From: Remi Gacogne Date: Fri, 25 Jul 2025 08:08:58 +0000 (+0200) Subject: dnsdist: Test netmask exclusions via YAML X-Git-Tag: auth-5.1.0-alpha0~12^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F15923%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Test netmask exclusions via YAML Follow-up to #15822. Signed-off-by: Remi Gacogne --- diff --git a/regression-tests.dnsdist/test_Yaml.py b/regression-tests.dnsdist/test_Yaml.py index 3d4d63d4d..bb12f6de0 100644 --- a/regression-tests.dnsdist/test_Yaml.py +++ b/regression-tests.dnsdist/test_Yaml.py @@ -345,3 +345,49 @@ query_rules: sender = getattr(self, method) (_, receivedResponse) = sender(query, response=None, useQueue=False) self.assertEqual(receivedResponse, expectedResponse) + +class TestYamlNMGRuleObjectExcludeMasks(DNSDistTest): + + _yaml_config_template = """--- +binds: + - listen_address: "127.0.0.1:%d" + protocol: Do53 + +backends: + - address: "127.0.0.1:%d" + protocol: Do53 + +netmask_groups: + - name: "my-mng" + netmasks: + - "127.0.0.0/24" + - "!127.0.0.1/32" + +query_rules: + - name: "refuse queries from specific netmasks" + selector: + type: "Not" + selector: + type: "NetmaskGroup" + netmask_group_name: "my-mng" + action: + type: "RCode" + rcode: "5" +""" + _yaml_config_params = ['_dnsDistPort', '_testServerPort'] + _config_params = [] + + def testYamlNMGRule(self): + """ + YAML: NMGRule (via a NMG object with exclusion) should refuse our queries + """ + name = 'nmgrule-object-exclusion.yaml.tests.powerdns.com.' + query = dns.message.make_query(name, 'A', 'IN') + query.flags &= ~dns.flags.RD + expectedResponse = dns.message.make_response(query) + expectedResponse.set_rcode(dns.rcode.REFUSED) + + for method in ("sendUDPQuery", "sendTCPQuery"): + sender = getattr(self, method) + (_, receivedResponse) = sender(query, response=None, useQueue=False) + self.assertEqual(receivedResponse, expectedResponse)