prefill: tests for zone import

7 files changed, 249 insertions, 0 deletions

diff --git a/modules/prefill/prefill.test/empty.zone b/modules/prefill/prefill.test/empty.zone
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/modules/prefill/prefill.test/empty.zone
diff --git a/modules/prefill/prefill.test/example.com.zone b/modules/prefill/prefill.test/example.com.zone
new file mode 100644
index 00000000..1ff71ebe
--- /dev/null
+++ b/modules/prefill/prefill.test/example.com.zone
@@ -0,0 +1,11 @@
+$ORIGIN example.com.
+$TTL 3600
+
+@	SOA	dns1.example.com. hostmaster.example.com. (
+		2010111213	; serial
+		6h		; refresh
+		1h		; retry
+		1w		; expire
+		1d )		; minimum
+
+	NS	dns1
diff --git a/modules/prefill/prefill.test/prefill.test.lua b/modules/prefill/prefill.test/prefill.test.lua
new file mode 100644
index 00000000..c5c36767
--- /dev/null
+++ b/modules/prefill/prefill.test/prefill.test.lua
@@ -0,0 +1,129 @@
+-- unload modules which are not related to this test
+if ta_signal_query then
+        modules.unload('ta_signal_query')
+end
+if priming then
+        modules.unload('priming')
+end
+if detect_time_skew then
+        modules.unload('detect_time_skew')
+end
+
+-- test. domain is used by some tests, allow it
+policy.add(policy.suffix(policy.PASS, {todname('test.')}))
+
+cache.size = 2*MB
+-- verbose(true)
+
+-- Self-checks on globals
+assert(help() ~= nil)
+assert(worker.id ~= nil)
+-- Self-checks on facilities
+assert(cache.stats() ~= nil)
+assert(cache.backends() ~= nil)
+assert(worker.stats() ~= nil)
+assert(net.interfaces() ~= nil)
+-- Self-checks on loaded stuff
+assert(#modules.list() > 0)
+-- Self-check timers
+ev = event.recurrent(1 * sec, function () return 1 end)
+event.cancel(ev)
+ev = event.after(0, function () return 1 end)
+
+
+-- Import fake root zone; avoid interference with configured keyfile_default.
+trust_anchors.remove('.')
+trust_anchors.add('.    IN DS 136 8 2 CF6782894E5BD62F0B0B7E9E8126B033FC752909BBE3577E27406FC1 78A9BC27')
+
+local function check_answer(desc, qname, qtype, expected_rcode)
+	qtype_str = kres.tostring.type[qtype]
+	callback = function(pkt)
+		same(pkt:rcode(), expected_rcode,
+		     desc .. ': expecting answer for query ' .. qname .. ' ' .. qtype_str
+		      .. ' with rcode ' .. kres.tostring.rcode[expected_rcode] .. ' got ' .. kres.tostring.rcode[pkt:rcode()])
+
+		ok((pkt:ancount() > 0) == (pkt:rcode() == kres.rcode.NOERROR),
+		   desc ..': checking number of answers for ' .. qname .. ' ' .. qtype_str)
+	end
+	resolve(qname, qtype, kres.class.IN, {}, callback)
+end
+
+-- do not attempt to contact outside world, operate only on cache
+net.ipv4 = false
+net.ipv6 = false
+-- do not listen, test is driven by config code
+env.KRESD_NO_LISTEN = true
+
+
+local function import_valid_root_zone()
+	cache.clear()
+	local import_res = cache.zone_import('testroot.zone')
+	assert(import_res.code == 0)
+	-- beware that import takes at least 100 ms
+	worker.sleep(0.2)  -- zimport is delayed by 100 ms from function call
+	-- sanity checks - cache must be filled in
+	ok(cache.count() > 0, 'cache is not empty after import of valid signed root zone')
+	check_answer('root apex is in cache',
+                     '.', kres.type.NS, kres.rcode.NOERROR)
+	check_answer('deep subdomain is in cache',
+		     'a.b.subtree1.', kres.type.AAAA, kres.rcode.NOERROR)
+end
+
+local function import_root_no_soa()
+	cache.clear()
+	local import_res = cache.zone_import('testroot_no_soa.zone')
+	assert(import_res.code == -1)
+	-- beware that import takes at least 100 ms
+	worker.sleep(0.2)  -- zimport is delayed by 100 ms from function call
+	-- sanity checks - cache must be filled in
+	ok(cache.count() == 0 , 'cache is still empty after import of zone without SOA record')
+end
+
+local function import_unsigned_root_zone()
+	cache.clear()
+	local import_res = cache.zone_import('testroot.zone.unsigned')
