]>
Commit | Line | Data |
---|---|---|
7568b07d PL |
1 | import os |
2 | import socket | |
7568b07d PL |
3 | |
4 | import dns | |
5 | from recursortests import RecursorTest | |
6 | ||
d8319ad6 | 7 | |
7568b07d PL |
8 | class TestFlags(RecursorTest): |
9 | _confdir = 'Flags' | |
10 | _config_template = """dnssec=%s""" | |
11 | _config_params = ['_dnssec_setting'] | |
12 | _dnssec_setting = None | |
13 | _recursors = {} | |
14 | ||
d8319ad6 PL |
15 | _dnssec_setting_ports = {'off': 5300, |
16 | 'process-no-validate': 5301, | |
17 | 'process': 5302, | |
18 | 'validate': 5303} | |
7568b07d PL |
19 | |
20 | @classmethod | |
21 | def setUp(cls): | |
22 | for setting in cls._dnssec_setting_ports: | |
23 | confdir = os.path.join('configs', cls._confdir, setting) | |
24 | cls.wipeRecursorCache(confdir) | |
25 | ||
26 | @classmethod | |
27 | def setUpClass(cls): | |
28 | cls.setUpSockets() | |
29 | confdir = os.path.join('configs', cls._confdir) | |
30 | cls.createConfigDir(confdir) | |
31 | ||
32 | cls.generateAllAuthConfig(confdir) | |
33 | cls.startAllAuth(confdir) | |
34 | ||
35 | for dnssec_setting, port in cls._dnssec_setting_ports.items(): | |
36 | cls._dnssec_setting = dnssec_setting | |
37 | recConfdir = os.path.join(confdir, dnssec_setting) | |
38 | cls.createConfigDir(recConfdir) | |
39 | cls.generateRecursorConfig(recConfdir) | |
40 | cls.startRecursor(recConfdir, port) | |
41 | cls._recursors[dnssec_setting] = cls._recursor | |
42 | ||
43 | @classmethod | |
44 | def setUpSockets(cls): | |
45 | cls._sock = {} | |
46 | for dnssec_setting, port in cls._dnssec_setting_ports.items(): | |
47 | print("Setting up UDP socket..") | |
d8319ad6 PL |
48 | cls._sock[dnssec_setting] = socket.socket(socket.AF_INET, |
49 | socket.SOCK_DGRAM) | |
7568b07d PL |
50 | cls._sock[dnssec_setting].settimeout(2.0) |
51 | cls._sock[dnssec_setting].connect(("127.0.0.1", port)) | |
52 | ||
53 | @classmethod | |
54 | def sendUDPQuery(cls, query, dnssec_setting, timeout=2.0): | |
55 | if timeout: | |
56 | cls._sock[dnssec_setting].settimeout(timeout) | |
57 | ||
58 | try: | |
59 | cls._sock[dnssec_setting].send(query.to_wire()) | |
60 | data = cls._sock[dnssec_setting].recv(4096) | |
61 | except socket.timeout: | |
62 | data = None | |
63 | finally: | |
64 | if timeout: | |
65 | cls._sock[dnssec_setting].settimeout(None) | |
66 | ||
67 | msg = None | |
68 | if data: | |
69 | msg = dns.message.from_wire(data) | |
70 | return msg | |
71 | ||
72 | @classmethod | |
73 | def tearDownClass(cls): | |
74 | cls.tearDownAuth() | |
75 | for _, recursor in cls._recursors.items(): | |
76 | cls._recursor = recursor | |
77 | cls.tearDownRecursor() | |
78 | ||
79 | def createQuery(self, name, rdtype, flags, ednsflags): | |
80 | """Helper function that creates the query with the specified flags. | |
81 | The flags need to be strings (no checking is performed atm)""" | |
82 | msg = dns.message.make_query(name, rdtype) | |
83 | msg.flags = dns.flags.from_text(flags) | |
84 | msg.flags += dns.flags.from_text('RD') | |
85 | msg.use_edns(edns=0, ednsflags=dns.flags.edns_from_text(ednsflags)) | |
86 | return msg | |
87 | ||
88 | def getQueryForSecure(self, flags='', ednsflags=''): | |
89 | return self.createQuery('ns1.example.', 'A', flags, ednsflags) | |
90 | ||
91 | ## | |
92 | # -AD -CD -DO | |
93 | ## | |
94 | def testOff_Secure_None(self): | |
95 | msg = self.getQueryForSecure() | |
96 | res = self.sendUDPQuery(msg, 'off') | |
97 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
98 | self.assertNoRRSIGsInAnswer(res) | |
99 | ||
d8319ad6 PL |
100 | def testProcessNoValidate_Secure_None(self): |
101 | msg = self.getQueryForSecure() | |
102 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
103 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
104 | self.assertNoRRSIGsInAnswer(res) | |
105 | ||
7568b07d PL |
106 | def testProcess_Secure_None(self): |
107 | msg = self.getQueryForSecure() | |
108 | res = self.sendUDPQuery(msg, 'process') | |
109 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
110 | self.assertNoRRSIGsInAnswer(res) | |
111 | ||
7568b07d PL |
112 | def testValidate_Secure_None(self): |
