Merge namecoin/ncdns#174: Add DNSSEC-Trigger functional tests

faf1695b7c Add DNSSEC-Trigger functional tests (Jeremy Rand) f877ec7657 Move unbound.conf.d examples to separate files (Jeremy Rand) Pull request description: Top commit has no ACKs. Tree-SHA512: aaf6983bf7f81b0abc3d76080739e1548846d728133d2cc523da0d83067aa0a87ed537eb374829d426c1446b5e884e27dfcc1167366a55c4bae4bea3a3a4fe7b
1 year ago · fb3a51c0a8
parent 46dcbb864b faf1695b7c
commit fb3a51c0a8
5 changed files with 32 additions and 12 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -180,15 +180,21 @@ task:
    populate_script: mkdir -p /tmp/bitcoind
  install_script:
    - apt-get update
+    - apt-get install -y dnssec-trigger
+    # Namecoin Core
    - BITCOIND_URL=$(curl https://www.namecoin.org/download/ | grep x86_64-linux-gnu.tar.gz | grep -v 0.13.99 | grep --only-matching https://.*.tar.gz)
    - BITCOIND_FILENAME=$(echo $BITCOIND_URL | grep -E --only-matching 'namecoin-nc.*.tar.gz')
    - BITCOIND_PATH=/tmp/bitcoind/$BITCOIND_FILENAME
    - tar -xaf $BITCOIND_PATH || (rm -f /tmp/bitcoind/* && curl --output $BITCOIND_PATH $BITCOIND_URL && tar -xaf $BITCOIND_PATH)
    - cp -a namecoin-*/* /usr/
+    # ncdns
    - NCDNS_URL=https://api.cirrus-ci.com/v1/artifact/build/$CIRRUS_BUILD_ID/Cross-Compile%20Go%20$GO_VERSION/binaries/dist/ncdns--linux_amd64.tar.gz
    - curl -o ncdns.tar.gz $NCDNS_URL
    - tar -xaf ncdns.tar.gz
    - cp -a ncdns--*/* /usr/
+    # Configure DNSSEC-Trigger
+    - cp _doc/unbound.conf.d/ncdns.conf _doc/unbound.conf.d/ncdns-insecure.conf /etc/unbound/unbound.conf.d
+    - systemctl restart unbound
  bitcoind_service_background_script:
    - testdata/run_bitcoind.sh
  ncdns_service_background_script:
--- a/README.md
+++ b/README.md
@ -28,19 +28,11 @@ Using ncdns with a recursive resolver
 -------------------------------------
 Of course the daemon can also be used simply as an authoritative nameserver for
 bit. directly. One way to do this is to run a recursive resolver (such as
-Unbound) and configure it to serve the zone as a 'stub zone'. Here is an example
-unbound configuration:
+Unbound) and configure it to serve the zone as a 'stub zone'. An example
+Unbound configuration is in `_doc/unbound.conf.d/ncdns.conf`.

-    server:
-      do-not-query-localhost: no
-    stub-zone:
-      name: bit.
-      stub-addr: 127.0.0.1@1153
-
-If you don't want to use DNSSEC, also add:
-
-    server:
-      domain-insecure: bit.
+If you don't want to use DNSSEC, an additional Unbound configuration is in
+`_doc/unbound.conf.d/ncdns-insecure.conf`.

 If you do want to use DNSSEC, see the instructions below.

--- a/_doc/unbound.conf.d/ncdns-insecure.conf
+++ b/_doc/unbound.conf.d/ncdns-insecure.conf
@ -0,0 +1,2 @@
+server:
+  domain-insecure: bit.
--- a/_doc/unbound.conf.d/ncdns.conf
+++ b/_doc/unbound.conf.d/ncdns.conf
@ -0,0 +1,7 @@
+server:
+  do-not-query-localhost: no
+stub-zone:
+  name: bit.
+  stub-addr: 127.0.0.1@5391
+  stub-prime: no
+  stub-first: no
--- a/testdata/regtest.sh
+++ b/testdata/regtest.sh
@ -74,3 +74,16 @@ echo "$dig_output"
 echo "Checking response correctness"
 tlsa_hex="$(echo 'MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADvxHcjwDYMNfUSTtSIn3VbBC1sOzh/1Fv5T0UzEuLWIE=' | base64 --decode | xxd -u -ps -c 500)"
 echo "$dig_output" | sed 's/ //g' | grep "$tlsa_hex"
+
+echo "Query testls.bit IPv4 Recursive via dig"
+dig_output=$(dig -p 53 @127.0.0.1 A testls.bit)
+echo "$dig_output"
+echo "Checking response correctness"
+echo "$dig_output" | grep "107.152.38.155"
+
+echo "Query testls.bit TLS Recursive via dig"
+dig_output=$(dig -p 53 @127.0.0.1 TLSA "*.testls.bit")
+echo "$dig_output"
+echo "Checking response correctness"
+tlsa_hex="$(echo 'MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADvxHcjwDYMNfUSTtSIn3VbBC1sOzh/1Fv5T0UzEuLWIE=' | base64 --decode | xxd -u -ps -c 500)"
+echo "$dig_output" | sed 's/ //g' | grep "$tlsa_hex"