From c3aadfb0d7fdb3082b53dd384f899c0c481ff75a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= <pspacek@isc.org>
Date: Wed, 17 Mar 2021 16:09:37 +0100
Subject: [PATCH] support for BIND

Older versions of BIND require commenting out qname-minimization configuration.

BIND builds linked to jemalloc or Clang ASAN will fail to start
on systems with libfaketime versions > 0.9.6:
- jemalloc https://github.com/wolfcw/libfaketime/issues/130
- Clang ASAN https://github.com/wolfcw/libfaketime/issues/365
---
 configs/named.yaml |  15 +++++++
 doc/user_guide.rst |   2 +-
 named_run.sh       |  12 +++++
 template/named.j2  | 106 +++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 configs/named.yaml
 create mode 100755 named_run.sh
 create mode 100644 template/named.j2

diff --git a/configs/named.yaml b/configs/named.yaml
new file mode 100644
index 00000000..06c69f8a
--- /dev/null
+++ b/configs/named.yaml
@@ -0,0 +1,15 @@
+programs:
+- name: named
+  binary: named
+  additional:
+    - -g
+    - -d
+    - "99"
+    - -c
+    - named.conf
+  templates:
+    - template/named.j2
+    - template/hints_zone.j2
+  configs:
+    - named.conf
+    - hints.zone
diff --git a/doc/user_guide.rst b/doc/user_guide.rst
index a8bc23b2..ed946207 100644
--- a/doc/user_guide.rst
+++ b/doc/user_guide.rst
@@ -19,7 +19,7 @@ Let's start with the easiest case:
 
 First run
 ---------
-Easiest way to run Deckard is using one of the prepared Shell scripts in Deckard repository (``{kresd,unbound,pdns}_run.sh`` for Knot Resolver, Unbound and PowerDNS Recursor respectively).
+Easiest way to run Deckard is using one of the prepared Shell scripts in Deckard repository (``{kresd,named,pdns,unbound}_run.sh`` for Knot Resolver, BIND, PowerDNS, and Unbound Recursor respectively).
 
 Deckard uses `pytest` to generate and run the tests as well as collect the results.
 Output is therefore generated by `pytest` as well (``.`` for passed test, ``F`` for failed test and ``s`` for skipped test) and will look something like this:
diff --git a/named_run.sh b/named_run.sh
new file mode 100755
index 00000000..11fcb92d
--- /dev/null
+++ b/named_run.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -o errexit -o nounset
+named -V | grep --quiet -- '--without-jemalloc' || echo 'WARNING: Make sure BIND is compiled without jemalloc library; for 9.17+ use ./configure --without-jemalloc'
+MINOR="$(named -v | cut -d . -f 2)"
+if [[ "$MINOR" -le "13" ]]
+then
+	echo 'WARNING: For BIND <= 9.13.2 manually remove qname-minimization option from named.conf template referenced in configs/named.yaml (usually template/named.j2)'
+fi
+
+exit 1
+RUNDIR="$(dirname "$0")"
+cd "$RUNDIR" && ./run.sh --config configs/named.yaml "$@"
diff --git a/template/named.j2 b/template/named.j2
new file mode 100644
index 00000000..bc0acb73
--- /dev/null
+++ b/template/named.j2
@@ -0,0 +1,106 @@
+options {
+	querylog yes;
+
+{% if ':' in SELF_ADDR %}
+	listen-on-v6 { {{SELF_ADDR}}; };
+	query-source-v6 address {{SELF_ADDR}};
+{% else %}
+	listen-on { {{SELF_ADDR}}; };
+	query-source address {{SELF_ADDR}};
+{% endif %}
+
+	edns-udp-size 4096;
+	max-cache-size 2097152;
+
+{% if QMIN == "false" %}
+qname-minimization off;
+{% else %}
+qname-minimization strict;
+{% endif %}
+
+	// Disable RFC8145 signaling, scenario doesn't provide expected ansers
+	trust-anchor-telemetry no;
+
+{% if not TRUST_ANCHOR_FILES %}
+	dnssec-validation no;
+{% else %}
+unsupported as of yet
+-- make sure that value specified at compile-time does not break tests
+{% for TAF in TRUST_ANCHOR_FILES %}
+trust_anchors.add_file('{{TAF}}')
+{% endfor %}
+{% endif %}
+
+{% if NEGATIVE_TRUST_ANCHORS %}
+unsupported as of yet
+validate-except {
+{% for DI in NEGATIVE_TRUST_ANCHORS %}
+{{DI}}
+{% endfor %}
+};
+{% endif %}
+
+};
+
+
+{% if FORWARD_ADDR %}
+zone "." {
+	type forward;
+	forward only;
+	forwarders { {{FORWARD_ADDR}}; };
+};
+{% endif %}
+
+zone "." {
+	type hint;
+	file "hints.zone";
+};
+
+
+{% if DO_NOT_QUERY_LOCALHOST == "false" %}
+{% endif %}
+
+{% if HARDEN_GLUE == "true" %}
+{% endif %}
+
+
+{% if DO_IP6 == "true" %}
+{% else %}
+server ::/0 {
+	bogus true;
+};
+{% endif %}
+
+{% if DO_IP4 == "true" %}
+{% else %}
+server 0.0.0.0/0 {
+	bogus true;
+};
+{% endif %}
+
+{% if FEATURES.min_ttl is defined %}
+min-cache-ttl {FEATURES.min_ttl}};
+min-ncache-ttl {FEATURES.min_ttl}};
+{% endif %}
+
+{% if FEATURES.max_ttl is defined %}
+max-cache-ttl {{FEATURES.max_ttl}};
+{% endif %}
+
+{% if FEATURES.dns64_prefix is defined %}
+// dns64.config('{{FEATURES.dns64_prefix}}')
+{% endif %}
+
+{% if FEATURES.static_hint_name is defined %}
+static hint unsupported
+{% endif %}
+
+logging {
+	category resolver {
+		stderr;
+	};
+	channel stderr {
+		stderr;
+		severity debug 10;
+	};
+};