[thirdparty/pdns.git] / regression-tests.recursor-dnssec / test_RootNXTrust.py

import dns
import requests
import socket
from recursortests import RecursorTest

class RootNXTrustRecursorTest(RecursorTest):

    def getOutgoingQueriesCount(self):
        headers = {'x-api-key': self._apiKey}
        url = 'http://127.0.0.1:' + str(self._wsPort) + '/api/v1/servers/localhost/statistics'
        r = requests.get(url, headers=headers, timeout=self._wsTimeout)
        self.assertTrue(r)
        self.assertEquals(r.status_code, 200)
        self.assertTrue(r.json())
        content = r.json()
        for entry in content:
            if entry['name'] == 'all-outqueries':
                return int(entry['value'])

        return 0

class testRootNXTrustDisabled(RootNXTrustRecursorTest):
    _confdir = 'RootNXTrustDisabled'
    _wsPort = 8042
    _wsTimeout = 2
    _wsPassword = 'secretpassword'
    _apiKey = 'secretapikey'

    _config_template = """
root-nx-trust=no
qname-minimization=no
webserver=yes
webserver-port=%d
webserver-address=127.0.0.1
webserver-password=%s
api-key=%s
""" % (_wsPort, _wsPassword, _apiKey)

    def testRootNXTrust(self):
        """
        Check that, with root-nx-trust disabled, we still query the root for www2.nx-example.
        after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
        """

        # first query nx.example.
        before = self.getOutgoingQueriesCount()
        query = dns.message.make_query('www.nx-example.', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
        print(res)
        self.assertAuthorityHasSOA(res)

        # check that we sent one query to the root
        after = self.getOutgoingQueriesCount()
        self.assertEqual(after, before + 1)

        # then query nx2.example.
        before = after
        query = dns.message.make_query('www2.nx-example.', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
        self.assertAuthorityHasSOA(res)

        after = self.getOutgoingQueriesCount()
        self.assertEqual(after, before + 1)

class testRootNXTrustEnabled(RootNXTrustRecursorTest):
    _confdir = 'RootNXTrustEnabled'
    _wsPort = 8042
    _wsTimeout = 2
    _wsPassword = 'secretpassword'
    _apiKey = 'secretapikey'

    _config_template = """
root-nx-trust=yes
webserver=yes
webserver-port=%d
webserver-address=127.0.0.1
webserver-password=%s
api-key=%s
""" % (_wsPort, _wsPassword, _apiKey)

    def testRootNXTrust(self):
        """
        Check that, with root-nx-trust enabled, we don't query the root for www2.nx-example.
        after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
        """

        # first query nx.example.
        before = self.getOutgoingQueriesCount()
        query = dns.message.make_query('www.nx-example.', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
        print(res)
        self.assertAuthorityHasSOA(res)

        # check that we sent one query to the root
        after = self.getOutgoingQueriesCount()
        self.assertEqual(after, before + 1)

        # then query nx2.example.
        before = after
        query = dns.message.make_query('www2.nx-example.', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
        self.assertAuthorityHasSOA(res)

        after = self.getOutgoingQueriesCount()
        self.assertEqual(after, before)
Commit	Line	Data
fc89e57c RG	1	import dns
	2	import requests
	3	import socket
	4	from recursortests import RecursorTest
	5
	6	class RootNXTrustRecursorTest(RecursorTest):
	7
	8	def getOutgoingQueriesCount(self):
	9	headers = {'x-api-key': self._apiKey}
	10	url = 'http://127.0.0.1:' + str(self._wsPort) + '/api/v1/servers/localhost/statistics'
	11	r = requests.get(url, headers=headers, timeout=self._wsTimeout)
	12	self.assertTrue(r)
	13	self.assertEquals(r.status_code, 200)
	14	self.assertTrue(r.json())
	15	content = r.json()
	16	for entry in content:
	17	if entry['name'] == 'all-outqueries':
	18	return int(entry['value'])
	19
	20	return 0
	21
	22	class testRootNXTrustDisabled(RootNXTrustRecursorTest):
	23	_confdir = 'RootNXTrustDisabled'
	24	_wsPort = 8042
	25	_wsTimeout = 2
	26	_wsPassword = 'secretpassword'
	27	_apiKey = 'secretapikey'
	28
	29	_config_template = """
	30	root-nx-trust=no
8949a3e0	31	qname-minimization=no
fc89e57c RG	32	webserver=yes
	33	webserver-port=%d
	34	webserver-address=127.0.0.1
	35	webserver-password=%s
	36	api-key=%s
	37	""" % (_wsPort, _wsPassword, _apiKey)
	38
	39	def testRootNXTrust(self):
	40	"""
	41	Check that, with root-nx-trust disabled, we still query the root for www2.nx-example.
	42	after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
	43	"""
	44
	45	# first query nx.example.
	46	before = self.getOutgoingQueriesCount()
	47	query = dns.message.make_query('www.nx-example.', 'A')
	48	res = self.sendUDPQuery(query)
	49
	50	self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
	51	print(res)
	52	self.assertAuthorityHasSOA(res)
	53
	54	# check that we sent one query to the root
	55	after = self.getOutgoingQueriesCount()
	56	self.assertEqual(after, before + 1)
	57
	58	# then query nx2.example.
	59	before = after
	60	query = dns.message.make_query('www2.nx-example.', 'A')
	61	res = self.sendUDPQuery(query)
	62
	63	self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
	64	self.assertAuthorityHasSOA(res)
	65
	66	after = self.getOutgoingQueriesCount()
	67	self.assertEqual(after, before + 1)
	68
	69	class testRootNXTrustEnabled(RootNXTrustRecursorTest):
	70	_confdir = 'RootNXTrustEnabled'
	71	_wsPort = 8042
	72	_wsTimeout = 2
	73	_wsPassword = 'secretpassword'
	74	_apiKey = 'secretapikey'
	75
	76	_config_template = """
	77	root-nx-trust=yes
	78	webserver=yes
	79	webserver-port=%d
	80	webserver-address=127.0.0.1
	81	webserver-password=%s
	82	api-key=%s
	83	""" % (_wsPort, _wsPassword, _apiKey)
	84
	85	def testRootNXTrust(self):
	86	"""
	87	Check that, with root-nx-trust enabled, we don't query the root for www2.nx-example.
	88	after receiving a NXD from "." for nx-example. as an answer for www.nx-example.
	89	"""
	90
	91	# first query nx.example.
	92	before = self.getOutgoingQueriesCount()
	93	query = dns.message.make_query('www.nx-example.', 'A')
	94	res = self.sendUDPQuery(query)
	95
96	self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
97	print(res)
98	self.assertAuthorityHasSOA(res)
99
100	# check that we sent one query to the root
101	after = self.getOutgoingQueriesCount()
102	self.assertEqual(after, before + 1)
103
104	# then query nx2.example.
105	before = after
106	query = dns.message.make_query('www2.nx-example.', 'A')
107	res = self.sendUDPQuery(query)
108
109	self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
110	self.assertAuthorityHasSOA(res)
111
112	after = self.getOutgoingQueriesCount()
113	self.assertEqual(after, before)