diff options
| author | Kiran Vemula <vemulakiran@gmail.com> | 2023-06-08 15:12:11 +0200 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-06-16 11:20:15 +0200 |
| commit | 5ed91481abea382dc486507556e5cdf0f36b796f (patch) | |
| tree | 41ed73ce4557e4c7d7f9d1809c98c7abd44b08d2 /test | |
| parent | Merge pull request #23391 from yuwata/meson-bump-required-version (diff) | |
| download | systemd-5ed91481abea382dc486507556e5cdf0f36b796f.tar.xz systemd-5ed91481abea382dc486507556e5cdf0f36b796f.zip | |
resolved: added serve stale feature implementation of RFC 8767
serve stale feature to keep the DNS resource records beyond TTL to return them as stale records in case of upstream server is not reachable or returns negative response.
SD_RESOLVED_NO_STALE flag has been added to disable serving stale records via dbus.
added serve stale test cases to TEST-75-RESOLVED
Fixes: #21815
Diffstat (limited to 'test')
| -rwxr-xr-x | test/TEST-75-RESOLVED/test.sh | 5 | ||||
| -rw-r--r-- | test/knot-data/zones/unsigned.test.zone | 1 | ||||
| -rwxr-xr-x | test/units/testsuite-75.sh | 63 |
3 files changed, 69 insertions, 0 deletions
diff --git a/test/TEST-75-RESOLVED/test.sh b/test/TEST-75-RESOLVED/test.sh index cbb9e3dbbf..55a9f1b358 100755 --- a/test/TEST-75-RESOLVED/test.sh +++ b/test/TEST-75-RESOLVED/test.sh @@ -36,6 +36,11 @@ test_append_files() { # Install DNS-related utilities (usually found in the bind-utils package) image_install delv dig host nslookup + + if command -v nft >/dev/null; then + # Install nftables + image_install nft + fi } do_test "$@" diff --git a/test/knot-data/zones/unsigned.test.zone b/test/knot-data/zones/unsigned.test.zone index c5445d7672..ffa70d6c7a 100644 --- a/test/knot-data/zones/unsigned.test.zone +++ b/test/knot-data/zones/unsigned.test.zone @@ -20,3 +20,4 @@ ns1 AAAA fd00:dead:beef:cafe::1 A 10.0.0.101 AAAA fd00:dead:beef:cafe::101 mail A 10.0.0.111 +stale1 1 A 10.0.0.112 diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh index 24af11b589..ddea2e93e4 100755 --- a/test/units/testsuite-75.sh +++ b/test/units/testsuite-75.sh @@ -515,5 +515,68 @@ grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT" systemctl stop resmontest.service +# Test serve stale feature if nftables is installed +if command -v nft >/dev/null; then + ### Test without serve stale feature ### + NFT_FILTER_NAME=dns_port_filter + + drop_dns_outbound_traffic() { + nft add table inet $NFT_FILTER_NAME + nft add chain inet $NFT_FILTER_NAME output \{ type filter hook output priority 0 \; \} + nft add rule inet $NFT_FILTER_NAME output ip daddr 10.0.0.1 udp dport 53 drop + nft add rule inet $NFT_FILTER_NAME output ip daddr 10.0.0.1 tcp dport 53 drop + nft add rule inet $NFT_FILTER_NAME output ip6 daddr fd00:dead:beef:cafe::1 udp dport 53 drop + nft add rule inet $NFT_FILTER_NAME output ip6 daddr fd00:dead:beef:cafe::1 tcp dport 53 drop + } + + run dig stale1.unsigned.test -t A + grep -qE "NOERROR" "$RUN_OUT" + sleep 2 + drop_dns_outbound_traffic + set +e + run dig stale1.unsigned.test -t A + set -eux + grep -qE "no servers could be reached" "$RUN_OUT" + nft flush ruleset + + ### Test TIMEOUT with serve stale feature ### + + mkdir -p /run/systemd/resolved.conf.d + { + echo "[Resolve]" + echo "StaleRetentionSec=1d" + } >/run/systemd/resolved.conf.d/test.conf + ln -svf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf + systemctl restart systemd-resolved.service + systemctl service-log-level systemd-resolved.service debug + + run dig stale1.unsigned.test -t A + grep -qE "NOERROR" "$RUN_OUT" + sleep 2 + drop_dns_outbound_traffic + run dig stale1.unsigned.test -t A + grep -qE "NOERROR" "$RUN_OUT" + grep -qE "10.0.0.112" "$RUN_OUT" + + nft flush ruleset + + ### Test NXDOMAIN with serve stale feature ### + # NXDOMAIN response should replace the cache with NXDOMAIN response + run dig stale1.unsigned.test -t A + grep -qE "NOERROR" "$RUN_OUT" + # Delete stale1 record from zone + knotc zone-begin unsigned.test + knotc zone-unset unsigned.test stale1 A + knotc zone-commit unsigned.test + knotc reload + sleep 2 + run dig stale1.unsigned.test -t A + grep -qE "NXDOMAIN" "$RUN_OUT" + + nft flush ruleset +else + echo "nftables is not installed. Skipped serve stale feature test." +fi + touch /testok rm /failed |