113 | msg = self.getQueryForSecure() | |
114 | res = self.sendUDPQuery(msg, 'validate') | |
115 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
116 | self.assertNoRRSIGsInAnswer(res) | |
117 | ||
118 | ## | |
119 | # +AD -CD -DO | |
120 | ## | |
7568b07d PL |
121 | def testOff_Secure_AD(self): |
122 | msg = self.getQueryForSecure('AD') | |
123 | res = self.sendUDPQuery(msg, 'off') | |
124 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
125 | ||
7568b07d PL |
126 | self.assertNoRRSIGsInAnswer(res) |
127 | ||
d8319ad6 PL |
128 | def testProcessNoValidate_Secure_AD(self): |
129 | msg = self.getQueryForSecure('AD') | |
130 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
131 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
132 | self.assertNoRRSIGsInAnswer(res) | |
133 | ||
7568b07d PL |
134 | def testProcess_Secure_AD(self): |
135 | msg = self.getQueryForSecure('AD') | |
136 | res = self.sendUDPQuery(msg, 'process') | |
137 | self.assertMessageIsAuthenticated(res) | |
138 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD']) | |
139 | self.assertNoRRSIGsInAnswer(res) | |
140 | ||
7568b07d PL |
141 | def testValidate_Secure_AD(self): |
142 | msg = self.getQueryForSecure('AD') | |
143 | res = self.sendUDPQuery(msg, 'validate') | |
144 | ||
145 | self.assertMessageIsAuthenticated(res) | |
146 | self.assertMessageHasFlags(res, ['AD', 'RD', 'RA', 'QR']) | |
7568b07d PL |
147 | self.assertNoRRSIGsInAnswer(res) |
148 | ||
149 | ## | |
150 | # +AD -CD +DO | |
151 | ## | |
152 | def testOff_Secure_ADDO(self): | |
153 | msg = self.getQueryForSecure('AD', 'DO') | |
154 | res = self.sendUDPQuery(msg, 'off') | |
155 | ||
156 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
157 | self.assertNoRRSIGsInAnswer(res) | |
158 | ||
d8319ad6 PL |
159 | def testProcessNoValidate_Secure_ADDO(self): |
160 | msg = self.getQueryForSecure('AD', 'DO') | |
161 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
162 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
163 | ||
164 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
165 | self.assertMatchingRRSIGInAnswer(res, expected) | |
166 | ||
7568b07d PL |
167 | def testProcess_Secure_ADDO(self): |
168 | msg = self.getQueryForSecure('AD', 'DO') | |
169 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
170 | res = self.sendUDPQuery(msg, 'process') | |
171 | ||
172 | self.assertMessageIsAuthenticated(res) | |
173 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) | |
174 | self.assertMatchingRRSIGInAnswer(res, expected) | |
175 | ||
176 | def testValidate_Secure_ADDO(self): | |
177 | msg = self.getQueryForSecure('AD', 'DO') | |
178 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
179 | res = self.sendUDPQuery(msg, 'validate') | |
180 | ||
181 | self.assertMessageIsAuthenticated(res) | |
182 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) | |
183 | self.assertMatchingRRSIGInAnswer(res, expected) | |
184 | ||
185 | ## | |
186 | # +AD +CD +DO | |
187 | ## | |
188 | def testOff_Secure_ADDOCD(self): | |
189 | msg = self.getQueryForSecure('AD CD', 'DO') | |
190 | res = self.sendUDPQuery(msg, 'off') | |
191 | ||
7e6ad9dc | 192 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d | 193 | |
d8319ad6 PL |
194 | def testProcessNoValidate_Secure_ADDOCD(self): |
195 | msg = self.getQueryForSecure('AD CD', 'DO') | |
196 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
197 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
198 | ||
199 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
200 | self.assertMatchingRRSIGInAnswer(res, expected) | |
201 | ||
7568b07d PL |
202 | def testProcess_Secure_ADDOCD(self): |
203 | msg = self.getQueryForSecure('AD CD', 'DO') | |
204 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
205 | res = self.sendUDPQuery(msg, 'process') | |
206 | ||
207 | self.assertMessageIsAuthenticated(res) | |
208 | self.assertMessageHasFlags(res, ['AD', 'CD', 'QR', 'RA', 'RD'], ['DO']) | |
209 | self.assertMatchingRRSIGInAnswer(res, expected) | |
210 | ||
211 | def testValidate_Secure_ADDOCD(self): | |
212 | msg = self.getQueryForSecure('AD CD', 'DO') | |
213 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
