|
 |
9abc64 |
From a64853318ade406ef0db744918bb2828cf0a6247 Mon Sep 17 00:00:00 2001
|
|
|
9abc64 |
From: Stephen Morris <stephen@isc.org>
|
|
|
9abc64 |
Date: Thu, 5 Mar 2020 18:46:46 +0000
|
|
|
9abc64 |
Subject: [PATCH] Add test for reduction in number of fetches
|
|
|
9abc64 |
|
|
|
9abc64 |
Add a system test that counts how many address fetches are made
|
|
|
9abc64 |
for different numbers of NS records and checks that the number
|
|
|
9abc64 |
are successfully limited.
|
|
|
9abc64 |
|
|
|
9abc64 |
(cherry picked from commit 5fb65f45443225180296b361a12be0fead5049f2)
|
|
|
9abc64 |
---
|
|
|
9abc64 |
bin/tests/system/resolver/clean.sh | 4 +-
|
|
|
9abc64 |
bin/tests/system/resolver/ns4/named.conf.in | 5 ++
|
|
|
9abc64 |
bin/tests/system/resolver/ns4/root.db | 4 +
|
|
|
9abc64 |
bin/tests/system/resolver/ns4/sourcens.db | 89 +++++++++++++++++++++
|
|
|
9abc64 |
bin/tests/system/resolver/ns5/named.conf.in | 9 ++-
|
|
|
9abc64 |
bin/tests/system/resolver/ns6/named.conf.in | 15 ++++
|
|
|
9abc64 |
bin/tests/system/resolver/ns6/targetns.db | 23 ++++++
|
|
|
9abc64 |
bin/tests/system/resolver/tests.sh | 34 ++++++++
|
|
|
9abc64 |
8 files changed, 180 insertions(+), 3 deletions(-)
|
|
|
9abc64 |
create mode 100644 bin/tests/system/resolver/ns4/sourcens.db
|
|
|
9abc64 |
create mode 100644 bin/tests/system/resolver/ns6/targetns.db
|
|
|
9abc64 |
|
|
|
9abc64 |
diff --git a/bin/tests/system/resolver/clean.sh b/bin/tests/system/resolver/clean.sh
|
|
|
9abc64 |
index 4dfde1f3e7..b3e4bc0b5d 100644
|
|
|
9abc64 |
--- a/bin/tests/system/resolver/clean.sh
|
|
|
9abc64 |
+++ b/bin/tests/system/resolver/clean.sh
|
|
|
9abc64 |
@@ -17,8 +17,7 @@ rm -f */named.memstats
|
|
|
9abc64 |
rm -f */named.run
|
|
|
9abc64 |
rm -f */ans.run
|
|
|
9abc64 |
rm -f */*.jdb
|
|
|
9abc64 |
-rm -f dig.out dig.out.*
|
|
|
9abc64 |
-rm -f dig.*.out.*
|
|
|
9abc64 |
+rm -f dig.out dig.out.* dig.*.out.*
|
|
|
9abc64 |
rm -f dig.*.foo.*
|
|
|
9abc64 |
rm -f dig.*.bar.*
|
|
|
9abc64 |
rm -f dig.*.prime.*
|
|
|
9abc64 |
@@ -28,6 +27,7 @@ rm -f ns6/example.net.db.signed ns6/example.net.db
|
|
|
9abc64 |
rm -f ns6/ds.example.net.db.signed ns6/ds.example.net.db
|
|
|
9abc64 |
rm -f ns6/dsset-ds.example.net*
|
|
|
9abc64 |
rm -f ns6/dsset-example.net* ns6/example.net.db.signed.jnl
|
|
|
9abc64 |
+rm -f ns6/named.stats*
|
|
|
9abc64 |
rm -f ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
|
|
|
9abc64 |
rm -f ns7/server.db ns7/server.db.jnl
|
|
|
9abc64 |
rm -f resolve.out.*.test*
|
|
|
9abc64 |
diff --git a/bin/tests/system/resolver/ns4/named.conf.in b/bin/tests/system/resolver/ns4/named.conf.in
|
|
|
9abc64 |
index c679dc3151..56fe5d0dd8 100644
|
|
|
9abc64 |
--- a/bin/tests/system/resolver/ns4/named.conf.in
|
|
|
9abc64 |
+++ b/bin/tests/system/resolver/ns4/named.conf.in
