]>
Commit | Line | Data |
---|---|---|
7568b07d PL |
1 | import os |
2 | import socket | |
d8319ad6 | 3 | #import unittest |
7568b07d PL |
4 | |
5 | import dns | |
6 | from recursortests import RecursorTest | |
7 | ||
d8319ad6 | 8 | |
7568b07d PL |
9 | class TestFlags(RecursorTest): |
10 | _confdir = 'Flags' | |
11 | _config_template = """dnssec=%s""" | |
12 | _config_params = ['_dnssec_setting'] | |
13 | _dnssec_setting = None | |
14 | _recursors = {} | |
15 | ||
d8319ad6 PL |
16 | _dnssec_setting_ports = {'off': 5300, |
17 | 'process-no-validate': 5301, | |
18 | 'process': 5302, | |
19 | 'validate': 5303} | |
7568b07d PL |
20 | |
21 | @classmethod | |
22 | def setUp(cls): | |
23 | for setting in cls._dnssec_setting_ports: | |
24 | confdir = os.path.join('configs', cls._confdir, setting) | |
25 | cls.wipeRecursorCache(confdir) | |
26 | ||
27 | @classmethod | |
28 | def setUpClass(cls): | |
29 | cls.setUpSockets() | |
30 | confdir = os.path.join('configs', cls._confdir) | |
31 | cls.createConfigDir(confdir) | |
32 | ||
33 | cls.generateAllAuthConfig(confdir) | |
34 | cls.startAllAuth(confdir) | |
35 | ||
36 | for dnssec_setting, port in cls._dnssec_setting_ports.items(): | |
37 | cls._dnssec_setting = dnssec_setting | |
38 | recConfdir = os.path.join(confdir, dnssec_setting) | |
39 | cls.createConfigDir(recConfdir) | |
40 | cls.generateRecursorConfig(recConfdir) | |
41 | cls.startRecursor(recConfdir, port) | |
42 | cls._recursors[dnssec_setting] = cls._recursor | |
43 | ||
44 | @classmethod | |
45 | def setUpSockets(cls): | |
46 | cls._sock = {} | |
47 | for dnssec_setting, port in cls._dnssec_setting_ports.items(): | |
48 | print("Setting up UDP socket..") | |
d8319ad6 PL |
49 | cls._sock[dnssec_setting] = socket.socket(socket.AF_INET, |
50 | socket.SOCK_DGRAM) | |
7568b07d PL |
51 | cls._sock[dnssec_setting].settimeout(2.0) |
52 | cls._sock[dnssec_setting].connect(("127.0.0.1", port)) | |
53 | ||
54 | @classmethod | |
55 | def sendUDPQuery(cls, query, dnssec_setting, timeout=2.0): | |
56 | if timeout: | |
57 | cls._sock[dnssec_setting].settimeout(timeout) | |
58 | ||
59 | try: | |
60 | cls._sock[dnssec_setting].send(query.to_wire()) | |
61 | data = cls._sock[dnssec_setting].recv(4096) | |
62 | except socket.timeout: | |
63 | data = None | |
64 | finally: | |
65 | if timeout: | |
66 | cls._sock[dnssec_setting].settimeout(None) | |
67 | ||
68 | msg = None | |
69 | if data: | |
70 | msg = dns.message.from_wire(data) | |
71 | return msg | |
72 | ||
73 | @classmethod | |
74 | def tearDownClass(cls): | |
75 | cls.tearDownAuth() | |
76 | for _, recursor in cls._recursors.items(): | |
77 | cls._recursor = recursor | |
78 | cls.tearDownRecursor() | |
79 | ||
80 | def createQuery(self, name, rdtype, flags, ednsflags): | |
81 | """Helper function that creates the query with the specified flags. | |
82 | The flags need to be strings (no checking is performed atm)""" | |
83 | msg = dns.message.make_query(name, rdtype) | |
84 | msg.flags = dns.flags.from_text(flags) | |
85 | msg.flags += dns.flags.from_text('RD') | |
86 | msg.use_edns(edns=0, ednsflags=dns.flags.edns_from_text(ednsflags)) | |
87 | return msg | |
88 | ||
89 | def getQueryForSecure(self, flags='', ednsflags=''): | |
90 | return self.createQuery('ns1.example.', 'A', flags, ednsflags) | |
91 | ||
92 | ## | |
93 | # -AD -CD -DO | |
94 | ## | |
95 | def testOff_Secure_None(self): | |
96 | msg = self.getQueryForSecure() | |
97 | res = self.sendUDPQuery(msg, 'off') | |
98 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
99 | self.assertNoRRSIGsInAnswer(res) | |
100 | ||
d8319ad6 PL |
101 | def testProcessNoValidate_Secure_None(self): |
102 | msg = self.getQueryForSecure() | |
103 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
104 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
105 | self.assertNoRRSIGsInAnswer(res) | |
106 | ||
7568b07d PL |
107 | def testProcess_Secure_None(self): |
108 | msg = self.getQueryForSecure() | |
109 | res = self.sendUDPQuery(msg, 'process') | |
110 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
111 | self.assertNoRRSIGsInAnswer(res) | |
112 | ||
7568b07d PL |
113 | def testValidate_Secure_None(self): |
