diff --git a/data/templates/dns-forwarding/recursor.conf.j2 b/data/templates/dns-forwarding/recursor.conf.j2 index ce1b676d1..e02e6c13d 100644 --- a/data/templates/dns-forwarding/recursor.conf.j2 +++ b/data/templates/dns-forwarding/recursor.conf.j2 @@ -1,47 +1,50 @@ {# j2lint: disable=single-statement-per-line #} ### Autogenerated by dns_forwarding.py ### # XXX: pdns recursor doesn't like whitespace near entry separators, # especially in the semicolon-separated lists of name servers. # Please be careful if you edit the template. # Non-configurable defaults daemon=yes threads=1 allow-from={{ allow_from | join(',') }} log-common-errors=yes non-local-bind=yes query-local-address={{ source_address | join(',') }} lua-config-file=recursor.conf.lua # cache-size max-cache-entries={{ cache_size }} # negative TTL for NXDOMAIN max-negative-ttl={{ negative_ttl }} # timeout network-timeout={{ timeout }} # ignore-hosts-file export-etc-hosts={{ 'no' if ignore_hosts_file is vyos_defined else 'yes' }} # listen-address local-address={{ listen_address | join(',') }} +# listen-port +local-port={{ port }} + # dnssec dnssec={{ dnssec }} {% if dns64_prefix is vyos_defined %} # dns64-prefix dns64-prefix={{ dns64_prefix }} {% endif %} # serve rfc1918 records serve-rfc1918={{ 'no' if no_serve_rfc1918 is vyos_defined else 'yes' }} # zones auth-zones={% for z in authoritative_zones %}{{ z.name }}={{ z.file }}{{- "," if not loop.last -}}{% endfor %} forward-zones-file=recursor.forward-zones.conf diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index 3de0dc0eb..409028572 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -1,669 +1,673 @@ <?xml version="1.0"?> <!-- DNS forwarder configuration --> <interfaceDefinition> <node name="service"> <children> <node name="dns"> <properties> <help>Domain Name System related services</help> </properties> <children> <node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py"> <properties> <help>DNS forwarding</help> <priority>918</priority> </properties> <children> <leafNode name="cache-size"> <properties> <help>DNS forwarding cache size</help> <valueHelp> <format>u32:0-2147483647</format> <description>DNS forwarding cache size</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647"/> </constraint> </properties> <defaultValue>10000</defaultValue> </leafNode> <leafNode name="dhcp"> <properties> <help>Interfaces whose DHCP client nameservers to forward requests to</help> <completionHelp> <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> <multi/> </properties> </leafNode> <leafNode name="dns64-prefix"> <properties> <help>Help to communicate between IPv6-only client and IPv4-only server</help> <valueHelp> <format>ipv6net</format> <description>IPv6 address and /96 only prefix length</description> </valueHelp> <constraint> <validator name="ipv6-prefix"/> </constraint> </properties> </leafNode> <leafNode name="dnssec"> <properties> <help>DNSSEC mode</help> <completionHelp> <list>off process-no-validate process log-fail validate</list> </completionHelp> <valueHelp> <format>off</format> <description>No DNSSEC processing whatsoever!</description> </valueHelp> <valueHelp> <format>process-no-validate</format> <description>Respond with DNSSEC records to clients that ask for it. No validation done at all!</description> </valueHelp> <valueHelp> <format>process</format> <description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description> </valueHelp> <valueHelp> <format>log-fail</format> <description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description> </valueHelp> <valueHelp> <format>validate</format> <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description> </valueHelp> <constraint> <regex>(off|process-no-validate|process|log-fail|validate)</regex> </constraint> </properties> <defaultValue>process-no-validate</defaultValue> </leafNode> <tagNode name="domain"> <properties> <help>Domain to forward to a custom DNS server</help> </properties> <children> <leafNode name="server"> <properties> <help>Domain Name Server (DNS) to forward queries to</help> <valueHelp> <format>ipv4</format> <description>Domain Name Server (DNS) IPv4 address</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>Domain Name Server (DNS) IPv6 address</description> </valueHelp> <multi/> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> </properties> </leafNode> <leafNode name="addnta"> <properties> <help>Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC)</help> <valueless/> </properties> </leafNode> <leafNode name="recursion-desired"> <properties> <help>Set the "recursion desired" bit in requests to the upstream nameserver</help> <valueless/> </properties> </leafNode> </children> </tagNode> <tagNode name="authoritative-domain"> <properties> <help>Domain to host authoritative records for</help> <valueHelp> <format>text</format> <description>An absolute DNS name</description> </valueHelp> <constraint> <regex>[-_a-zA-Z0-9.]