TrueCloudLab/coredns
16
0
Fork 2
Code Issues Pull requests 4 Projects Releases Packages Wiki Activity Actions
coredns/plugin/cache/cache_test.go
Grant Spence 997c7f9539
plugin/cache: key cache on Checking Disabled (CD) bit (#6354) 
* plugin/cache: key cache on Checking Disabled (CD) bit

Key the cache on CD bit, which effectively separates the entries for
queries with CD disabled or enabled.

Signed-off-by: Grant Spence <gspence@redhat.com>
2023-11-10 10:00:47 -05:00

901 lines
26 KiB
Go
Raw Permalink Blame History

package cache
import (
"context"
"fmt"
"testing"
"time"
"github.com/coredns/coredns/plugin"
"github.com/coredns/coredns/plugin/metadata"
"github.com/coredns/coredns/plugin/pkg/dnstest"
"github.com/coredns/coredns/plugin/pkg/response"
"github.com/coredns/coredns/plugin/test"
"github.com/coredns/coredns/request"
"github.com/miekg/dns"
)
func cacheMsg(m *dns.Msg, tc test.Case) *dns.Msg {
m.RecursionAvailable = tc.RecursionAvailable
m.AuthenticatedData = tc.AuthenticatedData
m.CheckingDisabled = tc.CheckingDisabled
m.Authoritative = tc.Authoritative
m.Rcode = tc.Rcode
m.Truncated = tc.Truncated
m.Answer = tc.Answer
m.Ns = tc.Ns
// m.Extra = tc.in.Extra don't copy Extra, because we don't care and fake EDNS0 DO with tc.Do.
return m
}
func newTestCache(ttl time.Duration) (*Cache, *ResponseWriter) {
c := New()
c.pttl = ttl
c.nttl = ttl
crr := &ResponseWriter{ResponseWriter: nil, Cache: c}
crr.nexcept = []string{"neg-disabled.example.org."}
crr.pexcept = []string{"pos-disabled.example.org."}
return c, crr
}
// TestCacheInsertion verifies the insertion of items to the cache.
func TestCacheInsertion(t *testing.T) {
cacheTestCases := []struct {
name string
out test.Case // the expected message coming "out" of cache
in test.Case // the test message going "in" to cache
shouldCache bool
}{
{
name: "test ad bit cache",
out: test.Case{
Qname: "miek.nl.", Qtype: dns.TypeMX,
Answer: []dns.RR{
test.MX("miek.nl. 3600 IN MX 1 aspmx.l.google.com."),
test.MX("miek.nl. 3600 IN MX 10 aspmx2.googlemail.com."),
},
RecursionAvailable: true,
AuthenticatedData: true,
},
in: test.Case{
Qname: "miek.nl.", Qtype: dns.TypeMX,
Answer: []dns.RR{
test.MX("miek.nl. 3601 IN MX 1 aspmx.l.google.com."),
test.MX("miek.nl. 3601 IN MX 10 aspmx2.googlemail.com."),
},
RecursionAvailable: true,
AuthenticatedData: true,
},
shouldCache: true,
},
{
name: "test case sensitivity cache",
out: test.Case{
Qname: "miek.nl.", Qtype: dns.TypeMX,
Answer: []dns.RR{
test.MX("miek.nl. 3600 IN MX 1 aspmx.l.google.com."),
test.MX("miek.nl. 3600 IN MX 10 aspmx2.googlemail.com."),
},
RecursionAvailable: true,
AuthenticatedData: true,
},
in: test.Case{
Qname: "mIEK.nL.", Qtype: dns.TypeMX,
Answer: []dns.RR{
test.MX("miek.nl. 3601 IN MX 1 aspmx.l.google.com."),
test.MX("miek.nl. 3601 IN MX 10 aspmx2.googlemail.com."),
},
RecursionAvailable: true,
AuthenticatedData: true,
},
shouldCache: true,
},
{
name: "test truncated responses shouldn't cache",
in: test.Case{
Qname: "miek.nl.", Qtype: dns.TypeMX,
Answer: []dns.RR{test.MX("miek.nl. 1800 IN MX 1 aspmx.l.google.com.")},
