]>
Commit | Line | Data |
---|---|---|
ec5f5c6b RG |
1 | #!/usr/bin/env python |
2 | from datetime import datetime, timedelta | |
ec5f5c6b | 3 | import os |
856c35e3 | 4 | import time |
b1bec9f0 | 5 | import dns |
ec5f5c6b RG |
6 | from dnsdisttests import DNSDistTest |
7 | ||
b1bec9f0 RG |
8 | class TestAdvancedAllow(DNSDistTest): |
9 | ||
10 | _config_template = """ | |
11 | addAction(makeRule("allowed.advanced.tests.powerdns.com."), AllowAction()) | |
12 | addAction(AllRule(), DropAction()) | |
13 | newServer{address="127.0.0.1:%s"} | |
14 | """ | |
15 | ||
16 | def testAdvancedAllow(self): | |
17 | """ | |
18 | Advanced: Allowed qname is not dropped | |
19 | ||
20 | A query for allowed.advanced.tests.powerdns.com. should be allowed | |
21 | while others should be dropped. | |
22 | """ | |
23 | name = 'allowed.advanced.tests.powerdns.com.' | |
24 | query = dns.message.make_query(name, 'A', 'IN') | |
25 | response = dns.message.make_response(query) | |
26 | rrset = dns.rrset.from_text(name, | |
27 | 3600, | |
28 | dns.rdataclass.IN, | |
29 | dns.rdatatype.A, | |
30 | '127.0.0.1') | |
31 | response.answer.append(rrset) | |
32 | ||
33 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
34 | self.assertTrue(receivedQuery) | |
35 | self.assertTrue(receivedResponse) | |
36 | receivedQuery.id = query.id | |
37 | self.assertEquals(query, receivedQuery) | |
38 | self.assertEquals(response, receivedResponse) | |
39 | ||
40 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
41 | self.assertTrue(receivedQuery) | |
42 | self.assertTrue(receivedResponse) | |
43 | receivedQuery.id = query.id | |
44 | self.assertEquals(query, receivedQuery) | |
45 | self.assertEquals(response, receivedResponse) | |
46 | ||
47 | def testAdvancedAllowDropped(self): | |
48 | """ | |
49 | Advanced: Not allowed qname is dropped | |
50 | ||
51 | A query for notallowed.advanced.tests.powerdns.com. should be dropped. | |
52 | """ | |
53 | name = 'notallowed.advanced.tests.powerdns.com.' | |
54 | query = dns.message.make_query(name, 'A', 'IN') | |
55 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
56 | self.assertEquals(receivedResponse, None) | |
57 | ||
58 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
59 | self.assertEquals(receivedResponse, None) | |
60 | ||
ec5f5c6b RG |
61 | class TestAdvancedFixupCase(DNSDistTest): |
62 | ||
ec5f5c6b RG |
63 | _config_template = """ |
64 | truncateTC(true) | |
65 | fixupCase(true) | |
66 | newServer{address="127.0.0.1:%s"} | |
67 | """ | |
68 | ||
ec5f5c6b RG |
69 | def testAdvancedFixupCase(self): |
70 | """ | |
617dfe22 RG |
71 | Advanced: Fixup Case |
72 | ||
ec5f5c6b RG |
73 | Send a query with lower and upper chars, |
74 | make the backend return a lowercase version, | |
75 | check that dnsdist fixes the response. | |
76 | """ | |
77 | name = 'fiXuPCasE.advanced.tests.powerdns.com.' | |
78 | query = dns.message.make_query(name, 'A', 'IN') | |
79 | lowercasequery = dns.message.make_query(name.lower(), 'A', 'IN') | |
80 | response = dns.message.make_response(lowercasequery) | |
81 | expectedResponse = dns.message.make_response(query) | |
82 | rrset = dns.rrset.from_text(name, | |
83 | 3600, | |
84 | dns.rdataclass.IN, | |
85 | dns.rdatatype.A, | |
86 | '127.0.0.1') | |
87 | response.answer.append(rrset) | |
88 | expectedResponse.answer.append(rrset) | |
89 | ||
90 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
91 | self.assertTrue(receivedQuery) | |
92 | self.assertTrue(receivedResponse) | |
93 | receivedQuery.id = query.id | |
ec5f5c6b RG |
94 | self.assertEquals(query, receivedQuery) |
95 | self.assertEquals(expectedResponse, receivedResponse) | |
96 | ||
97 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
98 | self.assertTrue(receivedQuery) | |
99 | self.assertTrue(receivedResponse) | |
100 | receivedQuery.id = query.id | |
ec5f5c6b RG |
101 | self.assertEquals(query, receivedQuery) |
102 | self.assertEquals(expectedResponse, receivedResponse) | |
103 | ||
104 | ||
105 | class TestAdvancedRemoveRD(DNSDistTest): | |
106 | ||
ec5f5c6b RG |
107 | _config_template = """ |
108 | addNoRecurseRule("norecurse.advanced.tests.powerdns.com.") | |
109 | newServer{address="127.0.0.1:%s"} | |
110 | """ | |
111 | ||
ec5f5c6b RG |
112 | def testAdvancedNoRD(self): |
113 | """ | |
617dfe22 RG |
114 | Advanced: No RD |
115 | ||
ec5f5c6b RG |
116 | Send a query with RD, |
117 | check that dnsdist clears the RD flag. | |
118 | """ | |
119 | name = 'norecurse.advanced.tests.powerdns.com.' | |
120 | query = dns.message.make_query(name, 'A', 'IN') | |
121 | expectedQuery = dns.message.make_query(name, 'A', 'IN') | |
122 | expectedQuery.flags &= ~dns.flags.RD | |
123 | ||
124 | response = dns.message.make_response(query) | |
125 | rrset = dns.rrset.from_text(name, | |
126 | 3600, | |
127 | dns.rdataclass.IN, | |
128 | dns.rdatatype.A, | |
129 | '127.0.0.1') | |
130 | response.answer.append(rrset) | |
131 | ||
132 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
133 | self.assertTrue(receivedQuery) | |
134 | self.assertTrue(receivedResponse) | |
135 | receivedQuery.id = expectedQuery.id | |
ec5f5c6b RG |
136 | self.assertEquals(expectedQuery, receivedQuery) |
137 | self.assertEquals(response, receivedResponse) | |
138 | ||
139 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
140 | self.assertTrue(receivedQuery) | |
141 | self.assertTrue(receivedResponse) | |
142 | receivedQuery.id = expectedQuery.id | |
ec5f5c6b RG |
143 | self.assertEquals(expectedQuery, receivedQuery) |
144 | self.assertEquals(response, receivedResponse) | |
145 | ||
146 | def testAdvancedKeepRD(self): | |
147 | """ | |
617dfe22 RG |
148 | Advanced: No RD canary |
149 | ||
ec5f5c6b RG |
150 | Send a query with RD for a canary domain, |
151 | check that dnsdist does not clear the RD flag. | |
152 | """ | |
153 | name = 'keeprecurse.advanced.tests.powerdns.com.' | |
154 | query = dns.message.make_query(name, 'A', 'IN') | |
155 | ||
156 | response = dns.message.make_response(query) | |
157 | rrset = dns.rrset.from_text(name, | |
158 | 3600, | |
159 | dns.rdataclass.IN, | |
160 | dns.rdatatype.A, | |
161 | '127.0.0.1') | |
162 | response.answer.append(rrset) | |