+	assert(import_res.code == 0)
+	-- beware that import takes at least 100 ms
+	worker.sleep(0.2)  -- zimport is delayed by 100 ms from function call
+	-- sanity checks - cache must be filled in
+	ok(cache.count() == 0, 'cache is still empty after import of unsigned zone')
+end
+
+local function import_not_root_zone()
+	cache.clear()
+        local import_res = cache.zone_import('example.com.zone')
+	assert(import_res.code == 1)
+	-- beware that import takes at least 100 ms
+	worker.sleep(0.2)  -- zimport is delayed by 100 ms from function call
+	-- sanity checks - cache must be filled in
+	ok(cache.count() == 0, 'cache is still empty after import of other zone than root')
+end
+
+local function import_empty_zone()
+	cache.clear()
+	local import_res = cache.zone_import('empty.zone')
+	assert(import_res.code == -1)
+	-- beware that import takes at least 100 ms
+	worker.sleep(0.2)  -- zimport is delayed by 100 ms from function call
+	-- sanity checks - cache must be filled in
+	ok(cache.count() == 0, 'cache is still empty after import of empty zone')
+end
+
+local function import_random_trash()
+	cache.clear()
+	local import_res = cache.zone_import('random.zone')
+	assert(import_res.code == -1)
+	-- beware that import takes at least 100 ms
+	worker.sleep(0.2)  -- zimport is delayed by 100 ms from function call
+	-- sanity checks - cache must be filled in
+	ok(cache.count() == 0, 'cache is still empty after import of unparseable file')
+end
+
+return {
+	import_valid_root_zone,
+	import_root_no_soa,
+	import_unsigned_root_zone,
+	import_not_root_zone,
+	import_empty_zone,
+	import_random_trash,
+}
diff --git a/modules/prefill/prefill.test/random.zone b/modules/prefill/prefill.test/random.zone
new file mode 100644
index 00000000..3b59a3f9
--- /dev/null
+++ b/modules/prefill/prefill.test/random.zone
@@ -0,0 +1 @@
+4����=g<����k~����>B�iڴ=�FN5�0H.��Áa�@汁wU�ټ��Pn�2ޗt}��3�q�U����l�ΤQIa
�y�G�D#�	�ֈ>���Sdj��U?ʨ�T����WMC}2 )�`a����	*lj7V�5�%圅.�	���eZ5BI���Sޚ���Lv>��|��<dF�;�6�	��G��L{tɹ�݌*C��cj$�G)���I��C�0�}�t���NK��^��d����
\ No newline at end of file
diff --git a/modules/prefill/prefill.test/testroot.zone b/modules/prefill/prefill.test/testroot.zone
new file mode 100644
index 00000000..5fb41891
--- /dev/null
+++ b/modules/prefill/prefill.test/testroot.zone
@@ -0,0 +1,58 @@
+; File written on Tue Jul  9 10:53:17 2019
+; dnssec_signzone version 9.11.3-1ubuntu1.8-Ubuntu
+.			86400	IN SOA	rootns. you.test. (
+					2017071102 ; serial
+					1800       ; refresh (30 minutes)
+					900        ; retry (15 minutes)
+					604800     ; expire (1 week)
+					86400      ; minimum (1 day)
+					)
+			86400	RRSIG	SOA 8 0 86400 (
+					20190808075316 20190709075316 62034 .
+					S86QA1UlKYCxzFK1QDYb9ec6DHg59Y+xWREy
+					duooWAMYB2gi5xSks9KPs/G0ATnOWrHEO/7q
+					HPfgZAUyPR0GEQ== )
+			86400	NS	rootns.
+			86400	RRSIG	NS 8 0 86400 (
+					20190808075316 20190709075316 62034 .
+					cTzIDk1fP13okhc5q3ZFz+Fx2O/xwSuz6gVV
+					2CEGGCrS/g1ePXOkk5vEwHkJqR9nIbIxgkao
+					nj2mL12zeSY2Sw== )
+			86400	NSEC	a.b.subtree1. NS SOA RRSIG NSEC DNSKEY
+			86400	RRSIG	NSEC 8 0 86400 (
+					20190808075316 20190709075316 62034 .
+					E5fbgQXbNcBfSDrryxim5to8Thavqkkj2JK3
+					wT0gHd8Uz8op2hImWzKmkvX6NZkd7HBdtsWg
+					1a38Y0GySh5nTQ== )
+			86400	DNSKEY	256 3 8 (
+					AwEAAbSwbjkbn1oPDNdIUjdRhaUeODrQdwfb
+					EI0upUGEYqQV2LO7iXH5Nvvds9EQmFo9g+Xw
+					nhOimjcuQG9YYGZuG6c=
+					) ; ZSK; alg = RSASHA256 ; key id = 62034
+			86400	DNSKEY	257 3 8 (
+					AwEAAbSV3HkhePQXQNSJUx2wKiVwdwvMFdeY
+					Zfn/jNWe77usNjFmJB1T6Jz0Gyu0b95j686H
+					U3/8jqQ0vB4/ugFr3v8=
+					) ; KSK; alg = RSASHA256 ; key id = 136
+			86400	RRSIG	DNSKEY 8 0 86400 (
+					20190808075316 20190709075316 136 .
+					HmH/IEMRWFarlsxDQ4sD8byhCcuklhDKC+Vi
+					59+4tcP34rJ+gDsdfVfEY4Hs03UF7tXQiyhv
+					4ut02AZFJMangg== )
+			86400	RRSIG	DNSKEY 8 0 86400 (
+					20190808075316 20190709075316 62034 .
