Add a test for #3841

diff --git a/regression-tests.recursor-dnssec/recursortests.py b/regression-tests.recursor-dnssec/recursortests.py
index 16520eae2ec1d942971d0a0075e98adce7c74a8a..93fb8e11b52fc6e34271b3fcaa18861030110631 100644 (file)
--- a/regression-tests.recursor-dnssec/recursortests.py
+++ b/regression-tests.recursor-dnssec/recursortests.py
@@ -89,6 +89,9 @@ ns.insecure.example.     3600 IN A    {prefix}.13
 optout.example.          3600 IN NS   ns1.optout.example.
 optout.example.          3600 IN DS   59332 13 1 e664f886ae1b5df03d918bc1217d22afc29925b9
 ns1.optout.example.      3600 IN A    {prefix}.14
+
+insecure-formerr.example. 3600 IN NS   ns1.insecure-formerr.example.
+ns1.insecure-formerr.example. 3600 IN A    {prefix}.2
         """,
         'secure.example': """
 secure.example.          3600 IN SOA  {soa}
@@ -106,6 +109,8 @@ host1.sub.secure.example. 3600 IN A    192.0.2.11
 *.cnamewildcard.secure.example. 3600 IN CNAME host1.secure.example.
 
 *.cnamewildcardnxdomain.secure.example. 3600 IN CNAME doesntexist.secure.example.
+
+cname-to-formerr.secure.example. 3600 IN CNAME host1.insecure-formerr.example.
         """,
         'bogus.example': """
 bogus.example.           3600 IN SOA  {soa}
@@ -382,12 +387,17 @@ distributor-threads=1""".format(confdir=confdir,
                     roothints.write(cls._roothints)
                 conf.write("hint-file=%s\n" % roothintspath)
 
+    @classmethod
+    def startResponders(cls):
+        pass
+
     @classmethod
     def startRecursor(cls, confdir, port):
         print("Launching pdns_recursor..")
         recursorcmd = [os.environ['PDNSRECURSOR'],
                        '--config-dir=%s' % confdir,
-                       '--local-port=%s' % port]
+                       '--local-port=%s' % port,
+                       '--security-poll-suffix=']
         print(' '.join(recursorcmd))
 
         logFile = os.path.join(confdir, 'recursor.log')
@@ -434,6 +444,9 @@ distributor-threads=1""".format(confdir=confdir,
     @classmethod
     def setUpClass(cls):
         cls.setUpSockets()
+
+        cls.startResponders()
+
         confdir = os.path.join('configs', cls._confdir)
         cls.createConfigDir(confdir)
         cls.generateAllAuthConfig(confdir)
@@ -448,6 +461,11 @@ distributor-threads=1""".format(confdir=confdir,
     def tearDownClass(cls):
         cls.tearDownRecursor()
         cls.tearDownAuth()
+        cls.tearDownResponders()
+
+    @classmethod
+    def tearDownResponders(cls):
+        pass
 
     @classmethod
     def tearDownAuth(cls):
@@ -489,7 +507,6 @@ distributor-threads=1""".format(confdir=confdir,
             if e.errno != errno.ESRCH:
                 raise
 
-
     @classmethod
     def sendUDPQuery(cls, query, timeout=2.0):
         if timeout:

diff --git a/regression-tests.recursor-dnssec/requirements.txt b/regression-tests.recursor-dnssec/requirements.txt
index e00764934cc3108d8ef2cf62da2b1613496e791f..67690fba379c88f7ddda9f36cc645653691d3ddd 100644 (file)
--- a/regression-tests.recursor-dnssec/requirements.txt
+++ b/regression-tests.recursor-dnssec/requirements.txt
@@ -1,2 +1,3 @@
 dnspython>=1.11
 nose>=1.3.7
+Twisted>0.15.0

diff --git a/regression-tests.recursor-dnssec/runtests b/regression-tests.recursor-dnssec/runtests
index d1d941a03962a5fb55acc1c2f979d03bc1d082b8..45b3987888baf2c4edce9deef0aa7cd7ec7ef48b 100755 (executable)
--- a/regression-tests.recursor-dnssec/runtests
+++ b/regression-tests.recursor-dnssec/runtests
@@ -24,4 +24,4 @@ set -e
 if [ "${PDNS_DEBUG}" = "YES" ]; then
   set -x
 fi
-nosetests -I test_WellKnown.py --with-xunit $@
+LD_PRELOAD="/usr/lib/authbind/libauthbind.so.1 ${LIBFAKETIME}" nosetests -I test_WellKnown.py --with-xunit $@

diff --git a/regression-tests.recursor-dnssec/test_EDNS_fallback.py b/regression-tests.recursor-dnssec/test_EDNS_fallback.py
new file mode 100644 (file)
index 0000000..49239e7
--- /dev/null
+++ b/regression-tests.recursor-dnssec/test_EDNS_fallback.py
@@ -0,0 +1,59 @@
+import dns
+import socket
+import copy
+from recursortests import RecursorTest
+from twisted.internet.protocol import DatagramProtocol
+from twisted.internet import reactor
+import threading
+
+class testInterop(RecursorTest):
+    _confdir = 'Interop'
+
+    _config_template = """dnssec=validate"""
+
+    def testFORMERR(self):
+        """
+        #3841, when we encounter a server that does not understands OPT records
+        (or something else), we don't retry without EDNS in dnssec=validate mode
+        """
+        expected = dns.rrset.from_text('host1.insecure-formerr.example.', 15, dns.rdataclass.IN, 'A', '127.0.0.1')
+
+        query = dns.message.make_query('cname-to-formerr.secure.example.', 'A')
+        res = self.sendUDPQuery(query)
+
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.assertRRsetInAnswer(res, expected)
+
+    @classmethod
+    def startResponders(cls):
+        print("Launching responders..")
+
+        address = cls._PREFIX + '.2'
+        port = 53
+
+        reactor.listenUDP(port, UDPResponder(), interface=address)
+
+        cls._UDPResponder = threading.Thread(name='UDP Responder', target=reactor.run, args=(False,))
+        cls._UDPResponder.setDaemon(True)
+        cls._UDPResponder.start()
+
+    @classmethod
+    def tearDownResponders(cls):
+        reactor.stop()
+
+class UDPResponder(DatagramProtocol):
+    def datagramReceived(self, datagram, address):
+        request = dns.message.from_wire(datagram)
+
+        response = dns.message.make_response(request)
+        response.flags = dns.flags.AA + dns.flags.QR
+
+        if request.edns != -1:
+            response.set_rcode(dns.rcode.FORMERR)
+            response.edns = -1
+            response.additional = []
+        else:
+            answer = dns.rrset.from_text('host1.insecure-formerr.example.', 15, dns.rdataclass.IN, 'A', '127.0.0.1')
+            response.answer.append(answer)
+
+        self.transport.write(response.to_wire(), address)