163 | ||
164 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
165 | self.assertTrue(receivedQuery) | |
166 | self.assertTrue(receivedResponse) | |
167 | receivedQuery.id = query.id | |
ec5f5c6b RG |
168 | self.assertEquals(query, receivedQuery) |
169 | self.assertEquals(response, receivedResponse) | |
170 | ||
171 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
172 | self.assertTrue(receivedQuery) | |
173 | self.assertTrue(receivedResponse) | |
174 | receivedQuery.id = query.id | |
ec5f5c6b RG |
175 | self.assertEquals(query, receivedQuery) |
176 | self.assertEquals(response, receivedResponse) | |
177 | ||
178 | ||
179 | class TestAdvancedAddCD(DNSDistTest): | |
180 | ||
ec5f5c6b RG |
181 | _config_template = """ |
182 | addDisableValidationRule("setcd.advanced.tests.powerdns.com.") | |
b1bec9f0 | 183 | addAction(makeRule("setcdviaaction.advanced.tests.powerdns.com."), DisableValidationAction()) |
ec5f5c6b RG |
184 | newServer{address="127.0.0.1:%s"} |
185 | """ | |
186 | ||
ec5f5c6b RG |
187 | def testAdvancedSetCD(self): |
188 | """ | |
617dfe22 RG |
189 | Advanced: Set CD |
190 | ||
ec5f5c6b RG |
191 | Send a query with CD cleared, |
192 | check that dnsdist set the CD flag. | |
193 | """ | |
194 | name = 'setcd.advanced.tests.powerdns.com.' | |
195 | query = dns.message.make_query(name, 'A', 'IN') | |
b1bec9f0 RG |
196 | expectedQuery = dns.message.make_query(name, 'A', 'IN') |
197 | expectedQuery.flags |= dns.flags.CD | |
198 | ||
199 | response = dns.message.make_response(query) | |
200 | rrset = dns.rrset.from_text(name, | |
201 | 3600, | |
202 | dns.rdataclass.IN, | |
203 | dns.rdatatype.A, | |
204 | '127.0.0.1') | |
205 | response.answer.append(rrset) | |
206 | ||
207 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
208 | self.assertTrue(receivedQuery) | |
209 | self.assertTrue(receivedResponse) | |
210 | receivedQuery.id = expectedQuery.id | |
211 | self.assertEquals(expectedQuery, receivedQuery) | |
212 | self.assertEquals(response, receivedResponse) | |
213 | ||
214 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
215 | self.assertTrue(receivedQuery) | |
216 | self.assertTrue(receivedResponse) | |
217 | receivedQuery.id = expectedQuery.id | |
218 | self.assertEquals(expectedQuery, receivedQuery) | |
219 | self.assertEquals(response, receivedResponse) | |
220 | ||
221 | def testAdvancedSetCDViaAction(self): | |
222 | """ | |
223 | Advanced: Set CD via Action | |
224 | ||
225 | Send a query with CD cleared, | |
226 | check that dnsdist set the CD flag. | |
227 | """ | |
228 | name = 'setcdviaaction.advanced.tests.powerdns.com.' | |
229 | query = dns.message.make_query(name, 'A', 'IN') | |
230 | expectedQuery = dns.message.make_query(name, 'A', 'IN') | |
ec5f5c6b RG |
231 | expectedQuery.flags |= dns.flags.CD |
232 | ||
233 | response = dns.message.make_response(query) | |
234 | rrset = dns.rrset.from_text(name, | |
235 | 3600, | |
236 | dns.rdataclass.IN, | |
237 | dns.rdatatype.A, | |
238 | '127.0.0.1') | |
239 | response.answer.append(rrset) | |
240 | ||
241 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
242 | self.assertTrue(receivedQuery) | |
243 | self.assertTrue(receivedResponse) | |
244 | receivedQuery.id = expectedQuery.id | |
ec5f5c6b RG |
245 | self.assertEquals(expectedQuery, receivedQuery) |
246 | self.assertEquals(response, receivedResponse) | |
247 | ||
248 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
249 | self.assertTrue(receivedQuery) | |
250 | self.assertTrue(receivedResponse) | |
251 | receivedQuery.id = expectedQuery.id | |
ec5f5c6b RG |
252 | self.assertEquals(expectedQuery, receivedQuery) |
253 | self.assertEquals(response, receivedResponse) | |
254 | ||
255 | def testAdvancedKeepNoCD(self): | |
256 | """ | |
617dfe22 RG |
257 | Advanced: Preserve CD canary |
258 | ||
ec5f5c6b RG |
259 | Send a query without CD for a canary domain, |
260 | check that dnsdist does not set the CD flag. | |
261 | """ | |
262 | name = 'keepnocd.advanced.tests.powerdns.com.' | |
263 | query = dns.message.make_query(name, 'A', 'IN') | |
264 | ||
265 | response = dns.message.make_response(query) | |
266 | rrset = dns.rrset.from_text(name, | |
267 | 3600, | |
268 | dns.rdataclass.IN, | |
269 | dns.rdatatype.A, | |
270 | '127.0.0.1') | |
271 | response.answer.append(rrset) | |
272 | ||
273 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
274 | self.assertTrue(receivedQuery) | |
275 | self.assertTrue(receivedResponse) | |
276 | receivedQuery.id = query.id | |
ec5f5c6b RG |
277 | self.assertEquals(query, receivedQuery) |
278 | self.assertEquals(response, receivedResponse) | |
279 | ||
280 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
281 | self.assertTrue(receivedQuery) | |
282 | self.assertTrue(receivedResponse) | |
283 | receivedQuery.id = query.id | |
ec5f5c6b RG |
284 | self.assertEquals(query, receivedQuery) |
285 | self.assertEquals(response, receivedResponse) | |
286 | ||
b1bec9f0 RG |
287 | class TestAdvancedClearRD(DNSDistTest): |
288 | ||
289 | _config_template = """ | |
290 | addNoRecurseRule("clearrd.advanced.tests.powerdns.com.") | |
291 | addAction(makeRule("clearrdviaaction.advanced.tests.powerdns.com."), NoRecurseAction()) | |
292 | newServer{address="127.0.0.1:%s"} | |
293 | """ | |
294 | ||
295 | def testAdvancedClearRD(self): | |
296 | """ | |
297 | Advanced: Clear RD | |
298 | ||
299 | Send a query with RD set, | |
300 | check that dnsdist clears the RD flag. | |
301 | """ | |
302 | name = 'clearrd.advanced.tests.powerdns.com.' | |
303 | query = dns.message.make_query(name, 'A', 'IN') | |
304 | expectedQuery = dns.message.make_query(name, 'A', 'IN') | |
305 | expectedQuery.flags &= ~dns.flags.RD | |
306 | ||
307 | response = dns.message.make_response(query) | |
308 | rrset = dns.rrset.from_text(name, | |
309 | 3600, | |
310 | dns.rdataclass.IN, | |
311 | dns.rdatatype.A, | |
312 | '127.0.0.1') | |
313 | response.answer.append(rrset) | |
314 | ||
315 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
316 | self.assertTrue(receivedQuery) | |
317 | self.assertTrue(receivedResponse) | |
318 | receivedQuery.id = expectedQuery.id | |
319 | self.assertEquals(expectedQuery, receivedQuery) | |
