]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.recursor-dnssec/test_RootNXTrust.py
4 from recursortests
import RecursorTest
6 class RootNXTrustRecursorTest(RecursorTest
):
8 def getOutgoingQueriesCount(self
):
9 headers
= {'x-api-key': self
._apiKey
}
10 url
= 'http://127.0.0.1:' + str(self
._wsPort
) + '/api/v1/servers/localhost/statistics'
11 r
= requests
.get(url
, headers
=headers
, timeout
=self
._wsTimeout
)
13 self
.assertEquals(r
.status_code
, 200)
14 self
.assertTrue(r
.json())
17 if entry
['name'] == 'all-outqueries':
18 return int(entry
['value'])
22 class testRootNXTrustDisabled(RootNXTrustRecursorTest
):
23 _confdir
= 'RootNXTrustDisabled'
26 _wsPassword
= 'secretpassword'
27 _apiKey
= 'secretapikey'
29 _config_template
= """
33 webserver-address=127.0.0.1
36 """ % (_wsPort
, _wsPassword
, _apiKey
)
38 def testRootNXTrust(self
):
40 Check that, with root-nx-trust disabled, we still query the root for www2.nx-example.
41 after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
44 # first query nx.example.
45 before
= self
.getOutgoingQueriesCount()
46 query
= dns
.message
.make_query('www.nx-example.', 'A')
47 res
= self
.sendUDPQuery(query
)
49 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
51 self
.assertAuthorityHasSOA(res
)
53 # check that we sent one query to the root
54 after
= self
.getOutgoingQueriesCount()
55 self
.assertEqual(after
, before
+ 1)
57 # then query nx2.example.
59 query
= dns
.message
.make_query('www2.nx-example.', 'A')
60 res
= self
.sendUDPQuery(query
)
62 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
63 self
.assertAuthorityHasSOA(res
)
65 after
= self
.getOutgoingQueriesCount()
66 self
.assertEqual(after
, before
+ 1)
68 class testRootNXTrustEnabled(RootNXTrustRecursorTest
):
69 _confdir
= 'RootNXTrustEnabled'
72 _wsPassword
= 'secretpassword'
73 _apiKey
= 'secretapikey'
75 _config_template
= """
79 webserver-address=127.0.0.1
82 """ % (_wsPort
, _wsPassword
, _apiKey
)
84 def testRootNXTrust(self
):
86 Check that, with root-nx-trust enabled, we don't query the root for www2.nx-example.
87 after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
90 # first query nx.example.
91 before
= self
.getOutgoingQueriesCount()
92 query
= dns
.message
.make_query('www.nx-example.', 'A')
93 res
= self
.sendUDPQuery(query
)
95 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
97 self
.assertAuthorityHasSOA(res
)
99 # check that we sent one query to the root
100 after
= self
.getOutgoingQueriesCount()
101 self
.assertEqual(after
, before
+ 1)
103 # then query nx2.example.
105 query
= dns
.message
.make_query('www2.nx-example.', 'A')
106 res
= self
.sendUDPQuery(query
)
108 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
109 self
.assertAuthorityHasSOA(res
)
111 after
= self
.getOutgoingQueriesCount()
112 self
.assertEqual(after
, before
)