114 | msg = self.getQueryForSecure() | |
115 | res = self.sendUDPQuery(msg, 'validate') | |
116 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
117 | self.assertNoRRSIGsInAnswer(res) | |
118 | ||
119 | ## | |
120 | # +AD -CD -DO | |
121 | ## | |
7568b07d PL |
122 | def testOff_Secure_AD(self): |
123 | msg = self.getQueryForSecure('AD') | |
124 | res = self.sendUDPQuery(msg, 'off') | |
125 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
126 | ||
7568b07d PL |
127 | self.assertNoRRSIGsInAnswer(res) |
128 | ||
d8319ad6 PL |
129 | def testProcessNoValidate_Secure_AD(self): |
130 | msg = self.getQueryForSecure('AD') | |
131 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
132 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
133 | self.assertNoRRSIGsInAnswer(res) | |
134 | ||
7568b07d PL |
135 | def testProcess_Secure_AD(self): |
136 | msg = self.getQueryForSecure('AD') | |
137 | res = self.sendUDPQuery(msg, 'process') | |
138 | self.assertMessageIsAuthenticated(res) | |
139 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD']) | |
140 | self.assertNoRRSIGsInAnswer(res) | |
141 | ||
7568b07d PL |
142 | def testValidate_Secure_AD(self): |
143 | msg = self.getQueryForSecure('AD') | |
144 | res = self.sendUDPQuery(msg, 'validate') | |
145 | ||
146 | self.assertMessageIsAuthenticated(res) | |
147 | self.assertMessageHasFlags(res, ['AD', 'RD', 'RA', 'QR']) | |
7568b07d PL |
148 | self.assertNoRRSIGsInAnswer(res) |
149 | ||
150 | ## | |
151 | # +AD -CD +DO | |
152 | ## | |
153 | def testOff_Secure_ADDO(self): | |
154 | msg = self.getQueryForSecure('AD', 'DO') | |
155 | res = self.sendUDPQuery(msg, 'off') | |
156 | ||
157 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
158 | self.assertNoRRSIGsInAnswer(res) | |
159 | ||
d8319ad6 PL |
160 | def testProcessNoValidate_Secure_ADDO(self): |
161 | msg = self.getQueryForSecure('AD', 'DO') | |
162 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
163 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
164 | ||
165 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
166 | self.assertMatchingRRSIGInAnswer(res, expected) | |
167 | ||
7568b07d PL |
168 | def testProcess_Secure_ADDO(self): |
169 | msg = self.getQueryForSecure('AD', 'DO') | |
170 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
171 | res = self.sendUDPQuery(msg, 'process') | |
172 | ||
173 | self.assertMessageIsAuthenticated(res) | |
174 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) | |
175 | self.assertMatchingRRSIGInAnswer(res, expected) | |
176 | ||
177 | def testValidate_Secure_ADDO(self): | |
178 | msg = self.getQueryForSecure('AD', 'DO') | |
179 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
180 | res = self.sendUDPQuery(msg, 'validate') | |
181 | ||
182 | self.assertMessageIsAuthenticated(res) | |
183 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD'], ['DO']) | |
184 | self.assertMatchingRRSIGInAnswer(res, expected) | |
185 | ||
186 | ## | |
187 | # +AD +CD +DO | |
188 | ## | |
189 | def testOff_Secure_ADDOCD(self): | |
190 | msg = self.getQueryForSecure('AD CD', 'DO') | |
191 | res = self.sendUDPQuery(msg, 'off') | |
192 | ||
7e6ad9dc | 193 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d | 194 | |
d8319ad6 PL |
195 | def testProcessNoValidate_Secure_ADDOCD(self): |
196 | msg = self.getQueryForSecure('AD CD', 'DO') | |
197 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
198 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
199 | ||
200 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
201 | self.assertMatchingRRSIGInAnswer(res, expected) | |
202 | ||
7568b07d PL |
203 | def testProcess_Secure_ADDOCD(self): |
204 | msg = self.getQueryForSecure('AD CD', 'DO') | |
205 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
206 | res = self.sendUDPQuery(msg, 'process') | |
207 | ||
208 | self.assertMessageIsAuthenticated(res) | |
209 | self.assertMessageHasFlags(res, ['AD', 'CD', 'QR', 'RA', 'RD'], ['DO']) | |
210 | self.assertMatchingRRSIGInAnswer(res, expected) | |
211 | ||
212 | def testValidate_Secure_ADDOCD(self): | |
213 | msg = self.getQueryForSecure('AD CD', 'DO') | |
214 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