320 | self.assertEquals(response, receivedResponse) | |
321 | ||
322 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
323 | self.assertTrue(receivedQuery) | |
324 | self.assertTrue(receivedResponse) | |
325 | receivedQuery.id = expectedQuery.id | |
326 | self.assertEquals(expectedQuery, receivedQuery) | |
327 | self.assertEquals(response, receivedResponse) | |
328 | ||
329 | def testAdvancedClearRDViaAction(self): | |
330 | """ | |
331 | Advanced: Clear RD via Action | |
332 | ||
333 | Send a query with RD set, | |
334 | check that dnsdist clears the RD flag. | |
335 | """ | |
336 | name = 'clearrdviaaction.advanced.tests.powerdns.com.' | |
337 | query = dns.message.make_query(name, 'A', 'IN') | |
338 | expectedQuery = dns.message.make_query(name, 'A', 'IN') | |
339 | expectedQuery.flags &= ~dns.flags.RD | |
340 | ||
341 | response = dns.message.make_response(query) | |
342 | rrset = dns.rrset.from_text(name, | |
343 | 3600, | |
344 | dns.rdataclass.IN, | |
345 | dns.rdatatype.A, | |
346 | '127.0.0.1') | |
347 | response.answer.append(rrset) | |
348 | ||
349 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
350 | self.assertTrue(receivedQuery) | |
351 | self.assertTrue(receivedResponse) | |
352 | receivedQuery.id = expectedQuery.id | |
353 | self.assertEquals(expectedQuery, receivedQuery) | |
354 | self.assertEquals(response, receivedResponse) | |
355 | ||
356 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
357 | self.assertTrue(receivedQuery) | |
358 | self.assertTrue(receivedResponse) | |
359 | receivedQuery.id = expectedQuery.id | |
360 | self.assertEquals(expectedQuery, receivedQuery) | |
361 | self.assertEquals(response, receivedResponse) | |
362 | ||
363 | def testAdvancedKeepRD(self): | |
364 | """ | |
365 | Advanced: Preserve RD canary | |
366 | ||
367 | Send a query with RD for a canary domain, | |
368 | check that dnsdist does not clear the RD flag. | |
369 | """ | |
370 | name = 'keeprd.advanced.tests.powerdns.com.' | |
371 | query = dns.message.make_query(name, 'A', 'IN') | |
372 | ||
373 | response = dns.message.make_response(query) | |
374 | rrset = dns.rrset.from_text(name, | |
375 | 3600, | |
376 | dns.rdataclass.IN, | |
377 | dns.rdatatype.A, | |
378 | '127.0.0.1') | |
379 | response.answer.append(rrset) | |
380 | ||
381 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
382 | self.assertTrue(receivedQuery) | |
383 | self.assertTrue(receivedResponse) | |
384 | receivedQuery.id = query.id | |
385 | self.assertEquals(query, receivedQuery) | |
386 | self.assertEquals(response, receivedResponse) | |
387 | ||
388 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
389 | self.assertTrue(receivedQuery) | |
390 | self.assertTrue(receivedResponse) | |
391 | receivedQuery.id = query.id | |
392 | self.assertEquals(query, receivedQuery) | |
393 | self.assertEquals(response, receivedResponse) | |
394 | ||
ec5f5c6b RG |
395 | |
396 | class TestAdvancedACL(DNSDistTest): | |
397 | ||
ec5f5c6b RG |
398 | _config_template = """ |
399 | newServer{address="127.0.0.1:%s"} | |
400 | """ | |
18a0e7c6 | 401 | _acl = ['192.0.2.1/32'] |
ec5f5c6b RG |
402 | |
403 | def testACLBlocked(self): | |
404 | """ | |
617dfe22 RG |
405 | Advanced: ACL blocked |
406 | ||
ec5f5c6b RG |
407 | Send an A query to "tests.powerdns.com.", |
408 | we expect no response since 127.0.0.1 is not on the | |
409 | ACL. | |
410 | """ | |
903853f4 | 411 | name = 'tests.powerdns.com.' |
7791f83a | 412 | query = dns.message.make_query(name, 'A', 'IN') |
7791f83a RG |
413 | |
414 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
903853f4 | 415 | self.assertEquals(receivedResponse, None) |
7791f83a RG |
416 | |
417 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
903853f4 RG |
418 | self.assertEquals(receivedResponse, None) |
419 | ||
420 | class TestAdvancedDelay(DNSDistTest): | |
421 | ||
422 | _config_template = """ | |
423 | addAction(AllRule(), DelayAction(1000)) | |
424 | newServer{address="127.0.0.1:%s"} | |
425 | """ | |
7791f83a | 426 | |
903853f4 | 427 | def testDelayed(self): |
7791f83a | 428 | """ |
903853f4 | 429 | Advanced: Delayed |
7791f83a | 430 | |
903853f4 RG |
431 | Send an A query to "tests.powerdns.com.", |
432 | check that the response delay is longer than 1000 ms | |
433 | over UDP, less than that over TCP. | |
7791f83a | 434 | """ |
903853f4 RG |
435 | name = 'tests.powerdns.com.' |
436 | query = dns.message.make_query(name, 'A', 'IN') | |
437 | response = dns.message.make_response(query) | |
7791f83a RG |
438 | rrset = dns.rrset.from_text(name, |
439 | 60, | |
440 | dns.rdataclass.IN, | |
903853f4 RG |
441 | dns.rdatatype.A, |
442 | '192.0.2.1') | |
443 | response.answer.append(rrset) | |
7791f83a | 444 | |
903853f4 RG |
445 | begin = datetime.now() |
446 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
447 | end = datetime.now() | |
448 | receivedQuery.id = query.id | |
449 | self.assertEquals(query, receivedQuery) | |
450 | self.assertEquals(response, receivedResponse) | |
451 | self.assertTrue((end - begin) > timedelta(0, 1)) | |
452 | ||
453 | begin = datetime.now() | |
454 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
455 | end = datetime.now() | |
456 | receivedQuery.id = query.id | |
457 | self.assertEquals(query, receivedQuery) | |
458 | self.assertEquals(response, receivedResponse) | |
459 | self.assertTrue((end - begin) < timedelta(0, 1)) | |
7791f83a | 460 | |
e7a1029c RG |
461 | |
462 | class TestAdvancedTruncateAnyAndTCP(DNSDistTest): | |
463 | ||
464 | _config_template = """ | |
465 | truncateTC(false) | |
466 | addAction(AndRule({QTypeRule("ANY"), TCPRule(true)}), TCAction()) | |
467 | newServer{address="127.0.0.1:%s"} | |
468 | """ | |
469 | def testTruncateAnyOverTCP(self): | |
470 | """ | |
471 | Advanced: Truncate ANY over TCP | |
472 | ||
b1bec9f0 | 473 | Send an ANY query to "anytruncatetcp.advanced.tests.powerdns.com.", |
e7a1029c RG |
474 | should be truncated over TCP, not over UDP (yes, it makes no sense, |
475 | deal with it). | |
476 | """ | |
b1bec9f0 | 477 | name = 'anytruncatetcp.advanced.tests.powerdns.com.' |
e7a1029c RG |
478 | query = dns.message.make_query(name, 'ANY', 'IN') |