|
|
|
9abc64 |
@@ -50,6 +50,11 @@ zone "broken" {
|
|
|
9abc64 |
file "broken.db";
|
|
|
9abc64 |
};
|
|
|
9abc64 |
|
|
|
9abc64 |
+zone "sourcens" {
|
|
|
9abc64 |
+ type master;
|
|
|
9abc64 |
+ file "sourcens.db";
|
|
|
9abc64 |
+};
|
|
|
9abc64 |
+
|
|
|
9abc64 |
key rndc_key {
|
|
|
9abc64 |
secret "1234abcd8765";
|
|
|
9abc64 |
algorithm hmac-sha256;
|
|
|
9abc64 |
diff --git a/bin/tests/system/resolver/ns4/root.db b/bin/tests/system/resolver/ns4/root.db
|
|
|
9abc64 |
index 721765d1be..ae541340da 100644
|
|
|
9abc64 |
--- a/bin/tests/system/resolver/ns4/root.db
|
|
|
9abc64 |
+++ b/bin/tests/system/resolver/ns4/root.db
|
|
|
9abc64 |
@@ -24,3 +24,7 @@ example.net. NS ns.example.net.
|
|
|
9abc64 |
ns.example.net. A 10.53.0.6
|
|
|
9abc64 |
no-questions. NS ns.no-questions.
|
|
|
9abc64 |
ns.no-questions. A 10.53.0.8
|
|
|
9abc64 |
+sourcens. NS ns.sourcens.
|
|
|
9abc64 |
+ns.sourcens. A 10.53.0.4
|
|
|
9abc64 |
+targetns. NS ns.targetns.
|
|
|
9abc64 |
+ns.targetns. A 10.53.0.6
|
|
|
9abc64 |
diff --git a/bin/tests/system/resolver/ns4/sourcens.db b/bin/tests/system/resolver/ns4/sourcens.db
|
|
|
9abc64 |
new file mode 100644
|
|
|
9abc64 |
index 0000000000..b02cc6e835
|
|
|
9abc64 |
--- /dev/null
|
|
|
9abc64 |
+++ b/bin/tests/system/resolver/ns4/sourcens.db
|
|
|
9abc64 |
@@ -0,0 +1,89 @@
|
|
|
9abc64 |
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
9abc64 |
+;
|
|
|
9abc64 |
+; This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
9abc64 |
+; License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
9abc64 |
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
9abc64 |
+;
|
|
|
9abc64 |
+; See the COPYRIGHT file distributed with this work for additional
|
|
|
9abc64 |
+; information regarding copyright ownership.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+; This zone contains a set of delegations with varying numbers of NS
|
|
|
9abc64 |
+; records. This is used to check that BIND is limiting the number of
|
|
|
9abc64 |
+; NS records it follows when resolving a delegation. It tests all
|
|
|
9abc64 |
+; numbers of NS records up to twice the number followed.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+$TTL 60
|
|
|
9abc64 |
+@ IN SOA marka.isc.org. ns.server. (
|
|
|
9abc64 |
+ 2010 ; serial
|
|
|
9abc64 |
+ 600 ; refresh
|
|
|
9abc64 |
+ 600 ; retry
|
|
|
9abc64 |
+ 1200 ; expire
|
|
|
9abc64 |
+ 600 ; minimum
|
|
|
9abc64 |
+ )
|
|
|
9abc64 |
+@ NS ns
|
|
|
9abc64 |
+ns A 10.53.0.4
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target1 NS ns.fake11.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target2 NS ns.fake21.targetns.
|
|
|
9abc64 |
+ NS ns.fake22.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target3 NS ns.fake31.targetns.