Truncated: true,
},
shouldCache: false,
},
{
name: "test dns.RcodeNameError cache",
out: test.Case{
Rcode: dns.RcodeNameError,
Qname: "example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{
test.SOA("example.org. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2016082540 7200 3600 1209600 3600"),
},
RecursionAvailable: true,
},
in: test.Case{
Rcode: dns.RcodeNameError,
Qname: "example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{
test.SOA("example.org. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2016082540 7200 3600 1209600 3600"),
},
RecursionAvailable: true,
},
shouldCache: true,
},
{
name: "test dns.RcodeServerFailure cache",
out: test.Case{
Rcode: dns.RcodeServerFailure,
Qname: "example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{},
RecursionAvailable: true,
},
in: test.Case{
Rcode: dns.RcodeServerFailure,
Qname: "example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{},
RecursionAvailable: true,
},
shouldCache: true,
},
{
name: "test dns.RcodeNotImplemented cache",
out: test.Case{
Rcode: dns.RcodeNotImplemented,
Qname: "example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{},
RecursionAvailable: true,
},
in: test.Case{
Rcode: dns.RcodeNotImplemented,
Qname: "example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{},
RecursionAvailable: true,
},
shouldCache: true,
},
{
name: "test expired RRSIG doesn't cache",
in: test.Case{
Qname: "miek.nl.", Qtype: dns.TypeMX,
Do: true,
Answer: []dns.RR{
test.MX("miek.nl. 3600 IN MX 1 aspmx.l.google.com."),
test.MX("miek.nl. 3600 IN MX 10 aspmx2.googlemail.com."),
test.RRSIG("miek.nl. 1800 IN RRSIG MX 8 2 1800 20160521031301 20160421031301 12051 miek.nl. lAaEzB5teQLLKyDenatmyhca7blLRg9DoGNrhe3NReBZN5C5/pMQk8Jc u25hv2fW23/SLm5IC2zaDpp2Fzgm6Jf7e90/yLcwQPuE7JjS55WMF+HE LEh7Z6AEb+Iq4BWmNhUz6gPxD4d9eRMs7EAzk13o1NYi5/JhfL6IlaYy qkc="),
},
RecursionAvailable: true,
},
shouldCache: false,
},
{
name: "test DO bit with RRSIG not expired cache",
out: test.Case{
Qname: "example.org.", Qtype: dns.TypeMX,
Do: true,
Answer: []dns.RR{
test.MX("example.org. 3600 IN MX 1 aspmx.l.google.com."),
test.MX("example.org. 3600 IN MX 10 aspmx2.googlemail.com."),
test.RRSIG("example.org. 3600 IN RRSIG MX 8 2 1800 20170521031301 20170421031301 12051 miek.nl. lAaEzB5teQLLKyDenatmyhca7blLRg9DoGNrhe3NReBZN5C5/pMQk8Jc u25hv2fW23/SLm5IC2zaDpp2Fzgm6Jf7e90/yLcwQPuE7JjS55WMF+HE LEh7Z6AEb+Iq4BWmNhUz6gPxD4d9eRMs7EAzk13o1NYi5/JhfL6IlaYy qkc="),
},
RecursionAvailable: true,
},
in: test.Case{
Qname: "example.org.", Qtype: dns.TypeMX,
Do: true,
Answer: []dns.RR{
test.MX("example.org. 3600 IN MX 1 aspmx.l.google.com."),
test.MX("example.org. 3600 IN MX 10 aspmx2.googlemail.com."),
test.RRSIG("example.org. 1800 IN RRSIG MX 8 2 1800 20170521031301 20170421031301 12051 miek.nl. lAaEzB5teQLLKyDenatmyhca7blLRg9DoGNrhe3NReBZN5C5/pMQk8Jc u25hv2fW23/SLm5IC2zaDpp2Fzgm6Jf7e90/yLcwQPuE7JjS55WMF+HE LEh7Z6AEb+Iq4BWmNhUz6gPxD4d9eRMs7EAzk13o1NYi5/JhfL6IlaYy qkc="),
},
RecursionAvailable: true,
},
shouldCache: true,
},
{
name: "test CD bit cache",
