Prepare to release 1.5.2-3 to unstable
* d/tests:
- Add a few 443 port DoT DNS upstream server.
- Use IPv4 localhost address to test.
- Test both systemd service port, and the server (port=5533) started
by ourselves.
* d/stubby.service: Add default configuration file path to start
the service.
Closes: #961624
Roger Shimizu
3 years ago
0 | getdns (1.5.2-3) unstable; urgency=medium | |
1 | ||
2 | * Team upload. | |
3 | * d/tests: | |
4 | - Add a few 443 port DoT DNS upstream server. | |
5 | - Use IPv4 localhost address to test. | |
6 | - Test both systemd service port, and the server (port=5533) started | |
7 | by ourselves. | |
8 | * d/stubby.service: Add default configuration file path to start | |
9 | the service (Closes: #961624). | |
10 | ||
11 | -- Roger Shimizu <rosh@debian.org> Fri, 29 May 2020 00:06:11 +0900 | |
12 | ||
0 | 13 | getdns (1.5.2-2) unstable; urgency=medium |
1 | 14 | |
2 | 15 | * Team upload. |
5 | 5 | |
6 | 6 | [Service] |
7 | 7 | WorkingDirectory=/run/stubby |
8 | ExecStart=/usr/bin/stubby | |
8 | ExecStart=/usr/bin/stubby -C /etc/stubby/stubby.yml | |
9 | 9 | AmbientCapabilities=CAP_NET_BIND_SERVICE |
10 | 10 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE |
11 | 11 | RuntimeDirectory=stubby |
0 | 0 | Tests: stubby |
1 | 1 | Depends: stubby, knot-dnsutils |
2 | Restrictions: allow-stderr, needs-internet | |
2 | Restrictions: allow-stderr |
0 | 0 | #!/bin/bash |
1 | 1 | set -e |
2 | 2 | |
3 | stubby -C $(dirname $0)/stubby.yml & | |
4 | port=5533 | |
5 | error=0 | |
6 | counter=0 | |
3 | getpid() { | |
4 | PID=$(ps x|grep stubby.yml|grep -v grep|awk '{print $1}') | |
5 | } | |
7 | 6 | |
7 | test_stubby() { | |
8 | port=$1 | |
8 | 9 | # a simple smoke test just make sure that at least one query can go through: |
9 | sleep 0.1 | |
10 | PID=$(ps x|grep stubby.yml|grep -v grep|cut -d" " -f1) | |
11 | echo PID of stubby: $PID | |
12 | 10 | time for i in {0..9}; do |
13 | if diff -u <(kdig +short @::1@$port getdnsapi.net) <(echo 185.49.141.37); then | |
11 | if diff -u <(kdig +short @localhost:$port getdnsapi.net) <(echo 185.49.141.37); then | |
14 | 12 | printf . |
15 | 13 | else |
16 | 14 | printf ! |
18 | 16 | fi |
19 | 17 | counter=$((counter+1)) |
20 | 18 | done |
19 | } | |
21 | 20 | |
21 | error=0 | |
22 | counter=0 | |
23 | getpid | |
24 | stubby -C $(dirname $0)/stubby.yml & | |
22 | 25 | [ -n "$PID" ] && kill $PID |
26 | echo Test stubby started by systemd service | |
27 | test_stubby 53 | |
28 | getpid | |
23 | 29 | echo $error "time(s) error out of $counter times run." |
30 | ||
31 | echo | |
32 | echo Test stubby started by ourselves | |
33 | echo PID of stubby: $PID | |
34 | test_stubby 5533 | |
35 | [ -n "$PID" ] && kill $PID | |
36 | sleep 1 | |
37 | echo $error "time(s) error out of $counter times run." | |
38 | [ $error -le $((counter/2)) ] && error=0 | |
24 | 39 | exit $error |
25 | ||
26 | # more ideas for better tests? we want them! send them to the BTS, please. |
5 | 5 | edns_client_subnet_private : 1 |
6 | 6 | round_robin_upstreams: 1 |
7 | 7 | idle_timeout: 10000 |