|
|
|
9abc64 |
+ NS ns.fake32.targetns.
|
|
|
9abc64 |
+ NS ns.fake33.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target4 NS ns.fake41.targetns.
|
|
|
9abc64 |
+ NS ns.fake42.targetns.
|
|
|
9abc64 |
+ NS ns.fake43.targetns.
|
|
|
9abc64 |
+ NS ns.fake44.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target5 NS ns.fake51.targetns.
|
|
|
9abc64 |
+ NS ns.fake52.targetns.
|
|
|
9abc64 |
+ NS ns.fake53.targetns.
|
|
|
9abc64 |
+ NS ns.fake54.targetns.
|
|
|
9abc64 |
+ NS ns.fake55.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target6 NS ns.fake61.targetns.
|
|
|
9abc64 |
+ NS ns.fake62.targetns.
|
|
|
9abc64 |
+ NS ns.fake63.targetns.
|
|
|
9abc64 |
+ NS ns.fake64.targetns.
|
|
|
9abc64 |
+ NS ns.fake65.targetns.
|
|
|
9abc64 |
+ NS ns.fake66.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target7 NS ns.fake71.targetns.
|
|
|
9abc64 |
+ NS ns.fake72.targetns.
|
|
|
9abc64 |
+ NS ns.fake73.targetns.
|
|
|
9abc64 |
+ NS ns.fake74.targetns.
|
|
|
9abc64 |
+ NS ns.fake75.targetns.
|
|
|
9abc64 |
+ NS ns.fake76.targetns.
|
|
|
9abc64 |
+ NS ns.fake77.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target8 NS ns.fake81.targetns.
|
|
|
9abc64 |
+ NS ns.fake82.targetns.
|
|
|
9abc64 |
+ NS ns.fake83.targetns.
|
|
|
9abc64 |
+ NS ns.fake84.targetns.
|
|
|
9abc64 |
+ NS ns.fake85.targetns.
|
|
|
9abc64 |
+ NS ns.fake86.targetns.
|
|
|
9abc64 |
+ NS ns.fake87.targetns.
|
|
|
9abc64 |
+ NS ns.fake88.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target9 NS ns.fake91.targetns.
|
|
|
9abc64 |
+ NS ns.fake92.targetns.
|
|
|
9abc64 |
+ NS ns.fake93.targetns.
|
|
|
9abc64 |
+ NS ns.fake94.targetns.
|
|
|
9abc64 |
+ NS ns.fake95.targetns.
|
|
|
9abc64 |
+ NS ns.fake96.targetns.
|
|
|
9abc64 |
+ NS ns.fake97.targetns.
|
|
|
9abc64 |
+ NS ns.fake98.targetns.
|
|
|
9abc64 |
+ NS ns.fake99.targetns.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+target10 NS ns.fake101.targetns.
|
|
|
9abc64 |
+ NS ns.fake102.targetns.
|
|
|
9abc64 |
+ NS ns.fake103.targetns.
|
|
|
9abc64 |
+ NS ns.fake104.targetns.
|
|
|
9abc64 |
+ NS ns.fake105.targetns.
|
|
|
9abc64 |
+ NS ns.fake106.targetns.
|
|
|
9abc64 |
+ NS ns.fake107.targetns.
|
|
|
9abc64 |
+ NS ns.fake108.targetns.
|
|
|
9abc64 |
+ NS ns.fake109.targetns.
|
|
|
9abc64 |
+ NS ns.fake1010.targetns.