out: test.Case{
Rcode: dns.RcodeSuccess,
Qname: "dnssec-failed.org.",
Qtype: dns.TypeA,
Answer: []dns.RR{
test.A("dnssec-failed.org. 3600 IN A 127.0.0.1"),
},
CheckingDisabled: true,
},
in: test.Case{
Rcode: dns.RcodeSuccess,
Qname: "dnssec-failed.org.",
Answer: []dns.RR{
test.A("dnssec-failed.org. 3600 IN A 127.0.0.1"),
},
Qtype: dns.TypeA,
CheckingDisabled: true,
},
shouldCache: true,
},
{
name: "test negative zone exception shouldn't cache",
in: test.Case{
Rcode: dns.RcodeNameError,
Qname: "neg-disabled.example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{
test.SOA("example.org. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2016082540 7200 3600 1209600 3600"),
},
},
shouldCache: false,
},
{
name: "test positive zone exception shouldn't cache",
in: test.Case{
Rcode: dns.RcodeSuccess,
Qname: "pos-disabled.example.org.", Qtype: dns.TypeA,
Answer: []dns.RR{
test.A("pos-disabled.example.org. 3600 IN A 127.0.0.1"),
},
},
shouldCache: false,
},
{
name: "test positive zone exception with negative answer cache",
in: test.Case{
Rcode: dns.RcodeNameError,
Qname: "pos-disabled.example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{
test.SOA("example.org. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2016082540 7200 3600 1209600 3600"),
},
},
out: test.Case{
Rcode: dns.RcodeNameError,
Qname: "pos-disabled.example.org.", Qtype: dns.TypeA,
Ns: []dns.RR{
test.SOA("example.org. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2016082540 7200 3600 1209600 3600"),
},
},
shouldCache: true,
},
{
name: "test negative zone exception with positive answer cache",
in: test.Case{
Rcode: dns.RcodeSuccess,
Qname: "neg-disabled.example.org.", Qtype: dns.TypeA,
Answer: []dns.RR{
test.A("neg-disabled.example.org. 3600 IN A 127.0.0.1"),
},
},
out: test.Case{
Rcode: dns.RcodeSuccess,
Qname: "neg-disabled.example.org.", Qtype: dns.TypeA,
Answer: []dns.RR{
test.A("neg-disabled.example.org. 3600 IN A 127.0.0.1"),
},
},
shouldCache: true,
},
}
now, _ := time.Parse(time.UnixDate, "Fri Apr 21 10:51:21 BST 2017")
utc := now.UTC()
for _, tc := range cacheTestCases {
t.Run(tc.name, func(t *testing.T) {
// Create a new cache every time to prevent accidental comparison with a previous item.
c, crr := newTestCache(maxTTL)
m := tc.in.Msg()
m = cacheMsg(m, tc.in)
state := request.Request{W: &test.ResponseWriter{}, Req: m}
mt, _ := response.Typify(m, utc)
valid, k := key(state.Name(), m, mt, state.Do(), state.Req.CheckingDisabled)
if valid {
// Insert cache entry
crr.set(m, k, mt, c.pttl)
}
// Attempt to retrieve cache entry
i := c.getIgnoreTTL(time.Now().UTC(), state, "dns://:53")
found := i != nil
if !tc.shouldCache && found {
t.Fatalf("Cached message that should not have been cached: %s", state.Name())
}
if tc.shouldCache && !found {
t.Fatalf("Did not cache message that should have been cached: %s", state.Name())
}
if found {
resp := i.toMsg(m, time.Now().UTC(), state.Do(), m.AuthenticatedData)
// TODO: If we incorporate these individual checks into the
// test.Header function, we can eliminate them from here.