215 | res = self.sendUDPQuery(msg, 'validate') | |
216 | ||
217 | self.assertMessageIsAuthenticated(res) | |
218 | self.assertMessageHasFlags(res, ['AD', 'QR', 'RA', 'RD', 'CD'], ['DO']) | |
219 | self.assertMatchingRRSIGInAnswer(res, expected) | |
220 | ||
221 | ## | |
222 | # -AD -CD +DO | |
223 | ## | |
224 | def testOff_Secure_DO(self): | |
225 | msg = self.getQueryForSecure('', 'DO') | |
226 | res = self.sendUDPQuery(msg, 'off') | |
227 | ||
228 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
229 | self.assertNoRRSIGsInAnswer(res) | |
230 | ||
d8319ad6 PL |
231 | def testProcessNoValidate_Secure_DO(self): |
232 | msg = self.getQueryForSecure('', 'DO') | |
233 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
234 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
235 | ||
236 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
237 | self.assertMatchingRRSIGInAnswer(res, expected) | |
238 | ||
7568b07d PL |
239 | def testProcess_Secure_DO(self): |
240 | msg = self.getQueryForSecure('', 'DO') | |
241 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
242 | res = self.sendUDPQuery(msg, 'process') | |
243 | ||
244 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
245 | self.assertMatchingRRSIGInAnswer(res, expected) | |
246 | ||
7568b07d PL |
247 | def testValidate_Secure_DO(self): |
248 | msg = self.getQueryForSecure('', 'DO') | |
249 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
250 | res = self.sendUDPQuery(msg, 'validate') | |
251 | ||
252 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
253 | self.assertMatchingRRSIGInAnswer(res, expected) | |
254 | ||
255 | ## | |
256 | # -AD +CD +DO | |
257 | ## | |
7568b07d PL |
258 | def testOff_Secure_DOCD(self): |
259 | msg = self.getQueryForSecure('CD', 'DO') | |
260 | res = self.sendUDPQuery(msg, 'off') | |
261 | ||
262 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
263 | self.assertNoRRSIGsInAnswer(res) | |
264 | ||
d8319ad6 PL |
265 | def testProcessNoValidate_Secure_DOCD(self): |
266 | msg = self.getQueryForSecure('CD', 'DO') | |
267 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
268 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
269 | ||
270 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
271 | self.assertMatchingRRSIGInAnswer(res, expected) | |
272 | ||
7568b07d PL |
273 | def testProcess_Secure_DOCD(self): |
274 | msg = self.getQueryForSecure('CD', 'DO') | |
275 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
276 | res = self.sendUDPQuery(msg, 'process') | |
277 | ||
278 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
279 | self.assertMatchingRRSIGInAnswer(res, expected) | |
280 | ||
7568b07d PL |
281 | def testValidate_Secure_DOCD(self): |
282 | msg = self.getQueryForSecure('CD', 'DO') | |
283 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
284 | res = self.sendUDPQuery(msg, 'validate') | |
285 | ||
286 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
287 | self.assertMatchingRRSIGInAnswer(res, expected) | |
288 | ||
289 | ## | |
290 | # -AD +CD -DO | |
291 | ## | |
7568b07d PL |
292 | def testOff_Secure_CD(self): |
293 | msg = self.getQueryForSecure('CD') | |
294 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
295 | res = self.sendUDPQuery(msg, 'off') | |
296 | ||
297 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
298 | self.assertRRsetInAnswer(res, expected) | |
299 | self.assertNoRRSIGsInAnswer(res) | |
300 | ||
d8319ad6 PL |
301 | def testProcessNoValidate_Secure_CD(self): |
302 | msg = self.getQueryForSecure('CD') | |
303 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
304 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
305 | ||
306 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
307 | self.assertRRsetInAnswer(res, expected) | |
308 | self.assertNoRRSIGsInAnswer(res) | |
309 | ||
7568b07d PL |
310 | def testProcess_Secure_CD(self): |
311 | msg = self.getQueryForSecure('CD') | |
312 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
313 | res = self.sendUDPQuery(msg, 'process') | |
314 | ||
315 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
316 | self.assertRRsetInAnswer(res, expected) | |
