From: Remi Gacogne Date: Thu, 10 Jul 2025 14:18:48 +0000 (+0200) Subject: dnsdist: Add a regression test for NMG rule via YAML X-Git-Tag: rec-5.4.0-alpha0~24^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1f26a3b18193bcc322cc3590595dcb4e2dffb5cc;p=thirdparty%2Fpdns.git dnsdist: Add a regression test for NMG rule via YAML Signed-off-by: Remi Gacogne --- diff --git a/regression-tests.dnsdist/test_Yaml.py b/regression-tests.dnsdist/test_Yaml.py index 4e4e79f653..82b3198513 100644 --- a/regression-tests.dnsdist/test_Yaml.py +++ b/regression-tests.dnsdist/test_Yaml.py @@ -257,3 +257,44 @@ addAction(QNameRule("notimp-lua.yaml-lua-mix.test.powerdns.com."), RCodeAction(D sender = getattr(self, method) (_, receivedResponse) = sender(query, response=None, useQueue=False) self.assertEqual(receivedResponse, expectedResponse) + +class TestYamlNMGRule(DNSDistTest): + + _yaml_config_template = """--- +binds: + - listen_address: "127.0.0.1:%d" + protocol: Do53 + +backends: + - address: "127.0.0.1:%d" + protocol: Do53 + +query_rules: + - name: "refuse queries from non-allowed netmasks" + selector: + type: "Not" + selector: + type: "NetmaskGroup" + netmasks: + - "192.0.2.1/32" + action: + type: "RCode" + rcode: "5" +""" + _yaml_config_params = ['_dnsDistPort', '_testServerPort'] + _config_params = [] + + def testYamlNMGRule(self): + """ + YAML: NMGRule should refuse our queries + """ + name = 'nmgrule.yaml.tests.powerdns.com.' + query = dns.message.make_query(name, 'A', 'IN') + query.flags &= ~dns.flags.RD + expectedResponse = dns.message.make_response(query) + expectedResponse.set_rcode(dns.rcode.REFUSED) + + for method in ("sendUDPQuery", "sendTCPQuery"): + sender = getattr(self, method) + (_, receivedResponse) = sender(query, response=None, useQueue=False) + self.assertEqual(receivedResponse, expectedResponse)