// Cache entries are always Authoritative.
if resp.Authoritative != true {
t.Error("Expected Authoritative Answer bit to be true, but was false")
}
if resp.AuthenticatedData != tc.out.AuthenticatedData {
t.Errorf("Expected Authenticated Data bit to be %t, but got %t", tc.out.AuthenticatedData, resp.AuthenticatedData)
}
if resp.RecursionAvailable != tc.out.RecursionAvailable {
t.Errorf("Expected Recursion Available bit to be %t, but got %t", tc.out.RecursionAvailable, resp.RecursionAvailable)
}
if resp.CheckingDisabled != tc.out.CheckingDisabled {
t.Errorf("Expected Checking Disabled bit to be %t, but got %t", tc.out.CheckingDisabled, resp.CheckingDisabled)
}
if err := test.Header(tc.out, resp); err != nil {
t.Logf("Cache %v", resp)
t.Error(err)
}
if err := test.Section(tc.out, test.Answer, resp.Answer); err != nil {
t.Logf("Cache %v -- %v", test.Answer, resp.Answer)
t.Error(err)
}
if err := test.Section(tc.out, test.Ns, resp.Ns); err != nil {
t.Error(err)
}
if err := test.Section(tc.out, test.Extra, resp.Extra); err != nil {
t.Error(err)
}
}
})
}
}
func TestCacheZeroTTL(t *testing.T) {
c := New()
c.minpttl = 0
c.minnttl = 0
c.Next = ttlBackend(0)
req := new(dns.Msg)
req.SetQuestion("example.org.", dns.TypeA)
ctx := context.TODO()
c.ServeDNS(ctx, &test.ResponseWriter{}, req)
if c.pcache.Len() != 0 {
t.Errorf("Msg with 0 TTL should not have been cached")
}
if c.ncache.Len() != 0 {
t.Errorf("Msg with 0 TTL should not have been cached")
}
}
func TestCacheServfailTTL0(t *testing.T) {
c := New()
c.minpttl = minTTL
c.minnttl = minNTTL
c.failttl = 0
c.Next = servFailBackend(0)
req := new(dns.Msg)
req.SetQuestion("example.org.", dns.TypeA)
ctx := context.TODO()
c.ServeDNS(ctx, &test.ResponseWriter{}, req)
if c.ncache.Len() != 0 {
t.Errorf("SERVFAIL response should not have been cached")
}
}
func TestServeFromStaleCache(t *testing.T) {
c := New()
c.Next = ttlBackend(60)
req := new(dns.Msg)
req.SetQuestion("cached.org.", dns.TypeA)
ctx := context.TODO()
// Cache cached.org. with 60s TTL
rec := dnstest.NewRecorder(&test.ResponseWriter{})
c.staleUpTo = 1 * time.Hour
c.ServeDNS(ctx, rec, req)
if c.pcache.Len() != 1 {
t.Fatalf("Msg with > 0 TTL should have been cached")
}
// No more backend resolutions, just from cache if available.
c.Next = plugin.HandlerFunc(func(context.Context, dns.ResponseWriter, *dns.Msg) (int, error) {
return 255, nil // Below, a 255 means we tried querying upstream.
