[thirdparty/pdns.git] / regression-tests.recursor-dnssec / test_ProxyByTable.py

import dns
import os
from recursortests import RecursorTest

class testProxyByTable(RecursorTest):
    """
    This test makes sure that we correctly use the proxy-mapped address during the ACL check
    """
    _confdir = 'ProxyByTable'

    _config_template = """dnssec=validate
    auth-zones=authzone.example=configs/%s/authzone.zone
    allow-from=3.4.5.0/24
    """ % _confdir

    _lua_config_file = """
    addProxyMapping("127.0.0.0/24", "3.4.5.6:99")
    """

    @classmethod
    def generateRecursorConfig(cls, confdir):
        authzonepath = os.path.join(confdir, 'authzone.zone')
        with open(authzonepath, 'w') as authzone:
            authzone.write("""$ORIGIN authzone.example.
@ 3600 IN SOA {soa}
@ 3600 IN A 192.0.2.88
""".format(soa=cls._SOA))
        super(testProxyByTable, cls).generateRecursorConfig(confdir)


    def testA(self):
        expected = dns.rrset.from_text('ns.secure.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.9'.format(prefix=self._PREFIX))
        query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True)
        query.flags |= dns.flags.AD

        for method in ("sendUDPQuery", "sendTCPQuery"):
            sender = getattr(self, method)
            res = sender(query)

            self.assertMessageIsAuthenticated(res)
            self.assertRRsetInAnswer(res, expected)
            self.assertMatchingRRSIGInAnswer(res, expected)
Commit	Line	Data
e81063e5 OM	1	import dns
	2	import os
	3	from recursortests import RecursorTest
	4
	5	class testProxyByTable(RecursorTest):
	6	"""
	7	This test makes sure that we correctly use the proxy-mapped address during the ACL check
	8	"""
	9	_confdir = 'ProxyByTable'
	10
	11	_config_template = """dnssec=validate
	12	auth-zones=authzone.example=configs/%s/authzone.zone
	13	allow-from=3.4.5.0/24
	14	""" % _confdir
	15
	16	_lua_config_file = """
	17	addProxyMapping("127.0.0.0/24", "3.4.5.6:99")
	18	"""
	19
	20	@classmethod
	21	def generateRecursorConfig(cls, confdir):
	22	authzonepath = os.path.join(confdir, 'authzone.zone')
	23	with open(authzonepath, 'w') as authzone:
	24	authzone.write("""$ORIGIN authzone.example.
	25	@ 3600 IN SOA {soa}
	26	@ 3600 IN A 192.0.2.88
	27	""".format(soa=cls._SOA))
	28	super(testProxyByTable, cls).generateRecursorConfig(confdir)
	29
	30
	31	def testA(self):
	32	expected = dns.rrset.from_text('ns.secure.example.', 0, dns.rdataclass.IN, 'A', '{prefix}.9'.format(prefix=self._PREFIX))
	33	query = dns.message.make_query('ns.secure.example', 'A', want_dnssec=True)
	34	query.flags \|= dns.flags.AD
	35
	36	for method in ("sendUDPQuery", "sendTCPQuery"):
	37	sender = getattr(self, method)
	38	res = sender(query)
	39
	40	self.assertMessageIsAuthenticated(res)
	41	self.assertRRsetInAnswer(res, expected)
	42	self.assertMatchingRRSIGInAnswer(res, expected)
	43
	44