214 | res = self.sendUDPQuery(msg, 'validate') | |
215 | ||
216 | self.assertMessageIsAuthenticated(res) | |
217 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD', 'CD'], ['DO']) | |
218 | self.assertMatchingRRSIGInAnswer(res, expected) | |
219 | ||
220 | ## | |
221 | # -AD -CD +DO | |
222 | ## | |
223 | def testOff_Secure_DO(self): | |
224 | msg = self.getQueryForSecure('', 'DO') | |
225 | res = self.sendUDPQuery(msg, 'off') | |
226 | ||
227 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
228 | self.assertNoRRSIGsInAnswer(res) | |
229 | ||
d8319ad6 PL |
230 | def testProcessNoValidate_Secure_DO(self): |
231 | msg = self.getQueryForSecure('', 'DO') | |
232 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
233 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
234 | ||
235 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
236 | self.assertMatchingRRSIGInAnswer(res, expected) | |
237 | ||
7568b07d PL |
238 | def testProcess_Secure_DO(self): |
239 | msg = self.getQueryForSecure('', 'DO') | |
240 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
241 | res = self.sendUDPQuery(msg, 'process') | |
242 | ||
248b689f | 243 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) |
7568b07d PL |
244 | self.assertMatchingRRSIGInAnswer(res, expected) |
245 | ||
7568b07d PL |
246 | def testValidate_Secure_DO(self): |
247 | msg = self.getQueryForSecure('', 'DO') | |
248 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
249 | res = self.sendUDPQuery(msg, 'validate') | |
250 | ||
248b689f | 251 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) |
7568b07d PL |
252 | self.assertMatchingRRSIGInAnswer(res, expected) |
253 | ||
254 | ## | |
255 | # -AD +CD +DO | |
256 | ## | |
7568b07d PL |
257 | def testOff_Secure_DOCD(self): |
258 | msg = self.getQueryForSecure('CD', 'DO') | |
259 | res = self.sendUDPQuery(msg, 'off') | |
260 | ||
261 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
262 | self.assertNoRRSIGsInAnswer(res) | |
263 | ||
d8319ad6 PL |
264 | def testProcessNoValidate_Secure_DOCD(self): |
265 | msg = self.getQueryForSecure('CD', 'DO') | |
266 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
267 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
268 | ||
269 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
270 | self.assertMatchingRRSIGInAnswer(res, expected) | |
271 | ||
7568b07d PL |
272 | def testProcess_Secure_DOCD(self): |
273 | msg = self.getQueryForSecure('CD', 'DO') | |
274 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
275 | res = self.sendUDPQuery(msg, 'process') | |
276 | ||
248b689f | 277 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD', 'CD'], ['DO']) |
7568b07d PL |
278 | self.assertMatchingRRSIGInAnswer(res, expected) |
279 | ||
7568b07d PL |
280 | def testValidate_Secure_DOCD(self): |
281 | msg = self.getQueryForSecure('CD', 'DO') | |
282 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
283 | res = self.sendUDPQuery(msg, 'validate') | |
284 | ||
248b689f | 285 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD', 'CD'], ['DO']) |
7568b07d PL |
286 | self.assertMatchingRRSIGInAnswer(res, expected) |
287 | ||
288 | ## | |
289 | # -AD +CD -DO | |
290 | ## | |
7568b07d PL |
291 | def testOff_Secure_CD(self): |
292 | msg = self.getQueryForSecure('CD') | |
293 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
294 | res = self.sendUDPQuery(msg, 'off') | |
295 | ||
296 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
297 | self.assertRRsetInAnswer(res, expected) | |
298 | self.assertNoRRSIGsInAnswer(res) | |
299 | ||
d8319ad6 PL |
300 | def testProcessNoValidate_Secure_CD(self): |
301 | msg = self.getQueryForSecure('CD') | |
302 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
303 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
304 | ||
305 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
306 | self.assertRRsetInAnswer(res, expected) | |
307 | self.assertNoRRSIGsInAnswer(res) | |
308 | ||
7568b07d PL |
309 | def testProcess_Secure_CD(self): |
310 | msg = self.getQueryForSecure('CD') | |
311 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
312 | res = self.sendUDPQuery(msg, 'process') | |