})
tests := []struct {
name string
futureMinutes int
expectedResult int
}{
{"cached.org.", 30, 0},
{"cached.org.", 60, 0},
{"cached.org.", 70, 255},
{"notcached.org.", 30, 255},
{"notcached.org.", 60, 255},
{"notcached.org.", 70, 255},
}
for i, tt := range tests {
rec := dnstest.NewRecorder(&test.ResponseWriter{})
c.now = func() time.Time { return time.Now().Add(time.Duration(tt.futureMinutes) * time.Minute) }
r := req.Copy()
r.SetQuestion(tt.name, dns.TypeA)
if ret, _ := c.ServeDNS(ctx, rec, r); ret != tt.expectedResult {
t.Errorf("Test %d: expecting %v; got %v", i, tt.expectedResult, ret)
}
}
}
func TestServeFromStaleCacheFetchVerify(t *testing.T) {
c := New()
c.Next = ttlBackend(120)
req := new(dns.Msg)
req.SetQuestion("cached.org.", dns.TypeA)
ctx := context.TODO()
// Cache cached.org. with 120s TTL
rec := dnstest.NewRecorder(&test.ResponseWriter{})
c.staleUpTo = 1 * time.Hour
c.verifyStale = true
c.ServeDNS(ctx, rec, req)
if c.pcache.Len() != 1 {
t.Fatalf("Msg with > 0 TTL should have been cached")
}
tests := []struct {
name string
upstreamRCode int
upstreamTtl int
futureMinutes int
expectedRCode int
expectedTtl int
}{
// After 1 minutes of initial TTL, we should see a cached response
{"cached.org.", dns.RcodeSuccess, 200, 1, dns.RcodeSuccess, 60}, // ttl = 120 - 60 -- not refreshed
// After the 2 more minutes, we should see upstream responses because upstream is available
{"cached.org.", dns.RcodeSuccess, 200, 3, dns.RcodeSuccess, 200},
// After the TTL expired, if the server fails we should get the cached entry
{"cached.org.", dns.RcodeServerFailure, 200, 7, dns.RcodeSuccess, 0},
// After 1 more minutes, if the server serves nxdomain we should see them (despite being within the serve stale period)
{"cached.org.", dns.RcodeNameError, 150, 8, dns.RcodeNameError, 150},
}
for i, tt := range tests {
rec := dnstest.NewRecorder(&test.ResponseWriter{})
c.now = func() time.Time { return time.Now().Add(time.Duration(tt.futureMinutes) * time.Minute) }
if tt.upstreamRCode == dns.RcodeSuccess {
c.Next = ttlBackend(tt.upstreamTtl)
} else if tt.upstreamRCode == dns.RcodeServerFailure {
// Make upstream fail, should now rely on cache during the c.staleUpTo period
c.Next = servFailBackend(tt.upstreamTtl)
} else if tt.upstreamRCode == dns.RcodeNameError {
c.Next = nxDomainBackend(tt.upstreamTtl)
} else {
t.Fatal("upstream code not implemented")
}
r := req.Copy()
r.SetQuestion(tt.name, dns.TypeA)
ret, _ := c.ServeDNS(ctx, rec, r)
if ret != tt.expectedRCode {
t.Errorf("Test %d: expected rcode=%v, got rcode=%v", i, tt.expectedRCode, ret)
continue
}
if ret == dns.RcodeSuccess {
recTtl := rec.Msg.Answer[0].Header().Ttl
if tt.expectedTtl != int(recTtl) {
t.Errorf("Test %d: expected TTL=%d, got TTL=%d", i, tt.expectedTtl, recTtl)
}
} else if ret == dns.RcodeNameError {
soaTtl := rec.Msg.Ns[0].Header().Ttl
if tt.expectedTtl != int(soaTtl) {
t.Errorf("Test %d: expected TTL=%d, got TTL=%d", i, tt.expectedTtl, soaTtl)
}
}
}
}
func TestNegativeStaleMaskingPositiveCache(t *testing.T) {
c := New()
c.staleUpTo = time.Minute * 10
c.Next = nxDomainBackend(60)
req := new(dns.Msg)
qname := "cached.org."
req.SetQuestion(qname, dns.TypeA)
ctx := context.TODO()
// Add an entry to Negative Cache": cached.org. = NXDOMAIN
expectedResult := dns.RcodeNameError
if ret, _ := c.ServeDNS(ctx, &test.ResponseWriter{}, req); ret != expectedResult {
t.Errorf("Test 0 Negative Cache Population: expecting %v; got %v", expectedResult, ret)
}
// Confirm item was added to negative cache and not to positive cache
if c.ncache.Len() == 0 {
t.Errorf("Test 0 Negative Cache Population: item not added to negative cache")
}
if c.pcache.Len() != 0 {
t.Errorf("Test 0 Negative Cache Population: item added to positive cache")
}
// Set the Backend to return non-cachable errors only
c.Next = plugin.HandlerFunc(func(context.Context, dns.ResponseWriter, *dns.Msg) (int, error) {
return 255, nil // Below, a 255 means we tried querying upstream.
