]>
Commit | Line | Data |
---|---|---|
7568b07d PL |
1 | import os |
2 | import socket | |
7568b07d PL |
3 | |
4 | import dns | |
5 | from recursortests import RecursorTest | |
6 | ||
d8319ad6 | 7 | |
7568b07d PL |
8 | class TestFlags(RecursorTest): |
9 | _confdir = 'Flags' | |
10 | _config_template = """dnssec=%s""" | |
11 | _config_params = ['_dnssec_setting'] | |
12 | _dnssec_setting = None | |
13 | _recursors = {} | |
14 | ||
d8319ad6 PL |
15 | _dnssec_setting_ports = {'off': 5300, |
16 | 'process-no-validate': 5301, | |
17 | 'process': 5302, | |
18 | 'validate': 5303} | |
7568b07d PL |
19 | |
20 | @classmethod | |
21 | def setUp(cls): | |
22 | for setting in cls._dnssec_setting_ports: | |
23 | confdir = os.path.join('configs', cls._confdir, setting) | |
24 | cls.wipeRecursorCache(confdir) | |
25 | ||
26 | @classmethod | |
27 | def setUpClass(cls): | |
28 | cls.setUpSockets() | |
29 | confdir = os.path.join('configs', cls._confdir) | |
30 | cls.createConfigDir(confdir) | |
31 | ||
32 | cls.generateAllAuthConfig(confdir) | |
33 | cls.startAllAuth(confdir) | |
34 | ||
35 | for dnssec_setting, port in cls._dnssec_setting_ports.items(): | |
36 | cls._dnssec_setting = dnssec_setting | |
37 | recConfdir = os.path.join(confdir, dnssec_setting) | |
38 | cls.createConfigDir(recConfdir) | |
39 | cls.generateRecursorConfig(recConfdir) | |
40 | cls.startRecursor(recConfdir, port) | |
41 | cls._recursors[dnssec_setting] = cls._recursor | |
42 | ||
43 | @classmethod | |
44 | def setUpSockets(cls): | |
45 | cls._sock = {} | |
46 | for dnssec_setting, port in cls._dnssec_setting_ports.items(): | |
47 | print("Setting up UDP socket..") | |
d8319ad6 PL |
48 | cls._sock[dnssec_setting] = socket.socket(socket.AF_INET, |
49 | socket.SOCK_DGRAM) | |
7568b07d PL |
50 | cls._sock[dnssec_setting].settimeout(2.0) |
51 | cls._sock[dnssec_setting].connect(("127.0.0.1", port)) | |
52 | ||
53 | @classmethod | |
54 | def sendUDPQuery(cls, query, dnssec_setting, timeout=2.0): | |
55 | if timeout: | |
56 | cls._sock[dnssec_setting].settimeout(timeout) | |
57 | ||
58 | try: | |
59 | cls._sock[dnssec_setting].send(query.to_wire()) | |
60 | data = cls._sock[dnssec_setting].recv(4096) | |
61 | except socket.timeout: | |
62 | data = None | |
63 | finally: | |
64 | if timeout: | |
65 | cls._sock[dnssec_setting].settimeout(None) | |
66 | ||
67 | msg = None | |
68 | if data: | |
69 | msg = dns.message.from_wire(data) | |
70 | return msg | |
71 | ||
72 | @classmethod | |
73 | def tearDownClass(cls): | |
74 | cls.tearDownAuth() | |
75 | for _, recursor in cls._recursors.items(): | |
76 | cls._recursor = recursor | |
77 | cls.tearDownRecursor() | |
78 | ||
7568b07d PL |
79 | def getQueryForSecure(self, flags='', ednsflags=''): |
80 | return self.createQuery('ns1.example.', 'A', flags, ednsflags) | |
81 | ||
82 | ## | |
83 | # -AD -CD -DO | |
84 | ## | |
85 | def testOff_Secure_None(self): | |
86 | msg = self.getQueryForSecure() | |
87 | res = self.sendUDPQuery(msg, 'off') | |
88 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
89 | self.assertNoRRSIGsInAnswer(res) | |
90 | ||
d8319ad6 PL |
91 | def testProcessNoValidate_Secure_None(self): |
92 | msg = self.getQueryForSecure() | |
93 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
94 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
95 | self.assertNoRRSIGsInAnswer(res) | |
96 | ||
7568b07d PL |
97 | def testProcess_Secure_None(self): |
98 | msg = self.getQueryForSecure() | |
99 | res = self.sendUDPQuery(msg, 'process') | |
100 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
101 | self.assertNoRRSIGsInAnswer(res) | |
102 | ||
7568b07d PL |
103 | def testValidate_Secure_None(self): |
104 | msg = self.getQueryForSecure() | |
105 | res = self.sendUDPQuery(msg, 'validate') | |
106 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
107 | self.assertNoRRSIGsInAnswer(res) | |
108 | ||
109 | ## | |
110 | # +AD -CD -DO | |
111 | ## | |
7568b07d PL |
112 | def testOff_Secure_AD(self): |
113 | msg = self.getQueryForSecure('AD') | |
114 | res = self.sendUDPQuery(msg, 'off') | |