{1,63}</regex> </constraint> </properties> <children> <node name="records"> <properties> <help>DNS zone records</help> </properties> <children> <tagNode name="a"> <properties> <help>"A" record</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <valueHelp> <format>any</format> <description>Wildcard record (any subdomain)</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.)</regex> </constraint> </properties> <children> <leafNode name="address"> <properties> <help>IPv4 address</help> <valueHelp> <format>ipv4</format> <description>IPv4 address</description> </valueHelp> <multi/> <constraint> <validator name="ipv4-address"/> </constraint> </properties> </leafNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> <tagNode name="aaaa"> <properties> <help>"AAAA" record</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <valueHelp> <format>any</format> <description>Wildcard record (any subdomain)</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.)</regex> </constraint> </properties> <children> <leafNode name="address"> <properties> <help>IPv6 address</help> <valueHelp> <format>ipv6</format> <description>IPv6 address</description> </valueHelp> <multi/> <constraint> <validator name="ipv6-address"/> </constraint> </properties> </leafNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> <tagNode name="cname"> <properties> <help>"CNAME" record</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> <leafNode name="target"> <properties> <help>Target DNS name</help> <valueHelp> <format>name.example.com</format> <description>An absolute DNS name</description> </valueHelp> <constraint> <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> </leafNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> <tagNode name="mx"> <properties> <help>"MX" record</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> <tagNode name="server"> <properties> <help>Mail server</help> <valueHelp> <format>name.example.com</format> <description>An absolute DNS name</description> </valueHelp> <constraint> <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> <children> <leafNode name="priority"> <properties> <help>Server priority</help> <valueHelp> <format>u32:1-999</format> <description>Server priority (lower numbers are higher priority)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-999"/> </constraint> </properties> <defaultValue>10</defaultValue> </leafNode> </children> </tagNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> <tagNode name="ptr"> <properties> <help>"PTR" record</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> <leafNode name="target"> <properties> <help>Target DNS name</help> <valueHelp> <format>name.example.com</format> <description>An absolute DNS name</description> </valueHelp> <constraint> <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> </leafNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> <tagNode name="txt"> <properties> <help>"TXT" record</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> <leafNode name="value"> <properties> <help>Record contents</help> <valueHelp> <format>text</format> <description>Record contents</description> </valueHelp> <multi/> </properties> </leafNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> <tagNode name="spf"> <properties> <help>"SPF" record (type=SPF)</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> <leafNode name="value"> <properties> <help>Record contents</help> <valueHelp> <format>text</format> <description>Record contents</description> </valueHelp> </properties> </leafNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> <tagNode name="srv"> <properties> <help>"SRV" record</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> <tagNode