})
// Confirm we get the NXDOMAIN from the negative cache, not the error form the backend
rec := dnstest.NewRecorder(&test.ResponseWriter{})
req = new(dns.Msg)
req.SetQuestion(qname, dns.TypeA)
expectedResult = dns.RcodeNameError
if c.ServeDNS(ctx, rec, req); rec.Rcode != expectedResult {
t.Errorf("Test 1 NXDOMAIN from Negative Cache: expecting %v; got %v", expectedResult, rec.Rcode)
}
// Jump into the future beyond when the negative cache item would go stale
// but before the item goes rotten (exceeds serve stale time)
c.now = func() time.Time { return time.Now().Add(time.Duration(5) * time.Minute) }
// Set Backend to return a positive NOERROR + A record response
c.Next = BackendHandler()
// Make a query for the stale cache item
rec = dnstest.NewRecorder(&test.ResponseWriter{})
req = new(dns.Msg)
req.SetQuestion(qname, dns.TypeA)
expectedResult = dns.RcodeNameError
if c.ServeDNS(ctx, rec, req); rec.Rcode != expectedResult {
t.Errorf("Test 2 NOERROR from Backend: expecting %v; got %v", expectedResult, rec.Rcode)
}
// Confirm that prefetch removes the negative cache item.
waitFor := 3
for i := 1; i <= waitFor; i++ {
if c.ncache.Len() != 0 {
if i == waitFor {
t.Errorf("Test 2 NOERROR from Backend: item still exists in negative cache")
}
time.Sleep(time.Second)
continue
}
}
// Confirm that positive cache has the item
if c.pcache.Len() != 1 {
t.Errorf("Test 2 NOERROR from Backend: item missing from positive cache")
}
// Backend - Give error only
c.Next = plugin.HandlerFunc(func(context.Context, dns.ResponseWriter, *dns.Msg) (int, error) {
return 255, nil // Below, a 255 means we tried querying upstream.
})
// Query again, expect that positive cache entry is not masked by a negative cache entry
rec = dnstest.NewRecorder(&test.ResponseWriter{})
req = new(dns.Msg)
req.SetQuestion(qname, dns.TypeA)
expectedResult = dns.RcodeSuccess
if ret, _ := c.ServeDNS(ctx, rec, req); ret != expectedResult {
t.Errorf("Test 3 NOERROR from Cache: expecting %v; got %v", expectedResult, ret)
}
}
func BenchmarkCacheResponse(b *testing.B) {
c := New()
c.prefetch = 1
c.Next = BackendHandler()
ctx := context.TODO()
reqs := make([]*dns.Msg, 5)
for i, q := range []string{"example1", "example2", "a", "b", "ddd"} {
reqs[i] = new(dns.Msg)
reqs[i].SetQuestion(q+".example.org.", dns.TypeA)
}
b.StartTimer()
j := 0
for i := 0; i < b.N; i++ {
req := reqs[j]
c.ServeDNS(ctx, &test.ResponseWriter{}, req)
j = (j + 1) % 5
}
}
func BackendHandler() plugin.Handler {
return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
m := new(dns.Msg)
m.SetReply(r)
m.Response = true
m.RecursionAvailable = true
owner := m.Question[0].Name
m.Answer = []dns.RR{test.A(owner + " 303 IN A 127.0.0.53")}
w.WriteMsg(m)
return dns.RcodeSuccess, nil
})
}
func nxDomainBackend(ttl int) plugin.Handler {
return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
m := new(dns.Msg)
m.SetReply(r)
m.Response, m.RecursionAvailable = true, true
m.Ns = []dns.RR{test.SOA(fmt.Sprintf("example.org. %d IN SOA sns.dns.icann.org. noc.dns.icann.org. 2016082540 7200 3600 1209600 3600", ttl))}
m.MsgHdr.Rcode = dns.RcodeNameError
w.WriteMsg(m)
return dns.RcodeNameError, nil
})
}
func ttlBackend(ttl int) plugin.Handler {
return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
m := new(dns.Msg)
m.SetReply(r)
m.Response, m.RecursionAvailable = true, true
m.Answer = []dns.RR{test.A(fmt.Sprintf("example.org. %d IN A 127.0.0.53", ttl))}
w.WriteMsg(m)
return dns.RcodeSuccess, nil
