- Test for the multiple transfer failure, xfr_over_notify.

Author: wcawijngaards

doc/ChangeLog

@@ -1,6 +1,7 @@
 26 March 2025: Wouter
 	- Fix multiple zone transfers in one reload so that xfrd does not
 	  check the update as failed and restart the transfer.
+	- Test for the multiple transfer failure, xfr_over_notify.
 
 25 March 2025: Wouter
 	- Fix to please sanitizer for ixfr store of data in cancelled state.

tpkg/xfr_over_notify.tdir/xfr_over_notify.conf

@@ -0,0 +1,27 @@
+server:
+	logfile: "/dev/stderr"
+	xfrdfile: xfrd.state
+	zonesdir: ""
+	username: ""
+	chroot: ""
+	pidfile: nsd.pid
+	zonelistfile: "zone.list"
+	interface: 127.0.0.1
+	xfrd-reload-timeout: 1
+
+# verifier to delay zone reload
+verify:
+	enable: yes
+	port: VERIFY_PORT
+	verifier: "./verifier.sh"
+
+zone:
+	name: example.net
+	zonefile: xfr_over_notify.zone
+	request-xfr: AXFR 127.0.0.1@LDNS_PORT NOKEY
+	allow-notify: 127.0.0.1 NOKEY
+	allow-notify: ::1 NOKEY
+	allow-notify: ::ffff:127.0.0.1 NOKEY
+	provide-xfr: 127.0.0.1 NOKEY
+	provide-xfr: ::1 NOKEY
+	provide-xfr: ::ffff:127.0.0.1 NOKEY

tpkg/xfr_over_notify.tdir/xfr_over_notify.datafile

@@ -0,0 +1,21 @@
+$ORIGIN example.net.
+$TTL 7200
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QUERY NOERROR AA AD
+ADJUST copy_id		; ’copy_id’ copies the ID from the query to the answer.
+
+SECTION QUESTION
+example.net. IN AXFR
+SECTION ANSWER
+
+; This reply indicates the currently hosted serial
+example.net. IN SOA nibbler.example.net. leela.example.net. 1 3600 3600 3600 3600
+unmodified IN A 8.8.8.7
+unmodified IN A 8.8.8.6
+unmodified IN TXT "this entry has not been modified"
+example.net. IN SOA nibbler.example.net. leela.example.net. 1 3600 3600 3600 3600
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END

tpkg/xfr_over_notify.tdir/xfr_over_notify.datafile2

@@ -0,0 +1,34 @@
+$ORIGIN example.net.
+$TTL 7200
+
+ENTRY_BEGIN
+; first give MATCH lines, that say what queries are matched
+; by this entry.
+; ’opcode’ makes the query match the opcode from the reply
+; if you leave it out, any opcode matches this entry.
+; ’qtype’ makes the query match the qtype from the reply
+; ’qname’ makes the query match the qname from the reply
+; ’serial=1023’ makes the query match if ixfr serial is 1023.
+MATCH opcode qtype qname
+
+; Then the REPLY header is specified.
+REPLY QUERY
+REPLY NOERROR
+REPLY AA AD
+
+; any additional actions to do.
+ADJUST copy_id		; ’copy_id’ copies the ID from the query to the answer.
+
+SECTION QUESTION
+example.net. IN AXFR
+SECTION ANSWER
+example.net. IN SOA nibbler.example.net. leela.example.net. 4 3600 3600 3600 3600
+new IN A 1.2.3.4
+unmodified IN A 8.8.8.7
+unmodified IN A 8.8.8.6
+unmodified IN TXT "this entry has not been modified"
+example.net. IN SOA nibbler.example.net. leela.example.net. 4 3600 3600 3600 3600
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+

tpkg/xfr_over_notify.tdir/xfr_over_notify.datafile3

@@ -0,0 +1,35 @@
+$ORIGIN example.net.
+$TTL 7200
+
+ENTRY_BEGIN
+; first give MATCH lines, that say what queries are matched
+; by this entry.
+; ’opcode’ makes the query match the opcode from the reply
+; if you leave it out, any opcode matches this entry.
+; ’qtype’ makes the query match the qtype from the reply
+; ’qname’ makes the query match the qname from the reply
+; ’serial=1023’ makes the query match if ixfr serial is 1023.
+MATCH opcode qtype qname
+
+; Then the REPLY header is specified.
+REPLY QUERY
+REPLY NOERROR
+REPLY AA AD
+
+; any additional actions to do.
+ADJUST copy_id		; ’copy_id’ copies the ID from the query to the answer.
+
+SECTION QUESTION
+example.net. IN AXFR
+SECTION ANSWER
+example.net. IN SOA nibbler.example.net. leela.example.net. 5 3600 3600 3600 3600
+new IN A 1.2.3.4
+new5 IN A 1.2.3.5
+unmodified IN A 8.8.8.7
+unmodified IN A 8.8.8.6
+unmodified IN TXT "this entry has not been modified"
+example.net. IN SOA nibbler.example.net. leela.example.net. 5 3600 3600 3600 3600
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+

tpkg/xfr_over_notify.tdir/xfr_over_notify.datafile4

@@ -0,0 +1,36 @@
+$ORIGIN example.net.
+$TTL 7200
+
+ENTRY_BEGIN
+; first give MATCH lines, that say what queries are matched
+; by this entry.
+; ’opcode’ makes the query match the opcode from the reply
+; if you leave it out, any opcode matches this entry.
+; ’qtype’ makes the query match the qtype from the reply
+; ’qname’ makes the query match the qname from the reply
+; ’serial=1023’ makes the query match if ixfr serial is 1023.
+MATCH opcode qtype qname
+
+; Then the REPLY header is specified.
+REPLY QUERY
+REPLY NOERROR
+REPLY AA AD
+
+; any additional actions to do.
+ADJUST copy_id		; ’copy_id’ copies the ID from the query to the answer.
+
+SECTION QUESTION
+example.net. IN AXFR
+SECTION ANSWER
+example.net. IN SOA nibbler.example.net. leela.example.net. 6 3600 3600 3600 3600
+new IN A 1.2.3.4
+new5 IN A 1.2.3.5
+new6 IN A 1.2.3.6
+unmodified IN A 8.8.8.7
+unmodified IN A 8.8.8.6
+unmodified IN TXT "this entry has not been modified"
+example.net. IN SOA nibbler.example.net. leela.example.net. 6 3600 3600 3600 3600
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+

tpkg/xfr_over_notify.tdir/xfr_over_notify.dsc

@@ -0,0 +1,16 @@
+BaseName: xfr_over_notify
+Version: 1.0
+Description: Test for zone transfer that fetches serial newer than the notify.
+CreationDate: Wed Mar 26 10:00:00 CET 2025
+Maintainer: Wouter Wijngaards
+Category: 
+Component:
+CmdDepends: 
+Depends: 
+Help:
+Pre: xfr_over_notify.pre
+Post: xfr_over_notify.post
+Test: xfr_over_notify.test
+AuxFiles: xfr_over_notify.conf, xfr_over_notify.zone, xfr_over_notify.datafile
+Passed:
+Failure:

tpkg/xfr_over_notify.tdir/xfr_over_notify.post

@@ -0,0 +1,13 @@
+# #-- xfr_over_notify.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+. ../common.sh
+
+# do your teardown here
+kill_from_pidfile testns.pid
+kill_from_pidfile nsd.pid
+
+cat testns.log
+cat nsd.log

tpkg/xfr_over_notify.tdir/xfr_over_notify.pre

@@ -0,0 +1,37 @@
+# #-- xfr_over_notify.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+PRE="../.."
+. ../common.sh
+
+# start NSD
+get_random_port 3
+LDNS_PORT=$RND_PORT
+NSD_PORT=`expr $RND_PORT + 1`
+VERIFY_PORT=`expr $RND_PORT + 2`
+echo ldns-testns-port: $LDNS_PORT
+echo nsd-port: $NSD_PORT
+
+cp xfr_over_notify.verifier.sh verifier.sh
+chmod +x verifier.sh
+
+# start ldns-testns, be extra verbose
+ldns-testns -p $LDNS_PORT xfr_over_notify.datafile >testns.log 2>&1 &
+echo "$!" > testns.pid
+wait_ldns_testns_up testns.log
+
+# share the vars
+echo "export LDNS_PORT=$LDNS_PORT" >> .tpkg.var.test
+echo "export NSD_PORT=$NSD_PORT" >> .tpkg.var.test
+echo "export VERIFY_PORT=$VERIFY_PORT" >> .tpkg.var.test
+
+# replace PORT with $LDNS_PORT and put it in nsd_update.conf
+cat xfr_over_notify.conf | sed -e "s/VERIFY_PORT/$VERIFY_PORT/g" -e "s/LDNS_PORT/$LDNS_PORT/g" > nsd.conf
+if [[ $? -ne 0 ]]; then
+        exit 1
+fi
+TPKG_NSD="$PRE/nsd"
+$TPKG_NSD -c nsd.conf -p $NSD_PORT -d -V 3 2>&1 | tee nsd.log &
+wait_nsd_up nsd.log

tpkg/xfr_over_notify.tdir/xfr_over_notify.test

@@ -0,0 +1,96 @@
+# #-- xfr_over_notify.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+. ../common.sh
+
+# Wait for NSD to test the upstream and wait on SOA timer.
+# this is a dbeug message, from xfrd
+#wait_logfile nsd.log "zone example.net got update indicating current serial" 10
+#instead, wait a bit.
+sleep 4
+
+# At the start the serial is 1.
+dig -4 @127.0.0.1 -p $NSD_PORT example.net SOA | tee output
+if grep "1 3600" output; then
+	echo "OK"
+else
+	echo "wrong serial at start"
+	exit 1
+fi
+
+# change upstream serial
+echo "> kill ldns-testns"
+kill_from_pidfile testns.pid
+cat testns.log
+echo "> start ldns-testns"
+ldns-testns -p $LDNS_PORT xfr_over_notify.datafile2 >testns.log 2>&1 &
+echo "$!" > testns.pid
+wait_ldns_testns_up testns.log
+
+# notify an older serial than the upstream has already got
+# but that serial is newer than what NSD has.
+ldns-notify -z example.net -p $NSD_PORT -s 2 127.0.0.1
+
+# The AXFR happens for serial 4.
+# Wait for the verifier during the reload to pause
+wait_logfile nsd.log "verifier: verifier script: delay" 20
+
+# change upstream serial
+echo "> kill ldns-testns"
+kill_from_pidfile testns.pid
+cat testns.log
+echo "> start ldns-testns 3"
+ldns-testns -p $LDNS_PORT xfr_over_notify.datafile3 >testns.log 2>&1 &
+echo "$!" > testns.pid
+wait_ldns_testns_up testns.log
+
+# Reload is delayed by a couple seconds. Add some more updates in sequence.
+sleep 1
+ldns-notify -z example.net -p $NSD_PORT -s 5 127.0.0.1
+
+# change upstream serial
+echo "> kill ldns-testns"
+kill_from_pidfile testns.pid
+cat testns.log
+echo "> start ldns-testns 4"
+ldns-testns -p $LDNS_PORT xfr_over_notify.datafile4 >testns.log 2>&1 &
+echo "$!" > testns.pid
+wait_ldns_testns_up testns.log
+
+sleep 1
+ldns-notify -z example.net -p $NSD_PORT -s 6 127.0.0.1
+
+wait_logfile nsd.log "verifier: verifier script: delay done" 20
+
+# The verify script is done, the reload exits and NSD processes the
+# update from 1 to 4 and the queued zone transfers.
+
+wait_logfile nsd.log "zone example.net serial 1 is updated to 4" 20
+# during the reload it logs the two updates:
+wait_logfile nsd.log "zone example.net. received update to serial 5" 20
+wait_logfile nsd.log "zone example.net. received update to serial 6" 20
+# reload is done
+wait_logfile nsd.log "zone example.net serial 4 is updated to 6" 20
+
+# If it now has the log message:
+# "error: xfrd: zone example.net: soa serial 5 update failed, restarting transfer (notified zone)"
+# then if has failed because of the two updates bunched up to reload.
+
+sleep 1
+if grep "update failed, restarting transfer" nsd.log; then
+	echo "The reload update has failed and xfrd restarts the transfer"
+	exit 1
+fi
+
+# Check serial.
+dig -4 @127.0.0.1 -p $NSD_PORT example.net SOA | tee output
+if grep "6 3600" output; then
+	echo "OK"
+else
+	echo "wrong serial"
+	exit 1
+fi
+
+exit 0

tpkg/xfr_over_notify.tdir/xfr_over_notify.verifier.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if test -f verify_run.once; then
+	echo "verifier script, no delay"
+else
+	echo "verifier script: delay"
+	sleep 10
+	touch verify_run.once
+	echo "verifier script: delay done"
+fi
+exit 0

tpkg/xfr_over_notify.tdir/xfr_over_notify.zone

@@ -0,0 +1,7 @@
+$TTL    4D
+$ORIGIN example.net.
+example.net.	IN	SOA	nibbler.example.net. leela.example.net. 1 3600 3600 3600 3600
+
+unmodified IN A 8.8.8.7
+unmodified IN A 8.8.8.6
+unmodified IN TXT "this entry has not been modified"