push.rocks/smartdns
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(rustdns-client): add Rust DNS client binary and TypeScript IPC bridge to enable UDP and DoH resolution, RDATA decoding, and DNSSEC AD/rcode support

Browse Source
This commit is contained in:
Jürgen Kunz
2026-02-11 13:02:37 +00:00
parent 9d4db39741
commit 368430d199
24 changed files with 2805 additions and 863 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
test/test.soa.timeout.ts
View File

@@ -108,14 +108,19 @@ tap.test('Test SOA with DNSSEC timing', async () => {
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG');
console.log('- SOA records:', soaAnswers.length);
console.log('- RRSIG records:', rrsigAnswers.length);
// With the fix, SOA should have its RRSIG
if (soaAnswers.length > 0) {
expect(rrsigAnswers.length).toBeGreaterThan(0);
}
// Must have exactly 1 SOA for the zone
expect(soaAnswers.length).toEqual(1);
// Must have at least 1 RRSIG covering the SOA
expect(rrsigAnswers.length).toBeGreaterThan(0);
// Verify RRSIG covers SOA type
const rrsigData = (rrsigAnswers[0] as any).data;
expect(rrsigData.typeCovered).toEqual('SOA');
} catch (error) {
console.error('DNSSEC SOA query failed:', error);
throw error;
@@ -125,4 +130,108 @@ tap.test('Test SOA with DNSSEC timing', async () => {
dnsServer = null;
});
tap.test('DNSSEC signing completes within reasonable time', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = 8756;
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8757,
udpPort: udpPort,
dnssecZone: 'perf.example.com',
});
// No handlers registered — server returns SOA for nonexistent domain
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.perf.example.com',
type: 'A',
class: 'IN',
},
],
additionals: [
{
name: '.',
type: 'OPT',
ttl: 0,
flags: 0x8000, // DO bit set for DNSSEC
data: Buffer.alloc(0),
} as any,
],
});
const startTime = Date.now();
console.log('Sending DNSSEC query for performance test...');
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
const elapsed = Date.now() - startTime;
reject(new Error(`Query timed out after ${elapsed}ms — exceeds 2s budget`));
}, 2000);
client.on('message', (msg) => {
clearTimeout(timeout);
const elapsed = Date.now() - startTime;
console.log(`DNSSEC response received in ${elapsed}ms`);
try {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
} catch (e) {
reject(new Error(`Failed to decode response: ${e.message}`));
}
client.close();
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
clearTimeout(timeout);
reject(err);
client.close();
}
});
});
try {
const dnsResponse = await responsePromise;
const elapsed = Date.now() - startTime;
// Response must arrive within 2 seconds (generous for CI)
expect(elapsed).toBeLessThan(2000);
// Verify correctness: SOA + RRSIG present
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG');
expect(soaAnswers.length).toEqual(1);
expect(rrsigAnswers.length).toBeGreaterThan(0);
const rrsigData = (rrsigAnswers[0] as any).data;
expect(rrsigData.typeCovered).toEqual('SOA');
console.log(`DNSSEC signing performance OK: ${elapsed}ms`);
} catch (error) {
console.error('DNSSEC performance test failed:', error);
throw error;
}
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();