313 | ||
314 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
315 | self.assertRRsetInAnswer(res, expected) | |
316 | self.assertNoRRSIGsInAnswer(res) | |
317 | ||
7568b07d PL |
318 | def testValidate_Secure_CD(self): |
319 | msg = self.getQueryForSecure('CD') | |
320 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
321 | res = self.sendUDPQuery(msg, 'validate') | |
322 | ||
323 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
324 | self.assertRRsetInAnswer(res, expected) | |
325 | self.assertNoRRSIGsInAnswer(res) | |
326 | ||
327 | ||
328 | ### Bogus | |
329 | def getQueryForBogus(self, flags='', ednsflags=''): | |
330 | return self.createQuery('ted.bogus.example.', 'A', flags, ednsflags) | |
331 | ||
332 | ## | |
333 | # -AD -CD -DO | |
334 | ## | |
335 | def testOff_Bogus_None(self): | |
336 | msg = self.getQueryForBogus() | |
337 | res = self.sendUDPQuery(msg, 'off') | |
338 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
339 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
340 | ||
d8319ad6 PL |
341 | def testProcessNoValidate_Bogus_None(self): |
342 | msg = self.getQueryForBogus() | |
343 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
344 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
345 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
346 | ||
7568b07d PL |
347 | def testProcess_Bogus_None(self): |
348 | msg = self.getQueryForBogus() | |
349 | res = self.sendUDPQuery(msg, 'process') | |
350 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
351 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
352 | ||
353 | def testValidate_Bogus_None(self): | |
354 | msg = self.getQueryForBogus() | |
355 | res = self.sendUDPQuery(msg, 'validate') | |
356 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
357 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
358 | self.assertAnswerEmpty(res) | |
359 | ||
360 | ## | |
361 | # +AD -CD -DO | |
362 | ## | |
363 | def testOff_Bogus_AD(self): | |
364 | msg = self.getQueryForBogus('AD') | |
365 | res = self.sendUDPQuery(msg, 'off') | |
366 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
367 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
368 | ||
d8319ad6 PL |
369 | def testProcessNoValidate_Bogus_AD(self): |
370 | msg = self.getQueryForBogus('AD') | |
371 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
372 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
373 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
374 | ||
7568b07d PL |
375 | def testProcess_Bogus_AD(self): |
376 | msg = self.getQueryForBogus('AD') | |
377 | res = self.sendUDPQuery(msg, 'process') | |
378 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
7568b07d PL |
379 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) |
380 | self.assertAnswerEmpty(res) | |
381 | ||
382 | def testValidate_Bogus_AD(self): | |
383 | msg = self.getQueryForBogus('AD') | |
384 | res = self.sendUDPQuery(msg, 'validate') | |
385 | ||
386 | self.assertMessageHasFlags(res, ['RD', 'RA', 'QR']) | |
387 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
388 | self.assertAnswerEmpty(res) | |
389 | ||
390 | ## | |
391 | # +AD -CD +DO | |
392 | ## | |
393 | def testOff_Bogus_ADDO(self): | |
394 | msg = self.getQueryForBogus('AD', 'DO') | |
395 | res = self.sendUDPQuery(msg, 'off') | |
396 | ||
397 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
398 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
399 | ||
d8319ad6 PL |
400 | def testProcessNoValidate_Bogus_ADDO(self): |
401 | msg = self.getQueryForBogus('AD', 'DO') | |
402 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
403 | ||
404 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
405 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
406 | ||
7568b07d PL |
407 | def testProcess_Bogus_ADDO(self): |
408 | msg = self.getQueryForBogus('AD', 'DO') | |
409 | res = self.sendUDPQuery(msg, 'process') | |
410 | ||
411 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
7568b07d PL |
412 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) |
413 | self.assertAnswerEmpty(res) | |
414 | ||
415 | def testValidate_Bogus_ADDO(self): | |