115 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
116 | ||
7568b07d PL |
117 | self.assertNoRRSIGsInAnswer(res) |
118 | ||
d8319ad6 PL |
119 | def testProcessNoValidate_Secure_AD(self): |
120 | msg = self.getQueryForSecure('AD') | |
121 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
122 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
123 | self.assertNoRRSIGsInAnswer(res) | |
124 | ||
7568b07d PL |
125 | def testProcess_Secure_AD(self): |
126 | msg = self.getQueryForSecure('AD') | |
127 | res = self.sendUDPQuery(msg, 'process') | |
128 | self.assertMessageIsAuthenticated(res) | |
129 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD']) | |
130 | self.assertNoRRSIGsInAnswer(res) | |
131 | ||
7568b07d PL |
132 | def testValidate_Secure_AD(self): |
133 | msg = self.getQueryForSecure('AD') | |
134 | res = self.sendUDPQuery(msg, 'validate') | |
135 | ||
136 | self.assertMessageIsAuthenticated(res) | |
137 | self.assertMessageHasFlags(res, ['AD', 'RD', 'RA', 'QR']) | |
7568b07d PL |
138 | self.assertNoRRSIGsInAnswer(res) |
139 | ||
140 | ## | |
141 | # +AD -CD +DO | |
142 | ## | |
143 | def testOff_Secure_ADDO(self): | |
144 | msg = self.getQueryForSecure('AD', 'DO') | |
145 | res = self.sendUDPQuery(msg, 'off') | |
146 | ||
147 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
148 | self.assertNoRRSIGsInAnswer(res) | |
149 | ||
d8319ad6 PL |
150 | def testProcessNoValidate_Secure_ADDO(self): |
151 | msg = self.getQueryForSecure('AD', 'DO') | |
152 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
153 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
154 | ||
155 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
156 | self.assertMatchingRRSIGInAnswer(res, expected) | |
157 | ||
7568b07d PL |
158 | def testProcess_Secure_ADDO(self): |
159 | msg = self.getQueryForSecure('AD', 'DO') | |
160 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
161 | res = self.sendUDPQuery(msg, 'process') | |
162 | ||
163 | self.assertMessageIsAuthenticated(res) | |
164 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) | |
165 | self.assertMatchingRRSIGInAnswer(res, expected) | |
166 | ||
167 | def testValidate_Secure_ADDO(self): | |
168 | msg = self.getQueryForSecure('AD', 'DO') | |
169 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
170 | res = self.sendUDPQuery(msg, 'validate') | |
171 | ||
172 | self.assertMessageIsAuthenticated(res) | |
173 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) | |
174 | self.assertMatchingRRSIGInAnswer(res, expected) | |
175 | ||
176 | ## | |
177 | # +AD +CD +DO | |
178 | ## | |
179 | def testOff_Secure_ADDOCD(self): | |
180 | msg = self.getQueryForSecure('AD CD', 'DO') | |
181 | res = self.sendUDPQuery(msg, 'off') | |
182 | ||
7e6ad9dc | 183 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d | 184 | |
d8319ad6 PL |
185 | def testProcessNoValidate_Secure_ADDOCD(self): |
186 | msg = self.getQueryForSecure('AD CD', 'DO') | |
187 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
188 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
189 | ||
190 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
191 | self.assertMatchingRRSIGInAnswer(res, expected) | |
192 | ||
7568b07d PL |
193 | def testProcess_Secure_ADDOCD(self): |
194 | msg = self.getQueryForSecure('AD CD', 'DO') | |
195 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
196 | res = self.sendUDPQuery(msg, 'process') | |
197 | ||
198 | self.assertMessageIsAuthenticated(res) | |
199 | self.assertMessageHasFlags(res, ['AD', 'CD', 'QR', 'RA', 'RD'], ['DO']) | |
200 | self.assertMatchingRRSIGInAnswer(res, expected) | |
201 | ||
202 | def testValidate_Secure_ADDOCD(self): | |
203 | msg = self.getQueryForSecure('AD CD', 'DO') | |
204 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
205 | res = self.sendUDPQuery(msg, 'validate') | |
206 | ||
207 | self.assertMessageIsAuthenticated(res) | |
208 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD', 'CD'], ['DO']) | |
209 | self.assertMatchingRRSIGInAnswer(res, expected) | |
210 | ||
211 | ## | |
212 | # -AD -CD +DO | |
213 | ## | |
214 | def testOff_Secure_DO(self): | |