479 | ||
480 | response = dns.message.make_response(query) | |
481 | rrset = dns.rrset.from_text(name, | |
482 | 3600, | |
483 | dns.rdataclass.IN, | |
484 | dns.rdatatype.A, | |
485 | '127.0.0.1') | |
486 | ||
487 | response.answer.append(rrset) | |
488 | ||
489 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
490 | self.assertTrue(receivedQuery) | |
491 | self.assertTrue(receivedResponse) | |
492 | receivedQuery.id = query.id | |
e7a1029c RG |
493 | self.assertEquals(query, receivedQuery) |
494 | self.assertEquals(receivedResponse, response) | |
495 | ||
496 | expectedResponse = dns.message.make_response(query) | |
497 | expectedResponse.flags |= dns.flags.TC | |
498 | ||
499 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
e7a1029c RG |
500 | self.assertEquals(receivedResponse, expectedResponse) |
501 | ||
502 | class TestAdvancedAndNot(DNSDistTest): | |
503 | ||
504 | _config_template = """ | |
55baa1f2 | 505 | addAction(AndRule({NotRule(QTypeRule("A")), TCPRule(false)}), RCodeAction(dnsdist.NOTIMP)) |
e7a1029c RG |
506 | newServer{address="127.0.0.1:%s"} |
507 | """ | |
508 | def testAOverUDPReturnsNotImplementedCanary(self): | |
509 | """ | |
510 | Advanced: !A && UDP canary | |
511 | ||
512 | dnsdist is configured to reply 'not implemented' for query | |
513 | over UDP AND !qtype A. | |
514 | We send an A query over UDP and TCP, and check that the | |
515 | response is OK. | |
516 | """ | |
b1bec9f0 | 517 | name = 'andnot.advanced.tests.powerdns.com.' |
e7a1029c RG |
518 | query = dns.message.make_query(name, 'A', 'IN') |
519 | response = dns.message.make_response(query) | |
520 | rrset = dns.rrset.from_text(name, | |
521 | 3600, | |
522 | dns.rdataclass.IN, | |
523 | dns.rdatatype.A, | |
524 | '127.0.0.1') | |
525 | response.answer.append(rrset) | |
526 | ||
527 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
528 | self.assertTrue(receivedQuery) | |
529 | self.assertTrue(receivedResponse) | |
530 | receivedQuery.id = query.id | |
e7a1029c RG |
531 | self.assertEquals(query, receivedQuery) |
532 | self.assertEquals(receivedResponse, response) | |
533 | ||
534 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
535 | self.assertTrue(receivedQuery) | |
536 | self.assertTrue(receivedResponse) | |
537 | receivedQuery.id = query.id | |
e7a1029c RG |
538 | self.assertEquals(query, receivedQuery) |
539 | self.assertEquals(receivedResponse, response) | |
540 | ||
541 | def testAOverUDPReturnsNotImplemented(self): | |
542 | """ | |
543 | Advanced: !A && UDP | |
544 | ||
545 | dnsdist is configured to reply 'not implemented' for query | |
546 | over UDP AND !qtype A. | |
547 | We send a TXT query over UDP and TCP, and check that the | |
548 | response is OK for TCP and 'not implemented' for UDP. | |
549 | """ | |
b1bec9f0 | 550 | name = 'andnot.advanced.tests.powerdns.com.' |
e7a1029c RG |
551 | query = dns.message.make_query(name, 'TXT', 'IN') |
552 | ||
553 | expectedResponse = dns.message.make_response(query) | |
554 | expectedResponse.set_rcode(dns.rcode.NOTIMP) | |
555 | ||
556 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
e7a1029c RG |
557 | self.assertEquals(receivedResponse, expectedResponse) |
558 | ||
559 | response = dns.message.make_response(query) | |
560 | rrset = dns.rrset.from_text(name, | |
561 | 3600, | |
562 | dns.rdataclass.IN, | |
563 | dns.rdatatype.TXT, | |
564 | 'nothing to see here') | |
565 | response.answer.append(rrset) | |
566 | ||
567 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
568 | self.assertTrue(receivedQuery) | |
569 | self.assertTrue(receivedResponse) | |
570 | receivedQuery.id = query.id | |
e7a1029c RG |
571 | self.assertEquals(query, receivedQuery) |
572 | self.assertEquals(receivedResponse, response) | |
573 | ||
574 | class TestAdvancedOr(DNSDistTest): | |
575 | ||
576 | _config_template = """ | |
55baa1f2 | 577 | addAction(OrRule({QTypeRule("A"), TCPRule(false)}), RCodeAction(dnsdist.NOTIMP)) |
e7a1029c RG |
578 | newServer{address="127.0.0.1:%s"} |
579 | """ | |
580 | def testAAAAOverUDPReturnsNotImplemented(self): | |
581 | """ | |
582 | Advanced: A || UDP: AAAA | |
583 | ||
584 | dnsdist is configured to reply 'not implemented' for query | |
585 | over UDP OR qtype A. | |
586 | We send an AAAA query over UDP and TCP, and check that the | |
587 | response is 'not implemented' for UDP and OK for TCP. | |
588 | """ | |
b1bec9f0 | 589 | name = 'aorudp.advanced.tests.powerdns.com.' |
e7a1029c RG |
590 | query = dns.message.make_query(name, 'AAAA', 'IN') |
591 | response = dns.message.make_response(query) | |
592 | rrset = dns.rrset.from_text(name, | |
593 | 3600, | |
594 | dns.rdataclass.IN, | |
595 | dns.rdatatype.AAAA, | |
596 | '::1') | |
597 | response.answer.append(rrset) | |
598 | ||
599 | expectedResponse = dns.message.make_response(query) | |
600 | expectedResponse.set_rcode(dns.rcode.NOTIMP) | |
601 | ||
602 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
e7a1029c RG |
603 | self.assertEquals(receivedResponse, expectedResponse) |
604 | ||
605 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
606 | self.assertTrue(receivedQuery) | |
607 | self.assertTrue(receivedResponse) | |
608 | receivedQuery.id = query.id | |
e7a1029c RG |
609 | self.assertEquals(query, receivedQuery) |
610 | self.assertEquals(receivedResponse, response) | |
611 | ||
612 | def testAOverUDPReturnsNotImplemented(self): | |
613 | """ | |
614 | Advanced: A || UDP: A | |
615 | ||
616 | dnsdist is configured to reply 'not implemented' for query | |
617 | over UDP OR qtype A. | |
618 | We send an A query over UDP and TCP, and check that the | |
619 | response is 'not implemented' for both. | |
620 | """ | |
b1bec9f0 | 621 | name = 'aorudp.advanced.tests.powerdns.com.' |
e7a1029c RG |
622 | query = dns.message.make_query(name, 'A', 'IN') |
623 | ||
624 | expectedResponse = dns.message.make_response(query) | |
625 | expectedResponse.set_rcode(dns.rcode.NOTIMP) | |
626 | ||
627 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
e7a1029c RG |
628 | self.assertEquals(receivedResponse, expectedResponse) |
629 | ||
630 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
