summary refs log tree commit diff
path: root/nixos/tests/unbound.nix
diff options
context:
space:
mode:
authorDaniel Nagy <danielnagy@posteo.de>2021-02-13 23:21:01 +0100
committertomberek <tomberek@users.noreply.github.com>2021-02-25 18:37:57 -0500
commit930e3679f4189f6a340ce50cf78b1de46a3736fc (patch)
tree15fc9a62b91ed896f8308cd308c0088117ae6da6 /nixos/tests/unbound.nix
parentbd6ef5bee10413aeb2d3289e0d291d85923e5701 (diff)
downloadnixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar
nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.gz
nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.bz2
nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.lz
nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.xz
nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.tar.zst
nixpkgs-930e3679f4189f6a340ce50cf78b1de46a3736fc.zip
nixos/test/unbound: add tests for DNS over HTTPS
Diffstat (limited to 'nixos/tests/unbound.nix')
-rw-r--r--nixos/tests/unbound.nix16


1 files changed, 15 insertions, 1 deletions
diff --git a/nixos/tests/unbound.nix b/nixos/tests/unbound.nix
index c8823163622..d4b8bb15ced 100644
--- a/nixos/tests/unbound.nix
+++ b/nixos/tests/unbound.nix
@@ -27,6 +27,9 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
         # disable the root anchor update as we do not have internet access during
         # the test execution
         services.unbound.enableRootTrustAnchor = false;
+
+        # we want to test the full-variant of the package to also get DoH support
+        services.unbound.package = pkgs.unbound-full;
       };
     };
 
@@ -81,13 +84,16 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
         networking.firewall.allowedTCPPorts = [
           53 # regular DNS
           853 # DNS over TLS
+          443 # DNS over HTTPS
         ];
         networking.firewall.allowedUDPPorts = [ 53 ];
 
         services.unbound = {
           enable = true;
           allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ];
-          interfaces = [ "::1" "127.0.0.1" "192.168.0.2" "fd21::2" "192.168.0.2@853" "fd21::2@853" "::1@853" "127.0.0.1@853" ];
+          interfaces = [ "::1" "127.0.0.1" "192.168.0.2" "fd21::2"
+                         "192.168.0.2@853" "fd21::2@853" "::1@853" "127.0.0.1@853"
+                         "192.168.0.2@443" "fd21::2@443" "::1@443" "127.0.0.1@443" ];
           forwardAddresses = [
             (lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv6.addresses).address
             (lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv4.addresses).address
@@ -217,6 +223,14 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
                           expected,
                           ["+tcp", "+tls"] + args,
                       )
+                      query(
+                          machine,
+                          remote,
+                          query_type,
+                          zone,
+                          expected,
+                          ["+https"] + args,
+                      )
 
 
       client.start()

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-01 14:49:50 +0000