1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
#!/usr/bin/env python3
'''Flushing the zone after ZONEMD generation.'''
import random
from enum import Enum
from dnstest.test import Test
from dnstest.utils import *
DNSSEC = random.choice([False, True])
t = Test()
class Algo(Enum):
SHA384 = "1"
SHA512 = "2"
NONE = "255"
def has_zonemd(server, zone, alg):
zfn = server.zones[zone.name].zfile.path
with open(zfn) as zf:
for line in zf:
rr = line.split()
if rr[0].lower() == zone.name.lower() and rr[2] == "ZONEMD" and str(alg) == "255":
return False
if rr[0].lower() == zone.name.lower() and rr[2] == "ZONEMD" and rr[5] == alg:
return True
return (str(alg) == "255")
def check_zonemd(server, zone, alg):
t.sleep(2)
for z in zone:
if not has_zonemd(server, z, alg.value):
set_err("NO ZONEMD in %s" % z.name)
def del_zonemd1(server, zone):
zf = server.zones[zone.name].zfile
zf.update_soa()
with open(zf.path, "r+") as f:
lines = f.readlines()
f.seek(0)
for line in lines:
if "ZONEMD" not in line:
f.write(line)
f.truncate()
def del_zonemd(server, zone):
for z in zone:
del_zonemd1(server, z)
# NOTE parameter "serials" is updated
def check_serial_incr(server, zones, serials, expect_incr, msg):
new_serials = server.zones_wait(zones, serials)
for z in zones:
if new_serials[z.name] != serials[z.name] + expect_incr:
err_str = "%s: zone %s serial incremented by %d" % (msg, z.name, new_serials[z.name] - serial[z.name])
detail_log(err_str)
set_err(err_str)
serials[z.name] = new_serials[z.name]
master = t.server("knot")
slave = t.server("knot")
zone = t.zone_rnd(2, dnssec=False, records=10)
t.link(zone, master, slave, ixfr=random.choice([True, False]))
if DNSSEC:
for z in zone:
master.dnssec(z).enable = True
slave.dnssec(z).validate = True
master.zonefile_sync = 0
master.zonemd_generate = "none"
slave.zonemd_verify = False
t.start()
serial = slave.zones_wait(zone)
check_zonemd(master, zone, Algo.NONE)
master.zonemd_generate = "zonemd-sha384"
master.gen_confile()
master.reload()
slave.zonemd_verify = True
check_serial_incr(slave, zone, serial, 1, "alg change")
check_zonemd(master, zone, Algo.SHA384)
master.zonemd_generate = "zonemd-sha512"
master.gen_confile()
master.reload()
check_serial_incr(slave, zone, serial, 1, "alg change")
check_zonemd(master, zone, Algo.SHA512)
del_zonemd(master, zone)
master.ctl("zone-reload")
check_serial_incr(slave, zone, serial, 2, "ZONEMD removed")
check_zonemd(master, zone, Algo.SHA512)
for z in zone:
master.random_ddns(z, allow_empty=False)
check_serial_incr(slave, zone, serial, 1, "DDNS")
for z in zone:
# BUMP SOA serial by 3 thru DDNS
resp = master.dig(z.name, "SOA")
soa = resp.resp.answer[0].to_rdataset()[0].to_text()
fields = soa.split()
fields[2] = str(int(fields[2]) + 3)
up = master.update(z)
up.add(z.name, 3600, "SOA", ' '.join(fields))
up.send("NOERROR")
check_serial_incr(slave, zone, serial, 3, "SOA DDNS")
for z in zone:
master.zones[z.name].zfile.update_rnd()
master.ctl("zone-reload")
check_serial_incr(slave, zone, serial, 2, "ZF reload")
check_zonemd(master, zone, Algo.SHA512)
slave.zonemd_verify = False
slave.gen_confile()
slave.reload()
master.zonemd_generate = "none"
master.gen_confile()
master.reload()
check_zonemd(master, zone, Algo.SHA512)
master.zonemd_generate = "remove"
master.gen_confile()
master.reload()
check_serial_incr(slave, zone, serial, 1, "ZONEMD remove")
check_zonemd(master, zone, Algo.NONE)
# removing when there's nothing left to remove shouldn't do anything
master.zonemd_generate = "none"
master.gen_confile()
master.reload()
check_zonemd(master, zone, Algo.NONE)
master.zonemd_generate = "remove"
master.gen_confile()
master.reload()
check_zonemd(master, zone, Algo.NONE)
t.end()
|