morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

resolve: cleanups for validating query flags and fix resolving service with record type filter (#36398)

Browse Source 
Follow-up for 81ae2237c1.
Fixes
https://github.com/systemd/systemd/pull/36353#issuecomment-2659558382.
This commit is contained in:
Lennart Poettering
2025-02-20 17:31:19 +01:00
committed by GitHub
parent 4d65c9f70c 7ffa9dc616
commit 6828cc112a
5 changed files with 155 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
test/units/TEST-75-RESOLVED.sh
View File

@@ -551,6 +551,7 @@ testcase_08_resolved() {
# Check SRV support
run resolvectl service _mysvc._tcp signed.test
grep -qF "myservice.signed.test:1234" "$RUN_OUT"
grep -qF "This is TXT for myservice" "$RUN_OUT"
grep -qF "10.0.0.20" "$RUN_OUT"
grep -qF "fd00:dead:beef:cafe::17" "$RUN_OUT"
grep -qF "authenticated: yes" "$RUN_OUT"
@@ -850,7 +851,6 @@ testcase_11_nft() {
echo "[Resolve]"
echo "StaleRetentionSec=1d"
} >/run/systemd/resolved.conf.d/test.conf
ln -svf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl reload systemd-resolved.service
run dig stale1.unsigned.test -t A
@@ -943,6 +943,7 @@ testcase_12_resolvectl2() {
cleanup() {
rm -f /run/systemd/resolved.conf.d/reload.conf
systemctl reload systemd-resolved.service
resolvectl revert dns0
}
trap cleanup RETURN
@@ -1024,6 +1025,7 @@ testcase_13_varlink_subscribe_dns_configuration() {
echo "=========="
rm -f /run/systemd/resolved.conf.d/global-dns.conf
restart_resolved
resolvectl revert dns0
}
trap cleanup RETURN ERR
@@ -1096,10 +1098,6 @@ testcase_14_refuse_record_types() {
# shellcheck disable=SC2317
cleanup() {
rm -f /run/systemd/resolved.conf.d/refuserecords.conf
if [[ -e /etc/resolv.conf.bak ]]; then
rm -f /etc/resolv.conf
mv /etc/resolv.conf.bak /etc/resolv.conf
fi
restart_resolved
}
trap cleanup RETURN ERR
@@ -1109,11 +1107,8 @@ testcase_14_refuse_record_types() {
echo "[Resolve]"
echo "RefuseRecordTypes=AAAA SRV TXT"
} >/run/systemd/resolved.conf.d/refuserecords.conf
if [[ -e /etc/resolv.conf ]]; then
mv /etc/resolv.conf /etc/resolv.conf.bak
fi
ln -svf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl reload systemd-resolved.service
run dig localhost -t AAAA
grep -qF "status: REFUSED" "$RUN_OUT"
@@ -1141,6 +1136,10 @@ testcase_14_refuse_record_types() {
run resolvectl query localhost5 --type=A
grep -qF "127.128.0.5" "$RUN_OUT"
(! run resolvectl service _mysvc._tcp signed.test)
(! run varlinkctl call /run/systemd/resolve/io.systemd.Resolve io.systemd.Resolve.ResolveService '{"name":"","type":"_mysvc._tcp","domain":"signed.test"}')
# Filter only AAAA
{
echo "[Resolve]"
echo "RefuseRecordTypes=AAAA"
@@ -1164,6 +1163,74 @@ testcase_14_refuse_record_types() {
(! run resolvectl query localhost5 --type=AAAA)
grep -qF "DNS query type refused." "$RUN_OUT"
run resolvectl service _mysvc._tcp signed.test
grep -qF "myservice.signed.test:1234" "$RUN_OUT"
grep -qF "This is TXT for myservice" "$RUN_OUT"
grep -qF "10.0.0.20" "$RUN_OUT"
(! grep -qF "fd00:dead:beef:cafe::17" "$RUN_OUT")
grep -qF "authenticated: yes" "$RUN_OUT"
