diff options
author | Daniel Nagy <danielnagy@posteo.de> | 2021-02-13 23:21:01 +0100 |
---|---|---|
committer | tomberek <tomberek@users.noreply.github.com> | 2021-02-25 18:37:57 -0500 |
commit | 930e3679f4189f6a340ce50cf78b1de46a3736fc (patch) | |
tree | 15fc9a62b91ed896f8308cd308c0088117ae6da6 /nixos/tests/unbound.nix | |
parent | bd6ef5bee10413aeb2d3289e0d291d85923e5701 (diff) | |
download | nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.gz nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.bz2 nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.lz nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.xz nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.zst nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.zip |
nixos/test/unbound: add tests for DNS over HTTPS
Diffstat (limited to 'nixos/tests/unbound.nix')
-rw-r--r-- | nixos/tests/unbound.nix | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/nixos/tests/unbound.nix b/nixos/tests/unbound.nix index c8823163622..d4b8bb15ced 100644 --- a/nixos/tests/unbound.nix +++ b/nixos/tests/unbound.nix @@ -27,6 +27,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: # disable the root anchor update as we do not have internet access during # the test execution services.unbound.enableRootTrustAnchor = false; + + # we want to test the full-variant of the package to also get DoH support + services.unbound.package = pkgs.unbound-full; }; }; @@ -81,13 +84,16 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: networking.firewall.allowedTCPPorts = [ 53 # regular DNS 853 # DNS over TLS + 443 # DNS over HTTPS ]; networking.firewall.allowedUDPPorts = [ 53 ]; services.unbound = { enable = true; allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ]; - interfaces = [ "::1" "127.0.0.1" "192.168.0.2" "fd21::2" "192.168.0.2@853" "fd21::2@853" "::1@853" "127.0.0.1@853" ]; + interfaces = [ "::1" "127.0.0.1" "192.168.0.2" "fd21::2" + "192.168.0.2@853" "fd21::2@853" "::1@853" "127.0.0.1@853" + "192.168.0.2@443" "fd21::2@443" "::1@443" "127.0.0.1@443" ]; forwardAddresses = [ (lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv6.addresses).address (lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv4.addresses).address @@ -217,6 +223,14 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: expected, ["+tcp", "+tls"] + args, ) + query( + machine, + remote, + query_type, + zone, + expected, + ["+https"] + args, + ) client.start() |