Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix IPv6 test_ns_connectivity #1598

Conversation

bwbroersma
Copy link
Collaborator

@bwbroersma bwbroersma marked this pull request as draft December 13, 2024 21:10
@bwbroersma bwbroersma changed the title Fix IPv6 test_ns_connectivity [WIP] Fix IPv6 test_ns_connectivity Dec 13, 2024
@bwbroersma bwbroersma changed the title [WIP] Fix IPv6 test_ns_connectivity Fix IPv6 test_ns_connectivity Dec 13, 2024
@bwbroersma bwbroersma requested a review from aequitas December 13, 2024 21:12
@bwbroersma bwbroersma marked this pull request as ready for review December 13, 2024 21:12
@bwbroersma
Copy link
Collaborator Author

bwbroersma commented Dec 13, 2024

On my local test instance I had this issue:

================================================================= short test summary info =================================================================
FAILED integration_tests/integration/test_email.py::test_your_email_score[firefox] - playwright._impl._errors.TimeoutError: Timeout 60000ms exceeded.
FAILED integration_tests/integration/test_website.py::test_your_website_score[firefox] - playwright._impl._errors.TimeoutError: Timeout 30000ms exceeded.
FAILED integration_tests/integration/test_website.py::test_ipv6_ns_with_bad_connectivity[firefox] - playwright._impl._errors.TimeoutError: Timeout 30000ms exceeded.
============================================ 3 failed, 74 passed, 12 skipped, 36 warnings in 172.30s (0:02:52) ============================================

Is adding the test zone really needed in this unbound context, since a forward DNS server is already setup?

if settings.INTEGRATION_TESTS:
# forward the .test zone used in integration tests
ctx.zone_add("test.", "transparent")

Why didn't the test_ipv6_ns_with_bad_connectivity test case catch this?

def test_ipv6_ns_with_bad_connectivity(page, app_url, unique_id):
"""Test if a target with a unresponsive IPv6 nameserver returns the correct result."""
test_domain = f"{unique_id}.bad-ipv6-ns.test"
page.goto(f"{app_url}/site/{test_domain}/")
# make sure the test has been started
page.get_by_text(f"Website test: {test_domain}")
# make sure the test is completed
page.wait_for_url(f"{app_url}/site/{test_domain}/*/")
print_results_url(page)
# test results should indicate ipv6 ns are found
expect(page.get_by_text("Two or more name servers of your domain have an IPv6 address."))
# but some of them are not resolvable
expect(page.get_by_text("Not all name servers that have an IPv6 address are reachable over IPv6."))

@aequitas
Copy link
Collaborator

On my local test instance I had this issue:

Might be an issue with the nassl workers, can you run make build && make up env=test before running the tests and see if that fixes it. Both on CI and my machine it works.

Is adding the test zone really needed in this unbound context, since a forward DNS server is already setup?

I think so, because unbound library normally doesn't forward .test zone. So we need to overwrite it explicitly.

@bwbroersma
Copy link
Collaborator Author

  1. Check, I thought I did this, but I just retried, and no more errors.

  2. Check, relevant unbound manual:

    The default zones are localhost, reverse 127.0.0.1 and ::1, the home.arpa, onion, test, invalid and the AS112 zones. The AS112 zones are reverse DNS zones for private use and reserved IP addresses for which the servers on the internet cannot provide correct answers. They are configured by default to give NXDOMAIN (no reverse information) answers.

    The defaults can be turned off by specifying your own local-zone: of that name, or using the nodefault type.

  3. Any idea about why the test_ipv6_ns_with_bad_connectivity test case didn't caught this?

@mxsasha
Copy link
Collaborator

mxsasha commented Dec 18, 2024

As discussed, merging to main to allow testing on dev-docker.

@mxsasha mxsasha merged commit 2b50952 into internetstandards:main Dec 18, 2024
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

IPv6 reachability of name servers always ✅ (even on networks without IPv6)
3 participants