- nlen = 32-self.plen
-
- name_a = nil
- name_b = nil
- unhashed = nil
-
- if name == ''
- name_a = sprintf("%0#{nlen}x",0).split(//).join(' ')
- elsif name.size < nlen
- name_a = sprintf("%0#{nlen}x",0).split(//).join(' ')
- else
- unhashed = sprintf("%0#{nlen}x",name.to_i(16)).split(//).join(' ')
- if (name.to_i(16) > 0)
- name_b = sprintf("%0#{nlen}x",(name.to_i(16)-1)).split(//).join ' '
- end
- unless (name[/[^f]/].nil?)
- name_a = sprintf("%0#{nlen}x",(name.to_i(16)+1)).split(//).join ' '
- end
- end
- send_result ({:before => name_b, :after => name_a, :unhashed => unhashed})
- end
-
- def do_getbeforeandafternames(args)
- self.do_getbeforeandafternamesabsolute(args)
- end
-
- def do_getdomainkeys(args)
- if args["name"] == self.suffix
- send_result $domain_keys
- else
- send_result false
- end
- end
-
- def do_lookup(args)
- qtype = args["qtype"]
- qname = args["qname"]
-
- if qname[/.ip6.arpa$/]
- if qname == self.suffix
- ret = []
- if (qtype != "SOA")
- ret << rr(qname, "NS", "ns1.example.com",300)
- ret << rr(qname, "NS", "ns2.example.com",300)
- ret << rr(qname, "NS", "ns3.example.com",300)
- end
- ret << rr(qname,"SOA","ns1.example.com hostmaster.example.com #{Time.now.strftime("%Y%m%d%H")} 28800 7200 1209600 300",300)
- return send_result ret
- elsif qtype == "ANY" or qtype == "PTR"
- # assume suffix
- name = qname.gsub(self.suffix,"").split(".").reverse.join("")
- if name.empty? or name.size != 32-plen
- return send_result false
- end
- name = to32(name.to_i(16))
- return send_result [rr(qname, "PTR", "node-#{name}.#{self.domain}", 300)]
- end
- end
- send_result false
- end
-
- def do_getdomainmetadata(args)
- name = args["name"]
- kind = args["kind"]
- send_result false
- end
-end
-
-h = Handler.new(prefix)
-
-STDOUT.sync = true
-begin
- STDIN.each_line do |line|
- # expect json
- input = {}
- line = line.strip
- next if line.empty?
- begin
- input = JSON.parse(line)
- method = "do_#{input["method"].downcase}"
- args = input["parameters"]
-
- if h.respond_to?(method.to_sym) == false
- res = false
- send_result res, nil
- elsif args.size > 0
- h.send(method,args)
- else
- h.send(method)
- end
- rescue JSON::ParserError
- send_failure "Cannot parse input #{line}"
- next
- end
- end
-rescue SystemExit, Interrupt
-end
Index: modules/remotebackend/pipeconnector.cc
===================================================================
--- modules/remotebackend/pipeconnector.cc (revision 2806)
+++ modules/remotebackend/pipeconnector.cc (working copy)
@@ -1,6 +1,10 @@
#include "remotebackend.hh"
PipeConnector::PipeConnector(std::map<std::string,std::string> options) {
+ if (options.count("command") == 0) {
+ L<<Logger::Error<<"Cannot find 'command' option in connection string"<<endl;
+ throw new AhuException();
+ }
this->command = options.find("command")->second;
this->options = options;
this->coproc = NULL;
Index: modules/remotebackend/httpconnector.cc
===================================================================
--- modules/remotebackend/httpconnector.cc (revision 2806)
+++ modules/remotebackend/httpconnector.cc (working copy)
@@ -57,8 +57,12 @@
ss << "/" << method;
- // add the url components, if found, in following order
-
+ // add the url components, if found, in following order.
