[thirdparty/pdns.git] / regression-tests.recursor-dnssec / test_NTA.py

import dns
from recursortests import RecursorTest

class testSimple(RecursorTest):
    _confdir = 'NTA'

    _config_template = """dnssec=validate"""
    _lua_config_file = """addNTA("bogus.example")"""

    def testDirectNTA(self):
        """Ensure a direct query to a bogus name with an NTA is Insecure"""

        msg = dns.message.make_query("ted.bogus.example.", dns.rdatatype.A)
        msg.flags = dns.flags.from_text('AD RD')
        msg.use_edns(edns=0, ednsflags=dns.flags.edns_from_text('DO'))

        res = self.sendUDPQuery(msg)

        self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO'])
        self.assertRcodeEqual(res, dns.rcode.NOERROR)

    def testCNAMENTA(self):
        """Ensure a CNAME from a secure zone to a bogus one with an NTA is Insecure"""
        msg = dns.message.make_query("cname-to-bogus.secure.example.", dns.rdatatype.A)
        msg.flags = dns.flags.from_text('AD RD')
        msg.use_edns(edns=0, ednsflags=dns.flags.edns_from_text('DO'))

        res = self.sendUDPQuery(msg)

        self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO'])
        self.assertRcodeEqual(res, dns.rcode.NOERROR)
Commit	Line	Data
faa3b298 PL	1	import dns
	2	from recursortests import RecursorTest
	3
	4	class testSimple(RecursorTest):
	5	_confdir = 'NTA'
	6
	7	_config_template = """dnssec=validate"""
	8	_lua_config_file = """addNTA("bogus.example")"""
	9
	10	def testDirectNTA(self):
	11	"""Ensure a direct query to a bogus name with an NTA is Insecure"""
	12
	13	msg = dns.message.make_query("ted.bogus.example.", dns.rdatatype.A)
	14	msg.flags = dns.flags.from_text('AD RD')
	15	msg.use_edns(edns=0, ednsflags=dns.flags.edns_from_text('DO'))
	16
	17	res = self.sendUDPQuery(msg)
	18
	19	self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO'])
	20	self.assertRcodeEqual(res, dns.rcode.NOERROR)
	21
	22	def testCNAMENTA(self):
	23	"""Ensure a CNAME from a secure zone to a bogus one with an NTA is Insecure"""
	24	msg = dns.message.make_query("cname-to-bogus.secure.example.", dns.rdatatype.A)
	25	msg.flags = dns.flags.from_text('AD RD')
	26	msg.use_edns(edns=0, ednsflags=dns.flags.edns_from_text('DO'))
	27
	28	res = self.sendUDPQuery(msg)
	29
	30	self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO'])
	31	self.assertRcodeEqual(res, dns.rcode.NOERROR)