Merge pull request #13841 from mind04/auth-include-ns

[thirdparty/pdns.git] / regression-tests.recursor-dnssec / basicDNSSEC.py

diff --git a/regression-tests.recursor-dnssec/basicDNSSEC.py b/regression-tests.recursor-dnssec/basicDNSSEC.py
index 04fc82308914709df473c0df294e59f586d81f5d..4a71292e9b55d8fdcd8594dcb9e9c3a252b8d8a8 100644 (file)
--- a/regression-tests.recursor-dnssec/basicDNSSEC.py
+++ b/regression-tests.recursor-dnssec/basicDNSSEC.py
@@ -25,6 +25,14 @@ class BasicDNSSEC(RecursorTest):
         self.assertNoRRSIGsInAnswer(res)
         self.assertRcodeEqual(res, dns.rcode.NOERROR)
 
+        # now we request the DS for insecure.example., which does not exist,
+        # to check that we correctly get the SOA and not just the denial proof
+        # that the recursor received on the delegation from example. to insecure.example.
+        res = self.sendQuery('insecure.example.', 'DS')
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.assertMessageIsAuthenticated(res)
+        self.assertAuthorityHasSOA(res)
+
     def testBogusAnswer(self):
         res = self.sendQuery('ted.bogus.example.', 'A')
 
@@ -95,7 +103,7 @@ class BasicDNSSEC(RecursorTest):
     def testSecureCNAMEWildCardNXDOMAIN(self):
         # the answer to this query reaches the UDP truncation threshold, so let's use TCP
         res = self.sendQuery('something.cnamewildcardnxdomain.secure.example.', 'A', useTCP=True)
-        expectedCNAME = dns.rrset.from_text('something.cnamewildcardnxdomain.secure.example.', 0, dns.rdataclass.IN, 'CNAME', 'doesntexist.secure.example.')
+        expectedCNAME = dns.rrset.from_text('something.cnamewildcardnxdomain.secure.example.', 0, dns.rdataclass.IN, 'CNAME', 'doesnotexist.secure.example.')
 
         self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
         self.assertMatchingRRSIGInAnswer(res, expectedCNAME)