]>
Commit | Line | Data |
---|---|---|
cb54e9b5 PL |
1 | import errno |
2 | import os | |
3 | import subprocess | |
4 | import time | |
5 | ||
6 | import dns | |
faf36a9b | 7 | import extendederrors |
cb54e9b5 PL |
8 | from recursortests import RecursorTest |
9 | ||
10 | ||
11 | class testExpired(RecursorTest): | |
12 | """This regression test starts the authoritative servers with a clock that is | |
13 | set 15 days into the past. Hence, the recursor must reject the signatures | |
14 | because they are expired. | |
15 | """ | |
16 | _confdir = 'Expired' | |
17 | ||
18 | _config_template = """dnssec=validate""" | |
19 | ||
20 | _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'), | |
21 | 'FAKETIME':'-15d'} | |
22 | ||
23 | def testA(self): | |
24 | query = dns.message.make_query('host1.secure.example', 'A') | |
25 | res = self.sendUDPQuery(query) | |
26 | ||
27 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
faf36a9b O |
28 | |
29 | class testExpiredWithEDE(RecursorTest): | |
30 | """This regression test starts the authoritative servers with a clock that is | |
31 | set 15 days into the past. Hence, the recursor must reject the signatures | |
32 | because they are expired. | |
33 | """ | |
34 | _confdir = 'ExpiredWithEDE' | |
35 | ||
36 | _config_template = """ | |
37 | dnssec=validate | |
38 | extended-resolution-errors=yes | |
39 | """ | |
40 | ||
41 | _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'), | |
42 | 'FAKETIME':'-15d'} | |
43 | ||
44 | def testA(self): | |
45 | qname = 'host1.secure.example' | |
46 | query = dns.message.make_query(qname, 'A', want_dnssec=True) | |
47 | ||
48 | for method in ("sendUDPQuery", "sendTCPQuery"): | |
49 | sender = getattr(self, method) | |
50 | res = sender(query, timeout=5.0) | |
51 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
52 | self.assertEqual(res.edns, 0) | |
53 | self.assertEqual(len(res.options), 1) | |
54 | self.assertEqual(res.options[0].otype, 15) | |
55 | self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(7, b'')) |