8 | tls_backoff_time: 500 | |
8 | 9 | listen_addresses: |
9 | 10 | - 127.0.0.1@5533 |
10 | 11 | - 0::1@5533 |
11 | 12 | upstream_recursive_servers: |
13 | ||
12 | 14 | - address_data: 8.8.8.8 |
13 | 15 | tls_auth_name: "dns.google" |
14 | 16 | - address_data: 8.8.4.4 |
17 | 19 | tls_auth_name: "dns.google" |
18 | 20 | - address_data: 2001:4860:4860::8844 |
19 | 21 | tls_auth_name: "dns.google" |
22 | ####### Servers that listen on port 443 (IPv4 and IPv6) ####### | |
23 | ## Surfnet/Sinodun servers | |
24 | - address_data: 145.100.185.15 | |
25 | tls_port: 443 | |
26 | tls_auth_name: "dnsovertls.sinodun.com" | |
27 | tls_pubkey_pinset: | |
28 | - digest: "sha256" | |
29 | value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= | |
30 | - address_data: 145.100.185.16 | |
31 | tls_port: 443 | |
32 | tls_auth_name: "dnsovertls1.sinodun.com" | |
33 | tls_pubkey_pinset: | |
34 | - digest: "sha256" | |
35 | value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= | |
36 | ## dns.cmrg.net server using Knot resolver | |
37 | - address_data: 199.58.81.218 | |
38 | tls_port: 443 | |
39 | tls_auth_name: "dns.cmrg.net" | |
40 | tls_pubkey_pinset: | |
41 | - digest: "sha256" | |
42 | value: 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= | |
43 | - digest: "sha256" | |
44 | value: 5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo= | |
45 | ## dns.neutopia.org | |
46 | - address_data: 89.234.186.112 | |
47 | tls_port: 443 | |
48 | tls_auth_name: "dns.neutopia.org" | |
49 | tls_pubkey_pinset: | |
50 | - digest: "sha256" | |
51 | value: wTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI= | |
52 | ## The Surfnet/Sinodun servers | |
53 | - address_data: 2001:610:1:40ba:145:100:185:15 | |
54 | tls_port: 443 | |
55 | tls_auth_name: "dnsovertls.sinodun.com" | |
56 | tls_pubkey_pinset: | |
57 | - digest: "sha256" | |
58 | value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= | |
59 | - address_data: 2001:610:1:40ba:145:100:185:16 | |
60 | tls_port: 443 | |
61 | tls_auth_name: "dnsovertls1.sinodun.com" | |
62 | tls_pubkey_pinset: | |
63 | - digest: "sha256" | |
64 | value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= | |
65 | ## dns.cmrg.net server using Knot resolver | |
66 | - address_data: 2001:470:1c:76d::53 | |
67 | tls_port: 443 | |
68 | tls_auth_name: "dns.cmrg.net" | |
69 | tls_pubkey_pinset: | |
70 | - digest: "sha256" | |
71 | value: 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo= | |
72 | - digest: "sha256" | |
73 | value: 5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo= | |
74 | ## dns.neutopia.org | |
75 | - address_data: 2a00:5884:8209::2 | |
76 | tls_port: 443 | |
77 | tls_auth_name: "dns.neutopia.org" | |
78 | tls_pubkey_pinset: | |
79 | - digest: "sha256" | |
80 | value: wTeXHM8aczvhRSi0cv2qOXkXInoDU+2C+M8MpRyT3OI= | |
81 | ## Foundation for Applied Privacy | |
82 | - address_data: 93.177.65.183 | |
83 | tls_port: 443 | |
84 | tls_auth_name: "dot1.applied-privacy.net" | |
85 | - address_data: 2a03:4000:38:53c::2 | |
86 | tls_port: 443 | |
87 | tls_auth_name: "dot1.applied-privacy.net" |