]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.recursor-dnssec/test_RootNXTrust.py
4 from recursortests
import RecursorTest
6 class RootNXTrustRecursorTest(RecursorTest
):
8 def getOutgoingQueriesCount(self
):
9 headers
= {'x-api-key': self
._apiKey
}
10 url
= 'http://127.0.0.1:' + str(self
._wsPort
) + '/api/v1/servers/localhost/statistics'
11 r
= requests
.get(url
, headers
=headers
, timeout
=self
._wsTimeout
)
13 self
.assertEquals(r
.status_code
, 200)
14 self
.assertTrue(r
.json())
17 if entry
['name'] == 'all-outqueries':
18 return int(entry
['value'])
22 class testRootNXTrustDisabled(RootNXTrustRecursorTest
):
23 _confdir
= 'RootNXTrustDisabled'
26 _wsPassword
= 'secretpassword'
27 _apiKey
= 'secretapikey'
29 _config_template
= """
34 webserver-address=127.0.0.1
37 """ % (_wsPort
, _wsPassword
, _apiKey
)
39 def testRootNXTrust(self
):
41 Check that, with root-nx-trust disabled, we still query the root for www2.nx-example.
42 after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
45 # first query nx.example.
46 before
= self
.getOutgoingQueriesCount()
47 query
= dns
.message
.make_query('www.nx-example.', 'A')
48 res
= self
.sendUDPQuery(query
)
50 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
52 self
.assertAuthorityHasSOA(res
)
54 # check that we sent one query to the root
55 after
= self
.getOutgoingQueriesCount()
56 self
.assertEqual(after
, before
+ 1)
58 # then query nx2.example.
60 query
= dns
.message
.make_query('www2.nx-example.', 'A')
61 res
= self
.sendUDPQuery(query
)
63 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
64 self
.assertAuthorityHasSOA(res
)
66 after
= self
.getOutgoingQueriesCount()
67 self
.assertEqual(after
, before
+ 1)
69 class testRootNXTrustEnabled(RootNXTrustRecursorTest
):
70 _confdir
= 'RootNXTrustEnabled'
73 _wsPassword
= 'secretpassword'
74 _apiKey
= 'secretapikey'
76 _config_template
= """
80 webserver-address=127.0.0.1
83 """ % (_wsPort
, _wsPassword
, _apiKey
)
85 def testRootNXTrust(self
):
87 Check that, with root-nx-trust enabled, we don't query the root for www2.nx-example.
88 after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
91 # first query nx.example.
92 before
= self
.getOutgoingQueriesCount()
93 query
= dns
.message
.make_query('www.nx-example.', 'A')
94 res
= self
.sendUDPQuery(query
)
96 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
98 self
.assertAuthorityHasSOA(res
)
100 # check that we sent one query to the root
101 after
= self
.getOutgoingQueriesCount()
102 self
.assertEqual(after
, before
+ 1)
104 # then query nx2.example.
106 query
= dns
.message
.make_query('www2.nx-example.', 'A')
107 res
= self
.sendUDPQuery(query
)
109 self
.assertRcodeEqual(res
, dns
.rcode
.NXDOMAIN
)
110 self
.assertAuthorityHasSOA(res
)
112 after
= self
.getOutgoingQueriesCount()
113 self
.assertEqual(after
, before
)