215 | msg = self.getQueryForSecure('', 'DO') | |
216 | res = self.sendUDPQuery(msg, 'off') | |
217 | ||
218 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
219 | self.assertNoRRSIGsInAnswer(res) | |
220 | ||
d8319ad6 PL |
221 | def testProcessNoValidate_Secure_DO(self): |
222 | msg = self.getQueryForSecure('', 'DO') | |
223 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
224 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
225 | ||
226 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
227 | self.assertMatchingRRSIGInAnswer(res, expected) | |
228 | ||
7568b07d PL |
229 | def testProcess_Secure_DO(self): |
230 | msg = self.getQueryForSecure('', 'DO') | |
231 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
232 | res = self.sendUDPQuery(msg, 'process') | |
233 | ||
248b689f | 234 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) |
7568b07d PL |
235 | self.assertMatchingRRSIGInAnswer(res, expected) |
236 | ||
7568b07d PL |
237 | def testValidate_Secure_DO(self): |
238 | msg = self.getQueryForSecure('', 'DO') | |
239 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
240 | res = self.sendUDPQuery(msg, 'validate') | |
241 | ||
248b689f | 242 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) |
7568b07d PL |
243 | self.assertMatchingRRSIGInAnswer(res, expected) |
244 | ||
245 | ## | |
246 | # -AD +CD +DO | |
247 | ## | |
7568b07d PL |
248 | def testOff_Secure_DOCD(self): |
249 | msg = self.getQueryForSecure('CD', 'DO') | |
250 | res = self.sendUDPQuery(msg, 'off') | |
251 | ||
252 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
253 | self.assertNoRRSIGsInAnswer(res) | |
254 | ||
d8319ad6 PL |
255 | def testProcessNoValidate_Secure_DOCD(self): |
256 | msg = self.getQueryForSecure('CD', 'DO') | |
257 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
258 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
259 | ||
260 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
261 | self.assertMatchingRRSIGInAnswer(res, expected) | |
262 | ||
7568b07d PL |
263 | def testProcess_Secure_DOCD(self): |
264 | msg = self.getQueryForSecure('CD', 'DO') | |
265 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
266 | res = self.sendUDPQuery(msg, 'process') | |
267 | ||
248b689f | 268 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD', 'CD'], ['DO']) |
7568b07d PL |
269 | self.assertMatchingRRSIGInAnswer(res, expected) |
270 | ||
7568b07d PL |
271 | def testValidate_Secure_DOCD(self): |
272 | msg = self.getQueryForSecure('CD', 'DO') | |
273 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
274 | res = self.sendUDPQuery(msg, 'validate') | |
275 | ||
248b689f | 276 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD', 'CD'], ['DO']) |
7568b07d PL |
277 | self.assertMatchingRRSIGInAnswer(res, expected) |
278 | ||
279 | ## | |
280 | # -AD +CD -DO | |
281 | ## | |
7568b07d PL |
282 | def testOff_Secure_CD(self): |
283 | msg = self.getQueryForSecure('CD') | |
284 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
285 | res = self.sendUDPQuery(msg, 'off') | |
286 | ||
287 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
288 | self.assertRRsetInAnswer(res, expected) | |
289 | self.assertNoRRSIGsInAnswer(res) | |
290 | ||
d8319ad6 PL |
291 | def testProcessNoValidate_Secure_CD(self): |
292 | msg = self.getQueryForSecure('CD') | |
293 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
294 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
295 | ||
296 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
297 | self.assertRRsetInAnswer(res, expected) | |
298 | self.assertNoRRSIGsInAnswer(res) | |
299 | ||
7568b07d PL |
300 | def testProcess_Secure_CD(self): |
301 | msg = self.getQueryForSecure('CD') | |
302 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
303 | res = self.sendUDPQuery(msg, 'process') | |
304 | ||
305 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
306 | self.assertRRsetInAnswer(res, expected) | |
307 | self.assertNoRRSIGsInAnswer(res) | |
308 | ||
7568b07d PL |
309 | def testValidate_Secure_CD(self): |
310 | msg = self.getQueryForSecure('CD') | |