name="entry"> <properties> <help>Service entry</help> <valueHelp> <format>u32:0-65535</format> <description>Entry number</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65535"/> </constraint> </properties> <children> <leafNode name="hostname"> <properties> <help>Server hostname</help> <valueHelp> <format>name.example.com</format> <description>An absolute DNS name</description> </valueHelp> <constraint> <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> </leafNode> <leafNode name="port"> <properties> <help>Port number</help> <valueHelp> <format>u32:0-65535</format> <description>TCP/UDP port number</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65536"/> </constraint> </properties> </leafNode> <leafNode name="priority"> <properties> <help>Entry priority</help> <valueHelp> <format>u32:0-65535</format> <description>Entry priority (lower numbers are higher priority)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65535"/> </constraint> </properties> <defaultValue>10</defaultValue> </leafNode> <leafNode name="weight"> <properties> <help>Entry weight</help> <valueHelp> <format>u32:0-65535</format> <description>Entry weight</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65535"/> </constraint> </properties> <defaultValue>0</defaultValue> </leafNode> </children> </tagNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> <tagNode name="naptr"> <properties> <help>"NAPTR" record</help> <valueHelp> <format>text</format> <description>A DNS name relative to the root record</description> </valueHelp> <valueHelp> <format>@</format> <description>Root record</description> </valueHelp> <constraint> <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> </constraint> </properties> <children> <tagNode name="rule"> <properties> <help>NAPTR rule</help> <valueHelp> <format>u32:0-65535</format> <description>Rule number</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65535"/> </constraint> </properties> <children> <leafNode name="order"> <properties> <help>Rule order</help> <valueHelp> <format>u32:0-65535</format> <description>Rule order (lower order is evaluated first)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65535"/> </constraint> </properties> </leafNode> <leafNode name="preference"> <properties> <help>Rule preference</help> <valueHelp> <format>u32:0-65535</format> <description>Rule preference</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-65535"/> </constraint> </properties> <defaultValue>0</defaultValue> </leafNode> <leafNode name="lookup-srv"> <properties> <help>"S" flag</help> <valueless/> </properties> </leafNode> <leafNode name="lookup-a"> <properties> <help>"A" flag</help> <valueless/> </properties> </leafNode> <leafNode name="resolve-uri"> <properties> <help>"U" flag</help> <valueless/> </properties> </leafNode> <leafNode name="protocol-specific"> <properties> <help>"P" flag</help> <valueless/> </properties> </leafNode> <leafNode name="service"> <properties> <help>Service type</help> <constraint> <regex>[a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})?</regex> </constraint> </properties> </leafNode> <leafNode name="regexp"> <properties> <help>Regular expression</help> </properties> </leafNode> <leafNode name="replacement"> <properties> <help>Replacement DNS name</help> <valueHelp> <format>name.example.com</format> <description>An absolute DNS name</description> </valueHelp> <constraint> <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> </constraint> </properties> </leafNode> </children> </tagNode> #include <include/dns/time-to-live.xml.i> #include <include/generic-disable-node.xml.i> </children> </tagNode> </children> </node> #include <include/generic-disable-node.xml.i> </children> </tagNode> <leafNode name="ignore-hosts-file"> <properties> <help>Do not use local /etc/hosts file in name resolution</help> <valueless/> </properties> </leafNode> <leafNode name="no-serve-rfc1918"> <properties> <help>Makes the server authoritatively not aware of RFC1918 addresses</help> <valueless/> </properties> </leafNode> <leafNode name="allow-from"> <properties> <help>Networks allowed to query this server</help> <valueHelp> <format>ipv4net</format> <description>IP address and prefix length</description> </valueHelp> <valueHelp> <format>ipv6net</format> <description>IPv6 address and