e7a1029c | 631 | self.assertEquals(receivedResponse, expectedResponse) |
886e2cf2 | 632 | |
b1bec9f0 RG |
633 | |
634 | class TestAdvancedLogAction(DNSDistTest): | |
635 | ||
636 | _config_template = """ | |
637 | newServer{address="127.0.0.1:%s"} | |
638 | addAction(AllRule(), LogAction("dnsdist.log", false)) | |
639 | """ | |
640 | def testAdvancedLogAction(self): | |
641 | """ | |
642 | Advanced: Log all queries | |
643 | ||
644 | """ | |
645 | count = 50 | |
646 | name = 'logaction.advanced.tests.powerdns.com.' | |
647 | query = dns.message.make_query(name, 'A', 'IN') | |
648 | response = dns.message.make_response(query) | |
649 | rrset = dns.rrset.from_text(name, | |
650 | 3600, | |
651 | dns.rdataclass.IN, | |
652 | dns.rdatatype.A, | |
653 | '127.0.0.1') | |
654 | response.answer.append(rrset) | |
655 | ||
656 | for _ in range(count): | |
657 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
658 | self.assertTrue(receivedQuery) | |
659 | self.assertTrue(receivedResponse) | |
660 | receivedQuery.id = query.id | |
b1bec9f0 RG |
661 | self.assertEquals(query, receivedQuery) |
662 | self.assertEquals(response, receivedResponse) | |
663 | ||
664 | self.assertTrue(os.path.isfile('dnsdist.log')) | |
665 | self.assertTrue(os.stat('dnsdist.log').st_size > 0) | |
666 | ||
667 | class TestAdvancedDNSSEC(DNSDistTest): | |
668 | ||
669 | _config_template = """ | |
670 | newServer{address="127.0.0.1:%s"} | |
671 | addAction(DNSSECRule(), DropAction()) | |
672 | """ | |
673 | def testAdvancedDNSSECDrop(self): | |
674 | """ | |
675 | Advanced: DNSSEC Rule | |
676 | ||
677 | """ | |
678 | name = 'dnssec.advanced.tests.powerdns.com.' | |
679 | query = dns.message.make_query(name, 'A', 'IN') | |
680 | doquery = dns.message.make_query(name, 'A', 'IN', want_dnssec=True) | |
681 | response = dns.message.make_response(query) | |
682 | rrset = dns.rrset.from_text(name, | |
683 | 3600, | |
684 | dns.rdataclass.IN, | |
685 | dns.rdatatype.A, | |
686 | '127.0.0.1') | |
687 | response.answer.append(rrset) | |
688 | ||
689 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
690 | self.assertTrue(receivedQuery) | |
691 | self.assertTrue(receivedResponse) | |
692 | receivedQuery.id = query.id | |
b1bec9f0 RG |
693 | self.assertEquals(query, receivedQuery) |
694 | self.assertEquals(response, receivedResponse) | |
695 | ||
696 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
697 | self.assertTrue(receivedQuery) | |
698 | self.assertTrue(receivedResponse) | |
699 | receivedQuery.id = query.id | |
b1bec9f0 RG |
700 | self.assertEquals(query, receivedQuery) |
701 | self.assertEquals(response, receivedResponse) | |
702 | ||
703 | (_, receivedResponse) = self.sendUDPQuery(doquery, response) | |
704 | self.assertEquals(receivedResponse, None) | |
705 | (_, receivedResponse) = self.sendTCPQuery(doquery, response) | |
706 | self.assertEquals(receivedResponse, None) | |
707 | ||
708 | class TestAdvancedQClass(DNSDistTest): | |
709 | ||
710 | _config_template = """ | |
711 | newServer{address="127.0.0.1:%s"} | |
55baa1f2 | 712 | addAction(QClassRule(DNSClass.CHAOS), DropAction()) |
b1bec9f0 RG |
713 | """ |
714 | def testAdvancedQClassChaosDrop(self): | |
715 | """ | |
716 | Advanced: Drop QClass CHAOS | |
717 | ||
718 | """ | |
719 | name = 'qclasschaos.advanced.tests.powerdns.com.' | |
720 | query = dns.message.make_query(name, 'TXT', 'CHAOS') | |
b1bec9f0 | 721 | |
55baa1f2 | 722 | (_, receivedResponse) = self.sendUDPQuery(query, response=None) |
b1bec9f0 | 723 | self.assertEquals(receivedResponse, None) |
55baa1f2 | 724 | (_, receivedResponse) = self.sendTCPQuery(query, response=None) |
b1bec9f0 RG |
725 | self.assertEquals(receivedResponse, None) |
726 | ||
727 | def testAdvancedQClassINAllow(self): | |
728 | """ | |
729 | Advanced: Allow QClass IN | |
730 | ||
731 | """ | |
732 | name = 'qclassin.advanced.tests.powerdns.com.' | |
733 | query = dns.message.make_query(name, 'A', 'IN') | |
734 | response = dns.message.make_response(query) | |
735 | rrset = dns.rrset.from_text(name, | |
736 | 3600, | |
737 | dns.rdataclass.IN, | |
738 | dns.rdatatype.A, | |
739 | '127.0.0.1') | |
740 | response.answer.append(rrset) | |
741 | ||
742 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
743 | self.assertTrue(receivedQuery) | |
744 | self.assertTrue(receivedResponse) | |
745 | receivedQuery.id = query.id | |
b1bec9f0 RG |
746 | self.assertEquals(query, receivedQuery) |
747 | self.assertEquals(response, receivedResponse) | |
748 | ||
749 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
750 | self.assertTrue(receivedQuery) | |
751 | self.assertTrue(receivedResponse) | |
752 | receivedQuery.id = query.id | |
b1bec9f0 RG |
753 | self.assertEquals(query, receivedQuery) |
754 | self.assertEquals(response, receivedResponse) | |
88d05ca1 | 755 | |
55baa1f2 RG |
756 | class TestAdvancedOpcode(DNSDistTest): |
757 | ||
758 | _config_template = """ | |
759 | newServer{address="127.0.0.1:%s"} | |
760 | addAction(OpcodeRule(DNSOpcode.Notify), DropAction()) | |
761 | """ | |
762 | def testAdvancedOpcodeNotifyDrop(self): | |
763 | """ | |
764 | Advanced: Drop Opcode NOTIFY | |
765 | ||
766 | """ | |
767 | name = 'opcodenotify.advanced.tests.powerdns.com.' | |
768 | query = dns.message.make_query(name, 'A', 'IN') | |
769 | query.set_opcode(dns.opcode.NOTIFY) | |
770 | ||
771 | (_, receivedResponse) = self.sendUDPQuery(query, response=None) | |
772 | self.assertEquals(receivedResponse, None) | |
773 | (_, receivedResponse) = self.sendTCPQuery(query, response=None) | |
774 | self.assertEquals(receivedResponse, None) | |
775 | ||
776 | def testAdvancedOpcodeUpdateINAllow(self): | |
777 | """ | |
778 | Advanced: Allow Opcode UPDATE | |
779 | ||
780 | """ | |
781 | name = 'opcodeupdate.advanced.tests.powerdns.com.' | |
782 | query = dns.message.make_query(name, 'A', 'IN') | |
783 | query.set_opcode(dns.opcode.UPDATE) | |
784 | response = dns.message.make_response(query) | |
785 | rrset = dns.rrset.from_text(name, | |
786 | 3600, | |
787 | dns.rdataclass.IN, | |
788 | dns.rdatatype.A, | |
789 | '127.0.0.1') | |
790 | response.answer.append(rrset) | |
791 | ||
792 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
