]>
Commit | Line | Data |
---|---|---|
9883d3f9 OM |
1 | import dns |
2 | import os | |
3 | from recursortests import RecursorTest | |
4 | ||
5 | class testSimple(RecursorTest): | |
6 | _confdir = 'Simple' | |
7 | ||
8 | _config_template = """ | |
9 | recursor: | |
10 | auth_zones: | |
11 | - zone: authzone.example | |
12 | file: configs/%s/authzone.zone | |
13 | dnssec: | |
14 | validation: validate""" % _confdir | |
15 | ||
16 | @classmethod | |
17 | def generateRecursorConfig(cls, confdir): | |
18 | authzonepath = os.path.join(confdir, 'authzone.zone') | |
19 | with open(authzonepath, 'w') as authzone: | |
20 | authzone.write("""$ORIGIN authzone.example. | |
21 | @ 3600 IN SOA {soa} | |
22 | @ 3600 IN A 192.0.2.88 | |
23 | """.format(soa=cls._SOA)) | |
24 | super(testSimple, cls).generateRecursorYamlConfig(confdir) | |
25 | ||
26 | def testSOAs(self): | |
27 | for zone in ['.', 'example.', 'secure.example.']: | |
28 | expected = dns.rrset.from_text(zone, 0, dns.rdataclass.IN, 'SOA', self._SOA) | |
29 | query = dns.message.make_query(zone, 'SOA', want_dnssec=True) | |
30 | query.flags |= dns.flags.AD | |
31 | ||
32 | res = self.sendUDPQuery(query) | |
33 | ||
34 | self.assertMessageIsAuthenticated(res) | |
35 | self.assertRRsetInAnswer(res, expected) | |
36 | self.assertMatchingRRSIGInAnswer(res, expected) | |
37 | ||
38 | def testA(self): | |
39 | expected = dns.rrset.from_text('ns.secure.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.9'.format(prefix=self._PREFIX)) | |
40 | query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True) | |
41 | query.flags |= dns.flags.AD | |
42 | ||
43 | res = self.sendUDPQuery(query) | |
44 | ||
45 | self.assertMessageIsAuthenticated(res) | |
46 | self.assertRRsetInAnswer(res, expected) | |
47 | self.assertMatchingRRSIGInAnswer(res, expected) | |
48 | ||
49 | def testDelegation(self): | |
50 | query = dns.message.make_query('example', 'NS', want_dnssec=True) | |
51 | query.flags |= dns.flags.AD | |
52 | ||
53 | expectedNS = dns.rrset.from_text('example.', 0, 'IN', 'NS', 'ns1.example.', 'ns2.example.') | |
54 | ||
55 | res = self.sendUDPQuery(query) | |
56 | ||
57 | self.assertMessageIsAuthenticated(res) | |
58 | self.assertRRsetInAnswer(res, expectedNS) | |
59 | ||
60 | def testBogus(self): | |
61 | query = dns.message.make_query('ted.bogus.example', 'A', want_dnssec=True) | |
62 | ||
63 | res = self.sendUDPQuery(query) | |
64 | ||
65 | self.assertRcodeEqual(res, dns.rcode.SERVFAIL) | |
66 | ||
67 | def testAuthZone(self): | |
68 | query = dns.message.make_query('authzone.example', 'A', want_dnssec=True) | |
69 | ||
70 | expectedA = dns.rrset.from_text('authzone.example.', 0, 'IN', 'A', '192.0.2.88') | |
71 | ||
72 | res = self.sendUDPQuery(query) | |
73 | ||
74 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
75 | self.assertRRsetInAnswer(res, expectedA) | |
76 | ||
77 | def testLocalhost(self): | |
78 | queryA = dns.message.make_query('localhost', 'A', want_dnssec=True) | |
79 | expectedA = dns.rrset.from_text('localhost.', 0, 'IN', 'A', '127.0.0.1') | |
80 | ||
81 | queryPTR = dns.message.make_query('1.0.0.127.in-addr.arpa', 'PTR', want_dnssec=True) | |
82 | expectedPTR = dns.rrset.from_text('1.0.0.127.in-addr.arpa.', 0, 'IN', 'PTR', 'localhost.') | |
83 | ||
84 | resA = self.sendUDPQuery(queryA) | |
85 | resPTR = self.sendUDPQuery(queryPTR) | |
86 | ||
87 | self.assertRcodeEqual(resA, dns.rcode.NOERROR) | |
88 | self.assertRRsetInAnswer(resA, expectedA) | |
89 | ||
90 | self.assertRcodeEqual(resPTR, dns.rcode.NOERROR) | |
91 | self.assertRRsetInAnswer(resPTR, expectedPTR) | |
92 | ||
93 | def testLocalhostSubdomain(self): | |
94 | queryA = dns.message.make_query('foo.localhost', 'A', want_dnssec=True) | |
95 | expectedA = dns.rrset.from_text('foo.localhost.', 0, 'IN', 'A', '127.0.0.1') | |
96 | ||
97 | resA = self.sendUDPQuery(queryA) | |
98 | ||
99 | self.assertRcodeEqual(resA, dns.rcode.NOERROR) | |
100 | self.assertRRsetInAnswer(resA, expectedA) | |
101 | ||
102 | def testIslandOfSecurity(self): | |
103 | query = dns.message.make_query('cname-to-islandofsecurity.secure.example.', 'A', want_dnssec=True) | |
104 | ||
105 | expectedCNAME = dns.rrset.from_text('cname-to-islandofsecurity.secure.example.', 0, 'IN', 'CNAME', 'node1.islandofsecurity.example.') | |
106 | expectedA = dns.rrset.from_text('node1.islandofsecurity.example.', 0, 'IN', 'A', '192.0.2.20') | |
107 | ||
108 | res = self.sendUDPQuery(query) | |
109 | ||
110 | self.assertRcodeEqual(res, dns.rcode.NOERROR) | |
111 | self.assertRRsetInAnswer(res, expectedA) | |
112 |