317 | self.assertNoRRSIGsInAnswer(res) | |
318 | ||
7568b07d PL |
319 | def testValidate_Secure_CD(self): |
320 | msg = self.getQueryForSecure('CD') | |
321 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
322 | res = self.sendUDPQuery(msg, 'validate') | |
323 | ||
324 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
325 | self.assertRRsetInAnswer(res, expected) | |
326 | self.assertNoRRSIGsInAnswer(res) | |
327 | ||
328 | ||
329 | ### Bogus | |
330 | def getQueryForBogus(self, flags='', ednsflags=''): | |
331 | return self.createQuery('ted.bogus.example.', 'A', flags, ednsflags) | |
332 | ||
333 | ## | |
334 | # -AD -CD -DO | |
335 | ## | |
336 | def testOff_Bogus_None(self): | |
337 | msg = self.getQueryForBogus() | |
338 | res = self.sendUDPQuery(msg, 'off') | |
339 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
340 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
341 | ||
d8319ad6 PL |
342 | def testProcessNoValidate_Bogus_None(self): |
343 | msg = self.getQueryForBogus() | |
344 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
345 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
346 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
347 | ||
7568b07d PL |
348 | def testProcess_Bogus_None(self): |
349 | msg = self.getQueryForBogus() | |
350 | res = self.sendUDPQuery(msg, 'process') | |
351 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
352 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
353 | ||
354 | def testValidate_Bogus_None(self): | |
355 | msg = self.getQueryForBogus() | |
356 | res = self.sendUDPQuery(msg, 'validate') | |
357 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
358 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
359 | self.assertAnswerEmpty(res) | |
360 | ||
361 | ## | |
362 | # +AD -CD -DO | |
363 | ## | |
364 | def testOff_Bogus_AD(self): | |
365 | msg = self.getQueryForBogus('AD') | |
366 | res = self.sendUDPQuery(msg, 'off') | |
367 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
368 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
369 | ||
d8319ad6 PL |
370 | def testProcessNoValidate_Bogus_AD(self): |
371 | msg = self.getQueryForBogus('AD') | |
372 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
373 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
374 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
375 | ||
7568b07d PL |
376 | def testProcess_Bogus_AD(self): |
377 | msg = self.getQueryForBogus('AD') | |
378 | res = self.sendUDPQuery(msg, 'process') | |
379 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
7568b07d PL |
380 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) |
381 | self.assertAnswerEmpty(res) | |
382 | ||
383 | def testValidate_Bogus_AD(self): | |
384 | msg = self.getQueryForBogus('AD') | |
385 | res = self.sendUDPQuery(msg, 'validate') | |
386 | ||
387 | self.assertMessageHasFlags(res, ['RD', 'RA', 'QR']) | |
388 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
389 | self.assertAnswerEmpty(res) | |
390 | ||
391 | ## | |
392 | # +AD -CD +DO | |
393 | ## | |
394 | def testOff_Bogus_ADDO(self): | |
395 | msg = self.getQueryForBogus('AD', 'DO') | |
396 | res = self.sendUDPQuery(msg, 'off') | |
397 | ||
398 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
399 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
400 | ||
d8319ad6 PL |
401 | def testProcessNoValidate_Bogus_ADDO(self): |
402 | msg = self.getQueryForBogus('AD', 'DO') | |
403 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
404 | ||
405 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
406 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
407 | ||
7568b07d PL |
408 | def testProcess_Bogus_ADDO(self): |
409 | msg = self.getQueryForBogus('AD', 'DO') | |
410 | res = self.sendUDPQuery(msg, 'process') | |
411 | ||
412 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
7568b07d PL |
413 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) |
414 | self.assertAnswerEmpty(res) | |
415 | ||
416 | def testValidate_Bogus_ADDO(self): | |
417 | msg = self.getQueryForBogus('AD', 'DO') | |
418 | res = self.sendUDPQuery(msg, 'validate') | |
419 | ||
420 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
421 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
422 | self.assertAnswerEmpty(res) | |
423 | ## | |
424 | # +AD +CD +DO | |
425 | ## | |
426 | def testOff_Bogus_ADDOCD(self): | |
427 | msg = self.getQueryForBogus('AD CD', 'DO') | |
428 | res = self.sendUDPQuery(msg, 'off') | |
429 | ||
7e6ad9dc | 430 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d PL |
431 | self.assertRcodeEqual(res, dns.rcode.NOERROR) |
432 | ||
d8319ad6 PL |
433 | def testProcessNoValidate_Bogus_ADDOCD(self): |
434 | msg = self.getQueryForBogus('AD CD', 'DO') | |
435 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
436 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
437 | ||
438 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
439 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
440 | self.assertMatchingRRSIGInAnswer(res, expected) | |
441 | ||
7568b07d PL |
442 | def testProcess_Bogus_ADDOCD(self): |
443 | msg = self.getQueryForBogus('AD CD', 'DO') | |
444 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
445 | res = self.sendUDPQuery(msg, 'process') | |
446 | ||
447 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
448 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
449 | self.assertMatchingRRSIGInAnswer(res, expected) | |
450 | ||
451 | def testValidate_Bogus_ADDOCD(self): | |
452 | msg = self.getQueryForBogus('AD CD', 'DO') | |
453 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
454 | res = self.sendUDPQuery(msg, 'validate') | |
455 | ||
456 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
457 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
458 | self.assertMatchingRRSIGInAnswer(res, expected) | |
459 | ||
460 | ## | |
461 | # -AD -CD +DO | |
462 | ## | |
463 | def testOff_Bogus_DO(self): | |
464 | msg = self.getQueryForBogus('', 'DO') | |
465 | res = self.sendUDPQuery(msg, 'off') | |
466 | ||
467 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
468 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
469 | self.assertNoRRSIGsInAnswer(res) | |
470 | ||
d8319ad6 PL |
471 | def testProcessNoValidate_Bogus_DO(self): |
472 | msg = self.getQueryForBogus('', 'DO') | |
473 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
474 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
475 | ||
476 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
477 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
478 | self.assertMatchingRRSIGInAnswer(res, expected) | |
479 | ||
7568b07d PL |
480 | def testProcess_Bogus_DO(self): |
481 | msg = self.getQueryForBogus('', 'DO') | |
482 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
483 | res = self.sendUDPQuery(msg, 'process') | |
484 | ||
485 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
486 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
487 | self.assertMatchingRRSIGInAnswer(res, expected) | |
488 | ||
489 | def testValidate_Bogus_DO(self): | |
490 | msg = self.getQueryForBogus('', 'DO') | |
491 | res = self.sendUDPQuery(msg, 'validate') | |
492 | ||
493 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
494 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
495 | self.assertAnswerEmpty(res) | |
496 | ||
497 | ## | |
498 | # -AD +CD +DO | |
499 | ## | |
7568b07d PL |
500 | def testOff_Bogus_DOCD(self): |
501 | msg = self.getQueryForBogus('CD', 'DO') | |
502 | res = self.sendUDPQuery(msg, 'off') | |
503 | ||
504 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
505 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
506 | self.assertNoRRSIGsInAnswer(res) | |
507 | ||
d8319ad6 PL |
508 | def testProcessNoValidate_Bogus_DOCD(self): |
509 | msg = self.getQueryForBogus('CD', 'DO') | |
510 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
511 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
512 | ||
513 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
514 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
515 | self.assertMatchingRRSIGInAnswer(res, expected) | |
516 | ||
7568b07d PL |
517 | def testProcess_Bogus_DOCD(self): |
518 | msg = self.getQueryForBogus('CD', 'DO') | |
519 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
520 | res = self.sendUDPQuery(msg, 'process') | |
521 | ||
522 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
523 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
524 | self.assertMatchingRRSIGInAnswer(res, expected) | |
525 | ||
526 | def testValidate_Bogus_DOCD(self): | |
527 | msg = self.getQueryForBogus('CD', 'DO') | |
528 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
529 | res = self.sendUDPQuery(msg, 'validate') | |
530 | ||
531 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
532 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
533 | self.assertMatchingRRSIGInAnswer(res, expected) | |
534 | ||
535 | ## | |
536 | # -AD +CD -DO | |
537 | ## | |
7568b07d PL |
538 | def testOff_Bogus_CD(self): |
539 | msg = self.getQueryForBogus('CD') | |
540 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
541 | res = self.sendUDPQuery(msg, 'off') | |
542 | ||
543 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
544 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
545 | self.assertRRsetInAnswer(res, expected) | |
546 | self.assertNoRRSIGsInAnswer(res) | |
547 | ||
d8319ad6 PL |
548 | def testProcessNoValidate_Bogus_CD(self): |
549 | msg = self.getQueryForBogus('CD') | |
550 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
551 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
552 | ||
553 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
554 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
555 | self.assertRRsetInAnswer(res, expected) | |
556 | self.assertNoRRSIGsInAnswer(res) | |
557 | ||
7568b07d PL |
558 | def testProcess_Bogus_CD(self): |
559 | msg = self.getQueryForBogus('CD') | |
560 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
561 | res = self.sendUDPQuery(msg, 'process') | |
562 | ||
563 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
564 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
565 | self.assertRRsetInAnswer(res, expected) | |
566 | self.assertNoRRSIGsInAnswer(res) | |
567 | ||
7568b07d PL |
568 | def testValidate_Bogus_CD(self): |
569 | msg = self.getQueryForBogus('CD') | |
570 | expected = dns.rrset.from_text('ted.bogus.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.1') | |
571 | res = self.sendUDPQuery(msg, 'validate') | |
572 | ||
573 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
574 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
575 | self.assertRRsetInAnswer(res, expected) | |
576 | self.assertNoRRSIGsInAnswer(res) | |
577 | ||
578 | ||
579 | ## Insecure | |
580 | def getQueryForInsecure(self, flags='', ednsflags=''): | |
581 | return self.createQuery('node1.insecure.example.', 'A', flags, ednsflags) | |
582 | ||
583 | ## | |
584 | # -AD -CD -DO | |
585 | ## | |
586 | def testOff_Insecure_None(self): | |
587 | msg = self.getQueryForInsecure() | |
588 | res = self.sendUDPQuery(msg, 'off') | |
589 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
590 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
591 | self.assertNoRRSIGsInAnswer(res) | |
592 | ||
d8319ad6 PL |
593 | def testProcessNoValidate_Insecure_None(self): |
594 | msg = self.getQueryForInsecure() | |
595 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
596 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
597 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
598 | self.assertNoRRSIGsInAnswer(res) | |
599 | ||
7568b07d PL |
600 | def testProcess_Insecure_None(self): |
601 | msg = self.getQueryForInsecure() | |
602 | res = self.sendUDPQuery(msg, 'process') | |
603 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
604 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
605 | self.assertNoRRSIGsInAnswer(res) | |
606 | ||
607 | def testValidate_Insecure_None(self): | |
608 | msg = self.getQueryForInsecure() | |
609 | res = self.sendUDPQuery(msg, 'validate') | |
610 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
611 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
612 | self.assertNoRRSIGsInAnswer(res) | |
613 | ||
614 | ## | |
615 | # +AD -CD -DO | |
616 | ## | |
617 | def testOff_Insecure_AD(self): | |
618 | msg = self.getQueryForInsecure('AD') | |
619 | res = self.sendUDPQuery(msg, 'off') | |
620 | ||