prefix length</description> </valueHelp> <multi/> <constraint> <validator name="ip-prefix"/> </constraint> </properties> </leafNode> #include <include/listen-address.xml.i> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>53</defaultValue> + </leafNode> <leafNode name="negative-ttl"> <properties> <help>Maximum amount of time negative entries are cached</help> <valueHelp> <format>u32:0-7200</format> <description>Seconds to cache NXDOMAIN entries</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-7200"/> </constraint> </properties> <defaultValue>3600</defaultValue> </leafNode> <leafNode name="timeout"> <properties> <help>Number of milliseconds to wait for a remote authoritative server to respond</help> <valueHelp> <format>u32:10-60000</format> <description>Network timeout in milliseconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 10-60000"/> </constraint> </properties> <defaultValue>1500</defaultValue> </leafNode> #include <include/name-server-ipv4-ipv6.xml.i> <leafNode name="source-address"> <properties> <help>Local addresses from which to send DNS queries</help> <completionHelp> <script>${vyos_completion_dir}/list_local_ips.sh --both</script> </completionHelp> <valueHelp> <format>ipv4</format> <description>IPv4 address from which to send traffic</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 address from which to send traffic</description> </valueHelp> <multi/> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> </properties> <defaultValue>0.0.0.0 ::</defaultValue> </leafNode> <leafNode name="system"> <properties> <help>Use system name servers</help> <valueless/> </properties> </leafNode> </children> </node> </children> </node> </children> </node> </interfaceDefinition> diff --git a/smoketest/scripts/cli/test_service_dns_forwarding.py b/smoketest/scripts/cli/test_service_dns_forwarding.py index 65b676451..8e9b7ef43 100755 --- a/smoketest/scripts/cli/test_service_dns_forwarding.py +++ b/smoketest/scripts/cli/test_service_dns_forwarding.py @@ -1,228 +1,249 @@ #!/usr/bin/env python3 # # Copyright (C) 2019-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import re import unittest from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError from vyos.util import read_file from vyos.util import process_named_running CONFIG_FILE = '/run/powerdns/recursor.conf' FORWARD_FILE = '/run/powerdns/recursor.forward-zones.conf' HOSTSD_FILE = '/run/powerdns/recursor.vyos-hostsd.conf.lua' PROCESS_NAME= 'pdns-r/worker' base_path = ['service', 'dns', 'forwarding'] allow_from = ['192.0.2.0/24', '2001:db8::/32'] listen_adress = ['127.0.0.1', '::1'] +listen_ports = ['53', '5353'] def get_config_value(key, file=CONFIG_FILE): tmp = read_file(file) tmp = re.findall(r'\n{}=+(.*)'.format(key), tmp) return tmp[0] class TestServicePowerDNS(VyOSUnitTestSHIM.TestCase): @classmethod def setUpClass(cls): super(TestServicePowerDNS, cls).setUpClass() # ensure we can also run this test on a live system - so lets clean # out the current configuration :) cls.cli_delete(cls, base_path) def tearDown(self): # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) # Delete DNS forwarding configuration self.cli_delete(base_path) self.cli_commit() # Check for running process self.assertFalse(process_named_running(PROCESS_NAME)) def test_basic_forwarding(self): # Check basic DNS forwarding settings cache_size = '20' negative_ttl = '120' self.cli_set(base_path + ['cache-size', cache_size]) self.cli_set(base_path + ['negative-ttl', negative_ttl]) # check validate() - allow from must be defined with self.assertRaises(ConfigSessionError): self.cli_commit() for network in allow_from: self.cli_set(base_path + ['allow-from', network]) # check validate() - listen-address must be defined with self.assertRaises(ConfigSessionError): self.cli_commit() for address in listen_adress: self.cli_set(base_path + ['listen-address', address]) # configure DNSSEC self.cli_set(base_path + ['dnssec', 'validate']) # Do not use local /etc/hosts file in name resolution self.cli_set(base_path + ['ignore-hosts-file']) # commit changes self.cli_commit() # Check configured cache-size tmp = get_config_value('max-cache-entries') self.assertEqual(tmp, cache_size) # Networks allowed to query this server tmp = get_config_value('allow-from') self.assertEqual(tmp, ','.join(allow_from)) # Addresses