Skip to content

Commit

Permalink
Cirrus: Add Unbound tests
Browse files Browse the repository at this point in the history
  • Loading branch information
JeremyRand committed Dec 24, 2021
1 parent 4a96c3d commit be2a58e
Show file tree
Hide file tree
Showing 5 changed files with 77 additions and 22 deletions.
54 changes: 54 additions & 0 deletions .cirrus.yml
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,60 @@ task:
GOX_TAGS: ""
GO_VERSION: latest

task:
name: Resolve Tests Electrum Unbound
container:
image: fedora:latest
cpu: 1
memory: 1G
install_script:
- curl -o /usr/bin/electrum-nmc https://www.namecoin.org/files/electrum-nmc/electrum-nmc-4.0.0b0/electrum-nmc-nc4.0.0b0-x86_64.AppImage
- chmod +x /usr/bin/electrum-nmc
- curl -o ncdns.tar.gz https://api.cirrus-ci.com/v1/artifact/build/$CIRRUS_BUILD_ID/Cross-Compile%20Go%20latest/binaries/dist/ncdns--linux_amd64.tar.gz
- tar -xaf ./ncdns.tar.gz
- mv ./ncdns-*/bin/* /usr/bin/
- dnf install -y bind-dnssec-utils # For dnssec-keygen
- dnf install -y bind-utils # For dig
- dnf install -y unbound
# Set up DNSSEC
- mkdir KSK
- dnssec-keygen -a RSASHA256 -3 -b 2048 -f KSK -K KSK bit
- mkdir ZSK
- dnssec-keygen -a RSASHA256 -3 -b 2048 -K ZSK bit
- mkdir -p /etc/unbound/keys/ /etc/unbound/conf.d/
- cp KSK/*.key /etc/unbound/keys/bit.key
- cp _doc/unbound/conf.d/ncdns.conf /etc/unbound/conf.d/
- cp _doc/unbound/conf.d/ncdns-dnssec-on.conf /etc/unbound/conf.d/
electrum_background_script:
- electrum-nmc $ELECTRUM_ARGS -v
ncdns_background_script:
- ncdns -ncdns.namecoinrpcusername user -ncdns.namecoinrpcpassword pass -ncdns.bind :5391 -ncdns.privatekey ./KSK/*.private -ncdns.publickey ./KSK/*.key -ncdns.zoneprivatekey ./ZSK/*.private -ncdns.zonepublickey ./ZSK/*.key -xlog.severity DEBUG
unbound_background_script:
- unbound
resolve_electrum_script:
- while ! electrum-nmc $ELECTRUM_ARGS name_show d/namecoin
- do
- echo Waiting for Electrum-NMC to sync...
- sleep 1s
- done
- electrum-nmc $ELECTRUM_ARGS name_show d/namecoin | grep $NAMECOIN_IP
resolve_ncdns_script:
- dig -p 5391 @127.0.0.1 namecoin.bit
- dig -p 5391 @127.0.0.1 namecoin.bit | grep $NAMECOIN_IP
- dig -p 5391 +tcp @127.0.0.1 namecoin.bit
- dig -p 5391 +tcp @127.0.0.1 namecoin.bit | grep $NAMECOIN_IP
resolve_unbound_script:
- dig -p 53 @127.0.0.1 namecoin.bit
- dig -p 53 @127.0.0.1 namecoin.bit | grep $NAMECOIN_IP
depends_on:
- "Cross-Compile Go latest"
env:
# Workaround FUSE/Docker incompatibility.
# See https://github.com/AppImage/AppImageKit/issues/828#issuecomment-730002566
APPIMAGE_EXTRACT_AND_RUN: 1
NAMECOIN_IP: "91.219.237.223"
ELECTRUM_ARGS: "--rpcport 8336 --rpcuser user --rpcpassword pass"

task:
# GitHub Release Upload
# TODO: implement this.
Expand Down
28 changes: 6 additions & 22 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,19 +28,9 @@ Using ncdns with a recursive resolver
-------------------------------------
Of course the daemon can also be used simply as an authoritative nameserver for
bit. directly. One way to do this is to run a recursive resolver (such as
Unbound) and configure it to serve the zone as a 'stub zone'. Here is an example
unbound configuration:
Unbound) and configure it to serve the zone as a 'stub zone'. An example Unbound configuration file `ncdns.conf` is in `_doc/unbound`.

server:
do-not-query-localhost: no
stub-zone:
name: bit.
stub-addr: 127.0.0.1@1153

If you don't want to use DNSSEC, also add:

server:
domain-insecure: bit.
If you don't want to use DNSSEC, also add `ncdns-dnssec-off.conf` to Unbound's configuration.

If you do want to use DNSSEC, see the instructions below.

Expand Down Expand Up @@ -71,13 +61,7 @@ if you want to use the key as a trust anchor with a recursive resolver such as
unbound, you should specify `bit`.)

If using Unbound as a recursive resolver, you should add the KSK's public key file
as a trust anchor to unbound like so:

server:
trust-anchor-file: "/etc/unbound/keys/bit.key"

`bit.key` should be the file containing the KSK DNSKEY (or DS) which ncdns is
configured to use.
as a trust anchor to unbound, as in `ncdns-dnssec-on.conf` in `_doc/unbound`.

Building
--------
Expand Down Expand Up @@ -139,17 +123,17 @@ ncdns uses a configuration file which is looked for at `../etc/ncdns.conf`
this and all options on the command line. An annotated example configuration
file `ncdns.conf.example` is available in doc.

You will need to setup a `namecoind`, `namecoin-qt` or compatible Namecoin node
You will need to setup a `namecoind`, `namecoin-qt`, `electrum-nmc`, or compatible Namecoin node
and enable the JSON-RPC interface. You will then need to provide `ncdns` with
the address of this interface and any necessary username and password via the
configuration file.

If you only want to resolve .bit names yourself, here is a suggested setup on
Linux:

- Install `namecoind` (or `namecoin-qt`) and set it to start automatically
- Install `namecoind` (or `namecoin-qt` or `electrum-nmc`) and set it to start automatically
at boot or login. Set up the JSON-RPC interface and make sure it works
by making a test query: `namecoind name_show d/example`.
by making a test query: `namecoin-cli name_show d/example` or `electrum-nmc name_show d/example`.

- Write a ncdns configuration file and set ncdns up to start at boot.
Since Unbound will tie up port 53, set a different port (ideally one >=1024,
Expand Down
4 changes: 4 additions & 0 deletions _doc/unbound/conf.d/ncdns-dnssec-off.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Include this file if ncdns has DNSSEC disabled.

server:
domain-insecure: bit.
6 changes: 6 additions & 0 deletions _doc/unbound/conf.d/ncdns-dnssec-on.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Include this file if ncdns has DNSSEC enabled.

server:
# bit.key should be the file containing the KSK DNSKEY (or DS) which ncdns is
# configured to use.
trust-anchor-file: "/etc/unbound/keys/bit.key"
7 changes: 7 additions & 0 deletions _doc/unbound/conf.d/ncdns.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Include this file if ncdns is in use.

server:
do-not-query-localhost: no
stub-zone:
name: bit.
stub-addr: 127.0.0.1@5391

0 comments on commit be2a58e

Please sign in to comment.