dns testing-framework differential-testing nameserver test-generator

Ferret

Ferret is the first automatic test generator for DNS nameserver implementation RFC compliance.

The test case generation module is implemented in C# and symbolically executes the Zen model of the authoritative DNS, which is based on our updated DNS formal semantics. The formal semantics were part of the earlier SIGCOMM paper we published. The testing module uses Docker to test implementations.

Follow the steps mentioned in test case generation README to generate tests using Zen. Use either the Zen generated tests or custom tests to test implementations by following the steps mentioned in DifferentialTesting README. To simply serve a zone using an implementation docker container follow these steps.

📃 NSDI 2022 -- SCALE: Automatically Finding RFC Compliance Bugs in DNS Nameservers

🖥️ Slides and Talk

Citing Ferret

@inproceedings {278336,
author = {Siva Kesava Reddy Kakarla and Ryan Beckett and Todd Millstein and George Varghese},
title = {{SCALE}: Automatically Finding {RFC} Compliance Bugs in {DNS} Nameservers},
booktitle = {19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22)},
year = {2022},
isbn = {978-1-939133-27-4},
address = {Renton, WA},
pages = {307--323},
url = {https://www.usenix.org/conference/nsdi22/presentation/kakarla},
publisher = {USENIX Association},
month = apr,
}

Bugs Found

Legend - Fixed: ✅ Confirmed: ☑️ Bug but not fixing it: ⚠️

Implementation	Bug	Bug Type	Status
Bind	Sibling glue records not returned	Wrong Additional	☑️
	Zone origin glue records not returned	Wrong Additional	☑️
	Synthesized `CNAME` is not taken for a `CNAME` query	Wrong `RCODE`	✅
	`DNAME` recursion denial-of-service	Server Crash	✅
Nsd	`DNAME` not applied recursively	Wrong Answer	✅
	Wrong `RCODE` when `*` is in rdata	Wrong `RCODE`	✅
	Synthesized `CNAME` is not taken for a `CNAME` query	Wrong `RCODE`	✅
	Used `NS` records below delegation	Wrong Answer	✅
PowerDns	`CNAME` followed when not required	Wrong Answer	☑️
PowerDns	`DNAME` at apex pdnsutil check-zone	Wrong Answer	✅
Knot	Incorrect record synthesis	Wrong Answer	✅
	`DNAME` not applied recursively	Wrong Answer	✅
	Used records below delegation	Wrong Answer	✅
	Error in `DNAME`-`DNAME` loop Knot test	Faulty Knot Test	✅
	Synthesized `CNAME` is not taken for a `CNAME` query	Wrong `RCODE`	✅
CoreDns	`NXDOMAIN` for an existing domain	Wrong `RCODE`	⚠️
	Wrong `RCODE` for `CNAME` target	Wrong `RCODE`	✅
	Wildcard `CNAME` loops and `DNAME` loops	Server Crash	✅
	Wrong `RCODE` for synthesized record	Wrong `RCODE`	✅
	`CNAME` followed when not required	Wrong Answer	✅
	Sibling glue records not returned	Wrong Additional	☑️
Yadifa	`CNAME` chains not followed	Wrong Answer	✅
	Wrong `RCODE` for `CNAME` target	Wrong `RCODE`	✅
	Used records below delegation	Wrong Answer	✅
Maradns ^#	`AA` flag set for zone cut `NS` RRs	Wrong Flag	⚠️
Maradns ^#	Glue records returned with `AA` flag	Wrong Flag	⚠️
TrustDns ^#	Wildcard matches only one label	Wrong Answer	☑️
	Glue records returned with `AA` flag	Wrong Flag	☑️
	`AA` flag set for zone cut `NS` RRs	Wrong Flag	☑️
	`CNAME` loop crashes the server	Server Crash	✅
Technitium	Wrong `RCODE` for synthesized record	Wrong `RCODE`	☑️
	Improper handling of non-terminal wildcard	Wrong Answer	☑️
	Used records below delegation	Wrong Answer	☑️
	Wildcard `CNAME` not applied again	Wrong Answer	☑️

^# Implementations with unreported issues due to missing or unimplemented features

About

Automatic Test generator and Differential Tester for DNS Nameserver implementations

dns testing-framework differential-testing nameserver test-generator

MIT License

Languages

Language:Python 57.3%Language:C# 38.4%Language:Dockerfile 4.2%Language:Shell 0.1%