1#!/usr/bin/env python3
2#
3#  Copyright (c) 2023, The OpenThread Authors.
4#  All rights reserved.
5#
6#  Redistribution and use in source and binary forms, with or without
7#  modification, are permitted provided that the following conditions are met:
8#  1. Redistributions of source code must retain the above copyright
9#     notice, this list of conditions and the following disclaimer.
10#  2. Redistributions in binary form must reproduce the above copyright
11#     notice, this list of conditions and the following disclaimer in the
12#     documentation and/or other materials provided with the distribution.
13#  3. Neither the name of the copyright holder nor the
14#     names of its contributors may be used to endorse or promote products
15#     derived from this software without specific prior written permission.
16#
17#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS'
18#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
21#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27#  POSSIBILITY OF SUCH DAMAGE.
28#
29import unittest
30
31import config
32import thread_cert
33
34import ipaddress
35import shlex
36
37# Test description:
38#   This test verifies forwarding DNS queries sent by 'Router' by using
39# a record resolved by BIND9 server.
40#
41# Topology:
42#    ----------------(eth)--------------------
43#           |                 |
44#          BR (Leader)      HOST
45#           |
46#        ROUTER
47#
48
49BR = 1
50ROUTER = 2
51HOST = 3
52
53TEST_DOMAIN = 'test.domain'
54TEST_DOMAIN_IP6_ADDRESSES = {'2001:db8::1'}
55
56TEST_DOMAIN_BIND_CONF = f'''
57zone "{TEST_DOMAIN}" {{ type master; file "/etc/bind/db.test.domain"; }};
58'''
59
60TEST_DOMAIN_BIND_ZONE = f'''
61$TTL 24h
62@ IN SOA {TEST_DOMAIN} test.{TEST_DOMAIN}. ( 20230330 86400 300 604800 3600 )
63@ IN NS {TEST_DOMAIN}.
64''' + '\n'.join(f'@ IN AAAA {addr}' for addr in TEST_DOMAIN_IP6_ADDRESSES)
65
66
67class UpstreamDns(thread_cert.TestCase):
68    USE_MESSAGE_FACTORY = False
69
70    TOPOLOGY = {
71        BR: {
72            'name': 'BR',
73            'allowlist': [ROUTER],
74            'is_otbr': True,
75            'version': '1.4',
76        },
77        ROUTER: {
78            'name': 'Router',
79            'allowlist': [BR],
80            'version': '1.4',
81        },
82        HOST: {
83            'name': 'Host',
84            'is_host': True
85        },
86    }
87
88    def test(self):
89        br = self.nodes[BR]
90        router = self.nodes[ROUTER]
91        host = self.nodes[HOST]
92
93        host.start(start_radvd=False)
94        self.simulator.go(5)
95
96        br.start()
97        # When feature flag is enabled, NAT64 might be disabled by default. So
98        # ensure NAT64 is enabled here.
99        self.simulator.go(config.LEADER_STARTUP_DELAY)
100        self.assertEqual('leader', br.get_state())
101
102        br.nat64_set_enabled(True)
103        br.srp_server_set_enabled(True)
104
105        br.bash('service bind9 stop')
106
107        br.bash(shlex.join(['echo', TEST_DOMAIN_BIND_CONF]) + ' >> /etc/bind/named.conf.local')
108        br.bash(shlex.join(['echo', TEST_DOMAIN_BIND_ZONE]) + ' >> /etc/bind/db.test.domain')
109
110        br.bash('service bind9 start')
111
112        router.start()
113        self.simulator.go(config.ROUTER_STARTUP_DELAY)
114        self.assertEqual('router', router.get_state())
115
116        self.simulator.go(10)
117        router.srp_client_enable_auto_start_mode()
118
119        # verify the server can forward the DNS query to upstream server.
120        self._verify_upstream_dns(br, router)
121
122    def _verify_upstream_dns(self, br, ed):
123        upstream_dns_enabled = br.dns_upstream_query_state
124        if not upstream_dns_enabled:
125            br.dns_upstream_query_state = True
126        self.assertTrue(br.dns_upstream_query_state)
127
128        resolved_names = ed.dns_resolve(TEST_DOMAIN)
129        self.assertEqual(len(resolved_names), len(TEST_DOMAIN_IP6_ADDRESSES))
130        for record in resolved_names:
131            self.assertIn(ipaddress.IPv6Address(record[0]).compressed, TEST_DOMAIN_IP6_ADDRESSES)
132
133
134if __name__ == '__main__':
135    unittest.main()
136