416 | msg = self.getQueryForBogus('AD', 'DO') | |
417 | res = self.sendUDPQuery(msg, 'validate') | |
418 | ||
419 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
420 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
421 | self.assertAnswerEmpty(res) | |
422 | ## | |
423 | # +AD +CD +DO | |
424 | ## | |
425 | def testOff_Bogus_ADDOCD(self): | |
426 | msg = self.getQueryForBogus('AD CD', 'DO') | |
427 | res = self.sendUDPQuery(msg, 'off') | |
428 | ||
7e6ad9dc | 429 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d PL |
430 | self.assertRcodeEqual(res, dns.rcode.NOERROR) |
431 | ||
d8319ad6 PL |
432 | def testProcessNoValidate_Bogus_ADDOCD(self): |
433 | msg = self.getQueryForBogus('AD CD', 'DO') | |
434 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
435 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
436 | ||
437 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
438 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
439 | self.assertMatchingRRSIGInAnswer(res, expected) | |
440 | ||
7568b07d PL |
441 | def testProcess_Bogus_ADDOCD(self): |
442 | msg = self.getQueryForBogus('AD CD', 'DO') | |
443 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
444 | res = self.sendUDPQuery(msg, 'process') | |
445 | ||
446 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
447 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
448 | self.assertMatchingRRSIGInAnswer(res, expected) | |
449 | ||
450 | def testValidate_Bogus_ADDOCD(self): | |
451 | msg = self.getQueryForBogus('AD CD', 'DO') | |
452 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
453 | res = self.sendUDPQuery(msg, 'validate') | |
454 | ||
455 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
456 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
457 | self.assertMatchingRRSIGInAnswer(res, expected) | |
458 | ||
459 | ## | |
460 | # -AD -CD +DO | |
461 | ## | |
462 | def testOff_Bogus_DO(self): | |
463 | msg = self.getQueryForBogus('', 'DO') | |
464 | res = self.sendUDPQuery(msg, 'off') | |
465 | ||
466 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
467 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
468 | self.assertNoRRSIGsInAnswer(res) | |
469 | ||
d8319ad6 PL |
470 | def testProcessNoValidate_Bogus_DO(self): |
471 | msg = self.getQueryForBogus('', 'DO') | |
472 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
473 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
474 | ||
475 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
476 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
477 | self.assertMatchingRRSIGInAnswer(res, expected) | |
478 | ||
7568b07d PL |
479 | def testProcess_Bogus_DO(self): |
480 | msg = self.getQueryForBogus('', 'DO') | |
481 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
482 | res = self.sendUDPQuery(msg, 'process') | |
483 | ||
7568b07d | 484 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) |
248b689f PL |
485 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) |
486 | self.assertAnswerEmpty(res) | |
7568b07d PL |
487 | |
488 | def testValidate_Bogus_DO(self): | |
489 | msg = self.getQueryForBogus('', 'DO') | |
490 | res = self.sendUDPQuery(msg, 'validate') | |
491 | ||
492 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
493 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
494 | self.assertAnswerEmpty(res) | |
495 | ||
496 | ## | |
497 | # -AD +CD +DO | |
498 | ## | |
7568b07d PL |
499 | def testOff_Bogus_DOCD(self): |
500 | msg = self.getQueryForBogus('CD', 'DO') | |
501 | res = self.sendUDPQuery(msg, 'off') | |
502 | ||
503 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
504 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
505 | self.assertNoRRSIGsInAnswer(res) | |
506 | ||
d8319ad6 PL |
507 | def testProcessNoValidate_Bogus_DOCD(self): |
508 | msg = self.getQueryForBogus('CD', 'DO') | |
509 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
510 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
511 | ||
512 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
513 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
514 | self.assertMatchingRRSIGInAnswer(res, expected) | |
515 | ||
7568b07d PL |