621 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
622 | self.assertNoRRSIGsInAnswer(res) | |
623 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
624 | ||
d8319ad6 PL |
625 | def testProcessNoValidate_Insecure_AD(self): |
626 | msg = self.getQueryForInsecure('AD') | |
627 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
628 | ||
629 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
630 | self.assertNoRRSIGsInAnswer(res) | |
631 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
632 | ||
7568b07d PL |
633 | def testProcess_Insecure_AD(self): |
634 | msg = self.getQueryForInsecure('AD') | |
635 | res = self.sendUDPQuery(msg, 'process') | |
636 | ||
637 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
638 | self.assertNoRRSIGsInAnswer(res) | |
639 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
640 | ||
641 | def testValidate_Insecure_AD(self): | |
642 | msg = self.getQueryForInsecure('AD') | |
643 | res = self.sendUDPQuery(msg, 'validate') | |
644 | ||
645 | self.assertMessageHasFlags(res, ['RD', 'RA', 'QR']) | |
646 | self.assertNoRRSIGsInAnswer(res) | |
647 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
648 | ||
649 | ## | |
650 | # +AD -CD +DO | |
651 | ## | |
652 | def testOff_Insecure_ADDO(self): | |
653 | msg = self.getQueryForInsecure('AD', 'DO') | |
654 | res = self.sendUDPQuery(msg, 'off') | |
655 | ||
656 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
657 | self.assertNoRRSIGsInAnswer(res) | |
658 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
659 | ||
d8319ad6 PL |
660 | def testProcessNoValidate_Insecure_ADDO(self): |
661 | msg = self.getQueryForInsecure('AD', 'DO') | |
662 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
663 | ||
664 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
665 | self.assertNoRRSIGsInAnswer(res) | |
666 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
667 | ||
7568b07d PL |
668 | def testProcess_Insecure_ADDO(self): |
669 | msg = self.getQueryForInsecure('AD', 'DO') | |
670 | res = self.sendUDPQuery(msg, 'process') | |
671 | ||
672 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
673 | self.assertNoRRSIGsInAnswer(res) | |
674 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
675 | ||
676 | def testValidate_Insecure_ADDO(self): | |
677 | msg = self.getQueryForInsecure('AD', 'DO') | |
678 | res = self.sendUDPQuery(msg, 'validate') | |
679 | ||
680 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
681 | self.assertNoRRSIGsInAnswer(res) | |
682 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
683 | ||
684 | ## | |
685 | # +AD +CD +DO | |
686 | ## | |
687 | def testOff_Insecure_ADDOCD(self): | |
688 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
689 | res = self.sendUDPQuery(msg, 'off') | |
690 | ||
7e6ad9dc | 691 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) |
7568b07d PL |
692 | self.assertNoRRSIGsInAnswer(res) |
693 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
694 | ||
d8319ad6 PL |
695 | def testProcessNoValidate_Insecure_ADDOCD(self): |
696 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
697 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
698 | ||
699 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
700 | self.assertNoRRSIGsInAnswer(res) | |
701 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
702 | ||
7568b07d PL |
703 | def testProcess_Insecure_ADDOCD(self): |
704 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
705 | res = self.sendUDPQuery(msg, 'process') | |
706 | ||
707 | self.assertMessageHasFlags(res, ['CD', 'QR', 'RA', 'RD'], ['DO']) | |
708 | self.assertNoRRSIGsInAnswer(res) | |
709 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
710 | ||
711 | def testValidate_Insecure_ADDOCD(self): | |
712 | msg = self.getQueryForInsecure('AD CD', 'DO') | |
713 | expected = dns.rrset.from_text('ns1.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.10'.format(prefix=self._PREFIX)) | |
714 | res = self.sendUDPQuery(msg, 'validate') | |
715 | ||
716 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
717 | self.assertNoRRSIGsInAnswer(res) | |
718 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
719 | ||
720 | ## | |