+ // id must be first due to the fact that the qname/name can be empty
+ if ((param = parameters.get("id", Json::Value())).isNull() == false) {
+ json2string(param, sparam);
+ ss << "/" << sparam;
+ }
if ((param = parameters.get("zonename", Json::Value())).isNull() == false) {
json2string(param, sparam);
ss << "/" << sparam;
@@ -83,11 +87,6 @@
ss << "/" << sparam;
}
- if ((param = parameters.get("id", Json::Value())).isNull() == false) {
- json2string(param, sparam);
- ss << "/" << sparam;
- }
-
// finally add suffix
ss << d_url_suffix;
curl_easy_setopt(d_c, CURLOPT_URL, ss.str().c_str());
@@ -102,7 +101,7 @@
// create post with keydata
std::stringstream ss2;
param = parameters["key"];
- ss2 << "flags" << param["flags"].asUInt() << "&active" << (param["active"].asBool() ? 1 : 0) << "&content=";
+ ss2 << "flags=" << param["flags"].asUInt() << "&active=" << (param["active"].asBool() ? 1 : 0) << "&content=";
tmpstr = curl_easy_escape(d_c, param["content"].asCString(), 0);
ss2 << tmpstr;
sparam = ss2.str();
Index: regression-tests/start-test-stop
===================================================================
--- regression-tests/start-test-stop (revision 2806)
+++ regression-tests/start-test-stop (working copy)
@@ -44,6 +44,8 @@
tinydns
remotebackend-pipe remotebackend-unix remotebackend-http
remotebackend-pipe-dnssec remotebackend-unix-dnssec remotebackend-http-dnssec
+remotebackend-pipe-nsec3 remotebackend-unix-nsec3 remotebackend-http-nsec3
+remotebackend-pipe-nsec3-narrow remotebackend-unix-nsec3-narrow remotebackend-http-nsec3-narrow
add -presigned to any gmysql test (except narrow) to test
presigned operation
@@ -354,20 +356,26 @@
remotebackend-*)
remotetype=$(echo $context | cut -d- -f 2)
remotesec=$(echo $context | cut -d- -f 3)
+ narrow=$(echo $context | cut -d- -f 4)
+ testsdir=../modules/remotebackend/regression-tests/
case $remotetype in
http)
connstr="http:url=http://localhost:62434/dns"
- ../modules/remotebackend/regression-tests/http-backend.rb &
+ rm -f remotebackend-server.log
+ rm -f remotebackend-access.log
+ $testsdir/http-backend.rb &
echo $! > pdns-remotebackend.pid
+ # make sure it runs before continuing
+ sleep 2
;;
unix)
connstr="unix:path=/tmp/remote.socket"
- socat unix-listen:/tmp/remote.socket exec:../modules/remotebackend/regression-tests/pipe-backend.rb &
+ socat unix-listen:/tmp/remote.socket,fork exec:$testsdir/unix-backend.rb &
echo $! > pdns-remotebackend.pid
;;
pipe)
- connstr="pipe:command=../modules/remotebackend/regression-tests/pipe-backend.rb"
+ connstr="pipe:command=$testsdir/pipe-backend.rb"
;;
*)
echo "Invalid usage"
@@ -375,25 +383,67 @@
;;
esac
- if [ "$remotesec" = "dnssec" ]; then
- remote_add_param="--remote-dnssec=yes"
+ skipreasons="nodnssec"
+
+ if [ "$remotesec" = "nsec3" ]; then
+ remotedosec="yes"
+ if [ "$narrow" = "narrow" ]; then
+ extracontexts="dnssec nsec3 narrow"
+ skipreasons="narrow nsec3"
+ else
+ extracontexts="dnssec nsec3"
+ skipreasons="nsec3"
+ fi
+ remote_add_param="--remote-dnssec=yes"
+ else
+ if [ "$remotesec" = "dnssec" ]; then
+ remotedosec="yes"
+ remote_add_param="--remote-dnssec=yes"
+ extracontexts="dnssec"
+ skipreasons="nonsec3 nonarrow"
+ fi
fi
+ # generate pdns.conf for pdnssec
+ cat > pdns.conf <<EOF
+launch=remote
+remote-connection-string=$connstr
+EOF
+
$RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./ \
--no-shuffle --launch=remote \
--query-logging --loglevel=9 --cache-ttl=0 --no-config \
--send-root-referral \
--remote-connection-string="$connstr" $remote_add_param &
- if [ "$remotesec" = "dnssec" ]
- then
- extracontexts="dnssec"
- else
- skipreasons="nodnssec"
+ echo "Setting up test database..."
+ # setup test database
+ rm -f $testsdir/remote.sqlite3
+ sqlite3 $testsdir/remote.sqlite3 < $testsdir/test-schema.sql
+ chmod 0666 $testsdir/remote.sqlite3
+ if [ "$remotedosec" = "yes" ]; then
+ echo "remote-dnssec=yes" >> pdns.conf
+ ../pdns/pdnssec --config-dir=. import-zone-key example.com $testsdir/example.com.ksk ksk
+ ../pdns/pdnssec --config-dir=. import-zone-key example.com $testsdir/example.com.zsk.1 zsk
+ ../pdns/pdnssec --config-dir=. import-zone-key example.com $testsdir/example.com.zsk.2 zsk
+ ../pdns/pdnssec --config-dir=. activate-zone-key example.com 1
+ ../pdns/pdnssec --config-dir=. activate-zone-key example.com 2
+ ../pdns/pdnssec --config-dir=. deactivate-zone-key example.com 3
+
+ ../pdns/pdnssec --config-dir=. import-zone-key up.example.com $testsdir/up.example.com.ksk ksk
+ ../pdns/pdnssec --config-dir=. import-zone-key up.example.com $testsdir/up.example.com.zsk.1 zsk
+ ../pdns/pdnssec --config-dir=. import-zone-key up.example.com $testsdir/up.example.com.zsk.2 zsk
+ ../pdns/pdnssec --config-dir=. activate-zone-key example.com 4
+ ../pdns/pdnssec --config-dir=. activate-zone-key example.com 5
+ ../pdns/pdnssec --config-dir=. deactivate-zone-key example.com 6
+
+ if [ "$remotesec" = "nsec3" ]; then
+ ../pdns/pdnssec --config-dir=. set-nsec3 example.com
+ ../pdns/pdnssec --config-dir=. set-nsec3 up.example.com
+ fi
+
fi
- testsdir=../modules/remotebackend/regression-tests/
-
;;
*)
echo unknown context $context
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment