From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 1 Jul 2019 10:03:55 +0000 (+0200)
Subject: rec: Don't go Bogus if the auth zone delegation test takes too long
X-Git-Tag: dnsdist-1.4.0-rc1~78^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7ced0738f28e5226fcd2013794744106a818af49;p=pdns

rec: Don't go Bogus if the auth zone delegation test takes too long
---

diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc
index b95b56e0f..a77be2645 100644
--- a/pdns/recursordist/test-syncres_cc.cc
+++ b/pdns/recursordist/test-syncres_cc.cc
@@ -414,7 +414,7 @@ void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest,
   dsAnchors[name].insert(keys[name].second);
 }
 
-int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut)
+int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut, boost::optional<time_t> now)
 {
   if (type == QType::DS) {
     auth.chopOff();
@@ -422,7 +422,7 @@ int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth
     setLWResult(res, 0, true, false, true);
 
     if (addDS(domain, 300, res->d_records, keys, DNSResourceRecord::ANSWER)) {
-      addRRSIG(keys, res->d_records, auth, 300);
+      addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now);
     }
     else {
       addRecordToLW(res, auth, QType::SOA, "foo. bar. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400);
@@ -431,7 +431,7 @@ int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth
       const auto it = keys.find(auth);
       if (it != keys.cend()) {
         /* sign the SOA */
-        addRRSIG(keys, res->d_records, auth, 300);
+        addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now);
         /* add a NSEC denying the DS */
         std::set<uint16_t> types = { QType::NSEC };
         if (proveCut) {
@@ -439,7 +439,7 @@ int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth
         }
 
         addNSECRecordToLW(domain, DNSName("z") + domain, types, 600, res->d_records);
-        addRRSIG(keys, res->d_records, auth, 300);
+        addRRSIG(keys, res->d_records, auth, 300, false, boost::none, boost::none, now);
       }
     }
 
diff --git a/pdns/recursordist/test-syncres_cc.hh b/pdns/recursordist/test-syncres_cc.hh
index 93d7e6f43..db63a0023 100644
--- a/pdns/recursordist/test-syncres_cc.hh
+++ b/pdns/recursordist/test-syncres_cc.hh
@@ -73,7 +73,7 @@ void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest,
 
 void generateKeyMaterial(const DNSName& name, unsigned int algo, uint8_t digest, testkeysset_t& keys, map<DNSName,dsmap_t>& dsAnchors);
 
-int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut=true);
+int genericDSAndDNSKEYHandler(LWResult* res, const DNSName& domain, DNSName auth, int type, const testkeysset_t& keys, bool proveCut=true, boost::optional<time_t> now=boost::none);
 
 int basicRecordsForQnameMinimization(LWResult* res, const DNSName& domain, int type);
 
diff --git a/pdns/recursordist/test-syncres_cc4.cc b/pdns/recursordist/test-syncres_cc4.cc
index aceff1ff1..49f712069 100644
--- a/pdns/recursordist/test-syncres_cc4.cc
+++ b/pdns/recursordist/test-syncres_cc4.cc
@@ -137,11 +137,16 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_delegation) {
   generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::SHA384, keys, luaconfsCopy.dsAnchors);
   g_luaconfs.setState(luaconfsCopy);
 
-  sr->setAsyncCallback([&queriesCount,target,targetAddr,nsAddr,authZone,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, LWResult* res, bool* chained) {
+  /* make sure that the signature inception and validity times are computed
+     based on the SyncRes time, not the current one, in case the function
+     takes too long. */
+  const time_t fixedNow = sr->getNow().tv_sec;
+
+  sr->setAsyncCallback([&queriesCount,target,targetAddr,nsAddr,authZone,keys,fixedNow](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, LWResult* res, bool* chained) {
 
       queriesCount++;
       if (type == QType::DS || type == QType::DNSKEY) {
-        return genericDSAndDNSKEYHandler(res, domain, DNSName("."), type, keys, domain == authZone);
+        return genericDSAndDNSKEYHandler(res, domain, DNSName("."), type, keys, domain == authZone, fixedNow);
       }
 
       if (ip == ComboAddress(nsAddr.toString(), 53) && domain == target) {