A few tests on the new EDEs

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Tue, 20 Dec 2022 10:42:07 +0000 (11:42 +0100)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Tue, 20 Dec 2022 10:42:07 +0000 (11:42 +0100)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Tue, 20 Dec 2022 10:42:07 +0000 (11:42 +0100)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Tue, 20 Dec 2022 10:42:07 +0000 (11:42 +0100)
diff --git a/regression-tests.recursor-dnssec/test_AggressiveNSECCache.py b/regression-tests.recursor-dnssec/test_AggressiveNSECCache.py

index 808bbdd3d8473e367b6a4349924b2209d29c9313..99c8ff8efeed6da9e3388221b04e185a8ecbd7eb 100644 (file)
--- a/regression-tests.recursor-dnssec/test_AggressiveNSECCache.py
+++ b/regression-tests.recursor-dnssec/test_AggressiveNSECCache.py
@@ -4,6 +4,7 @@ import os
  import requests
  import subprocess
  import time
+import extendederrors
  
  class AggressiveNSECCacheBase(RecursorTest):
      __test__ = False
@@ -21,6 +22,7 @@ class AggressiveNSECCacheBase(RecursorTest):
      webserver-password=%s
      api-key=%s
      devonly-regression-test-mode
+    extended-resolution-errors=yes
      """ % (_wsPort, _wsPassword, _apiKey)
  
      @classmethod
@@ -67,6 +69,10 @@ class AggressiveNSECCacheBase(RecursorTest):
          self.assertMessageIsAuthenticated(res)
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
          self.assertEqual(self.getMetric('aggressive-nsec-cache-entries'), entries)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
  class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
      _confdir = 'AggressiveNSECCacheNSEC'
@@ -101,6 +107,10 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
          self.assertEqual(self.getMetric('aggressive-nsec-cache-entries'), entries)
          self.assertGreater(self.getMetric('aggressive-nsec-cache-nsec-hits'), hits)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
      def testWildcard(self):
          self.wipe()
@@ -124,6 +134,10 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
          self.assertMessageIsAuthenticated(res)
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
          self.assertGreater(self.getMetric('aggressive-nsec-cache-nsec-wc-hits'), hits)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
          # now we ask for a type that does not exist at the wildcard
          hits = self.getMetric('aggressive-nsec-cache-nsec-hits')
@@ -135,6 +149,10 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
          self.assertMessageIsAuthenticated(res)
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
          self.assertGreater(self.getMetric('aggressive-nsec-cache-nsec-hits'), hits)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
          # we can also ask a different type, for a different name that is covered
          # by the NSEC and matches the wildcard (but the type does not exist)
@@ -147,6 +165,10 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
          self.assertMessageIsAuthenticated(res)
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
          self.assertGreater(self.getMetric('aggressive-nsec-cache-nsec-hits'), hits)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
      def test_Bogus(self):
          self.wipe()
@@ -184,6 +206,11 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
  
          # Check that we stil have one aggressive cache entry
          self.assertEqual(1, self.getMetric('aggressive-nsec-cache-entries'))
+        print(res.options)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(9, b''))
  
  class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
      _confdir = 'AggressiveNSECCacheNSEC3'
@@ -252,6 +279,10 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertAuthorityHasSOA(res)
          self.assertMessageIsAuthenticated(res)
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
      def testWildcard(self):
          self.wipe()
@@ -281,6 +312,10 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertMatchingRRSIGInAnswer(res, expected)
          self.assertMessageIsAuthenticated(res)
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
          # now we ask for a type that does not exist at the wildcard
          nbQueries = self.getMetric('all-outqueries')
@@ -290,6 +325,10 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertAuthorityHasSOA(res)
          self.assertMessageIsAuthenticated(res)
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
          # we can also ask a different type, for a different name that is covered
          # by the NSEC3s and matches the wildcard (but the type does not exist)
@@ -300,6 +339,10 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertAuthorityHasSOA(res)
          self.assertMessageIsAuthenticated(res)
          self.assertEqual(nbQueries, self.getMetric('all-outqueries'))
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
      def test_OptOut(self):
          self.wipe()
@@ -317,3 +360,5 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertAnswerEmpty(res)
          self.assertAuthorityHasSOA(res)
          self.assertGreater(self.getMetric('all-outqueries'), nbQueries)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 0)
diff --git a/regression-tests.recursor-dnssec/test_RootNXTrust.py b/regression-tests.recursor-dnssec/test_RootNXTrust.py

index b9d1b0b1562f34e0fbce979a5a4670850be46407..21254b4db272ee38b28e82b5fc36e04d6ff87129 100644 (file)
--- a/regression-tests.recursor-dnssec/test_RootNXTrust.py
+++ b/regression-tests.recursor-dnssec/test_RootNXTrust.py
@@ -2,6 +2,8 @@ import dns
  import requests
  import socket
  import time
+import extendederrors
+
  from recursortests import RecursorTest
  
  class RootNXTrustRecursorTest(RecursorTest):
@@ -47,6 +49,7 @@ webserver-address=127.0.0.1
  webserver-password=%s
  api-key=%s
  devonly-regression-test-mode
+extended-resolution-errors
  """ % (_wsPort, _wsPassword, _apiKey)
  
      def testRootNXTrust(self):
@@ -72,7 +75,7 @@ devonly-regression-test-mode
  
          # then query nx2.example.
          before = after
-        query = dns.message.make_query('www2.nx-example.', 'A')
+        query = dns.message.make_query('www2.nx-example.', 'A', use_edns=True)
          res = self.sendUDPQuery(query)
  
          self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
@@ -80,6 +83,8 @@ devonly-regression-test-mode
  
          after = self.getOutgoingQueriesCount()
          self.assertEqual(after, before + 1)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 0)
  
  class testRootNXTrustEnabled(RootNXTrustRecursorTest):
      _confdir = 'RootNXTrustEnabled'
@@ -96,6 +101,7 @@ webserver-address=127.0.0.1
  webserver-password=%s
  api-key=%s
  devonly-regression-test-mode
+extended-resolution-errors
  """ % (_wsPort, _wsPassword, _apiKey)
  
      def testRootNXTrust(self):
@@ -121,7 +127,7 @@ devonly-regression-test-mode
  
          # then query nx2.example.
          before = after
-        query = dns.message.make_query('www2.nx-example.', 'A')
+        query = dns.message.make_query('www2.nx-example.', 'A', use_edns=True)
          res = self.sendUDPQuery(query)
  
          self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
@@ -129,3 +135,7 @@ devonly-regression-test-mode
  
          after = self.getOutgoingQueriesCount()
          self.assertEqual(after, before)
+        self.assertEqual(res.edns, 0)
+        self.assertEqual(len(res.options), 1)
+        self.assertEqual(res.options[0].otype, 15)
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized by root-nx-trust'))
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Tue, 20 Dec 2022 10:42:07 +0000 (11:42 +0100)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Tue, 20 Dec 2022 10:42:07 +0000 (11:42 +0100)
regression-tests.recursor-dnssec/test_AggressiveNSECCache.py		patch \| blob \| blame \| history
regression-tests.recursor-dnssec/test_RootNXTrust.py		patch \| blob \| blame \| history