run varlinkctl call /run/systemd/resolve/io.systemd.Resolve io.systemd.Resolve.ResolveService '{"name":"","type":"_mysvc._tcp","domain":"signed.test"}'
grep -qF '"services":[{"priority":10,"weight":5,"port":1234,"hostname":"myservice.signed.test","canonicalName":"myservice.signed.test"' "$RUN_OUT"
grep -qF '"addresses":[{"ifindex":' "$RUN_OUT"
grep -qF '"family":2,"address":[10,0,0,20]' "$RUN_OUT"
(! grep -qF '"family":10,"address":[253,0,222,173,190,239,202,254,0,0,0,0,0,0,0,23]' "$RUN_OUT")
grep -qF '"txt":["This is TXT for myservice"]' "$RUN_OUT"
grep -qF '"canonical":{"name":null,"type":"_mysvc._tcp","domain":"signed.test"}' "$RUN_OUT"
# Filter both A and AAAA
{
echo "[Resolve]"
echo "RefuseRecordTypes=A AAAA"
} >/run/systemd/resolved.conf.d/refuserecords.conf
systemctl reload systemd-resolved.service
run resolvectl service _mysvc._tcp signed.test
grep -qF "myservice.signed.test:1234" "$RUN_OUT"
grep -qF "This is TXT for myservice" "$RUN_OUT"
(! grep -qF "10.0.0.20" "$RUN_OUT")
(! grep -qF "fd00:dead:beef:cafe::17" "$RUN_OUT")
grep -qF "authenticated: yes" "$RUN_OUT"
run varlinkctl call /run/systemd/resolve/io.systemd.Resolve io.systemd.Resolve.ResolveService '{"name":"","type":"_mysvc._tcp","domain":"signed.test"}'
grep -qF '"services":[{"priority":10,"weight":5,"port":1234,"hostname":"myservice.signed.test"}]' "$RUN_OUT"
(! grep -qF '"addresses":[{"ifindex":' "$RUN_OUT")
(! grep -qF '"family":2,"address":[10,0,0,20]' "$RUN_OUT")
(! grep -qF '"family":10,"address":[253,0,222,173,190,239,202,254,0,0,0,0,0,0,0,23]' "$RUN_OUT")
grep -qF '"txt":["This is TXT for myservice"]' "$RUN_OUT"
grep -qF '"canonical":{"name":null,"type":"_mysvc._tcp","domain":"signed.test"}' "$RUN_OUT"
# Filter AAAA and TXT
{
echo "[Resolve]"
echo "RefuseRecordTypes=AAAA TXT"
} >/run/systemd/resolved.conf.d/refuserecords.conf
systemctl reload systemd-resolved.service
run resolvectl service _mysvc._tcp signed.test
grep -qF "myservice.signed.test:1234" "$RUN_OUT"
grep -qF "10.0.0.20" "$RUN_OUT"
(! grep -qF "fd00:dead:beef:cafe::17" "$RUN_OUT")
grep -qF "authenticated: yes" "$RUN_OUT"
run varlinkctl call /run/systemd/resolve/io.systemd.Resolve io.systemd.Resolve.ResolveService '{"name":"","type":"_mysvc._tcp","domain":"signed.test"}'
grep -qF '"services":[{"priority":10,"weight":5,"port":1234,"hostname":"myservice.signed.test","canonicalName":"myservice.signed.test"' "$RUN_OUT"
grep -qF '"addresses":[{"ifindex":' "$RUN_OUT"
grep -qF '"family":2,"address":[10,0,0,20]' "$RUN_OUT"
(! grep -qF '"family":10,"address":[253,0,222,173,190,239,202,254,0,0,0,0,0,0,0,23]' "$RUN_OUT")
(! grep -qF '"txt":["This is TXT for myservice"]' "$RUN_OUT")
grep -qF '"canonical":{"name":null,"type":"_mysvc._tcp","domain":"signed.test"}' "$RUN_OUT"
# Filter SRV
{
echo "[Resolve]"
echo "RefuseRecordTypes=SRV"
} >/run/systemd/resolved.conf.d/refuserecords.conf
systemctl reload systemd-resolved.service
(! run resolvectl service _mysvc._tcp signed.test)
(! run varlinkctl call /run/systemd/resolve/io.systemd.Resolve io.systemd.Resolve.ResolveService '{"name":"","type":"_mysvc._tcp","domain":"signed.test"}')
}
# PRE-SETUP