regression-tests.recursor-dnssec/test_TrustAnchors.py

   1 import dns
   2 from recursortests import RecursorTest
   3
   4
   5 class testTrustAnchorsEnabled(RecursorTest):
   6     """This test will do a query for "trustanchor.server CH TXT" and hopes to get
   7     a proper answer"""
   8
   9     _auth_zones = None
  10     _confdir = 'TrustAnchorsEnabled'
  11     _roothints = None
  12     _root_DS = None
  13     _lua_config_file = """
  14 addDS("powerdns.com", "44030 8 1 B763646757DF621DD1204AD3BFA0675B49BE3279")
  15 addNTA("example")
  16 addNTA("example.com", "some reason")
  17 """
  18
  19     def testTrustanchorDotServer(self):
  20         expected = dns.rrset.from_text_list(
  21             'trustanchor.server.', 86400, dns.rdataclass.CH, 'TXT',
  22             ['". 19036 20326"', '"powerdns.com. 44030"'])
  23         query = dns.message.make_query('trustanchor.server', 'TXT',
  24                                        dns.rdataclass.CH)
  25         result = self.sendUDPQuery(query)
  26
  27         self.assertRcodeEqual(result, dns.rcode.NOERROR)
  28         self.assertRRsetInAnswer(result, expected)
  29
  30     def testNegativerustanchorDotServer(self):
  31         expected = dns.rrset.from_text_list(
  32             'negativetrustanchor.server.', 86400, dns.rdataclass.CH, 'TXT',
  33             ['"example."', '"example.com. some reason"'])
  34         query = dns.message.make_query('negativetrustanchor.server', 'TXT',
  35                                        dns.rdataclass.CH)
  36         result = self.sendUDPQuery(query)
  37
  38         self.assertRcodeEqual(result, dns.rcode.NOERROR)
  39         self.assertRRsetInAnswer(result, expected)
  40
  41
  42 class testTrustAnchorsDisabled(RecursorTest):
  43     """This test will do a query for "trustanchor.server CH TXT" and hopes to get
  44     a proper answer"""
  45
  46     _auth_zones = None
  47     _confdir = 'TrustAnchorsDisabled'
  48     _roothints = None
  49     _root_DS = None
  50     _config_template = """
  51     allow-trust-anchor-query=no
  52 """
  53
  54     def testTrustanchorDotServer(self):
  55         query = dns.message.make_query('trustanchor.server', 'TXT',
  56                                        dns.rdataclass.CH)
  57         result = self.sendUDPQuery(query)
  58
  59         self.assertRcodeEqual(result, dns.rcode.SERVFAIL)
  60
  61     def testNegativerustanchorDotServer(self):
  62         query = dns.message.make_query('negativetrustanchor.server', 'TXT',
  63                                        dns.rdataclass.CH)
  64         result = self.sendUDPQuery(query)
  65
  66         self.assertRcodeEqual(result, dns.rcode.SERVFAIL)