})
}
func servFailBackend(ttl int) plugin.Handler {
return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
m := new(dns.Msg)
m.SetReply(r)
m.Response, m.RecursionAvailable = true, true
m.Ns = []dns.RR{test.SOA(fmt.Sprintf("example.org. %d IN SOA sns.dns.icann.org. noc.dns.icann.org. 2016082540 7200 3600 1209600 3600", ttl))}
m.MsgHdr.Rcode = dns.RcodeServerFailure
w.WriteMsg(m)
return dns.RcodeServerFailure, nil
})
}
func TestComputeTTL(t *testing.T) {
tests := []struct {
msgTTL time.Duration
minTTL time.Duration
maxTTL time.Duration
expectedTTL time.Duration
}{
{1800 * time.Second, 300 * time.Second, 3600 * time.Second, 1800 * time.Second},
{299 * time.Second, 300 * time.Second, 3600 * time.Second, 300 * time.Second},
{299 * time.Second, 0 * time.Second, 3600 * time.Second, 299 * time.Second},
{3601 * time.Second, 300 * time.Second, 3600 * time.Second, 3600 * time.Second},
}
for i, test := range tests {
ttl := computeTTL(test.msgTTL, test.minTTL, test.maxTTL)
if ttl != test.expectedTTL {
t.Errorf("Test %v: Expected ttl %v but found: %v", i, test.expectedTTL, ttl)
}
}
}
func TestCacheWildcardMetadata(t *testing.T) {
c := New()
qname := "foo.bar.example.org."
wildcard := "*.bar.example.org."
c.Next = wildcardMetadataBackend(qname, wildcard)
req := new(dns.Msg)
req.SetQuestion(qname, dns.TypeA)
state := request.Request{W: &test.ResponseWriter{}, Req: req}
// 1. Test writing wildcard metadata retrieved from backend to the cache
ctx := metadata.ContextWithMetadata(context.TODO())
w := dnstest.NewRecorder(&test.ResponseWriter{})
c.ServeDNS(ctx, w, req)
if c.pcache.Len() != 1 {
t.Errorf("Msg should have been cached")
}
_, k := key(qname, w.Msg, response.NoError, state.Do(), state.Req.CheckingDisabled)
i, _ := c.pcache.Get(k)
if i.(*item).wildcard != wildcard {
t.Errorf("expected wildcard response to enter cache with cache item's wildcard = %q, got %q", wildcard, i.(*item).wildcard)
}
// 2. Test retrieving the cached item from cache and writing its wildcard value to metadata
// reset context and response writer
ctx = metadata.ContextWithMetadata(context.TODO())
w = dnstest.NewRecorder(&test.ResponseWriter{})
c.ServeDNS(ctx, w, req)
f := metadata.ValueFunc(ctx, "zone/wildcard")
if f == nil {
t.Fatal("expected metadata func for wildcard response retrieved from cache, got nil")
}
if f() != wildcard {
t.Errorf("after retrieving wildcard item from cache, expected \"zone/wildcard\" metadata value to be %q, got %q", wildcard, i.(*item).wildcard)
}
}
func TestCacheKeepTTL(t *testing.T) {
defaultTtl := 60
c := New()
c.Next = ttlBackend(defaultTtl)
req := new(dns.Msg)
req.SetQuestion("cached.org.", dns.TypeA)
ctx := context.TODO()
// Cache cached.org. with 60s TTL
rec := dnstest.NewRecorder(&test.ResponseWriter{})
c.keepttl = true
c.ServeDNS(ctx, rec, req)
tests := []struct {
name string
futureSeconds int
}{
{"cached.org.", 0},
{"cached.org.", 30},
{"uncached.org.", 60},
}
for i, tt := range tests {
rec := dnstest.NewRecorder(&test.ResponseWriter{})
c.now = func() time.Time { return time.Now().Add(time.Duration(tt.futureSeconds) * time.Second) }
r := req.Copy()
r.SetQuestion(tt.name, dns.TypeA)
c.ServeDNS(ctx, rec, r)
recTtl := rec.Msg.Answer[0].Header().Ttl
if defaultTtl != int(recTtl) {
t.Errorf("Test %d: expecting TTL=%d, got TTL=%d", i, defaultTtl, recTtl)
}
}
}
// TestCacheSeparation verifies whether the cache maintains separation for specific DNS query types and options.
