diff options
| author | Daniel Salzman <daniel.salzman@nic.cz> | 2024-12-19 10:06:37 +0100 |
|---|---|---|
| committer | Daniel Salzman <daniel.salzman@nic.cz> | 2024-12-19 10:06:37 +0100 |
| commit | 54189871e3cf524556b607710c45a850c531d5cb (patch) | |
| tree | a3a71efe216f99c246905ce234830f65795546e7 | |
| parent | mod-dnstap: distinguish between AUTH and UPDATE query/response (diff) | |
| parent | max_ttl: in case of RRSIG consider orig_ttl and NOT rrsig->ttl (diff) | |
| download | knot-54189871e3cf524556b607710c45a850c531d5cb.tar.xz knot-54189871e3cf524556b607710c45a850c531d5cb.zip | |
Merge branch 'max_ttl_rrsig' into 'master'
Max TTL of RRSIG
See merge request knot/knot-dns!1733
| -rw-r--r-- | src/knot/zone/measure.c | 21 | ||||
| -rw-r--r-- | tests-extra/tests/zone/max_ttl/data/example.com.zone | 16 | ||||
| -rw-r--r-- | tests-extra/tests/zone/max_ttl/data/example.com.zone.2 | 16 | ||||
| -rw-r--r-- | tests-extra/tests/zone/max_ttl/test.py | 65 |
4 files changed, 115 insertions, 3 deletions
diff --git a/src/knot/zone/measure.c b/src/knot/zone/measure.c index 4c3ab5e76..9a09e27ca 100644 --- a/src/knot/zone/measure.c +++ b/src/knot/zone/measure.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> +/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -31,6 +31,21 @@ measure_t knot_measure_init(bool measure_whole, bool measure_diff) return m; } +static uint32_t rrset_max_ttl(const struct rr_data *r) +{ + if (r->type != KNOT_RRTYPE_RRSIG) { + return r->ttl; + } + + uint32_t res = 0; + knot_rdata_t *rd = r->rrs.rdata; + for (int i = 0; i < r->rrs.count; i++) { + res = MAX(res, knot_rrsig_original_ttl(rd)); + rd = knot_rdataset_next(rd); + } + return res; +} + bool knot_measure_node(zone_node_t *node, measure_t *m) { if (m->how_size == MEASURE_SIZE_NONE && (m->how_ttl == MEASURE_TTL_NONE || @@ -45,7 +60,7 @@ bool knot_measure_node(zone_node_t *node, measure_t *m) m->zone_size += knot_rrset_size(&rrset); } if (m->how_ttl != MEASURE_TTL_NONE) { - m->max_ttl = MAX(m->max_ttl, node->rrs[i].ttl); + m->max_ttl = MAX(m->max_ttl, rrset_max_ttl(&node->rrs[i])); } } @@ -61,7 +76,7 @@ bool knot_measure_node(zone_node_t *node, measure_t *m) m->zone_size -= knot_rrset_size(&rrset); } if (m->how_ttl == MEASURE_TTL_DIFF) { - m->rem_max_ttl = MAX(m->rem_max_ttl, node->rrs[i].ttl); + m->rem_max_ttl = MAX(m->rem_max_ttl, rrset_max_ttl(&node->rrs[i])); } } diff --git a/tests-extra/tests/zone/max_ttl/data/example.com.zone b/tests-extra/tests/zone/max_ttl/data/example.com.zone new file mode 100644 index 000000000..8a1af1e3c --- /dev/null +++ b/tests-extra/tests/zone/max_ttl/data/example.com.zone @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 3600 + +@ SOA dns1 hostmaster 2010111201 10800 3600 1209600 7200 + NS dns1 + NS dns2 + MX 10 mail + +dns1 A 192.0.2.1 + AAAA 2001:DB8::1 + +dns2 A 192.0.2.2 + AAAA 2001:DB8::2 + +mail A 192.0.2.3 + AAAA 2001:DB8::3 diff --git a/tests-extra/tests/zone/max_ttl/data/example.com.zone.2 b/tests-extra/tests/zone/max_ttl/data/example.com.zone.2 new file mode 100644 index 000000000..b96b176ea --- /dev/null +++ b/tests-extra/tests/zone/max_ttl/data/example.com.zone.2 @@ -0,0 +1,16 @@ +$ORIGIN example.com. +$TTL 1800 + +@ SOA dns1 hostmaster 2010111201 10800 1800 1209600 7200 + NS dns1 + NS dns2 + MX 10 mail + +dns1 A 192.0.2.1 + AAAA 2001:DB8::1 + +dns2 A 192.0.2.2 + AAAA 2001:DB8::2 + +mail A 192.0.2.3 + AAAA 2001:DB8::3 diff --git a/tests-extra/tests/zone/max_ttl/test.py b/tests-extra/tests/zone/max_ttl/test.py new file mode 100644 index 000000000..6eaa70d9a --- /dev/null +++ b/tests-extra/tests/zone/max_ttl/test.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python3 + +''' Check lowering zone maximal TTL by incremental update. ''' + +import os +import random + +from dnstest.libknot import libknot +from dnstest.module import ModStats +from dnstest.test import Test +from dnstest.utils import * + +def check_item(server, section, item, value, zone=None): + try: + ctl = libknot.control.KnotCtl() + ctl.connect(os.path.join(server.dir, "knot.sock")) + + if zone: + ctl.send_block(cmd="zone-stats", section=section, item=item, zone=zone) + else: + ctl.send_block(cmd="stats", section=section, item=item) + + stats = ctl.receive_stats() + finally: + ctl.send(libknot.control.KnotCtlType.END) + ctl.close() + + if zone: + stats = stats.get("zone").get(zone.lower()) + + data = int(stats.get(section).get(item)) + + compare(data, value, "%s.%s" % (section, item)) + +t = Test() + +knot = t.server("knot") +zones = t.zone("example.com.", storage=".") + +t.link(zones, knot) + +knot.zonefile_load = "difference-no-serial" +knot.zones[zones[0].name].journal_content = "all" +knot.dnssec(zones).enable = True + +t.start() +serials = knot.zones_wait(zones) + +check_item(knot, "server", "zone-count", 1) +check_item(knot, "zone", "max-ttl", 3600, "example.com.") + +knot.update_zonefile(zones[0], version=2) + +if random.choice([False, True]): + knot.ctl("zone-reload") +else: + knot.stop() + t.sleep(2) + knot.start() + +knot.zones_wait(zones, serials) + +check_item(knot, "zone", "max-ttl", 1800, "example.com.") + +t.end() |