to listen for DNS queries tmp = get_config_value('local-address') self.assertEqual(tmp, ','.join(listen_adress)) # Maximum amount of time negative entries are cached tmp = get_config_value('max-negative-ttl') self.assertEqual(tmp, negative_ttl) # Do not use local /etc/hosts file in name resolution tmp = get_config_value('export-etc-hosts') self.assertEqual(tmp, 'no') # RFC1918 addresses are looked up by default tmp = get_config_value('serve-rfc1918') self.assertEqual(tmp, 'yes') def test_dnssec(self): # DNSSEC option testing for network in allow_from: self.cli_set(base_path + ['allow-from', network]) for address in listen_adress: self.cli_set(base_path + ['listen-address', address]) options = ['off', 'process-no-validate', 'process', 'log-fail', 'validate'] for option in options: self.cli_set(base_path + ['dnssec', option]) # commit changes self.cli_commit() tmp = get_config_value('dnssec') self.assertEqual(tmp, option) def test_external_nameserver(self): # Externe Domain Name Servers (DNS) addresses for network in allow_from: self.cli_set(base_path + ['allow-from', network]) for address in listen_adress: self.cli_set(base_path + ['listen-address', address]) nameservers = ['192.0.2.1', '192.0.2.2'] for nameserver in nameservers: self.cli_set(base_path + ['name-server', nameserver]) # commit changes self.cli_commit() tmp = get_config_value(r'\+.', file=FORWARD_FILE) self.assertEqual(tmp, ', '.join(nameservers)) # Do not use local /etc/hosts file in name resolution # default: yes tmp = get_config_value('export-etc-hosts') self.assertEqual(tmp, 'yes') def test_domain_forwarding(self): for network in allow_from: self.cli_set(base_path + ['allow-from', network]) for address in listen_adress: self.cli_set(base_path + ['listen-address', address]) domains = ['vyos.io', 'vyos.net', 'vyos.com'] nameservers = ['192.0.2.1', '192.0.2.2'] for domain in domains: for nameserver in nameservers: self.cli_set(base_path + ['domain', domain, 'server', nameserver]) # Test 'recursion-desired' flag for only one domain if domain == domains[0]: self.cli_set(base_path + ['domain', domain, 'recursion-desired']) # Test 'negative trust anchor' flag for the second domain only if domain == domains[1]: self.cli_set(base_path + ['domain', domain, 'addnta']) # commit changes self.cli_commit() # Test configured name-servers hosts_conf = read_file(HOSTSD_FILE) for domain in domains: # Test 'recursion-desired' flag for the first domain only if domain == domains[0]: key =f'\+{domain}' else: key =f'{domain}' tmp = get_config_value(key, file=FORWARD_FILE) self.assertEqual(tmp, ', '.join(nameservers)) # Test 'negative trust anchor' flag for the second domain only if domain == domains[1]: self.assertIn(f'addNTA("{domain}", "static")', hosts_conf) def test_no_rfc1918_forwarding(self): for network in allow_from: self.cli_set(base_path + ['allow-from', network]) for address in listen_adress: self.cli_set(base_path + ['listen-address', address]) self.cli_set(base_path + ['no-serve-rfc1918']) # commit changes self.cli_commit() # verify configuration tmp = get_config_value('serve-rfc1918') self.assertEqual(tmp, 'no') def test_dns64(self): dns_prefix = '64:ff9b::/96' for network in allow_from: self.cli_set(base_path + ['allow-from', network]) for address in listen_adress: self.cli_set(base_path + ['listen-address', address]) # Check dns64-prefix - must be prefix /96 self.cli_set(base_path + ['dns64-prefix', '2001:db8:aabb::/64']) with self.assertRaises(ConfigSessionError): self.cli_commit() self.cli_set(base_path + ['dns64-prefix', dns_prefix]) # commit changes self.cli_commit() # verify dns64-prefix configuration tmp = get_config_value('dns64-prefix') self.assertEqual(tmp, dns_prefix) + def test_listening_port(self): + # only one port can be listen + for port in listen_ports: + self.cli_set(base_path + ['port', port]) + for network in allow_from: + self.cli_set(base_path + ['allow-from', network]) + for address in listen_adress: + self.cli_set(base_path + ['listen-address', address]) + + # commit changes + self.cli_commit() + + # verify local-port configuration + tmp = get_config_value('local-port') + self.assertEqual(tmp, port) + + # reset to test differnt port + self.cli_delete(base_path) + self.cli_commit() + if __name__ == '__main__': unittest.main(verbosity=2)