793 | self.assertTrue(receivedQuery) | |
794 | self.assertTrue(receivedResponse) | |
795 | receivedQuery.id = query.id | |
796 | self.assertEquals(query, receivedQuery) | |
797 | self.assertEquals(response, receivedResponse) | |
798 | ||
799 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
800 | self.assertTrue(receivedQuery) | |
801 | self.assertTrue(receivedResponse) | |
802 | receivedQuery.id = query.id | |
803 | self.assertEquals(query, receivedQuery) | |
804 | self.assertEquals(response, receivedResponse) | |
46a839bf | 805 | |
88d05ca1 RG |
806 | class TestAdvancedNonTerminalRule(DNSDistTest): |
807 | ||
808 | _config_template = """ | |
809 | newServer{address="127.0.0.1:%s", pool="real"} | |
810 | addAction(AllRule(), DisableValidationAction()) | |
811 | addAction(AllRule(), PoolAction("real")) | |
812 | addAction(AllRule(), DropAction()) | |
813 | """ | |
814 | def testAdvancedNonTerminalRules(self): | |
815 | """ | |
816 | Advanced: Non terminal rules | |
817 | ||
818 | We check that DisableValidationAction() is applied | |
819 | but does not stop the processing, then that | |
820 | PoolAction() is applied _and_ stop the processing. | |
821 | """ | |
822 | name = 'nonterminal.advanced.tests.powerdns.com.' | |
823 | query = dns.message.make_query(name, 'A', 'IN') | |
824 | expectedQuery = dns.message.make_query(name, 'A', 'IN') | |
825 | expectedQuery.flags |= dns.flags.CD | |
826 | response = dns.message.make_response(query) | |
827 | rrset = dns.rrset.from_text(name, | |
828 | 3600, | |
829 | dns.rdataclass.IN, | |
830 | dns.rdatatype.A, | |
46a839bf | 831 | '192.0.2.1') |
88d05ca1 RG |
832 | response.answer.append(rrset) |
833 | ||
834 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
835 | self.assertTrue(receivedQuery) | |
836 | self.assertTrue(receivedResponse) | |
837 | receivedQuery.id = expectedQuery.id | |
838 | self.assertEquals(expectedQuery, receivedQuery) | |
839 | self.assertEquals(response, receivedResponse) | |
840 | ||
841 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
842 | self.assertTrue(receivedQuery) | |
843 | self.assertTrue(receivedResponse) | |
844 | receivedQuery.id = expectedQuery.id | |
845 | self.assertEquals(expectedQuery, receivedQuery) | |
846 | self.assertEquals(response, receivedResponse) | |
46a839bf RG |
847 | |
848 | class TestAdvancedStringOnlyServer(DNSDistTest): | |
849 | ||
850 | _config_template = """ | |
851 | newServer("127.0.0.1:%s") | |
852 | """ | |
853 | ||
854 | def testAdvancedStringOnlyServer(self): | |
855 | """ | |
856 | Advanced: "string-only" server is placed in the default pool | |
857 | """ | |
858 | name = 'string-only-server.advanced.tests.powerdns.com.' | |
859 | query = dns.message.make_query(name, 'A', 'IN') | |
860 | response = dns.message.make_response(query) | |
861 | rrset = dns.rrset.from_text(name, | |
862 | 3600, | |
863 | dns.rdataclass.IN, | |
864 | dns.rdatatype.A, | |
865 | '192.0.2.1') | |
866 | response.answer.append(rrset) | |
867 | ||
868 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
869 | self.assertTrue(receivedQuery) | |
870 | self.assertTrue(receivedResponse) | |
871 | receivedQuery.id = query.id | |
872 | self.assertEquals(query, receivedQuery) | |
873 | self.assertEquals(response, receivedResponse) | |
874 | ||
875 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
876 | self.assertTrue(receivedQuery) | |
877 | self.assertTrue(receivedResponse) | |
878 | receivedQuery.id = query.id | |
879 | self.assertEquals(query, receivedQuery) | |
880 | self.assertEquals(response, receivedResponse) | |
0f72fd5c RG |
881 | |
882 | class TestAdvancedRestoreFlagsOnSelfResponse(DNSDistTest): | |
883 | ||
884 | _config_template = """ | |
885 | addAction(AllRule(), DisableValidationAction()) | |
886 | addAction(AllRule(), SpoofAction("192.0.2.1")) | |
887 | newServer{address="127.0.0.1:%s"} | |
888 | """ | |
889 | ||
890 | def testAdvancedRestoreFlagsOnSpoofResponse(self): | |
891 | """ | |
892 | Advanced: Restore flags on spoofed response | |
893 | ||
894 | Send a query with CD flag cleared, dnsdist is | |
895 | instructed to set it, then to spoof the response, | |
896 | check that response has the flag cleared. | |
897 | """ | |
898 | name = 'spoofed.restoreflags.advanced.tests.powerdns.com.' | |
899 | query = dns.message.make_query(name, 'A', 'IN') | |
900 | # dnsdist set RA = RD for spoofed responses | |
901 | query.flags &= ~dns.flags.RD | |
0f72fd5c RG |
902 | |
903 | response = dns.message.make_response(query) | |
904 | rrset = dns.rrset.from_text(name, | |
905 | 60, | |
906 | dns.rdataclass.IN, | |
907 | dns.rdatatype.A, | |
908 | '192.0.2.1') | |
909 | response.answer.append(rrset) | |
910 | ||
911 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
912 | self.assertTrue(receivedResponse) | |
913 | self.assertEquals(response, receivedResponse) | |
914 | ||
915 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
916 | self.assertTrue(receivedResponse) | |
917 | self.assertEquals(response, receivedResponse) | |
856c35e3 RG |
918 | |
919 | class TestAdvancedQPS(DNSDistTest): | |
920 | ||
921 | _config_template = """ | |
922 | addQPSLimit("qps.advanced.tests.powerdns.com", 10) | |
923 | newServer{address="127.0.0.1:%s"} | |
924 | """ | |
925 | ||
926 | def testAdvancedQPSLimit(self): | |
927 | """ | |
928 | Advanced: QPS Limit | |
929 | ||
930 | Send queries to "qps.advanced.tests.powerdns.com." | |
931 | check that dnsdist drops queries when the max QPS has been reached. | |
932 | """ | |
933 | maxQPS = 10 | |
934 | name = 'qps.advanced.tests.powerdns.com.' | |
935 | query = dns.message.make_query(name, 'A', 'IN') | |
936 | response = dns.message.make_response(query) | |
937 | rrset = dns.rrset.from_text(name, | |
938 | 60, | |
939 | dns.rdataclass.IN, | |
940 | dns.rdatatype.A, | |
941 | '192.0.2.1') | |
942 | response.answer.append(rrset) | |
943 | ||
944 | for _ in range(maxQPS): | |
945 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
946 | receivedQuery.id = query.id | |
947 | self.assertEquals(query, receivedQuery) | |
948 | self.assertEquals(response, receivedResponse) | |
949 | ||
950 | # we should now be dropped | |
