Merge pull request #13874 from fredmorcos/remotebackend-test-fixes

[thirdparty/pdns.git] / regression-tests.recursor-dnssec / test_Expired.py

diff --git a/regression-tests.recursor-dnssec/test_Expired.py b/regression-tests.recursor-dnssec/test_Expired.py
index 7ef785d1d549e43e47fffedf7b6d6c48e117140c..14c4948ecdc1e0fbdee469a82abc43bdc116c59f 100644 (file)
--- a/regression-tests.recursor-dnssec/test_Expired.py
+++ b/regression-tests.recursor-dnssec/test_Expired.py
@@ -4,6 +4,7 @@ import subprocess
 import time
 
 import dns
+import extendederrors
 from recursortests import RecursorTest
 
 
@@ -24,3 +25,31 @@ class testExpired(RecursorTest):
         res = self.sendUDPQuery(query)
 
         self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
+
+class testExpiredWithEDE(RecursorTest):
+    """This regression test starts the authoritative servers with a clock that is
+    set 15 days into the past. Hence, the recursor must reject the signatures
+    because they are expired.
+    """
+    _confdir = 'ExpiredWithEDE'
+
+    _config_template = """
+    dnssec=validate
+    extended-resolution-errors=yes
+    """
+
+    _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'),
+                 'FAKETIME':'-15d'}
+
+    def testA(self):
+        qname = 'host1.secure.example'
+        query = dns.message.make_query(qname, 'A', want_dnssec=True)
+
+        for method in ("sendUDPQuery", "sendTCPQuery"):
+            sender = getattr(self, method)
+            res = sender(query, timeout=5.0)
+            self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
+            self.assertEqual(res.edns, 0)
+            self.assertEqual(len(res.options), 1)
+            self.assertEqual(res.options[0].otype, 15)
+            self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(7, b''))