diff options
author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-01-30 19:21:19 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-30 19:21:19 +0900 |
commit | 808f7c94f09c43b2567b16c005b24df4081a25fa (patch) | |
tree | 570783414437d85d3845b3d318fa8cd3d87007fd /test | |
parent | 0a5bd40a709d20c35bddf5c8a8342cae440ec4a3 (diff) | |
parent | 42262f3e1b43eb3833adf71a3a030122b8f112b3 (diff) | |
download | systemd-808f7c94f09c43b2567b16c005b24df4081a25fa.tar.gz |
Merge pull request #23956 from mrc0mmand/resolved-ipv6
test: cover (not only) IPv6 in the resolved test suite
Diffstat (limited to 'test')
-rw-r--r-- | test/knot-data/knot.conf | 3 | ||||
-rw-r--r-- | test/knot-data/zones/onlinesign.test.zone | 15 | ||||
-rw-r--r-- | test/knot-data/zones/root.zone | 8 | ||||
-rw-r--r-- | test/knot-data/zones/signed.test.zone | 45 | ||||
-rw-r--r-- | test/knot-data/zones/test.zone | 12 | ||||
-rw-r--r-- | test/knot-data/zones/unsigned.test.zone | 12 | ||||
-rw-r--r-- | test/knot-data/zones/untrusted.test.zone | 15 | ||||
-rw-r--r-- | test/test-functions | 3 | ||||
-rwxr-xr-x | test/units/testsuite-75.sh | 160 |
9 files changed, 221 insertions, 52 deletions
diff --git a/test/knot-data/knot.conf b/test/knot-data/knot.conf index e3de69d0f4..6ea0cca3db 100644 --- a/test/knot-data/knot.conf +++ b/test/knot-data/knot.conf @@ -4,6 +4,7 @@ server: rundir: "/run/knot" user: knot:knot listen: 10.0.0.1@53 + listen: fd00:dead:beef:cafe::1@53 log: - target: syslog @@ -15,11 +16,13 @@ database: acl: - id: update_acl address: 10.0.0.0/24 + address: fd00:dead:beef:cafe::/64 action: update remote: - id: parent_zone_server address: 10.0.0.1@53 + address: fd00:dead:beef:cafe::1@53 submission: - id: parent_zone_sbm diff --git a/test/knot-data/zones/onlinesign.test.zone b/test/knot-data/zones/onlinesign.test.zone index c12c6b3396..c8662fa3ed 100644 --- a/test/knot-data/zones/onlinesign.test.zone +++ b/test/knot-data/zones/onlinesign.test.zone @@ -11,12 +11,17 @@ $ORIGIN onlinesign.test. ) ; NS info - NS ns1.unsigned.test. + NS ns1.unsigned.test. - TXT "hello from onlinesign" + TXT "hello from onlinesign" -*.wild TXT "this is an onlinesign wildcard" +*.wild TXT "this is an onlinesign wildcard" ; No A/AAAA record for the $ORIGIN -sub A 10.0.0.133 -secondsub A 10.0.0.134 +sub A 10.0.0.133 +secondsub A 10.0.0.134 + +dual A 10.0.0.135 +dual AAAA fd00:dead:beef:cafe::135 + +ipv6 AAAA fd00:dead:beef:cafe::136 diff --git a/test/knot-data/zones/root.zone b/test/knot-data/zones/root.zone index 72439fdc55..f601e8676d 100644 --- a/test/knot-data/zones/root.zone +++ b/test/knot-data/zones/root.zone @@ -8,7 +8,9 @@ $TTL 300 1D ; minimum TTL ) -. NS ns1.unsigned.test -ns1.unsigned.test A 10.0.0.1 +. NS ns1.unsigned.test +; NS glue records +ns1.unsigned.test A 10.0.0.1 +ns1.unsigned.test AAAA fd00:dead:beef:cafe::1 -test NS ns1.unsigned.test +test NS ns1.unsigned.test diff --git a/test/knot-data/zones/signed.test.zone b/test/knot-data/zones/signed.test.zone index 38d8e2aa13..a2baac4284 100644 --- a/test/knot-data/zones/signed.test.zone +++ b/test/knot-data/zones/signed.test.zone @@ -11,18 +11,27 @@ $ORIGIN signed.test. ) ; NS info - NS ns1.unsigned.test. + NS ns1.unsigned.test. -*.wild TXT "this is a wildcard" +*.wild TXT "this is a wildcard" -@ MX 10 mail.signed.test. +@ MX 10 mail.signed.test. - A 10.0.0.10 -mail A 10.0.0.11 + A 10.0.0.10 +mail A 10.0.0.11 +mail AAAA fd00:dead:beef:cafe::11 ; https://github.com/systemd/systemd/issues/22002 -dupe A 10.0.0.12 -dupe A 10.0.0.13 +dupe A 10.0.0.12 +dupe A 10.0.0.13 +dupe-ipv6 AAAA fd00:dead:beef:cafe::12 +dupe-ipv6 AAAA fd00:dead:beef:cafe::13 +dupe-mixed A 10.0.0.15 +dupe-mixed A 10.0.0.16 +dupe-mixed A 10.0.0.17 +dupe-mixed AAAA fd00:dead:beef:cafe::15 +dupe-mixed AAAA fd00:dead:beef:cafe::16 +dupe-mixed AAAA fd00:dead:beef:cafe::17 ; CNAME_REDIRECTS_MAX is 16, so let's test something close to that cname-chain CNAME follow1.signed.test. @@ -40,3 +49,25 @@ follow11.yet.so.far CNAME follow12.getting.hot.signed.test. follow12.getting.hot CNAME follow13.almost.final.signed.test. follow13.almost.final CNAME follow14.final.signed.test. follow14.final A 10.0.0.14 + +myservice A 10.0.0.20 +myservice AAAA fd00:dead:beef:cafe::17 +_mysvc._tcp SRV 10 5 1234 myservice + +_invalidsvc._udp SRV 5 5 1111 invalidservice + +_untrustedsvc._udp SRV 5 5 1111 myservice.untrusted.test. + +; OPENPGPKEY RR for mr.smith@signed.test +; The hash was generated using `echo -ne mr.smith | sha256sum | head -c56` +; and exported via `gpg --export mr.smith | base64` +5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey OPENPGPKEY ( + mDMEYshhzhYJKwYBBAHaRw8BAQdAuU2RxKaycSdaR5YZ/q+/yoHeil/1WNRDVbpjPSd6QBa0GW1y + LnNtaXRoQHNpZ25lZC50ZXN0LnpvbmWImQQTFggAQRYhBIOXLJwlwowvXQVeJ3d9yvMKUDBWBQJi + yGHOAhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEHd9yvMKUDBWo6MA/2oC + zdnzMlK9gM5bNCFfPyagJfFfv7fW1l7WXTve6FJtAP0faW24ahE1okjmrsTUwqZHvDThysW5zTSt + j49S3JQDA7g4BGLIYc4SCisGAQQBl1UBBQEBB0CuNcTAt5AUE3seFN/Gm2euC+8dgtztyzoO/78K + ictFLAMBCAeIeAQYFggAIBYhBIOXLJwlwowvXQVeJ3d9yvMKUDBWBQJiyGHOAhsMAAoJEHd9yvMK + UDBWtxkA/jlbUgHpSoTKFNNTeXYbTz9jnoupe9eT4O3tU55ofwO7AQCa5ntSIuzDJ1E2iy7oOLOZ + m2ocNqpC7SULHhSKYfUWDg== +) diff --git a/test/knot-data/zones/test.zone b/test/knot-data/zones/test.zone index 6cc2633082..ba5fcebc2d 100644 --- a/test/knot-data/zones/test.zone +++ b/test/knot-data/zones/test.zone @@ -11,9 +11,11 @@ $ORIGIN test. ) ; NS info -@ NS ns1.unsigned -ns1.signed A 10.0.0.1 +@ NS ns1.unsigned +; NS glue records +ns1.unsigned A 10.0.0.1 +ns1.unsigned AAAA fd00:dead:beef:cafe::1 -onlinesign NS ns1.unsigned -signed NS ns1.unsigned -unsigned NS ns1.unsigned +onlinesign NS ns1.unsigned +signed NS ns1.unsigned +unsigned NS ns1.unsigned diff --git a/test/knot-data/zones/unsigned.test.zone b/test/knot-data/zones/unsigned.test.zone index 87d9437e2c..c5445d7672 100644 --- a/test/knot-data/zones/unsigned.test.zone +++ b/test/knot-data/zones/unsigned.test.zone @@ -11,10 +11,12 @@ $ORIGIN unsigned.test. ) ; NS info -@ NS ns1.unsigned.test. -ns1 A 10.0.0.1 +@ NS ns1 +ns1 A 10.0.0.1 +ns1 AAAA fd00:dead:beef:cafe::1 -@ MX 15 mail.unsigned.test. +@ MX 15 mail.unsigned.test. - A 10.0.0.101 -mail