951 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
952 | self.assertEquals(receivedResponse, None) | |
953 | ||
954 | time.sleep(1) | |
955 | ||
956 | # again, over TCP this time | |
957 | for _ in range(maxQPS): | |
958 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
959 | receivedQuery.id = query.id | |
960 | self.assertEquals(query, receivedQuery) | |
961 | self.assertEquals(response, receivedResponse) | |
962 | ||
963 | ||
964 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
965 | self.assertEquals(receivedResponse, None) | |
966 | ||
967 | class TestAdvancedQPSNone(DNSDistTest): | |
968 | ||
969 | _config_template = """ | |
970 | addQPSLimit("qpsnone.advanced.tests.powerdns.com", 100) | |
55baa1f2 | 971 | addAction(AllRule(), RCodeAction(dnsdist.REFUSED)) |
856c35e3 RG |
972 | newServer{address="127.0.0.1:%s"} |
973 | """ | |
974 | ||
975 | def testAdvancedQPSNone(self): | |
976 | """ | |
977 | Advanced: Not matching QPS returns None, not Allow | |
978 | ||
979 | Send queries to "qps.advanced.tests.powerdns.com." | |
980 | check that the rule returns None when the QPS has not been | |
981 | reached, not Allow. | |
982 | """ | |
983 | name = 'qpsnone.advanced.tests.powerdns.com.' | |
984 | query = dns.message.make_query(name, 'A', 'IN') | |
985 | expectedResponse = dns.message.make_response(query) | |
986 | expectedResponse.set_rcode(dns.rcode.REFUSED) | |
987 | ||
988 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
989 | self.assertEquals(receivedResponse, expectedResponse) | |
990 | ||
991 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
992 | self.assertEquals(receivedResponse, expectedResponse) | |
36da3ecd RG |
993 | |
994 | class TestAdvancedNMGRule(DNSDistTest): | |
995 | ||
996 | _config_template = """ | |
997 | allowed = newNMG() | |
998 | allowed:addMask("192.0.2.1/32") | |
55baa1f2 | 999 | addAction(NotRule(NetmaskGroupRule(allowed)), RCodeAction(dnsdist.REFUSED)) |
36da3ecd RG |
1000 | newServer{address="127.0.0.1:%s"} |
1001 | """ | |
1002 | ||
1003 | def testAdvancedNMGRule(self): | |
1004 | """ | |
1005 | Advanced: NMGRule should refuse our queries | |
1006 | ||
1007 | Send queries to "nmgrule.advanced.tests.powerdns.com.", | |
1008 | check that we are getting a REFUSED response. | |
1009 | """ | |
1010 | name = 'nmgrule.advanced.tests.powerdns.com.' | |
1011 | query = dns.message.make_query(name, 'A', 'IN') | |
1012 | expectedResponse = dns.message.make_response(query) | |
1013 | expectedResponse.set_rcode(dns.rcode.REFUSED) | |
1014 | ||
1015 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
1016 | self.assertEquals(receivedResponse, expectedResponse) | |
1017 | ||
1018 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
1019 | self.assertEquals(receivedResponse, expectedResponse) | |
55baa1f2 | 1020 | |
57c61ce9 RG |
1021 | class TestAdvancedLabelsCountRule(DNSDistTest): |
1022 | ||
1023 | _config_template = """ | |
1024 | addAction(QNameLabelsCountRule(5,6), RCodeAction(dnsdist.REFUSED)) | |
1025 | newServer{address="127.0.0.1:%s"} | |
1026 | """ | |
1027 | ||
1028 | def testAdvancedLabelsCountRule(self): | |
1029 | """ | |
1030 | Advanced: QNameLabelsCountRule(5,6) | |
1031 | """ | |
1032 | # 6 labels, we should be fine | |
1033 | name = 'ok.labelscount.advanced.tests.powerdns.com.' | |
1034 | query = dns.message.make_query(name, 'A', 'IN') | |
1035 | response = dns.message.make_response(query) | |
1036 | rrset = dns.rrset.from_text(name, | |
1037 | 3600, | |
1038 | dns.rdataclass.IN, | |
1039 | dns.rdatatype.A, | |
1040 | '192.0.2.1') | |
1041 | response.answer.append(rrset) | |
1042 | ||
1043 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
1044 | self.assertTrue(receivedQuery) | |
1045 | self.assertTrue(receivedResponse) | |
1046 | receivedQuery.id = query.id | |
1047 | self.assertEquals(query, receivedQuery) | |
1048 | self.assertEquals(response, receivedResponse) | |
1049 | ||
1050 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
1051 | self.assertTrue(receivedQuery) | |
1052 | self.assertTrue(receivedResponse) | |
1053 | receivedQuery.id = query.id | |
1054 | self.assertEquals(query, receivedQuery) | |
1055 | self.assertEquals(response, receivedResponse) | |
1056 | ||
1057 | # more than 6 labels, the query should be refused | |
1058 | name = 'not.ok.labelscount.advanced.tests.powerdns.com.' | |
1059 | query = dns.message.make_query(name, 'A', 'IN') | |
1060 | expectedResponse = dns.message.make_response(query) | |
1061 | expectedResponse.set_rcode(dns.rcode.REFUSED) | |
1062 | ||
1063 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
1064 | self.assertEquals(receivedResponse, expectedResponse) | |
1065 | ||
1066 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
1067 | self.assertEquals(receivedResponse, expectedResponse) | |
1068 | ||
1069 | # less than 5 labels, the query should be refused | |
1070 | name = 'labelscountadvanced.tests.powerdns.com.' | |
1071 | query = dns.message.make_query(name, 'A', 'IN') | |
1072 | expectedResponse = dns.message.make_response(query) | |
1073 | expectedResponse.set_rcode(dns.rcode.REFUSED) | |
1074 | ||
1075 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
1076 | self.assertEquals(receivedResponse, expectedResponse) | |
1077 | ||
1078 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
1079 | self.assertEquals(receivedResponse, expectedResponse) | |
1080 | ||
1081 | class TestAdvancedWireLengthRule(DNSDistTest): | |
1082 | ||
1083 | _config_template = """ | |
1084 | addAction(QNameWireLengthRule(54,56), RCodeAction(dnsdist.REFUSED)) | |
1085 | newServer{address="127.0.0.1:%s"} | |
1086 | """ | |
1087 | ||
1088 | def testAdvancedWireLengthRule(self): | |
1089 | """ | |
1090 | Advanced: QNameWireLengthRule(54,56) | |
1091 | """ | |
1092 | name = 'longenough.qnamewirelength.advanced.tests.powerdns.com.' | |
1093 | query = dns.message.make_query(name, 'A', 'IN') | |
1094 | response = dns.message.make_response(query) | |
1095 | rrset = dns.rrset.from_text(name, | |
1096 | 3600, | |
1097 | dns.rdataclass.IN, | |
1098 | dns.rdatatype.A, | |
1099 | '192.0.2.1') | |
1100 | response.answer.append(rrset) | |
1101 | ||