func TestCacheSeparation(t *testing.T) {
now, _ := time.Parse(time.UnixDate, "Fri Apr 21 10:51:21 BST 2017")
utc := now.UTC()
testCases := []struct {
name string
initial test.Case
query test.Case
expectCached bool // if a cache entry should be found before inserting
}{
{
name: "query type should be unique",
initial: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
},
query: test.Case{
Qname: "example.org.",
Qtype: dns.TypeAAAA,
},
},
{
name: "DO bit should be unique",
initial: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
},
query: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
Do: true,
},
},
{
name: "CD bit should be unique",
initial: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
},
query: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
CheckingDisabled: true,
},
},
{
name: "CD bit and DO bit should be unique",
initial: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
},
query: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
CheckingDisabled: true,
Do: true,
},
},
{
name: "CD bit, DO bit, and query type should be unique",
initial: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
},
query: test.Case{
Qname: "example.org.",
Qtype: dns.TypeMX,
CheckingDisabled: true,
Do: true,
},
},
{
name: "authoritative answer bit should NOT be unique",
initial: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
},
query: test.Case{
Qname: "example.org.",
Qtype: dns.TypeA,
Authoritative: true,
},
expectCached: true,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
c := New()
crr := &ResponseWriter{ResponseWriter: nil, Cache: c}
// Insert initial cache entry
m := tc.initial.Msg()
m = cacheMsg(m, tc.initial)
state := request.Request{W: &test.ResponseWriter{}, Req: m}
mt, _ := response.Typify(m, utc)
valid, k := key(state.Name(), m, mt, state.Do(), state.Req.CheckingDisabled)
if valid {
// Insert cache entry
crr.set(m, k, mt, c.pttl)
}
// Attempt to retrieve cache entry
m = tc.query.Msg()
m = cacheMsg(m, tc.query)
state = request.Request{W: &test.ResponseWriter{}, Req: m}
item := c.getIgnoreTTL(time.Now().UTC(), state, "dns://:53")
found := item != nil
if !tc.expectCached && found {
t.Fatal("Found cache message should that should not exist prior to inserting")
}
if tc.expectCached && !found {
t.Fatal("Did not find cache message that should exist prior to inserting")
}
})
}
}
// wildcardMetadataBackend mocks a backend that responds with a response for qname synthesized by wildcard
// and sets the zone/wildcard metadata value
func wildcardMetadataBackend(qname, wildcard string) plugin.Handler {
return plugin.HandlerFunc(func(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
m := new(dns.Msg)
m.SetReply(r)
m.Response, m.RecursionAvailable = true, true
m.Answer = []dns.RR{test.A(qname + " 300 IN A 127.0.0.1")}
metadata.SetValueFunc(ctx, "zone/wildcard", func() string {
return wildcard
})
w.WriteMsg(m)
return dns.RcodeSuccess, nil
})
}
Reference in a new issue View git blame Copy permalink