311 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
312 | res = self.sendUDPQuery(msg, 'validate') | |
313 | ||
314 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
315 | self.assertRRsetInAnswer(res, expected) | |
316 | self.assertNoRRSIGsInAnswer(res) | |
317 | ||
318 | ||
319 | ### Bogus | |
320 | def getQueryForBogus(self, flags='', ednsflags=''): | |
321 | return self.createQuery('ted.bogus.example.', 'A', flags, ednsflags) | |
322 | ||
323 | ## | |
324 | # -AD -CD -DO | |
325 | ## | |
326 | def testOff_Bogus_None(self): | |
327 | msg = self.getQueryForBogus() | |
328 | res = self.sendUDPQuery(msg, 'off') | |
329 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
330 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
331 | ||
d8319ad6 PL |
332 | def testProcessNoValidate_Bogus_None(self): |
333 | msg = self.getQueryForBogus() | |
334 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
335 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
336 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
337 | ||
7568b07d PL |
338 | def testProcess_Bogus_None(self): |
339 | msg = self.getQueryForBogus() | |
340 | res = self.sendUDPQuery(msg, 'process') | |
341 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
342 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
343 | ||
344 | def testValidate_Bogus_None(self): | |
345 | msg = self.getQueryForBogus() | |
346 | res = self.sendUDPQuery(msg, 'validate') | |
347 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
348 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
349 | self.assertAnswerEmpty(res) | |
350 | ||
351 | ## | |
352 | # +AD -CD -DO | |
353 | ## | |
354 | def testOff_Bogus_AD(self): | |
355 | msg = self.getQueryForBogus('AD') | |
356 | res = self.sendUDPQuery(msg, 'off') | |
357 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
358 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
359 | ||
d8319ad6 PL |
360 | def testProcessNoValidate_Bogus_AD(self): |
361 | msg = self.getQueryForBogus('AD') | |
362 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
363 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
364 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
365 | ||
7568b07d PL |
366 | def testProcess_Bogus_AD(self): |
367 | msg = self.getQueryForBogus('AD') | |
368 | res = self.sendUDPQuery(msg, 'process') | |
369 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
7568b07d PL |
370 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) |
371 | self.assertAnswerEmpty(res) | |
372 | ||
373 | def testValidate_Bogus_AD(self): | |
374 | msg = self.getQueryForBogus('AD') | |
375 | res = self.sendUDPQuery(msg, 'validate') | |
376 | ||
377 | self.assertMessageHasFlags(res, ['RD', 'RA', 'QR']) | |
378 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
379 | self.assertAnswerEmpty(res) | |
380 | ||
381 | ## | |
382 | # +AD -CD +DO | |
383 | ## | |
384 | def testOff_Bogus_ADDO(self): | |
385 | msg = self.getQueryForBogus('AD', 'DO') | |
386 | res = self.sendUDPQuery(msg, 'off') | |
387 | ||
388 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
389 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
390 | ||
d8319ad6 PL |
391 | def testProcessNoValidate_Bogus_ADDO(self): |
392 | msg = self.getQueryForBogus('AD', 'DO') | |
393 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
394 | ||
395 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
396 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
397 | ||
7568b07d PL |
398 | def testProcess_Bogus_ADDO(self): |
399 | msg = self.getQueryForBogus('AD', 'DO') | |
400 | res = self.sendUDPQuery(msg, 'process') | |
401 | ||
402 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
7568b07d PL |
403 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) |
404 | self.assertAnswerEmpty(res) | |
405 | ||
406 | def testValidate_Bogus_ADDO(self): | |
407 | msg = self.getQueryForBogus('AD', 'DO') | |
408 | res = self.sendUDPQuery(msg, 'validate') | |
409 | ||
410 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
411 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
412 | self.assertAnswerEmpty(res) | |
