From f877ec7657d9905b8c3f99a9b3cb49d3299859c4 Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Thu, 15 Dec 2022 07:37:49 +0000 Subject: [PATCH 1/2] Move unbound.conf.d examples to separate files Makes it easier for downstream distros to use the files. --- README.md | 16 ++++------------ _doc/unbound.conf.d/ncdns-insecure.conf | 2 ++ _doc/unbound.conf.d/ncdns.conf | 7 +++++++ 3 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 _doc/unbound.conf.d/ncdns-insecure.conf create mode 100644 _doc/unbound.conf.d/ncdns.conf diff --git a/README.md b/README.md index a1cc947..19234a6 100644 --- a/README.md +++ b/README.md @@ -28,19 +28,11 @@ Using ncdns with a recursive resolver ------------------------------------- Of course the daemon can also be used simply as an authoritative nameserver for bit. directly. One way to do this is to run a recursive resolver (such as -Unbound) and configure it to serve the zone as a 'stub zone'. Here is an example -unbound configuration: +Unbound) and configure it to serve the zone as a 'stub zone'. An example +Unbound configuration is in `_doc/unbound.conf.d/ncdns.conf`. - server: - do-not-query-localhost: no - stub-zone: - name: bit. - stub-addr: 127.0.0.1@1153 - -If you don't want to use DNSSEC, also add: - - server: - domain-insecure: bit. +If you don't want to use DNSSEC, an additional Unbound configuration is in +`_doc/unbound.conf.d/ncdns-insecure.conf`. If you do want to use DNSSEC, see the instructions below. diff --git a/_doc/unbound.conf.d/ncdns-insecure.conf b/_doc/unbound.conf.d/ncdns-insecure.conf new file mode 100644 index 0000000..1c24e7a --- /dev/null +++ b/_doc/unbound.conf.d/ncdns-insecure.conf @@ -0,0 +1,2 @@ +server: + domain-insecure: bit. diff --git a/_doc/unbound.conf.d/ncdns.conf b/_doc/unbound.conf.d/ncdns.conf new file mode 100644 index 0000000..22ba818 --- /dev/null +++ b/_doc/unbound.conf.d/ncdns.conf @@ -0,0 +1,7 @@ +server: + do-not-query-localhost: no +stub-zone: + name: bit. + stub-addr: 127.0.0.1@5391 + stub-prime: no + stub-first: no From faf1695b7c11bf18abf85f1a94736bf8aa2c7016 Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Thu, 15 Dec 2022 07:38:20 +0000 Subject: [PATCH 2/2] Add DNSSEC-Trigger functional tests --- .cirrus.yml | 6 ++++++ testdata/regtest.sh | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/.cirrus.yml b/.cirrus.yml index ce2a11a..eb831ac 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -180,15 +180,21 @@ task: populate_script: mkdir -p /tmp/bitcoind install_script: - apt-get update + - apt-get install -y dnssec-trigger + # Namecoin Core - BITCOIND_URL=$(curl https://www.namecoin.org/download/ | grep x86_64-linux-gnu.tar.gz | grep -v 0.13.99 | grep --only-matching https://.*.tar.gz) - BITCOIND_FILENAME=$(echo $BITCOIND_URL | grep -E --only-matching 'namecoin-nc.*.tar.gz') - BITCOIND_PATH=/tmp/bitcoind/$BITCOIND_FILENAME - tar -xaf $BITCOIND_PATH || (rm -f /tmp/bitcoind/* && curl --output $BITCOIND_PATH $BITCOIND_URL && tar -xaf $BITCOIND_PATH) - cp -a namecoin-*/* /usr/ + # ncdns - NCDNS_URL=https://api.cirrus-ci.com/v1/artifact/build/$CIRRUS_BUILD_ID/Cross-Compile%20Go%20$GO_VERSION/binaries/dist/ncdns--linux_amd64.tar.gz - curl -o ncdns.tar.gz $NCDNS_URL - tar -xaf ncdns.tar.gz - cp -a ncdns--*/* /usr/ + # Configure DNSSEC-Trigger + - cp _doc/unbound.conf.d/ncdns.conf _doc/unbound.conf.d/ncdns-insecure.conf /etc/unbound/unbound.conf.d + - systemctl restart unbound bitcoind_service_background_script: - testdata/run_bitcoind.sh ncdns_service_background_script: diff --git a/testdata/regtest.sh b/testdata/regtest.sh index 73718c2..dee7be4 100755 --- a/testdata/regtest.sh +++ b/testdata/regtest.sh @@ -74,3 +74,16 @@ echo "$dig_output" echo "Checking response correctness" tlsa_hex="$(echo 'MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADvxHcjwDYMNfUSTtSIn3VbBC1sOzh/1Fv5T0UzEuLWIE=' | base64 --decode | xxd -u -ps -c 500)" echo "$dig_output" | sed 's/ //g' | grep "$tlsa_hex" + +echo "Query testls.bit IPv4 Recursive via dig" +dig_output=$(dig -p 53 @127.0.0.1 A testls.bit) +echo "$dig_output" +echo "Checking response correctness" +echo "$dig_output" | grep "107.152.38.155" + +echo "Query testls.bit TLS Recursive via dig" +dig_output=$(dig -p 53 @127.0.0.1 TLSA "*.testls.bit") +echo "$dig_output" +echo "Checking response correctness" +tlsa_hex="$(echo 'MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADvxHcjwDYMNfUSTtSIn3VbBC1sOzh/1Fv5T0UzEuLWIE=' | base64 --decode | xxd -u -ps -c 500)" +echo "$dig_output" | sed 's/ //g' | grep "$tlsa_hex"