Add a few tests for the PacketCache TTLs:

- ordinary records case
- NXDomain and NoData cases
- ServFail case

The "no answer and no auth records" is not possible to generate using an Auth Zone afaik.

diff --git a/regression-tests.recursor-dnssec/test_PacketCache.py b/regression-tests.recursor-dnssec/test_PacketCache.py
index e2be43a2dfd9a7762afc3f45a09cc9f5945bd97b..aaaa0700f09ab75ba1e7e2e88a1fc7e0ad1a21ab 100644 (file)
--- a/regression-tests.recursor-dnssec/test_PacketCache.py
+++ b/regression-tests.recursor-dnssec/test_PacketCache.py
@@ -3,6 +3,7 @@ import cookiesoption
 import dns
 import os
 import requests
+import subprocess
 
 from recursortests import RecursorTest
 
@@ -19,7 +20,8 @@ class PacketCacheRecursorTest(RecursorTest):
     _wsPassword = 'secretpassword'
     _apiKey = 'secretapikey'
     _config_template = """
-    packetcache-ttl=60
+    packetcache-ttl=10
+    packetcache-servfail-ttl=5
     auth-zones=example=configs/%s/example.zone
     webserver=yes
     webserver-port=%d
@@ -39,6 +41,7 @@ b 3600 IN A 192.0.2.42
 c 3600 IN A 192.0.2.42
 d 3600 IN A 192.0.2.42
 e 3600 IN A 192.0.2.42
+f 3600 IN CNAME f            ; CNAME loop: dirty trick to get a ServFail in an authzone
 """.format(soa=cls._SOA))
         super(PacketCacheRecursorTest, cls).generateRecursorConfig(confdir)
 
@@ -136,3 +139,37 @@ e 3600 IN A 192.0.2.42
         self.assertRcodeEqual(res, dns.rcode.NOERROR)
         self.assertRRsetInAnswer(res, expected)
         self.checkPacketCacheMetrics(6, 4)
+
+        # NXDomain should get default packetcache TTL (10)
+        query = dns.message.make_query('nxdomain.example.', 'A', want_dnssec=True)
+        res = self.sendUDPQuery(query)
+        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
+        self.checkPacketCacheMetrics(6, 5)
+
+        # NoData should get default packetcache TTL (10)
+        query = dns.message.make_query('a.example.', 'AAAA', want_dnssec=True)
+        res = self.sendUDPQuery(query)
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.checkPacketCacheMetrics(6, 6)
+
+        # ServFail should get ServFail TTL (5)
+        query = dns.message.make_query('f.example.', 'A', want_dnssec=True)
+        res = self.sendUDPQuery(query)
+        self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
+        self.checkPacketCacheMetrics(6, 7)
+
+        # We peek into the cache to check TTLs and allow TTLs te be one lower than inserted since the clock might have ticked
+        rec_controlCmd = [os.environ['RECCONTROL'],
+                          '--config-dir=%s' % 'configs/' + self._confdir,
+                          'dump-cache', '-']
+        try:
+            ret = subprocess.check_output(rec_controlCmd, stderr=subprocess.STDOUT)
+            self.assertTrue((b"a.example. 10 A  ; tag 0 udp\n" in ret) or (b"a.example. 9 A  ; tag 0 udp\n" in ret))
+            self.assertTrue((b"nxdomain.example. 10 A  ; tag 0 udp\n" in ret) or (b"nxdomain.example. 9 A  ; tag 0 udp\n" in ret))
+            self.assertTrue((b"a.example. 10 AAAA  ; tag 0 udp\n" in ret) or (b"a.example. 9 AAAA  ; tag 0 udp\n" in ret))
+            self.assertTrue((b"f.example. 5 A  ; tag 0 udp\n" in ret) or (b"f.example. 4 A  ; tag 0 udp\n" in ret))
+
+        except subprocess.CalledProcessError as e:
+            print(e.output)
+            raise
+