413 | ## | |
414 | # +AD +CD +DO | |
415 | ## | |
416 | def testOff_Bogus_ADDOCD(self): | |
417 | msg = self.getQueryForBogus('AD CD', 'DO') | |
418 | res = self.sendUDPQuery(msg, 'off') | |
419 | ||
7e6ad9dc | 420 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d PL |
421 | self.assertRcodeEqual(res, dns.rcode.NOERROR) |
422 | ||
d8319ad6 PL |
423 | def testProcessNoValidate_Bogus_ADDOCD(self): |
424 | msg = self.getQueryForBogus('AD CD', 'DO') | |
425 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
426 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
427 | ||
428 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
429 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
430 | self.assertMatchingRRSIGInAnswer(res, expected) | |
431 | ||
7568b07d PL |
432 | def testProcess_Bogus_ADDOCD(self): |
433 | msg = self.getQueryForBogus('AD CD', 'DO') | |
434 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
435 | res = self.sendUDPQuery(msg, 'process') | |
436 | ||
437 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
438 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
439 | self.assertMatchingRRSIGInAnswer(res, expected) | |
440 | ||
441 | def testValidate_Bogus_ADDOCD(self): | |
442 | msg = self.getQueryForBogus('AD CD', 'DO') | |
443 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
444 | res = self.sendUDPQuery(msg, 'validate') | |
445 | ||
446 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
447 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
448 | self.assertMatchingRRSIGInAnswer(res, expected) | |
449 | ||
450 | ## | |
451 | # -AD -CD +DO | |
452 | ## | |
453 | def testOff_Bogus_DO(self): | |
454 | msg = self.getQueryForBogus('', 'DO') | |
455 | res = self.sendUDPQuery(msg, 'off') | |
456 | ||
457 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
458 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
459 | self.assertNoRRSIGsInAnswer(res) | |
460 | ||
d8319ad6 PL |
461 | def testProcessNoValidate_Bogus_DO(self): |
462 | msg = self.getQueryForBogus('', 'DO') | |
463 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
464 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
465 | ||
466 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
467 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
468 | self.assertMatchingRRSIGInAnswer(res, expected) | |
469 | ||
7568b07d PL |
470 | def testProcess_Bogus_DO(self): |
471 | msg = self.getQueryForBogus('', 'DO') | |
472 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
473 | res = self.sendUDPQuery(msg, 'process') | |
474 | ||
7568b07d | 475 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) |
248b689f PL |
476 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) |
477 | self.assertAnswerEmpty(res) | |
7568b07d PL |
478 | |
479 | def testValidate_Bogus_DO(self): | |
480 | msg = self.getQueryForBogus('', 'DO') | |
481 | res = self.sendUDPQuery(msg, 'validate') | |
482 | ||
483 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
484 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
485 | self.assertAnswerEmpty(res) | |
486 | ||
487 | ## | |
488 | # -AD +CD +DO | |
489 | ## | |
7568b07d PL |
490 | def testOff_Bogus_DOCD(self): |
491 | msg = self.getQueryForBogus('CD', 'DO') | |
492 | res = self.sendUDPQuery(msg, 'off') | |
493 | ||
494 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
495 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
496 | self.assertNoRRSIGsInAnswer(res) | |
497 | ||
d8319ad6 PL |
498 | def testProcessNoValidate_Bogus_DOCD(self): |
499 | msg = self.getQueryForBogus('CD', 'DO') | |
500 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
501 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
502 | ||
503 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
504 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
505 | self.assertMatchingRRSIGInAnswer(res, expected) | |
506 | ||
7568b07d PL |
507 | def testProcess_Bogus_DOCD(self): |
508 | msg = self.getQueryForBogus('CD', 'DO') | |
509 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
510 | res = self.sendUDPQuery(msg, 'process') | |