|
|
|
9abc64 |
diff --git a/bin/tests/system/resolver/ns5/named.conf.in b/bin/tests/system/resolver/ns5/named.conf.in
|
|
|
9abc64 |
index 07205c9938..90818e4556 100644
|
|
|
9abc64 |
--- a/bin/tests/system/resolver/ns5/named.conf.in
|
|
|
9abc64 |
+++ b/bin/tests/system/resolver/ns5/named.conf.in
|
|
|
9abc64 |
@@ -46,4 +46,11 @@ zone "delegation-only" {
|
|
|
9abc64 |
type delegation-only;
|
|
|
9abc64 |
};
|
|
|
9abc64 |
|
|
|
9abc64 |
-include "trusted.conf";
|
|
|
9abc64 |
+key rndc_key {
|
|
|
9abc64 |
+ secret "1234abcd8765";
|
|
|
9abc64 |
+ algorithm hmac-sha256;
|
|
|
9abc64 |
+};
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+controls {
|
|
|
9abc64 |
+ inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
|
|
9abc64 |
+};
|
|
|
9abc64 |
diff --git a/bin/tests/system/resolver/ns6/named.conf.in b/bin/tests/system/resolver/ns6/named.conf.in
|
|
|
9abc64 |
index 7df48558b8..4b01f9ba14 100644
|
|
|
9abc64 |
--- a/bin/tests/system/resolver/ns6/named.conf.in
|
|
|
9abc64 |
+++ b/bin/tests/system/resolver/ns6/named.conf.in
|
|
|
9abc64 |
@@ -22,6 +22,7 @@ options {
|
|
|
9abc64 |
recursion no;
|
|
|
9abc64 |
// minimal-responses yes;
|
|
|
9abc64 |
querylog yes;
|
|
|
9abc64 |
+ statistics-file "named.stats";
|
|
|
9abc64 |
/*
|
|
|
9abc64 |
* test that named loads with root-delegation-only that
|
|
|
9abc64 |
* has a exclude list.
|
|
|
9abc64 |
@@ -67,3 +68,17 @@ zone "delegation-only" {
|
|
|
9abc64 |
type master;
|
|
|
9abc64 |
file "delegation-only.db";
|
|
|
9abc64 |
};
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+zone "targetns" {
|
|
|
9abc64 |
+ type master;
|
|
|
9abc64 |
+ file "targetns.db";
|
|
|
9abc64 |
+};
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+key rndc_key {
|
|
|
9abc64 |
+ secret "1234abcd8765";
|
|
|
9abc64 |
+ algorithm hmac-sha256;
|
|
|
9abc64 |
+};
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+controls {
|
|
|
9abc64 |
+ inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
|
|
9abc64 |
+};
|
|
|
9abc64 |
diff --git a/bin/tests/system/resolver/ns6/targetns.db b/bin/tests/system/resolver/ns6/targetns.db
|
|
|
9abc64 |
new file mode 100644
|
|
|
9abc64 |
index 0000000000..036e64580b
|
|
|
9abc64 |
--- /dev/null
|
|
|
9abc64 |
+++ b/bin/tests/system/resolver/ns6/targetns.db
|
|
|
9abc64 |
@@ -0,0 +1,23 @@
|
|
|
9abc64 |
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
9abc64 |
+;
|
|
|
9abc64 |
+; This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
9abc64 |
+; License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
9abc64 |
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
9abc64 |
+;
|
|
|
9abc64 |
+; See the COPYRIGHT file distributed with this work for additional
|
|
|
9abc64 |
+; information regarding copyright ownership.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+; In the test for checking how many NS records BIND will follow, this
|
|
|
9abc64 |
+; zone marks the server as the one to which the NS lookups will be
|
|
|
9abc64 |
+; directed.
|
|
|
9abc64 |
+
|
|
|
9abc64 |
+$TTL 300
|
|
|
9abc64 |
+@ IN SOA marka.isc.org. ns.server. (
|
|
|
9abc64 |
+ 2010 ; serial
|
|
|
9abc64 |
+ 600 ; refresh
|
|
|
9abc64 |
+ 600 ; retry
|
|
|
9abc64 |
+ 1200 ; expire
|
|
|
9abc64 |
+ 600 ; minimum
|
|
|
9abc64 |
+ )
|
|
|
9abc64 |
+ NS ns
|
|
|
9abc64 |
+ns A 10.53.0.6
|
|
|
9abc64 |
diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
|
|
|
9abc64 |
index 12d2819e30..178ba4d79b 100755
|
|
|
9abc64 |
--- a/bin/tests/system/resolver/tests.sh
|
|
|
9abc64 |
+++ b/bin/tests/system/resolver/tests.sh
|
|
|
9abc64 |
@@ -247,6 +247,40 @@ if [ -x ${RESOLVE} ] ; then
|
|
|
9abc64 |
status=`expr $status + $ret`
|
|
|
9abc64 |
fi
|
|
|
9abc64 |
|
|
|
9abc64 |
+n=`expr $n + 1`
|
|
|
9abc64 |
+echo_i "check that the resolver limits the number of NS records it follows in a referral response ($n)"
|
|
|
9abc64 |
+# ns5 is the recusor being tested. ns4 holds the sourcens zone containing names with varying numbers of NS
|
|
|
9abc64 |
+# records pointing to non-existent nameservers in the targetns zone on ns6.
