self.assertMatchingRRSIGInAnswer(res, expectedCNAME)
self.assertAuthorityHasSOA(res)
self.assertMessageIsAuthenticated(res)
+
+ def testInsecureToSecureCNAMEAnswer(self):
+ res = self.sendQuery('cname-to-secure.insecure.example.', 'A')
+ expectedA = dns.rrset.from_text('host1.secure.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.2')
+ expectedCNAME = dns.rrset.from_text('cname-to-secure.insecure.example.', 0, dns.rdataclass.IN, 'CNAME', 'host1.secure.example.')
+
+ self.assertRcodeEqual(res, dns.rcode.NOERROR)
+ self.assertMessageHasFlags(res, ['QR', 'RD', 'RA'], ['DO'])
+ self.assertRRsetInAnswer(res, expectedCNAME)
+ self.assertMatchingRRSIGInAnswer(res, expectedA)
+
+ def testSecureToInsecureCNAMEAnswer(self):
+ res = self.sendQuery('cname-to-insecure.secure.example.', 'A')
+ expectedA = dns.rrset.from_text('node1.insecure.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.6')
+ expectedCNAME = dns.rrset.from_text('cname-to-insecure.secure.example.', 0, dns.rdataclass.IN, 'CNAME', 'node1.secure.example.')
+
+ self.assertRcodeEqual(res, dns.rcode.NOERROR)
+ self.assertMessageHasFlags(res, ['QR', 'RD', 'RA'], ['DO'])
+ self.assertRRsetInAnswer(res, expectedA)
+ self.assertMatchingRRSIGInAnswer(res, expectedCNAME)
+
host1.secure.example. 3600 IN A 192.0.2.2
cname.secure.example. 3600 IN CNAME host1.secure.example.
+cname-to-insecure.secure.example. 3600 IN CNAME node1.insecure.example.
host1.sub.secure.example. 3600 IN A 192.0.2.11
ns1.insecure.example. 3600 IN A {prefix}.13
node1.insecure.example. 3600 IN A 192.0.2.6
+
+cname-to-secure.insecure.example. 3600 IN CNAME host1.secure.example.
""",
'optout.example': """
optout.example. 3600 IN SOA {soa}
found = True
if not found:
- raise AssertionError("RRset not found in answer")
+ raise AssertionError("RRset not found in answer\n\n%s" % ret)
def assertMatchingRRSIGInAnswer(self, msg, coveredRRset, keys=None):
"""Looks for coveredRRset in the answer section and if there is an RRSIG RRset
projects / thirdparty / pdns.git / commitdiff