511 | ||
512 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
513 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
514 | self.assertMatchingRRSIGInAnswer(res, expected) | |
515 | ||
516 | def testValidate_Bogus_DOCD(self): | |
517 | msg = self.getQueryForBogus('CD', 'DO') | |
518 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
519 | res = self.sendUDPQuery(msg, 'validate') | |
520 | ||
521 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
522 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
523 | self.assertMatchingRRSIGInAnswer(res, expected) | |
524 | ||
525 | ## | |
526 | # -AD +CD -DO | |
527 | ## | |
7568b07d PL |
528 | def testOff_Bogus_CD(self): |
529 | msg = self.getQueryForBogus('CD') | |
530 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
531 | res = self.sendUDPQuery(msg, 'off') | |
532 | ||
533 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
534 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
535 | self.assertRRsetInAnswer(res, expected) | |
536 | self.assertNoRRSIGsInAnswer(res) | |
537 | ||
d8319ad6 PL |
538 | def testProcessNoValidate_Bogus_CD(self): |
539 | msg = self.getQueryForBogus('CD') | |
540 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
541 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
542 | ||
543 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
544 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
545 | self.assertRRsetInAnswer(res, expected) | |
546 | self.assertNoRRSIGsInAnswer(res) | |
547 | ||
7568b07d PL |
548 | def testProcess_Bogus_CD(self): |
549 | msg = self.getQueryForBogus('CD') | |
550 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
551 | res = self.sendUDPQuery(msg, 'process') | |
552 | ||
553 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
554 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
555 | self.assertRRsetInAnswer(res, expected) | |
556 | self.assertNoRRSIGsInAnswer(res) | |
557 | ||
7568b07d PL |
558 | def testValidate_Bogus_CD(self): |
559 | msg = self.getQueryForBogus('CD') | |
560 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
561 | res = self.sendUDPQuery(msg, 'validate') | |
562 | ||
563 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
564 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
565 | self.assertRRsetInAnswer(res, expected) | |
566 | self.assertNoRRSIGsInAnswer(res) | |
567 | ||
568 | ||
569 | ## Insecure | |
570 | def getQueryForInsecure(self, flags='', ednsflags=''): | |
571 | return self.createQuery('node1.insecure.example.', 'A', flags, ednsflags) | |
572 | ||
573 | ## | |
574 | # -AD -CD -DO | |
575 | ## | |
576 | def testOff_Insecure_None(self): | |
577 | msg = self.getQueryForInsecure() | |
578 | res = self.sendUDPQuery(msg, 'off') | |
579 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
580 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
581 | self.assertNoRRSIGsInAnswer(res) | |
582 | ||
d8319ad6 PL |
583 | def testProcessNoValidate_Insecure_None(self): |
584 | msg = self.getQueryForInsecure() | |
585 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
586 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
587 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
588 | self.assertNoRRSIGsInAnswer(res) | |
589 | ||
7568b07d PL |
590 | def testProcess_Insecure_None(self): |
591 | msg = self.getQueryForInsecure() | |
592 | res = self.sendUDPQuery(msg, 'process') | |
593 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
594 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
595 | self.assertNoRRSIGsInAnswer(res) | |
596 | ||
597 | def testValidate_Insecure_None(self): | |
598 | msg = self.getQueryForInsecure() | |
599 | res = self.sendUDPQuery(msg, 'validate') | |
600 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
601 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
602 | self.assertNoRRSIGsInAnswer(res) | |
603 | ||
604 | ## | |
605 | # +AD -CD -DO | |
606 | ## | |
607 | def testOff_Insecure_AD(self): | |
608 | msg = self.getQueryForInsecure('AD') | |
609 | res = self.sendUDPQuery(msg, 'off') | |
610 | ||