|
|
|
9abc64 |
+ret=0
|
|
|
9abc64 |
+$RNDCCMD 10.53.0.5 flush || ret=1 # Ensure cache is empty before doing this test
|
|
|
9abc64 |
+for nscount in 1 2 3 4 5 6 7 8 9 10
|
|
|
9abc64 |
+do
|
|
|
9abc64 |
+ # Verify number of NS records at source server
|
|
|
9abc64 |
+ $DIG $DIGOPTS +norecurse @10.53.0.4 target${nscount}.sourcens ns > dig.ns4.out.${nscount}.${n}
|
|
|
9abc64 |
+ sourcerecs=`grep NS dig.ns4.out.${nscount}.${n} | grep -v ';' | wc -l`
|
|
|
9abc64 |
+ test $sourcerecs -eq $nscount || ret=1
|
|
|
9abc64 |
+ test $sourcerecs -eq $nscount || echo_i "NS count incorrect for target${nscount}.sourcens"
|
|
|
9abc64 |
+ # Expected queries = 2 * number of NS records, up to a maximum of 10.
|
|
|
9abc64 |
+ expected=`expr 2 \* $nscount`
|
|
|
9abc64 |
+ if [ $expected -gt 10 ]; then expected=10; fi
|
|
|
9abc64 |
+ # Work out the queries made by checking statistics on the target before and after the test
|
|
|
9abc64 |
+ $RNDCCMD 10.53.0.6 stats || ret=1
|
|
|
9abc64 |
+ initial_count=`awk '/responses sent/ {print $1}' ns6/named.stats`
|
|
|
9abc64 |
+ mv ns6/named.stats ns6/named.stats.initial.${nscount}.${n}
|
|
|
9abc64 |
+ $DIG $DIGOPTS @10.53.0.5 target${nscount}.sourcens A > dig.ns5.out.${nscount}.${n} || ret=1
|
|
|
9abc64 |
+ $RNDCCMD 10.53.0.6 stats || ret=1
|
|
|
9abc64 |
+ final_count=`awk '/responses sent/ {print $1}' ns6/named.stats`
|
|
|
9abc64 |
+ mv ns6/named.stats ns6/named.stats.final.${nscount}.${n}
|
|
|
9abc64 |
+ # Check number of queries during the test is as expected
|
|
|
9abc64 |
+ actual=`expr $final_count - $initial_count`
|
|
|
9abc64 |
+ if [ $actual -ne $expected ]; then
|
|
|
9abc64 |
+ echo_i "query count error: $nscount NS records: expected queries $expected, actual $actual"
|
|
|
9abc64 |
+ ret=1
|
|
|
9abc64 |
+ fi
|
|
|
9abc64 |
+done
|
|
|
9abc64 |
+if [ $ret != 0 ]; then echo_i "failed"; fi
|
|
|
9abc64 |
+status=`expr $status + $ret`
|
|
|
9abc64 |
+
|
|
|
9abc64 |
n=`expr $n + 1`
|
|
|
9abc64 |
echo_i "RT21594 regression test check setup ($n)"
|
|
|
9abc64 |
ret=0
|
|
|
9abc64 |
--
|
|
|
9abc64 |
2.21.1
|
|
|
9abc64 |
|