6 from dnsdisttests
import DNSDistTest
9 class TestDNSCrypt(DNSDistTest
):
11 dnsdist is configured to accept DNSCrypt queries on 127.0.0.1:_dnsDistPortDNSCrypt.
12 The provider's keys have been generated with:
13 generateDNSCryptProviderKeys("DNSCryptProviderPublic.key", "DNSCryptProviderPrivate.key")
14 Be careful to change the _providerFingerprint below if you want to regenerate the keys.
18 _dnsDistPortDNSCrypt
= 8443
19 _config_template
= """
20 generateDNSCryptCertificate("DNSCryptProviderPrivate.key", "DNSCryptResolver.cert", "DNSCryptResolver.key", %d, %d, %d)
21 addDNSCryptBind("127.0.0.1:%d", "%s", "DNSCryptResolver.cert", "DNSCryptResolver.key")
22 newServer{address="127.0.0.1:%s"}
25 _providerFingerprint
= 'E1D7:2108:9A59:BF8D:F101:16FA:ED5E:EA6A:9F6C:C78F:7F91:AF6B:027E:62F4:69C3:B1AA'
26 _providerName
= "2.provider.name"
27 _resolverCertificateSerial
= 42
28 # valid from 60s ago until 2h from now
29 _resolverCertificateValidFrom
= time
.time() - 60
30 _resolverCertificateValidUntil
= time
.time() + 7200
31 _config_params
= ['_resolverCertificateSerial', '_resolverCertificateValidFrom', '_resolverCertificateValidUntil', '_dnsDistPortDNSCrypt', '_providerName', '_testServerPort']
32 _dnsdistStartupDelay
= 10
34 def testSimpleA(self
):
36 DNSCrypt: encrypted A query
38 client
= dnscrypt
.DNSCryptClient(self
._providerName
, self
._providerFingerprint
, "127.0.0.1", 8443)
39 name
= 'a.dnscrypt.tests.powerdns.com.'
40 query
= dns
.message
.make_query(name
, 'A', 'IN')
41 response
= dns
.message
.make_response(query
)
42 rrset
= dns
.rrset
.from_text(name
,
47 response
.answer
.append(rrset
)
49 self
._toResponderQueue
.put(response
)
50 data
= client
.query(query
.to_wire())
51 receivedResponse
= dns
.message
.from_wire(data
)
53 if not self
._fromResponderQueue
.empty():
54 receivedQuery
= self
._fromResponderQueue
.get(query
)
56 self
.assertTrue(receivedQuery
)
57 self
.assertTrue(receivedResponse
)
58 receivedQuery
.id = query
.id
59 self
.assertEquals(query
, receivedQuery
)
60 self
.assertEquals(response
, receivedResponse
)
62 def testResponseLargerThanPaddedQuery(self
):
64 DNSCrypt: response larger than query
66 Send a small encrypted query (don't forget to take
67 the padding into account) and check that the response
70 client
= dnscrypt
.DNSCryptClient(self
._providerName
, self
._providerFingerprint
, "127.0.0.1", 8443)
71 name
= 'smallquerylargeresponse.dnscrypt.tests.powerdns.com.'
72 query
= dns
.message
.make_query(name
, 'TXT', 'IN', use_edns
=True, payload
=4096)
73 response
= dns
.message
.make_response(query
)
74 rrset
= dns
.rrset
.from_text(name
,
79 response
.answer
.append(rrset
)
81 self
._toResponderQueue
.put(response
)
82 data
= client
.query(query
.to_wire())
84 if not self
._fromResponderQueue
.empty():
85 receivedQuery
= self
._fromResponderQueue
.get(query
)
87 receivedResponse
= dns
.message
.from_wire(data
)
89 self
.assertTrue(receivedQuery
)
90 receivedQuery
.id = query
.id
91 self
.assertEquals(query
, receivedQuery
)
92 self
.assertEquals(receivedResponse
.question
, response
.question
)
93 self
.assertTrue(receivedResponse
.flags
& ~dns
.flags
.TC
)
94 self
.assertTrue(len(receivedResponse
.answer
) == 0)
95 self
.assertTrue(len(receivedResponse
.authority
) == 0)
96 self
.assertTrue(len(receivedResponse
.additional
) == 0)
98 if __name__
== '__main__':