611 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
612 | self.assertNoRRSIGsInAnswer(res) | |
613 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
614 | ||
d8319ad6 PL |
615 | def testProcessNoValidate_Insecure_AD(self): |
616 | msg = self.getQueryForInsecure('AD') | |
617 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
618 | ||
619 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
620 | self.assertNoRRSIGsInAnswer(res) | |
621 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
622 | ||
7568b07d PL |
623 | def testProcess_Insecure_AD(self): |
624 | msg = self.getQueryForInsecure('AD') | |
625 | res = self.sendUDPQuery(msg, 'process') | |
626 | ||
627 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
628 | self.assertNoRRSIGsInAnswer(res) | |
629 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
630 | ||
631 | def testValidate_Insecure_AD(self): | |
632 | msg = self.getQueryForInsecure('AD') | |
633 | res = self.sendUDPQuery(msg, 'validate') | |
634 | ||
635 | self.assertMessageHasFlags(res, ['RD', 'RA', 'QR']) | |
636 | self.assertNoRRSIGsInAnswer(res) | |
637 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
638 | ||
639 | ## | |
640 | # +AD -CD +DO | |
641 | ## | |
642 | def testOff_Insecure_ADDO(self): | |
643 | msg = self.getQueryForInsecure('AD', 'DO') | |
644 | res = self.sendUDPQuery(msg, 'off') | |
645 | ||
646 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
647 | self.assertNoRRSIGsInAnswer(res) | |
648 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
649 | ||
d8319ad6 PL |
650 | def testProcessNoValidate_Insecure_ADDO(self): |
651 | msg = self.getQueryForInsecure('AD', 'DO') | |
652 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
653 | ||
654 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
655 | self.assertNoRRSIGsInAnswer(res) | |
656 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
657 | ||
7568b07d PL |
658 | def testProcess_Insecure_ADDO(self): |
659 | msg = self.getQueryForInsecure('AD', 'DO') | |
660 | res = self.sendUDPQuery(msg, 'process') | |
661 | ||
662 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
663 | self.assertNoRRSIGsInAnswer(res) | |
664 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
665 | ||
666 | def testValidate_Insecure_ADDO(self): | |
667 | msg = self.getQueryForInsecure('AD', 'DO') | |
668 | res = self.sendUDPQuery(msg, 'validate') | |
669 | ||
670 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
671 | self.assertNoRRSIGsInAnswer(res) | |
672 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
673 | ||
674 | ## | |
675 | # +AD +CD +DO | |
676 | ## | |
677 | def testOff_Insecure_ADDOCD(self): | |
678 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
679 | res = self.sendUDPQuery(msg, 'off') | |
680 | ||
7e6ad9dc | 681 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d PL |
682 | self.assertNoRRSIGsInAnswer(res) |
683 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
684 | ||
d8319ad6 PL |
685 | def testProcessNoValidate_Insecure_ADDOCD(self): |
686 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
687 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
688 | ||
689 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
690 | self.assertNoRRSIGsInAnswer(res) | |
691 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
692 | ||
7568b07d PL |
693 | def testProcess_Insecure_ADDOCD(self): |
694 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
695 | res = self.sendUDPQuery(msg, 'process') | |
696 | ||
697 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
698 | self.assertNoRRSIGsInAnswer(res) | |
699 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
700 | ||
701 | def testValidate_Insecure_ADDOCD(self): | |
702 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
703 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
704 | res = self.sendUDPQuery(msg, 'validate') | |
705 | ||
706 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
707 | self.assertNoRRSIGsInAnswer(res) | |
708 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
709 | ||
710 | ## | |
711 | # -AD -CD +DO | |