516 | def testProcess_Bogus_DOCD(self): |
517 | msg = self.getQueryForBogus('CD', 'DO') | |
518 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
519 | res = self.sendUDPQuery(msg, 'process') | |
520 | ||
521 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
522 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
523 | self.assertMatchingRRSIGInAnswer(res, expected) | |
524 | ||
525 | def testValidate_Bogus_DOCD(self): | |
526 | msg = self.getQueryForBogus('CD', 'DO') | |
527 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
528 | res = self.sendUDPQuery(msg, 'validate') | |
529 | ||
530 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
531 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
532 | self.assertMatchingRRSIGInAnswer(res, expected) | |
533 | ||
534 | ## | |
535 | # -AD +CD -DO | |
536 | ## | |
7568b07d PL |
537 | def testOff_Bogus_CD(self): |
538 | msg = self.getQueryForBogus('CD') | |
539 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
540 | res = self.sendUDPQuery(msg, 'off') | |
541 | ||
542 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
543 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
544 | self.assertRRsetInAnswer(res, expected) | |
545 | self.assertNoRRSIGsInAnswer(res) | |
546 | ||
d8319ad6 PL |
547 | def testProcessNoValidate_Bogus_CD(self): |
548 | msg = self.getQueryForBogus('CD') | |
549 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
550 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
551 | ||
552 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
553 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
554 | self.assertRRsetInAnswer(res, expected) | |
555 | self.assertNoRRSIGsInAnswer(res) | |
556 | ||
7568b07d PL |
557 | def testProcess_Bogus_CD(self): |
558 | msg = self.getQueryForBogus('CD') | |
559 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
560 | res = self.sendUDPQuery(msg, 'process') | |
561 | ||
562 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
563 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
564 | self.assertRRsetInAnswer(res, expected) | |
565 | self.assertNoRRSIGsInAnswer(res) | |
566 | ||
7568b07d PL |
567 | def testValidate_Bogus_CD(self): |
568 | msg = self.getQueryForBogus('CD') | |
569 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
570 | res = self.sendUDPQuery(msg, 'validate') | |
571 | ||
572 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
573 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
574 | self.assertRRsetInAnswer(res, expected) | |
575 | self.assertNoRRSIGsInAnswer(res) | |
576 | ||
577 | ||
578 | ## Insecure | |
579 | def getQueryForInsecure(self, flags='', ednsflags=''): | |
580 | return self.createQuery('node1.insecure.example.', 'A', flags, ednsflags) | |
581 | ||
582 | ## | |
583 | # -AD -CD -DO | |
584 | ## | |
585 | def testOff_Insecure_None(self): | |
586 | msg = self.getQueryForInsecure() | |
587 | res = self.sendUDPQuery(msg, 'off') | |
588 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
589 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
590 | self.assertNoRRSIGsInAnswer(res) | |
591 | ||
d8319ad6 PL |
592 | def testProcessNoValidate_Insecure_None(self): |
593 | msg = self.getQueryForInsecure() | |
594 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
595 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
596 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
597 | self.assertNoRRSIGsInAnswer(res) | |
598 | ||
7568b07d PL |
599 | def testProcess_Insecure_None(self): |
600 | msg = self.getQueryForInsecure() | |
601 | res = self.sendUDPQuery(msg, 'process') | |
602 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
603 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
604 | self.assertNoRRSIGsInAnswer(res) | |
605 | ||
606 | def testValidate_Insecure_None(self): | |
607 | msg = self.getQueryForInsecure() | |
608 | res = self.sendUDPQuery(msg, 'validate') | |
609 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
610 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
611 | self.assertNoRRSIGsInAnswer(res) | |
612 | ||
613 | ## | |
614 | # +AD -CD -DO | |
615 | ## | |
616 | def testOff_Insecure_AD(self): | |
