authbind \
daemontools \
libbotan-1.10-0 \
+ libfaketime \
liblua5.2-0 \
moreutils \
jq"
/*.xml
/.venv
/configs
+/vars
'13': ['insecure.example']
}
+ _auth_cmd = ['authbind',
+ os.environ['PDNS']]
+ _auth_env = {}
_auths = {}
@classmethod
@classmethod
def startAuth(cls, confdir, ipaddress):
print("Launching pdns_server..")
- authcmd = ['authbind',
- os.environ['PDNS'],
- '--config-dir=%s' % confdir,
- '--local-address=%s' % ipaddress]
+ authcmd = cls._auth_cmd
+ authcmd.append('--config-dir=%s' % confdir)
+ authcmd.append('--local-address=%s' % ipaddress)
print(' '.join(authcmd))
logFile = os.path.join(confdir, 'pdns.log')
with open(logFile, 'w') as fdLog:
cls._auths[ipaddress] = subprocess.Popen(authcmd, close_fds=True,
- stdout=fdLog, stderr=fdLog)
+ stdout=fdLog, stderr=fdLog,
+ env=cls._auth_env)
time.sleep(2)
mkdir -p configs
+[ -f ./vars ] && . ./vars
+
export PDNS=${PDNS:-${PWD}/../pdns/pdns_server}
export PDNSUTIL=${PDNSUTIL:-${PWD}/../pdns/pdnsutil}
export PDNSRECURSOR=${PDNSRECURSOR:-${PWD}/../pdns/recursordist/pdns_recursor}
export RECCONTROL=${RECCONTROL:-${PWD}/../pdns/recursordist/rec_control}
+export LIBFAKETIME=${LIBFAKETIME:-/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1} # ubuntu default
export PREFIX=10.0.3
+
set -e
if [ "${PDNS_DEBUG}" = "YES" ]; then
set -x
--- /dev/null
+import errno
+import os
+import subprocess
+import time
+
+import dns
+from recursortests import RecursorTest
+
+
+class testExpired(RecursorTest):
+ """This regression test starts the authoritative servers with a clock that is
+ set 15 days into the past. Hence, the recursor must reject the signatures
+ because they are expired.
+ """
+ _confdir = 'Expired'
+
+ _config_template = """dnssec=validate"""
+
+ _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'),
+ 'FAKETIME':'-15d'}
+
+ def testA(self):
+ query = dns.message.make_query('host1.secure.example', 'A')
+ res = self.sendUDPQuery(query)
+
+ self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
--- /dev/null
+import errno
+import os
+import subprocess
+import time
+
+import dns
+from recursortests import RecursorTest
+
+
+class testNotYetValid(RecursorTest):
+ """This regression test starts the authoritative servers with a clock that is
+ set 15 days into the future. Hence, the recursor must reject the signatures
+ because they are not yet valid.
+ """
+ _confdir = 'NotYetValid'
+
+ _config_template = """dnssec=validate"""
+
+ _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'),
+ 'FAKETIME':'+15d'}
+
+ def testA(self):
+ query = dns.message.make_query('host1.secure.example', 'A')
+ res = self.sendUDPQuery(query)
+
+ self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
projects / pdns / commitdiff