712 | ## | |
713 | def testOff_Insecure_DO(self): | |
714 | msg = self.getQueryForInsecure('', 'DO') | |
715 | res = self.sendUDPQuery(msg, 'off') | |
716 | ||
717 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
718 | self.assertNoRRSIGsInAnswer(res) | |
719 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
720 | ||
d8319ad6 PL |
721 | def testProcessNoValidate_Insecure_DO(self): |
722 | msg = self.getQueryForInsecure('', 'DO') | |
723 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
724 | ||
725 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
726 | self.assertNoRRSIGsInAnswer(res) | |
727 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
728 | ||
7568b07d PL |
729 | def testProcess_Insecure_DO(self): |
730 | msg = self.getQueryForInsecure('', 'DO') | |
731 | res = self.sendUDPQuery(msg, 'process') | |
732 | ||
733 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
734 | self.assertNoRRSIGsInAnswer(res) | |
735 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
736 | ||
737 | def testValidate_Insecure_DO(self): | |
738 | msg = self.getQueryForInsecure('', 'DO') | |
739 | res = self.sendUDPQuery(msg, 'validate') | |
740 | ||
741 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
742 | self.assertNoRRSIGsInAnswer(res) | |
743 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
744 | ||
745 | ## | |
746 | # -AD +CD +DO | |
747 | ## | |
7568b07d PL |
748 | def testOff_Insecure_DOCD(self): |
749 | msg = self.getQueryForInsecure('CD', 'DO') | |
750 | res = self.sendUDPQuery(msg, 'off') | |
751 | ||
752 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
753 | self.assertNoRRSIGsInAnswer(res) | |
754 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
755 | ||
d8319ad6 PL |
756 | def testProcessNoValidate_Insecure_DOCD(self): |
757 | msg = self.getQueryForInsecure('CD', 'DO') | |
758 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
759 | ||
760 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
761 | self.assertNoRRSIGsInAnswer(res) | |
762 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
763 | ||
7568b07d PL |
764 | def testProcess_Insecure_DOCD(self): |
765 | msg = self.getQueryForInsecure('CD', 'DO') | |
766 | res = self.sendUDPQuery(msg, 'process') | |
767 | ||
768 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
769 | self.assertNoRRSIGsInAnswer(res) | |
770 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
771 | ||
772 | def testValidate_Insecure_DOCD(self): | |
773 | msg = self.getQueryForInsecure('CD', 'DO') | |
774 | res = self.sendUDPQuery(msg, 'validate') | |
775 | ||
776 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
777 | self.assertNoRRSIGsInAnswer(res) | |
778 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
779 | ||
780 | ## | |
781 | # -AD +CD -DO | |
782 | ## | |
7568b07d PL |
783 | def testOff_Insecure_CD(self): |
784 | msg = self.getQueryForInsecure('CD') | |
785 | res = self.sendUDPQuery(msg, 'off') | |
786 | ||
787 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
788 | self.assertNoRRSIGsInAnswer(res) | |
789 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
790 | ||
d8319ad6 PL |
791 | def testProcessNoValidate_Insecure_CD(self): |
792 | msg = self.getQueryForInsecure('CD') | |
793 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
794 | ||
795 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
796 | self.assertNoRRSIGsInAnswer(res) | |
797 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
798 | ||
7568b07d PL |
799 | def testProcess_Insecure_CD(self): |
800 | msg = self.getQueryForInsecure('CD') | |
801 | res = self.sendUDPQuery(msg, 'process') | |
802 | ||
803 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
804 | self.assertNoRRSIGsInAnswer(res) | |
805 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
806 | ||
807 | def testValidate_Insecure_CD(self): | |
808 | msg = self.getQueryForInsecure('CD') | |
809 | res = self.sendUDPQuery(msg, 'validate') | |
810 | ||
811 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
812 | self.assertNoRRSIGsInAnswer(res) | |
813 | self.assertRcodeEqual(res, dns.rcode.NOERROR) |