721 | # -AD -CD +DO | |
722 | ## | |
723 | def testOff_Insecure_DO(self): | |
724 | msg = self.getQueryForInsecure('', 'DO') | |
725 | res = self.sendUDPQuery(msg, 'off') | |
726 | ||
727 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
728 | self.assertNoRRSIGsInAnswer(res) | |
729 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
730 | ||
d8319ad6 PL |
731 | def testProcessNoValidate_Insecure_DO(self): |
732 | msg = self.getQueryForInsecure('', 'DO') | |
733 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
734 | ||
735 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
736 | self.assertNoRRSIGsInAnswer(res) | |
737 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
738 | ||
7568b07d PL |
739 | def testProcess_Insecure_DO(self): |
740 | msg = self.getQueryForInsecure('', 'DO') | |
741 | res = self.sendUDPQuery(msg, 'process') | |
742 | ||
743 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
744 | self.assertNoRRSIGsInAnswer(res) | |
745 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
746 | ||
747 | def testValidate_Insecure_DO(self): | |
748 | msg = self.getQueryForInsecure('', 'DO') | |
749 | res = self.sendUDPQuery(msg, 'validate') | |
750 | ||
751 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO']) | |
752 | self.assertNoRRSIGsInAnswer(res) | |
753 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
754 | ||
755 | ## | |
756 | # -AD +CD +DO | |
757 | ## | |
7568b07d PL |
758 | def testOff_Insecure_DOCD(self): |
759 | msg = self.getQueryForInsecure('CD', 'DO') | |
760 | res = self.sendUDPQuery(msg, 'off') | |
761 | ||
762 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
763 | self.assertNoRRSIGsInAnswer(res) | |
764 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
765 | ||
d8319ad6 PL |
766 | def testProcessNoValidate_Insecure_DOCD(self): |
767 | msg = self.getQueryForInsecure('CD', 'DO') | |
768 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
769 | ||
770 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
771 | self.assertNoRRSIGsInAnswer(res) | |
772 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
773 | ||
7568b07d PL |
774 | def testProcess_Insecure_DOCD(self): |
775 | msg = self.getQueryForInsecure('CD', 'DO') | |
776 | res = self.sendUDPQuery(msg, 'process') | |
777 | ||
778 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
779 | self.assertNoRRSIGsInAnswer(res) | |
780 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
781 | ||
782 | def testValidate_Insecure_DOCD(self): | |
783 | msg = self.getQueryForInsecure('CD', 'DO') | |
784 | res = self.sendUDPQuery(msg, 'validate') | |
785 | ||
786 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD'], ['DO']) | |
787 | self.assertNoRRSIGsInAnswer(res) | |
788 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
789 | ||
790 | ## | |
791 | # -AD +CD -DO | |
792 | ## | |
7568b07d PL |
793 | def testOff_Insecure_CD(self): |
794 | msg = self.getQueryForInsecure('CD') | |
795 | res = self.sendUDPQuery(msg, 'off') | |
796 | ||
797 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD']) | |
798 | self.assertNoRRSIGsInAnswer(res) | |
799 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
800 | ||
d8319ad6 PL |
801 | def testProcessNoValidate_Insecure_CD(self): |
802 | msg = self.getQueryForInsecure('CD') | |
803 | res = self.sendUDPQuery(msg, 'process-no-validate') | |
804 | ||
805 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
806 | self.assertNoRRSIGsInAnswer(res) | |
807 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
808 | ||
7568b07d PL |
809 | def testProcess_Insecure_CD(self): |
810 | msg = self.getQueryForInsecure('CD') | |
811 | res = self.sendUDPQuery(msg, 'process') | |
812 | ||
813 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
814 | self.assertNoRRSIGsInAnswer(res) | |
815 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
816 | ||
817 | def testValidate_Insecure_CD(self): | |
818 | msg = self.getQueryForInsecure('CD') | |
819 | res = self.sendUDPQuery(msg, 'validate') | |
820 | ||
821 | self.assertMessageHasFlags(res, ['QR', 'RA', 'RD', 'CD']) | |
822 | self.assertNoRRSIGsInAnswer(res) | |
823 | self.assertRcodeEqual(res, dns.rcode.NOERROR) |