+					Hk4HEUmALb98i0XNn7ZwOZeuLYrv+mEoX9Do
+					6YI1XqFcIRaY7vBCyQEpbRRs+DXPXBbi3EHc
+					PDtyu1VjN9xEJA== )
+a.b.subtree1.		86400	IN AAAA	2001:db8::
+			86400	RRSIG	AAAA 8 3 86400 (
+					20190808075316 20190709075316 62034 .
+					MAisFZ8EU/NdNenJKvmlqZhxBx8K6Io69Cgg
+					Ux15CI4EozX5i2T/pPDpjp2Oe3Xxxj1TcegE
+					VgNzaayBj9fKbw== )
+			86400	NSEC	. AAAA RRSIG NSEC
+			86400	RRSIG	NSEC 8 3 86400 (
+					20190808075316 20190709075316 62034 .
+					ZJT5KzQS/1I8gZl5J/QYpa35jrjBtNoAYxC1
+					+vOhgFB/iLVVdiTtWpY23+Uv5buxSxlweBuh
+					AoMwrFGk76K0EQ== )
diff --git a/modules/prefill/prefill.test/testroot.zone.unsigned b/modules/prefill/prefill.test/testroot.zone.unsigned
new file mode 100644
index 00000000..233d8c09
--- /dev/null
+++ b/modules/prefill/prefill.test/testroot.zone.unsigned
@@ -0,0 +1,3 @@
+.		86400	SOA	rootns. you.test. 2017071101 1800 900 604800 86400
+.		86400	NS	rootns.
+a.b.subtree1.	86400	AAAA	2001:db8::
diff --git a/modules/prefill/prefill.test/testroot_no_soa.zone b/modules/prefill/prefill.test/testroot_no_soa.zone
new file mode 100644
index 00000000..b99bb51c
--- /dev/null
+++ b/modules/prefill/prefill.test/testroot_no_soa.zone
@@ -0,0 +1,47 @@
+; File written on Tue Jul  9 10:53:17 2019
+; dnssec_signzone version 9.11.3-1ubuntu1.8-Ubuntu
+
+.			86400	NS	rootns.
+			86400	RRSIG	NS 8 0 86400 (
+					20190808075316 20190709075316 62034 .
+					cTzIDk1fP13okhc5q3ZFz+Fx2O/xwSuz6gVV
+					2CEGGCrS/g1ePXOkk5vEwHkJqR9nIbIxgkao
+					nj2mL12zeSY2Sw== )
+			86400	NSEC	a.b.subtree1. NS SOA RRSIG NSEC DNSKEY
+			86400	RRSIG	NSEC 8 0 86400 (
+					20190808075316 20190709075316 62034 .
+					E5fbgQXbNcBfSDrryxim5to8Thavqkkj2JK3
+					wT0gHd8Uz8op2hImWzKmkvX6NZkd7HBdtsWg
+					1a38Y0GySh5nTQ== )
+			86400	DNSKEY	256 3 8 (
+					AwEAAbSwbjkbn1oPDNdIUjdRhaUeODrQdwfb
+					EI0upUGEYqQV2LO7iXH5Nvvds9EQmFo9g+Xw
+					nhOimjcuQG9YYGZuG6c=
+					) ; ZSK; alg = RSASHA256 ; key id = 62034
+			86400	DNSKEY	257 3 8 (
+					AwEAAbSV3HkhePQXQNSJUx2wKiVwdwvMFdeY
+					Zfn/jNWe77usNjFmJB1T6Jz0Gyu0b95j686H
+					U3/8jqQ0vB4/ugFr3v8=
+					) ; KSK; alg = RSASHA256 ; key id = 136
+			86400	RRSIG	DNSKEY 8 0 86400 (
+					20190808075316 20190709075316 136 .
+					HmH/IEMRWFarlsxDQ4sD8byhCcuklhDKC+Vi
+					59+4tcP34rJ+gDsdfVfEY4Hs03UF7tXQiyhv
+					4ut02AZFJMangg== )
+			86400	RRSIG	DNSKEY 8 0 86400 (
+					20190808075316 20190709075316 62034 .
+					Hk4HEUmALb98i0XNn7ZwOZeuLYrv+mEoX9Do
+					6YI1XqFcIRaY7vBCyQEpbRRs+DXPXBbi3EHc
+					PDtyu1VjN9xEJA== )
+a.b.subtree1.		86400	IN AAAA	2001:db8::
+			86400	RRSIG	AAAA 8 3 86400 (
+					20190808075316 20190709075316 62034 .
+					MAisFZ8EU/NdNenJKvmlqZhxBx8K6Io69Cgg
+					Ux15CI4EozX5i2T/pPDpjp2Oe3Xxxj1TcegE
+					VgNzaayBj9fKbw== )
+			86400	NSEC	. AAAA RRSIG NSEC
+			86400	RRSIG	NSEC 8 3 86400 (
+					20190808075316 20190709075316 62034 .
+					ZJT5KzQS/1I8gZl5J/QYpa35jrjBtNoAYxC1
+					+vOhgFB/iLVVdiTtWpY23+Uv5buxSxlweBuh
+					AoMwrFGk76K0EQ== )