From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Mon, 4 Dec 2023 08:24:18 +0000 (+0100)
Subject: Add test for RD=0 is disallowed by default and basic RD=1 processing
X-Git-Tag: rec-5.0.0-rc1~2^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F13507%2Fhead;p=thirdparty%2Fpdns.git

Add test for RD=0 is disallowed by default and basic RD=1 processing
---

diff --git a/regression-tests.recursor-dnssec/test_RDFlag.py b/regression-tests.recursor-dnssec/test_RDFlag.py
new file mode 100644
index 0000000000..16f50d2afe
--- /dev/null
+++ b/regression-tests.recursor-dnssec/test_RDFlag.py
@@ -0,0 +1,53 @@
+import dns
+import os
+from recursortests import RecursorTest
+
+class testRDNotAllowed(RecursorTest):
+    _confdir = 'RDFlagNotAllowed'
+
+    _config_template = """
+"""
+    def testRD0(self):
+        query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True)
+        query.flags |= dns.flags.AD
+        query.flags &= ~dns.flags.RD
+
+        res = self.sendUDPQuery(query)
+
+        self.assertRcodeEqual(res, dns.rcode.REFUSED)
+        self.assertAnswerEmpty(res)
+
+class testRDAllowed(RecursorTest):
+    _confdir = 'RDFlagAllowed'
+
+    _config_template = """
+    disable-packetcache=yes
+    allow-no-rd=yes
+"""
+    def testRD0(self):
+        expected = dns.rrset.from_text('ns.secure.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.9'.format(prefix=self._PREFIX))
+        query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True)
+        query.flags |= dns.flags.AD
+        query.flags &= ~dns.flags.RD
+
+        # First time empty answer
+        res = self.sendUDPQuery(query)
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.assertAnswerEmpty(res)
+
+        # Second time with RD=1 fills the record cache
+        query.flags |= dns.flags.RD
+
+        res = self.sendUDPQuery(query)
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.assertMessageIsAuthenticated(res)
+        self.assertRRsetInAnswer(res, expected)
+        self.assertMatchingRRSIGInAnswer(res, expected)
+
+        # Third time with RD=0 retrieves record cache content
+        query.flags &= ~dns.flags.RD
+
+        res = self.sendUDPQuery(query)
+        self.assertMessageIsAuthenticated(res)
+        self.assertRRsetInAnswer(res, expected)
+        self.assertMatchingRRSIGInAnswer(res, expected)