1102 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
1103 | self.assertTrue(receivedQuery) | |
1104 | self.assertTrue(receivedResponse) | |
1105 | receivedQuery.id = query.id | |
1106 | self.assertEquals(query, receivedQuery) | |
1107 | self.assertEquals(response, receivedResponse) | |
1108 | ||
1109 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
1110 | self.assertTrue(receivedQuery) | |
1111 | self.assertTrue(receivedResponse) | |
1112 | receivedQuery.id = query.id | |
1113 | self.assertEquals(query, receivedQuery) | |
1114 | self.assertEquals(response, receivedResponse) | |
1115 | ||
1116 | # too short, the query should be refused | |
1117 | name = 'short.qnamewirelength.advanced.tests.powerdns.com.' | |
1118 | query = dns.message.make_query(name, 'A', 'IN') | |
1119 | expectedResponse = dns.message.make_response(query) | |
1120 | expectedResponse.set_rcode(dns.rcode.REFUSED) | |
1121 | ||
1122 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
1123 | self.assertEquals(receivedResponse, expectedResponse) | |
1124 | ||
1125 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
1126 | self.assertEquals(receivedResponse, expectedResponse) | |
1127 | ||
1128 | # too long, the query should be refused | |
1129 | name = 'toolongtobevalid.qnamewirelength.advanced.tests.powerdns.com.' | |
1130 | query = dns.message.make_query(name, 'A', 'IN') | |
1131 | expectedResponse = dns.message.make_response(query) | |
1132 | expectedResponse.set_rcode(dns.rcode.REFUSED) | |
1133 | ||
1134 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
1135 | self.assertEquals(receivedResponse, expectedResponse) | |
1136 | ||
1137 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
1138 | self.assertEquals(receivedResponse, expectedResponse) | |
69389510 RG |
1139 | |
1140 | class TestAdvancedIncludeDir(DNSDistTest): | |
1141 | ||
1142 | _config_template = """ | |
1143 | -- this directory contains a file allowing includedir.advanced.tests.powerdns.com. | |
1144 | includeDirectory('test-include-dir') | |
1145 | addAction(AllRule(), RCodeAction(dnsdist.REFUSED)) | |
1146 | newServer{address="127.0.0.1:%s"} | |
1147 | """ | |
1148 | ||
1149 | def testAdvancedIncludeDirAllowed(self): | |
1150 | """ | |
1151 | Advanced: includeDirectory() | |
1152 | """ | |
1153 | name = 'includedir.advanced.tests.powerdns.com.' | |
1154 | query = dns.message.make_query(name, 'A', 'IN') | |
1155 | response = dns.message.make_response(query) | |
1156 | rrset = dns.rrset.from_text(name, | |
1157 | 3600, | |
1158 | dns.rdataclass.IN, | |
1159 | dns.rdatatype.A, | |
1160 | '192.0.2.1') | |
1161 | response.answer.append(rrset) | |
1162 | ||
1163 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
1164 | self.assertTrue(receivedQuery) | |
1165 | self.assertTrue(receivedResponse) | |
1166 | receivedQuery.id = query.id | |
1167 | self.assertEquals(query, receivedQuery) | |
1168 | self.assertEquals(response, receivedResponse) | |
1169 | ||
1170 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
1171 | self.assertTrue(receivedQuery) | |
1172 | self.assertTrue(receivedResponse) | |
1173 | receivedQuery.id = query.id | |
1174 | self.assertEquals(query, receivedQuery) | |
1175 | self.assertEquals(response, receivedResponse) | |
1176 | ||
1177 | # this one should be refused | |
1178 | name = 'notincludedir.advanced.tests.powerdns.com.' | |
1179 | query = dns.message.make_query(name, 'A', 'IN') | |
1180 | expectedResponse = dns.message.make_response(query) | |
1181 | expectedResponse.set_rcode(dns.rcode.REFUSED) | |
1182 | ||
1183 | (_, receivedResponse) = self.sendUDPQuery(query, response=None, useQueue=False) | |
1184 | self.assertEquals(receivedResponse, expectedResponse) | |
1185 | ||
1186 | (_, receivedResponse) = self.sendTCPQuery(query, response=None, useQueue=False) | |
1187 | self.assertEquals(receivedResponse, expectedResponse) | |
b82f0bc2 RG |
1188 | |
1189 | class TestAdvancedLuaDO(DNSDistTest): | |
1190 | ||
1191 | _config_template = """ | |
1192 | function nxDOLua(dq) | |
1193 | if dq:getDO() then | |
1194 | return DNSAction.Nxdomain, "" | |
1195 | end | |
1196 | return DNSAction.None, "" | |
1197 | end | |
1198 | addLuaAction(AllRule(), nxDOLua) | |
1199 | newServer{address="127.0.0.1:%s"} | |
1200 | """ | |
1201 | ||
1202 | def testNxDOViaLua(self): | |
1203 | """ | |
1204 | Advanced: Nx DO queries via Lua | |
1205 | """ | |
1206 | name = 'nxdo.advanced.tests.powerdns.com.' | |
1207 | query = dns.message.make_query(name, 'A', 'IN') | |
1208 | response = dns.message.make_response(query) | |
1209 | rrset = dns.rrset.from_text(name, | |
1210 | 3600, | |
1211 | dns.rdataclass.IN, | |
1212 | dns.rdatatype.AAAA, | |
1213 | '::1') | |
1214 | response.answer.append(rrset) | |
1215 | queryWithDO = dns.message.make_query(name, 'A', 'IN', want_dnssec=True) | |
1216 | doResponse = dns.message.make_response(queryWithDO) | |
1217 | doResponse.set_rcode(dns.rcode.NXDOMAIN) | |
1218 | ||
1219 | # without DO | |
1220 | (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) | |
1221 | self.assertTrue(receivedQuery) | |
1222 | self.assertTrue(receivedResponse) | |
1223 | receivedQuery.id = query.id | |
1224 | self.assertEquals(query, receivedQuery) | |
1225 | self.assertEquals(receivedResponse, response) | |
1226 | ||
1227 | (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) | |
1228 | self.assertTrue(receivedQuery) | |
1229 | self.assertTrue(receivedResponse) | |
1230 | receivedQuery.id = query.id | |
1231 | self.assertEquals(query, receivedQuery) | |
1232 | self.assertEquals(receivedResponse, response) | |
1233 | ||
1234 | # with DO | |
1235 | (_, receivedResponse) = self.sendUDPQuery(queryWithDO, response=None, useQueue=False) | |
1236 | self.assertTrue(receivedResponse) | |
1237 | doResponse.id = receivedResponse.id | |
1238 | print(doResponse) | |
1239 | print(receivedResponse) | |
1240 | self.assertEquals(receivedResponse, doResponse) | |
1241 | ||
1242 | (_, receivedResponse) = self.sendTCPQuery(queryWithDO, response=None, useQueue=False) | |
1243 | self.assertTrue(receivedResponse) | |
1244 | doResponse.id = receivedResponse.id | |
1245 | self.assertEquals(receivedResponse, doResponse) |