[thirdparty/pdns.git] / regression-tests.recursor-dnssec / test_RootNXTrust.py

import dns
import requests
import socket
from recursortests import RecursorTest

class RootNXTrustRecursorTest(RecursorTest):

    def getOutgoingQueriesCount(self):
        headers = {'x-api-key': self._apiKey}
        url = 'http://127.0.0.1:' + str(self._wsPort) + '/api/v1/servers/localhost/statistics'
        r = requests.get(url, headers=headers, timeout=self._wsTimeout)
        self.assertTrue(r)
        self.assertEquals(r.status_code, 200)
        self.assertTrue(r.json())
        content = r.json()
        for entry in content:
            if entry['name'] == 'all-outqueries':
                return int(entry['value'])

        return 0

class testRootNXTrustDisabled(RootNXTrustRecursorTest):
    _confdir = 'RootNXTrustDisabled'
    _wsPort = 8042
    _wsTimeout = 2
    _wsPassword = 'secretpassword'
    _apiKey = 'secretapikey'

    _config_template = """
root-nx-trust=no
webserver=yes
webserver-port=%d
webserver-address=127.0.0.1
webserver-password=%s
api-key=%s
""" % (_wsPort, _wsPassword, _apiKey)

    def testRootNXTrust(self):
        """
        Check that, with root-nx-trust disabled, we still query the root for www2.nx-example.
        after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
        """

        # first query nx.example.
        before = self.getOutgoingQueriesCount()
        query = dns.message.make_query('www.nx-example.', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
        print(res)
        self.assertAuthorityHasSOA(res)

        # check that we sent one query to the root
        after = self.getOutgoingQueriesCount()
        self.assertEqual(after, before + 1)

        # then query nx2.example.
        before = after
        query = dns.message.make_query('www2.nx-example.', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
        self.assertAuthorityHasSOA(res)

        after = self.getOutgoingQueriesCount()
        self.assertEqual(after, before + 1)

class testRootNXTrustEnabled(RootNXTrustRecursorTest):
    _confdir = 'RootNXTrustEnabled'
    _wsPort = 8042
    _wsTimeout = 2
    _wsPassword = 'secretpassword'
    _apiKey = 'secretapikey'

    _config_template = """
root-nx-trust=yes
webserver=yes
webserver-port=%d
webserver-address=127.0.0.1
webserver-password=%s
api-key=%s
""" % (_wsPort, _wsPassword, _apiKey)

    def testRootNXTrust(self):
        """
        Check that, with root-nx-trust enabled, we don't query the root for www2.nx-example.
        after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
        """

        # first query nx.example.
        before = self.getOutgoingQueriesCount()
        query = dns.message.make_query('www.nx-example.', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
        print(res)
        self.assertAuthorityHasSOA(res)

        # check that we sent one query to the root
        after = self.getOutgoingQueriesCount()
        self.assertEqual(after, before + 1)

        # then query nx2.example.
        before = after
        query = dns.message.make_query('www2.nx-example.', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
        self.assertAuthorityHasSOA(res)

        after = self.getOutgoingQueriesCount()
        self.assertEqual(after, before)
Commit	Line	Data
fc89e57c RG	1	import dns
	2	import requests
	3	import socket
	4	from recursortests import RecursorTest
	5
	6	class RootNXTrustRecursorTest(RecursorTest):
	7
	8	def getOutgoingQueriesCount(self):
	9	headers = {'x-api-key': self._apiKey}
	10	url = 'http://127.0.0.1:' + str(self._wsPort) + '/api/v1/servers/localhost/statistics'
	11	r = requests.get(url, headers=headers, timeout=self._wsTimeout)
	12	self.assertTrue(r)
	13	self.assertEquals(r.status_code, 200)
	14	self.assertTrue(r.json())
	15	content = r.json()
	16	for entry in content:
	17	if entry['name'] == 'all-outqueries':
	18	return int(entry['value'])
	19
	20	return 0
	21
	22	class testRootNXTrustDisabled(RootNXTrustRecursorTest):
	23	_confdir = 'RootNXTrustDisabled'
	24	_wsPort = 8042
	25	_wsTimeout = 2
	26	_wsPassword = 'secretpassword'
	27	_apiKey = 'secretapikey'
	28
	29	_config_template = """
	30	root-nx-trust=no
	31	webserver=yes
	32	webserver-port=%d
	33	webserver-address=127.0.0.1
	34	webserver-password=%s
	35	api-key=%s
	36	""" % (_wsPort, _wsPassword, _apiKey)
	37
	38	def testRootNXTrust(self):
	39	"""
	40	Check that, with root-nx-trust disabled, we still query the root for www2.nx-example.
	41	after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
	42	"""
	43
	44	# first query nx.example.
	45	before = self.getOutgoingQueriesCount()
	46	query = dns.message.make_query('www.nx-example.', 'A')
	47	res = self.sendUDPQuery(query)
	48
	49	self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
	50	print(res)
	51	self.assertAuthorityHasSOA(res)
	52
	53	# check that we sent one query to the root
	54	after = self.getOutgoingQueriesCount()
	55	self.assertEqual(after, before + 1)
	56
	57	# then query nx2.example.
	58	before = after
	59	query = dns.message.make_query('www2.nx-example.', 'A')
	60	res = self.sendUDPQuery(query)
	61
	62	self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
	63	self.assertAuthorityHasSOA(res)
	64
65	after = self.getOutgoingQueriesCount()
66	self.assertEqual(after, before + 1)
67
68	class testRootNXTrustEnabled(RootNXTrustRecursorTest):
69	_confdir = 'RootNXTrustEnabled'
70	_wsPort = 8042
71	_wsTimeout = 2
72	_wsPassword = 'secretpassword'
73	_apiKey = 'secretapikey'
74
75	_config_template = """
76	root-nx-trust=yes
77	webserver=yes
78	webserver-port=%d
79	webserver-address=127.0.0.1
80	webserver-password=%s
81	api-key=%s
82	""" % (_wsPort, _wsPassword, _apiKey)
83
84	def testRootNXTrust(self):
85	"""
86	Check that, with root-nx-trust enabled, we don't query the root for www2.nx-example.
87	after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
88	"""
89
90	# first query nx.example.
91	before = self.getOutgoingQueriesCount()
92	query = dns.message.make_query('www.nx-example.', 'A')
93	res = self.sendUDPQuery(query)
94
95	self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
96	print(res)
97	self.assertAuthorityHasSOA(res)
98
99	# check that we sent one query to the root
100	after = self.getOutgoingQueriesCount()
101	self.assertEqual(after, before + 1)
102
103	# then query nx2.example.
104	before = after
105	query = dns.message.make_query('www2.nx-example.', 'A')
106	res = self.sendUDPQuery(query)
107
108	self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
109	self.assertAuthorityHasSOA(res)
110
111	after = self.getOutgoingQueriesCount()
112	self.assertEqual(after, before)