]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.recursor-dnssec/test_RootNXTrust.py
7 from recursortests
import RecursorTest
9 class RootNXTrustRecursorTest(RecursorTest
):
11 def getOutgoingQueriesCount(self
):
12 headers
= {'x-api-key': self
._apiKey
}
13 url
= 'http://127.0.0.1:' + str(self
._wsPort
) + '/api/v1/servers/localhost/statistics'
14 r
= requests
.get(url
, headers
=headers
, timeout
=self
._wsTimeout
)
16 self
.assertEqual(r
.status_code
, 200)
17 self
.assertTrue(r
.json())
20 if entry
['name'] == 'all-outqueries':
21 return int(entry
['value'])
25 # Recursor can still be busy resolving root hints, so wait a bit until
26 # getOutgoingQueriesCount() stabilizes.
27 # Code below is inherently racey, but better than a fixed sleep
28 def waitForOutgoingToStabilize(self
):
29 for count
in range(20):
30 outgoing1
= self
.getOutgoingQueriesCount();
32 outgoing2
= self
.getOutgoingQueriesCount();
33 if outgoing1
== outgoing2
:
36 class testRootNXTrustDisabled(RootNXTrustRecursorTest
):
37 _confdir
= 'RootNXTrustDisabled'
40 _wsPassword
= 'secretpassword'
41 _apiKey
= 'secretapikey'
43 _config_template
= """
48 webserver-address=127.0.0.1
51 devonly-regression-test-mode
52 extended-resolution-errors
53 """ % (_wsPort
, _wsPassword
, _apiKey
)
55 def testRootNXTrust(self
):
57 Check that, with root-nx-trust disabled, we still query the root for www2.nx-example.
58 after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
61 self
.waitForTCPSocket("127.0.0.1", self
._wsPort
)
62 self
.waitForOutgoingToStabilize()
63 # First query nx.example.
64 before
= self
.getOutgoingQueriesCount()
65 query
= dns
.message
.make_query('www.nx-example.', 'A')
66 res
= self
.sendUDPQuery(query
)
68 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
70 self
.assertAuthorityHasSOA(res
)
72 # check that we sent one query to the root
73 after
= self
.getOutgoingQueriesCount()
74 self
.assertEqual(after
, before
+ 1)
76 # then query nx2.example.
78 query
= dns
.message
.make_query('www2.nx-example.', 'A', use_edns
=True)
79 res
= self
.sendUDPQuery(query
)
81 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
82 self
.assertAuthorityHasSOA(res
)
84 after
= self
.getOutgoingQueriesCount()
85 self
.assertEqual(after
, before
+ 1)
86 self
.assertEqual(res
.edns
, 0)
87 self
.assertEqual(len(res
.options
), 0)
89 class testRootNXTrustEnabled(RootNXTrustRecursorTest
):
90 _confdir
= 'RootNXTrustEnabled'
93 _wsPassword
= 'secretpassword'
94 _apiKey
= 'secretapikey'
96 _config_template
= """
100 webserver-address=127.0.0.1
101 webserver-password=%s
103 devonly-regression-test-mode
104 extended-resolution-errors
105 """ % (_wsPort
, _wsPassword
, _apiKey
)
107 def testRootNXTrust(self
):
109 Check that, with root-nx-trust enabled, we don't query the root for www2.nx-example.
110 after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
113 self
.waitForTCPSocket("127.0.0.1", self
._wsPort
)
114 self
.waitForOutgoingToStabilize()
115 # first query nx.example.
116 before
= self
.getOutgoingQueriesCount()
117 query
= dns
.message
.make_query('www.nx-example.', 'A')
118 res
= self
.sendUDPQuery(query
)
120 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
122 self
.assertAuthorityHasSOA(res
)
124 # check that we sent one query to the root
125 after
= self
.getOutgoingQueriesCount()
126 self
.assertEqual(after
, before
+ 1)
128 # then query nx2.example.
130 query
= dns
.message
.make_query('www2.nx-example.', 'A', use_edns
=True)
131 res
= self
.sendUDPQuery(query
)
133 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
134 self
.assertAuthorityHasSOA(res
)
136 after
= self
.getOutgoingQueriesCount()
137 self
.assertEqual(after
, before
)
138 self
.assertEqual(res
.edns
, 0)
139 self
.assertEqual(len(res
.options
), 1)
140 self
.assertEqual(res
.options
[0].otype
, 15)
141 self
.assertEqual(res
.options
[0], extendederrors
.ExtendedErrorOption(29, b
'Result synthesized by root-nx-trust'))