From: Kees Monshouwer Date: Mon, 2 Sep 2013 22:27:48 +0000 (+0200) Subject: add bind support X-Git-Tag: rec-3.6.0-rc1~458^2~5 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6f5c13519c17258b0d94b6f98d90320224d73994;p=pdns add bind support --- diff --git a/regression-tests/.gitignore b/regression-tests/.gitignore index db3a82b56..42dbd1818 100644 --- a/regression-tests/.gitignore +++ b/regression-tests/.gitignore @@ -30,3 +30,6 @@ real_result /nsd.* /*.nsd /*.signed +/*.bind +/dsset-* +/bind.conf diff --git a/regression-tests/basic-eui48/skip.bind b/regression-tests/basic-eui48/skip.bind new file mode 100644 index 000000000..e69de29bb diff --git a/regression-tests/basic-eui64/skip.bind b/regression-tests/basic-eui64/skip.bind new file mode 100644 index 000000000..e69de29bb diff --git a/regression-tests/ent-asterisk/skip.bind b/regression-tests/ent-asterisk/skip.bind new file mode 100644 index 000000000..e69de29bb diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop index 5cee21ebb..e2f667018 100755 --- a/regression-tests/start-test-stop +++ b/regression-tests/start-test-stop @@ -9,6 +9,12 @@ nsdfix () sed '/EUI/s/^/;/g' < example.com > example.com.nsd } +bindfix () +{ + sed -e 's/"A very .*"/"shorter"/' < test.com > test.com.bind + sed -e '/EUI/s/^/;/g' -e '/host\.\*\.sub/s/^/;/g' < example.com > example.com.bind +} + tonsd () { cat > nsd.conf << __EOF__ @@ -68,6 +74,77 @@ __EOF__ nsdc -c nsd.conf rebuild } + + +tobind () +{ + cat > bind.conf << __EOF__ +options { + dnssec-enable yes; + listen-on port $port { 127.0.0.1; }; + pid-file "pdns.pid"; +}; +__EOF__ + + rm -f K* + rm -f *.bind + + bindfix + + for zone in $(grep zone named.conf | cut -f2 -d\") + do + if [ "$1" != "unsigned" ] + then + if [ ! "${zone: 0:16}" = "secure-delegated" ] + then + ksk=$(dnssec-keygen -r/dev/urandom -f KSK -a RSASHA256 -b 2048 -n ZONE $zone) + else + cp secure-delegated.dnssec-parent.com.private Ksecure-delegated.dnssec-parent.com.+008+54319.private + cp secure-delegated.dnssec-parent.com.key Ksecure-delegated.dnssec-parent.com.+008+54319.key + ksk="Ksecure-delegated.dnssec-parent.com.+008+54319" + fi + zsk=$(dnssec-keygen -r/dev/urandom -a RSASHA256 -b 1024 -n ZONE $zone) + fi + + if [ ! -f $zone.bind ] + then + cp $zone $zone.bind + fi + + echo "\$include $ksk.key ; KSK" >> $zone.bind + echo "\$include $zsk.key ; ZSK" >> $zone.bind + + case $1 in + nsec) + dnssec-signzone -o $zone -f $zone.signed $zone.bind + ;; + nsec3) + dnssec-signzone -3 abcd -H 1 -o $zone -f $zone.signed $zone.bind + ;; + nsec3-optout) + dnssec-signzone -3 abcd -H 1 -A -o $zone -f $zone.signed $zone.bind + if [ "$zone" = "dnssec-parent.com" ] + then + echo "insecure.dnssec-parent.com. IN NS ns.insecure.dnssec-parent.com." >> ${zone}.signed + fi + ;; + unsigned) + cp ${zonefile} ${zone}.signed + ;; + *) + echo 'tonsd called with wrong param' + exit 1 + esac + echo "" >> bind.conf + echo "zone \"${zone}\" {" >> bind.conf + echo " type master;" >> bind.conf + echo " file \"${zone}.signed\";" >> bind.conf + echo "};" >> bind.conf + done +} + + + tosql () { make -C ../pdns/backends/bind zone2sql > /dev/null @@ -170,7 +247,7 @@ then Usage: ./start-test-stop [] [wait|nowait] [] [] context is one of: -ext-nsd ext-nsd-nsec ext-nsd-nsec3 +ext-nsd ext-nsd-nsec ext-nsd-nsec3 ext-bind ext-bind-nsec ext-bind-nsec3 bind bind-dnssec bind-dnssec-nsec3 bind-dnssec-nsec3-optout bind-dnssec-nsec3-narrow gmysql-nodnssec gmysql gmysql-nsec3 gmysql-nsec3-optout gmysql-nsec3-narrow gpgsql-nodnssec gpgsql gpgsql-nsec3 @@ -183,7 +260,7 @@ remotebackend-pipe-dnssec remotebackend-unix-dnssec remotebackend-http-dnssec #remotebackend-pipe-nsec3 remotebackend-unix-nsec3 remotebackend-http-nsec3 #remotebackend-pipe-nsec3-narrow remotebackend-unix-nsec3-narrow remotebackend-http-nsec3-narrow -add -presigned to any ext-nsd bind, gmysql or gsqlite3 test (except narrow) +add -presigned to any ext-nsd, ext-bind, bind, gmysql or gsqlite3 test (except narrow) to test presigned operation * Add 'wait' (literally) after the context to not kill @@ -255,6 +332,33 @@ case $context in sleep 5 ;; + ext-bind | ext-bind-nsec | ext-bind-nsec3 | ext-bind-nsec3-optout) + case $context in + ext-bind) + tobind unsigned + extracontexts="extbind" + skipreasons="bind nodnssec nodyndns" + ;; + ext-bind-nsec) + tobind nsec + extracontexts="extbind dnssec" + skipreasons="bind nodyndns" + ;; + ext-bind-nsec3) + tobind nsec3 + extracontexts="extbind dnssec nsec3" + skipreasons="bind nsec3 nodyndns" + ;; + ext-bind-nsec3-optout) + tobind nsec3-optout + extracontexts="extbind dnssec nsec3 nsec3-optout" + skipreasons="bind optout nodyndns" + ;; + esac + named -c bind.conf -f & + sleep 5 + ;; + bind) $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=./named.conf \ @@ -753,7 +857,7 @@ export optout if [ $presigned = yes ] then skipreasons="$skipreasons presigned nodyndns" - if [ ${context:0:6} = gmysql ] | [ ${context:0:7} = ext-nsd ] + if [ ${context:0:6} = gmysql ] | [ ${context:0:7} = ext-nsd ] | [ ${context:0:8} = ext-bind ] then context=${context}-presigned [ -z "$GMYSQL2DB" ] && GMYSQL2DB=pdnstest2