617 | msg = self.getQueryForInsecure('AD') | |
618 | res = self.sendUDPQuery(msg, 'off') | |
619 | ||
620 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
621 | self.assertNoRRSIGsInAnswer(res) | |
622 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
623 | ||
d8319ad6 PL |
624 | def testProcessNoValidate_Insecure_AD(self): |
625 | msg = self.getQueryForInsecure('AD') | |
626 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
627 | ||
628 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
629 | self.assertNoRRSIGsInAnswer(res) | |
630 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
631 | ||
7568b07d PL |
632 | def testProcess_Insecure_AD(self): |
633 | msg = self.getQueryForInsecure('AD') | |
634 | res = self.sendUDPQuery(msg, 'process') | |
635 | ||
636 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
637 | self.assertNoRRSIGsInAnswer(res) | |
638 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
639 | ||
640 | def testValidate_Insecure_AD(self): | |
641 | msg = self.getQueryForInsecure('AD') | |
642 | res = self.sendUDPQuery(msg, 'validate') | |
643 | ||
644 | self.assertMessageHasFlags(res, ['RD', 'RA', 'QR']) | |
645 | self.assertNoRRSIGsInAnswer(res) | |
646 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
647 | ||
648 | ## | |
649 | # +AD -CD +DO | |
650 | ## | |
651 | def testOff_Insecure_ADDO(self): | |
652 | msg = self.getQueryForInsecure('AD', 'DO') | |
653 | res = self.sendUDPQuery(msg, 'off') | |
654 | ||
655 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
656 | self.assertNoRRSIGsInAnswer(res) | |
657 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
658 | ||
d8319ad6 PL |
659 | def testProcessNoValidate_Insecure_ADDO(self): |
660 | msg = self.getQueryForInsecure('AD', 'DO') | |
661 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
662 | ||
663 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
664 | self.assertNoRRSIGsInAnswer(res) | |
665 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
666 | ||
7568b07d PL |
667 | def testProcess_Insecure_ADDO(self): |
668 | msg = self.getQueryForInsecure('AD', 'DO') | |
669 | res = self.sendUDPQuery(msg, 'process') | |
670 | ||
671 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
672 | self.assertNoRRSIGsInAnswer(res) | |
673 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
674 | ||
675 | def testValidate_Insecure_ADDO(self): | |
676 | msg = self.getQueryForInsecure('AD', 'DO') | |
677 | res = self.sendUDPQuery(msg, 'validate') | |
678 | ||
679 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
680 | self.assertNoRRSIGsInAnswer(res) | |
681 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
682 | ||
683 | ## | |
684 | # +AD +CD +DO | |
685 | ## | |
686 | def testOff_Insecure_ADDOCD(self): | |
687 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
688 | res = self.sendUDPQuery(msg, 'off') | |
689 | ||
7e6ad9dc | 690 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d PL |
691 | self.assertNoRRSIGsInAnswer(res) |
692 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
693 | ||
d8319ad6 PL |
694 | def testProcessNoValidate_Insecure_ADDOCD(self): |
695 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
696 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
697 | ||
698 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
699 | self.assertNoRRSIGsInAnswer(res) | |
700 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
701 | ||
7568b07d PL |
702 | def testProcess_Insecure_ADDOCD(self): |
703 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
704 | res = self.sendUDPQuery(msg, 'process') | |
705 | ||
706 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
707 | self.assertNoRRSIGsInAnswer(res) | |
708 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
709 | ||
710 | def testValidate_Insecure_ADDOCD(self): | |
711 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
712 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
713 | res = self.sendUDPQuery(msg, 'validate') | |
714 | ||
715 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
716 | self.assertNoRRSIGsInAnswer(res) | |
717 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