A 10.0.0.111 + A 10.0.0.101 + AAAA fd00:dead:beef:cafe::101 +mail A 10.0.0.111 diff --git a/test/knot-data/zones/untrusted.test.zone b/test/knot-data/zones/untrusted.test.zone index 6d29bd77fe..a0dca62ca8 100644 --- a/test/knot-data/zones/untrusted.test.zone +++ b/test/knot-data/zones/untrusted.test.zone @@ -11,11 +11,16 @@ $ORIGIN untrusted.test. ) ; NS info -@ NS ns1.unsigned.test. +@ NS ns1.unsigned.test. -*.wild TXT "this is an untrusted wildcard" +*.wild TXT "this is an untrusted wildcard" -@ MX 10 mail.untrusted.test. +@ MX 10 mail.untrusted.test. - A 10.0.0.121 -mail A 10.0.0.121 + A 10.0.0.121 + AAAA fd00:dead:beef:cafe::121 +mail A 10.0.0.122 + +myservice A 10.0.0.123 + AAAA fd00:dead:beef:cafe::123 +_mysvc._tcp SRV 10 5 1234 myservice diff --git a/test/test-functions b/test/test-functions index ee44932a59..c4c192885e 100644 --- a/test/test-functions +++ b/test/test-functions @@ -2641,8 +2641,9 @@ inst_binary() { # chown, getent, login, su, useradd, userdel - dlopen()s (not only) systemd's PAM modules # ls, stat - pulls in nss_systemd with certain options (like ls -l) when # nsswitch.conf uses [SUCCESS=merge] (like on Arch Linux) + # delv, dig - pulls in nss_resolve if `resolve` is in nsswitch.conf # tar - called by machinectl in TEST-25 - if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ /(chown|getent|login|ls|stat|su|tar|useradd|userdel)$ ]]; then + if get_bool "$IS_BUILT_WITH_ASAN" && [[ "$bin" =~ /(chown|delv|dig|getent|login|ls|stat|su|tar|useradd|userdel)$ ]]; then wrap_binary=1 fi diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh index 852caac605..ddd86d09bb 100755 --- a/test/units/testsuite-75.sh +++ b/test/units/testsuite-75.sh @@ -2,6 +2,12 @@ # SPDX-License-Identifier: LGPL-2.1-or-later # vi: ts=4 sw=4 tw=0 et: +# TODO: +# - IPv6-only stack +# - mDNS +# - LLMNR +# - DoT/DoH + set -eux set -o pipefail @@ -16,6 +22,15 @@ run() { "$@" |& tee "$RUN_OUT" } +disable_ipv6() { + sysctl -w net.ipv6.conf.all.disable_ipv6=1 +} + +enable_ipv6() { + sysctl -w net.ipv6.conf.all.disable_ipv6=0 + networkctl reconfigure dns0 +} + monitor_check_rr() ( set +x set +o pipefail @@ -26,7 +41,7 @@ monitor_check_rr() ( # displayed. We turn off pipefail for this, since we don't care about the # lhs of this pipe expression, we only care about the rhs' result to be # clean - journalctl -u resmontest.service --since "$since" -f --full | grep -m1 "$match" + timeout -v 30s journalctl -u resmontest.service --since "$since" -f --full | grep -m1 "$match" ) # Test for resolvectl, resolvconf @@ -146,7 +161,10 @@ ip link del hoge.foo ### SETUP ### # Configure network hostnamectl hostname ns1.unsigned.test -echo "10.0.0.1 ns1.unsigned.test" >>/etc/hosts +{ + echo "10.0.0.1 ns1.unsigned.test" + echo "fd00:dead:beef:cafe::1 ns1.unsigned.test" +} >>/etc/hosts mkdir -p /etc/systemd/network cat >/etc/systemd/network/dns0.netdev <<EOF @@ -160,10 +178,17 @@ Name=dns0 [Network] Address=10.0.0.1/24 +Address=fd00:dead:beef:cafe::1/64 DNSSEC=allow-downgrade DNS=10.0.0.1 +DNS=fd00:dead:beef:cafe::1 EOF +DNS_ADDRESSES=( + "10.0.0.1" + "fd00:dead:beef:cafe::1" +) + mkdir -p /run/systemd/resolved.conf.d { echo "[Resolve]" @@ -214,6 +239,10 @@ resolvectl log-level debug # Start monitoring queries systemd-run -u resmontest.service -p Type=notify resolvectl monitor +# Check if all the zones are valid (zone-check always returns 0, so let's check +# if it produces any errors/warnings) +run knotc zone-check +[[ ! -s "$RUN_OUT" ]] # We need to manually propagate the DS records of onlinesign.test. to the parent # zone, since they're generated online knotc zone-begin test. @@ -234,9 +263,19 @@ knotc reload : "--- nss-resolve/nss-myhostname tests" # Sanity check TIMESTAMP=$(date '+%F %T') +# Issue: https://github.com/systemd/systemd/issues/23951 +# With IPv6 enabled run getent -s resolve hosts ns1.unsigned.test -grep -qE "^10\.0\.0\.1\s+ns1\.unsigned\.test" "$RUN_OUT" -monitor_check_rr "$TIMESTAMP" "ns1.unsigned.test IN A 10.0.0.1" +grep -qE "^fd00:dead:beef:cafe::1\s+ns1\.unsigned\.test" "$RUN_OUT" +monitor_check_rr "$TIMESTAMP" "ns1.unsigned.test IN AAAA fd00:dead:beef:cafe::1" +# With IPv6 disabled +# Issue: https://github.com/systemd/systemd/issues/23951 +# FIXME +#disable_ipv6 +#run getent -s resolve hosts ns1.unsigned.test +#grep -qE "^10\.0\.0\.1\s+ns1\.unsigned\.test" "$RUN_OUT" +#monitor_check_rr "$TIMESTAMP" "ns1.unsigned.test IN A 10.0.0.1" +enable_ipv6 # Issue: https://github.com/systemd/systemd/issues/18812 # PR: https://github.com/systemd/systemd/pull/18896 @@ -248,13 +287,12 @@ grep -qE "^::1\s+localhost" "$RUN_OUT" run getent -s myhostname hosts localhost grep -qE "^::1\s+localhost" "$RUN_OUT" # With IPv6 disabled -sysctl -w net.ipv6.conf.all.disable_ipv6=1 +disable_ipv6 run getent -s resolve hosts localhost grep -qE "^127\.0\.0\.1\s+localhost" "$RUN_OUT" run getent -s myhostname hosts localhost grep -qE "^127\.0\.0\.1\s+localhost" "$RUN_OUT" -sysctl -w net.ipv6.conf.all.disable_ipv6=0 - +enable_ipv6 : "--- Basic resolved tests ---" # Issue: https://github.com/systemd/systemd/issues/22229 @@ -280,12 +318,14 @@ grep -qE "IN\s+SOA\s+ns1\.unsigned\.test\." "$RUN_OUT" : "--- ZONE: unsigned.test. ---" -run dig @10.0.0.1 +short unsigned.test +run dig @ns1.unsigned.test +short unsigned.test A unsigned.test AAAA grep -qF "10.0.0.101" "$RUN_OUT" +grep -qF "fd00:dead:beef:cafe::101" "$RUN_OUT" run resolvectl query unsigned.test -grep -qF "unsigned.test: 10.0.0.10" "$RUN_OUT" +grep -qF "10.0.0.10" "$RUN_OUT" +grep -qF "fd00:dead:beef:cafe::101" "$RUN_OUT" grep -qF "authenticated: no" "$RUN_OUT" -run dig @10.0.0.1 +short MX unsigned.test +run dig @ns1.unsigned.test +short MX unsigned.test grep -qF "15 mail.unsigned.test." "$RUN_OUT" run resolvectl query --legend=no -t MX unsigned.test grep -qF "unsigned.test IN MX 15 mail.unsigned.test" "$RUN_OUT" @@ -295,17 +335,28 @@ grep -qF "unsigned.test IN MX 15 mail.unsigned.test" "$RUN_OUT" # Check the trust chain (with and without systemd-resolved in between # Issue: https://github.com/systemd/systemd/issues/22002 # PR: https://github.com/systemd/systemd/pull/23289 -run delv @10.0.0.1 signed.test +run delv @ns1.unsigned.test signed.test grep -qF "; fully validated" "$RUN_OUT" run delv signed.test grep -qF "; fully validated" "$RUN_OUT" +for addr in "${DNS_ADDRESSES[@]}"; do + run delv "@$addr" -t A mail.signed.test + grep -qF "; fully validated" "$RUN_OUT" + run delv "@$addr" -t AAAA mail.signed.test + grep -qF "; fully validated" "$RUN_OUT" +done +run resolvectl query mail.signed.test +grep -qF "10.0.0.11" "$RUN_OUT" +grep -qF "fd00:dead:beef:cafe::11" "$RUN_OUT" +grep -qF "authenticated: yes" "$RUN_OUT" + run dig +short signed.test grep -qF "10.0.0.10" "$RUN_OUT" run resolvectl query signed.test grep -qF "signed.test: 10.0.0.10" "$RUN_OUT" grep -qF "authenticated: yes" "$RUN_OUT" -run dig @10.0.0.1 +short MX signed.test +run dig @ns1.unsigned.test +short MX signed.test grep -qF "10 mail.signed.test." "$RUN_OUT" run resolvectl query --legend=no -t MX signed.test grep -qF "signed.test IN MX 10 mail.signed.test" "$RUN_OUT" @@ -316,14 +367,53 @@ grep -qF "status: NXDOMAIN" "$RUN_OUT" run resolvectl query -t TXT this.should.be.authenticated.wild.signed.test grep -qF 'this.should.be.authenticated.wild.signed.test IN TXT "this is a wildcard"' "$RUN_OUT" grep -qF "authenticated: yes" "$RUN_OUT" +# Check SRV support +run resolvectl service _mysvc._tcp signed.test +grep -qF "myservice.signed.test:1234" "$RUN_OUT" +grep -qF "10.0.0.20" "$RUN_OUT" +grep -qF "fd00:dead:beef:cafe::17" "$RUN_OUT" +grep -qF "authenticated: yes" "$RUN_OUT" +(! run resolvectl service _invalidsvc._udp signed.test) +grep -qE "invalidservice\.signed\.test' not found" "$RUN_OUT" +run resolvectl service _untrustedsvc._udp signed.test +grep -qF "myservice.untrusted.test:1111" "$RUN_OUT" +grep -qF "10.0.0.123" "$RUN_OUT" +grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT" +grep -qF "authenticated: yes" "$RUN_OUT" +# Check OPENPGPKEY support +run delv -t OPENPGPKEY 5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test +grep -qF "; fully validated" "$RUN_OUT" +run resolvectl openpgp mr.smith@signed.test +grep -qF "5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test" "$RUN_OUT" +grep -qF "authenticated: yes" "$RUN_OUT" # DNSSEC validation with multiple records of the same type for the same name # Issue: https://github.com/systemd/systemd/issues/22002 # PR: https://github.com/systemd/systemd/pull/23289 -run delv @10.0.0.1 dupe.signed.test -grep -qF "; fully validated" "$RUN_OUT" -run delv dupe.signed.test -grep -qF "; fully validated" "$RUN_OUT" +check_domain() { + local domain="${1:?}" + local record="${2:?}" + local message="${3:?}" + local addr + + for addr in "${DNS_ADDRESSES[@]}"; do + run delv "@$addr" -t "$record" "$domain" + grep -qF "$message" "$RUN_OUT" + done + + run delv -t "$record" "$domain" + grep -qF "$message" "$RUN_OUT" + + run resolvectl query "$domain" + grep -qF "authenticated: yes" "$RUN_OUT" +} + +check_domain "dupe.signed.test" "A" "; fully validated" +check_domain "dupe.signed.test" "AAAA" "; negative response, fully validated" +check_domain "dupe-ipv6.signed.test" "AAAA" "; fully validated" +check_domain "dupe-ipv6.signed.test" "A" "; negative response, fully validated" +check_domain "dupe-mixed.signed.test" "A" "; fully validated" +check_domain "dupe-mixed.signed.test" "AAAA" "; fully validated" # Test resolution of CNAME chains TIMESTAMP=$(date '+%F %T') @@ -347,7 +437,7 @@ grep -qE "^follow14\.final\.signed\.test\..