1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# Inspired by this file: /nixpkgs/nixos/tests/nsd.nix
{
nixos-lib,
pkgsUnstable,
nixpkgs-unstable,
vhackPackages,
pkgs,
extraModules,
nixLib,
...
}: let
common = {...}: {
networking.firewall.enable = false;
networking.dhcpcd.enable = false;
};
mkClient = version: {
lib,
nodes,
...
}: {
environment.systemPackages = [pkgs.dig pkgs.dig.dnsutils];
imports = [common];
networking.nameservers = lib.mkForce [
(lib.head nodes.server.networking.interfaces.eth1."${version}".addresses).address
];
};
in
nixos-lib.runTest {
hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
name = "dns";
node = {
specialArgs = {inherit pkgsUnstable vhackPackages nixpkgs-unstable nixLib;};
# Use the nixpkgs as constructed by the `nixpkgs.*` options
pkgs = null;
};
nodes = {
server = {
config,
lib,
...
}: {
imports =
extraModules
++ [
../../../../modules
common
];
vhack = {
dns = {
enable = true;
interfaces = lib.debug.traceValSeqN 2 [
(lib.head config.networking.interfaces.eth1.ipv4.addresses).address
(lib.head config.networking.interfaces.eth1.ipv6.addresses).address
];
zones = {
"example.com" = {
SOA = {
nameServer = "ns";
adminEmail = "admin@example.com";
serial = 2024012301;
};
useOrigin = false;
NS = [
"ns.example.com."
];
subdomains = {
ns = {
A = ["192.168.1.3"];
};
ipv4 = {
A = ["1.2.3.4"];
};
ipv6 = {
AAAA = ["dead:beef::1"];
};
openpgpkey = {
TXT = ["Hi!"];
};
};
};
};
};
};
};
clientV4 = mkClient "ipv4";
clientV6 = mkClient "ipv6";
};
testScript = {nodes, ...}:
/*
python
*/
''
start_all()
clientV4.wait_for_unit("network.target")
clientV6.wait_for_unit("network.target")
server.wait_for_unit("nsd.service")
def assert_host(ipVersion, dnsRecordType, dnsQuery, expected):
self = clientV4 if ipVersion == 4 else clientV6
out = self.succeed(f"host -{ipVersion} -t {dnsRecordType} {dnsQuery}").rstrip()
self.log(f"output: {out}")
import re
assert re.search(expected, out), f"DNS IPv{ipVersion} dnsQuery on {dnsQuery} gave '{out}' instead of '{expected}'"
for ipv in 4, 6:
with subtest(f"IPv{ipv}"):
assert_host(ipv, "a", "example.com", "has no [^ ]+ record")
assert_host(ipv, "aaaa", "example.com", "has no [^ ]+ record")
assert_host(ipv, "soa", "example.com", "SOA.*?admin\\.example\\.com")
assert_host(ipv, "a", "ipv4.example.com", "address 1.2.3.4$")
assert_host(ipv, "aaaa", "ipv6.example.com", "address dead:beef::1$")
assert_host(ipv, "txt", "openpgpkey.example.com", "descriptive text \"Hi!\"$")
'';
}
|