718 | ||
719 | ## | |
720 | # -AD -CD +DO | |
721 | ## | |
722 | def testOff_Insecure_DO(self): | |
723 | msg = self.getQueryForInsecure('', 'DO') | |
724 | res = self.sendUDPQuery(msg, 'off') | |
725 | ||
726 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
727 | self.assertNoRRSIGsInAnswer(res) | |
728 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
729 | ||
d8319ad6 PL |
730 | def testProcessNoValidate_Insecure_DO(self): |
731 | msg = self.getQueryForInsecure('', 'DO') | |
732 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
733 | ||
734 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
735 | self.assertNoRRSIGsInAnswer(res) | |
736 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
737 | ||
7568b07d PL |
738 | def testProcess_Insecure_DO(self): |
739 | msg = self.getQueryForInsecure('', 'DO') | |
740 | res = self.sendUDPQuery(msg, 'process') | |
741 | ||
742 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
743 | self.assertNoRRSIGsInAnswer(res) | |
744 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
745 | ||
746 | def testValidate_Insecure_DO(self): | |
747 | msg = self.getQueryForInsecure('', 'DO') | |
748 | res = self.sendUDPQuery(msg, 'validate') | |
749 | ||
750 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
751 | self.assertNoRRSIGsInAnswer(res) | |
752 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
753 | ||
754 | ## | |
755 | # -AD +CD +DO | |
756 | ## | |
7568b07d PL |
757 | def testOff_Insecure_DOCD(self): |
758 | msg = self.getQueryForInsecure('CD', 'DO') | |
759 | res = self.sendUDPQuery(msg, 'off') | |
760 | ||
761 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
762 | self.assertNoRRSIGsInAnswer(res) | |
763 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
764 | ||
d8319ad6 PL |
765 | def testProcessNoValidate_Insecure_DOCD(self): |
766 | msg = self.getQueryForInsecure('CD', 'DO') | |
767 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
768 | ||
769 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
770 | self.assertNoRRSIGsInAnswer(res) | |
771 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
772 | ||
7568b07d PL |
773 | def testProcess_Insecure_DOCD(self): |
774 | msg = self.getQueryForInsecure('CD', 'DO') | |
775 | res = self.sendUDPQuery(msg, 'process') | |
776 | ||
777 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
778 | self.assertNoRRSIGsInAnswer(res) | |
779 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
780 | ||
781 | def testValidate_Insecure_DOCD(self): | |
782 | msg = self.getQueryForInsecure('CD', 'DO') | |
783 | res = self.sendUDPQuery(msg, 'validate') | |
784 | ||
785 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
786 | self.assertNoRRSIGsInAnswer(res) | |
787 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
788 | ||
789 | ## | |
790 | # -AD +CD -DO | |
791 | ## | |
7568b07d PL |
792 | def testOff_Insecure_CD(self): |
793 | msg = self.getQueryForInsecure('CD') | |
794 | res = self.sendUDPQuery(msg, 'off') | |
795 | ||
796 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
797 | self.assertNoRRSIGsInAnswer(res) | |
798 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
799 | ||
d8319ad6 PL |
800 | def testProcessNoValidate_Insecure_CD(self): |
801 | msg = self.getQueryForInsecure('CD') | |
802 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
803 | ||
804 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
805 | self.assertNoRRSIGsInAnswer(res) | |
806 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
807 | ||
7568b07d PL |
808 | def testProcess_Insecure_CD(self): |
809 | msg = self.getQueryForInsecure('CD') | |
810 | res = self.sendUDPQuery(msg, 'process') | |
811 | ||
812 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
813 | self.assertNoRRSIGsInAnswer(res) | |
814 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
815 | ||
816 | def testValidate_Insecure_CD(self): | |
817 | msg = self.getQueryForInsecure('CD') | |
818 | res = self.sendUDPQuery(msg, 'validate') | |
819 | ||
820 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
821 | self.assertNoRRSIGsInAnswer(res) | |
822 | self.assertRcodeEqual(res, dns.rcode.NOERROR) |