+IN\s+NSEC\s+" "$RUN_OUT" # Check the trust chain (with and without systemd-resolved in between # Issue: https://github.com/systemd/systemd/issues/22002 # PR: https://github.com/systemd/systemd/pull/23289 -run delv @10.0.0.1 sub.onlinesign.test +run delv @ns1.unsigned.test sub.onlinesign.test grep -qF "; fully validated" "$RUN_OUT" run delv sub.onlinesign.test grep -qF "; fully validated" "$RUN_OUT" @@ -357,10 +447,27 @@ grep -qF "10.0.0.133" "$RUN_OUT" run resolvectl query sub.onlinesign.test grep -qF "sub.onlinesign.test: 10.0.0.133" "$RUN_OUT" grep -qF "authenticated: yes" "$RUN_OUT" -run dig @10.0.0.1 +short TXT onlinesign.test +run dig @ns1.unsigned.test +short TXT onlinesign.test grep -qF '"hello from onlinesign"' "$RUN_OUT" run resolvectl query --legend=no -t TXT onlinesign.test grep -qF 'onlinesign.test IN TXT "hello from onlinesign"' "$RUN_OUT" + +for addr in "${DNS_ADDRESSES[@]}"; do + run delv "@$addr" -t A dual.onlinesign.test + grep -qF "10.0.0.135" "$RUN_OUT" + run delv "@$addr" -t AAAA dual.onlinesign.test + grep -qF "fd00:dead:beef:cafe::135" "$RUN_OUT" + run delv "@$addr" -t ANY ipv6.onlinesign.test + grep -qF "fd00:dead:beef:cafe::136" "$RUN_OUT" +done +run resolvectl query dual.onlinesign.test +grep -qF "10.0.0.135" "$RUN_OUT" +grep -qF "fd00:dead:beef:cafe::135" "$RUN_OUT" +grep -qF "authenticated: yes" "$RUN_OUT" +run resolvectl query ipv6.onlinesign.test +grep -qF "fd00:dead:beef:cafe::136" "$RUN_OUT" +grep -qF "authenticated: yes" "$RUN_OUT" + # Check a non-existent domain # Note: mod-onlinesign utilizes Minimally Covering NSEC Records, hence the # different response than with "standard" DNSSEC @@ -378,12 +485,23 @@ run busctl call org.freedesktop.resolve1 /org/freedesktop/resolve1 org.freedeskt grep -qF '10 0 0 134 "secondsub.onlinesign.test"' "$RUN_OUT" monitor_check_rr "$TIMESTAMP" "secondsub.onlinesign.test IN A 10.0.0.134" + : "--- ZONE: untrusted.test (DNSSEC without propagated DS records) ---" -run dig +short untrusted.test -grep -qF "10.0.0.121" "$RUN_OUT" +# Issue: https://github.com/systemd/systemd/issues/23955 +# FIXME +resolvectl flush-caches +#run dig +short untrusted.test A untrusted.test AAAA +#grep -qF "10.0.0.121" "$RUN_OUT" +#grep -qF "fd00:dead:beef:cafe::121" "$RUN_OUT" run resolvectl query untrusted.test -grep -qF "untrusted.test: 10.0.0.121" "$RUN_OUT" +grep -qF "untrusted.test:" "$RUN_OUT" +grep -qF "10.0.0.121" "$RUN_OUT" +grep -qF "fd00:dead:beef:cafe::121" "$RUN_OUT" grep -qF "authenticated: no" "$RUN_OUT" +run resolvectl service _mysvc._tcp untrusted.test +grep -qF "myservice.untrusted.test:1234" "$RUN_OUT" +grep -qF "10.0.0.123" "$RUN_OUT" +grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT" # Issue: https://github.com/systemd/systemd/issues/19472 # 1) Query for a non-existing RR should return NOERROR + NSEC (?), not NXDOMAIN |