]>
git.ipfire.org Git - thirdparty/pdns.git/blob - regression-tests.recursor-dnssec/test_Simple.py
3 from recursortests
import RecursorTest
5 class testSimple(RecursorTest
):
8 _config_template
= """dnssec=validate
9 auth-zones=authzone.example=configs/%s/authzone.zone""" % _confdir
12 def generateRecursorConfig(cls
, confdir
):
13 authzonepath
= os
.path
.join(confdir
, 'authzone.zone')
14 with
open(authzonepath
, 'w') as authzone
:
15 authzone
.write("""$ORIGIN authzone.example.
17 @ 3600 IN A 192.0.2.88
18 """.format(soa
=cls
._SOA
))
19 super(testSimple
, cls
).generateRecursorConfig(confdir
)
22 for zone
in ['.', 'example.', 'secure.example.']:
23 expected
= dns
.rrset
.from_text(zone
, 0, dns
.rdataclass
.IN
, 'SOA', self
._SOA
)
24 query
= dns
.message
.make_query(zone
, 'SOA', want_dnssec
=True)
25 query
.flags |
= dns
.flags
.AD
27 res
= self
.sendUDPQuery(query
)
29 self
.assertMessageIsAuthenticated(res
)
30 self
.assertRRsetInAnswer(res
, expected
)
31 self
.assertMatchingRRSIGInAnswer(res
, expected
)
34 expected
= dns
.rrset
.from_text('ns.secure.example.', 0, dns
.rdataclass
.IN
, 'A', '{prefix}.9'.format(prefix
=self
._PREFIX
))
35 query
= dns
.message
.make_query('ns.secure.example', 'A', want_dnssec
=True)
36 query
.flags |
= dns
.flags
.AD
38 res
= self
.sendUDPQuery(query
)
40 self
.assertMessageIsAuthenticated(res
)
41 self
.assertRRsetInAnswer(res
, expected
)
42 self
.assertMatchingRRSIGInAnswer(res
, expected
)
44 def testDelegation(self
):
45 query
= dns
.message
.make_query('example', 'NS', want_dnssec
=True)
46 query
.flags |
= dns
.flags
.AD
48 expectedNS
= dns
.rrset
.from_text('example.', 0, 'IN', 'NS', 'ns1.example.', 'ns2.example.')
50 res
= self
.sendUDPQuery(query
)
52 self
.assertMessageIsAuthenticated(res
)
53 self
.assertRRsetInAnswer(res
, expectedNS
)
56 query
= dns
.message
.make_query('ted.bogus.example', 'A', want_dnssec
=True)
58 res
= self
.sendUDPQuery(query
)
60 self
.assertRcodeEqual(res
, dns
.rcode
.SERVFAIL
)
62 def testAuthZone(self
):
63 query
= dns
.message
.make_query('authzone.example', 'A', want_dnssec
=True)
65 expectedA
= dns
.rrset
.from_text('authzone.example.', 0, 'IN', 'A', '192.0.2.88')
67 res
= self
.sendUDPQuery(query
)
69 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
70 self
.assertRRsetInAnswer(res
, expectedA
)
72 def testLocalhost(self
):
73 queryA
= dns
.message
.make_query('localhost', 'A', want_dnssec
=True)
74 expectedA
= dns
.rrset
.from_text('localhost.', 0, 'IN', 'A', '127.0.0.1')
76 queryPTR
= dns
.message
.make_query('1.0.0.127.in-addr.arpa', 'PTR', want_dnssec
=True)
77 expectedPTR
= dns
.rrset
.from_text('1.0.0.127.in-addr.arpa.', 0, 'IN', 'PTR', 'localhost.')
79 resA
= self
.sendUDPQuery(queryA
)
80 resPTR
= self
.sendUDPQuery(queryPTR
)
82 self
.assertRcodeEqual(resA
, dns
.rcode
.NOERROR
)
83 self
.assertRRsetInAnswer(resA
, expectedA
)
85 self
.assertRcodeEqual(resPTR
, dns
.rcode
.NOERROR
)
86 self
.assertRRsetInAnswer(resPTR
, expectedPTR
)
88 def testLocalhostSubdomain(self
):
89 queryA
= dns
.message
.make_query('foo.localhost', 'A', want_dnssec
=True)
90 expectedA
= dns
.rrset
.from_text('foo.localhost.', 0, 'IN', 'A', '127.0.0.1')
92 resA
= self
.sendUDPQuery(queryA
)
94 self
.assertRcodeEqual(resA
, dns
.rcode
.NOERROR
)
95 self
.assertRRsetInAnswer(resA
, expectedA
)
97 def testIslandOfSecurity(self
):
98 query
= dns
.message
.make_query('cname-to-islandofsecurity.secure.example.', 'A', want_dnssec
=True)
100 expectedCNAME
= dns
.rrset
.from_text('cname-to-islandofsecurity.secure.example.', 0, 'IN', 'CNAME', 'node1.islandofsecurity.example.')
101 expectedA
= dns
.rrset
.from_text('node1.islandofsecurity.example.', 0, 'IN', 'A', '192.0.2.20')
103 res
= self
.sendUDPQuery(query
)
105 self
.assertRcodeEqual(res
, dns
.rcode
.NOERROR
)
106 self
.assertRRsetInAnswer(res
, expectedA
)